Bindongtech / Privacy policy

Privacy
policy.

Version
2.4
Effective
12 May 2026
Last updated
12 May 2026
Data controller
EB Holding 1 LLC
Data controller
EB Holding 1 LLC
DPO contact
privacy@bindongtech.com
Jurisdictions
US · EU · UK · CA · BR

This Privacy policy explains how Bindongtech ("we", "us", or "our"), operated by EB Holding 1 LLC, collects, uses, stores, and protects personal data. It applies to visitors to bindongtech.com, prospects who contact us, clients we work with, and end-users whose personal data we process on behalf of those clients.

We have written this policy in plain English. Where a clause has legal weight that depends on specific wording — for example, the legal bases under the GDPR — we use the exact regulatory terminology and link out to the relevant article.

/ Section 01Scope of this policy

This policy covers personal data processed by Bindongtech in three distinct capacities:

  • As a controller — for data we collect directly from website visitors, prospects, candidates, and the staff of our clients (e.g. account contacts).
  • As a processor — for data our clients provide us about their own customers and audiences, which we process strictly on their documented instructions. A separate Data processing agreement (DPA) governs this work.
  • As a joint controller — in limited cases (notably advertising clean-rooms), where we and our clients jointly determine the purposes and means of processing under a written joint-controller arrangement.

/ Section 02Who we are

Bindongtech is the trading name of EB Holding 1 LLC, a limited liability company organised under the laws of the Commonwealth of Kentucky, with registered office at 212 N 2nd St, Ste 100, Richmond, KY 40475, United States.

For data subjects in the European Economic Area or the United Kingdom, our designated representative under Article 27 GDPR / UK GDPR can be contacted at eu-rep@bindongtech.com.

/ Section 03What we collect

Information you give us

  • Identity data — name, job title, employer.
  • Contact data — work email, work phone number, business address.
  • Enquiry data — the content of any form, email or call you initiate.
  • Commercial data — budget ranges, channels of interest, business KPIs you share so we can scope work.
  • Recruitment data — CVs, cover letters, portfolio links if you apply for a role with us.

Information we collect automatically

  • Device & network data — IP address (truncated to /24 within 24 hours), user-agent, screen size, referrer.
  • Usage data — pages viewed, in-page interactions, time on page, exit page. We do not use session-replay tools on our own site.
  • Cookies & similar technologies — see the dedicated Cookie policy.

Information we receive from third parties

  • Enrichment data — publicly listed firmographic data about your company (size, sector, funding stage) from providers such as Clearbit and Apollo.
  • Referral data — if you were referred by a partner agency or existing client, we receive that referral context.

/ Section 04How we use personal data

  • To respond to your enquiry and run a discovery call.
  • To send you the proposal, statement of work, and contractual documentation if we agree to work together.
  • To operate and improve our website, including aggregate analytics on traffic.
  • To send you transactional communications related to active engagements.
  • To send you, no more than once a month, a short briefing on our work and points of view — only if you have opted in.
  • To meet legal, regulatory, audit, and tax obligations.
  • For internal record-keeping, contract management, and dispute resolution.

We do not sell personal data, and we do not share personal data with third parties for the purpose of behavioural advertising on our own site.

  • Contract (Art. 6(1)(b)) — for taking pre-contractual steps and performing our agreement with you.
  • Legitimate interests (Art. 6(1)(f)) — for business-to-business prospecting where you hold a public business role, for site analytics in aggregate, and for security and fraud-prevention.
  • Consent (Art. 6(1)(a)) — for non-essential cookies and for the monthly briefing email.
  • Legal obligation (Art. 6(1)(c)) — for tax, accounting and statutory record-keeping.

/ Section 06Sharing & processors

We share personal data only with a limited number of vetted sub-processors, each bound by a written Data processing agreement. The current list is published and version-controlled at bindongtech.com/subprocessors. Categories include:

  • Cloud infrastructure — AWS (US, EU, UK regions).
  • Productivity — Google Workspace.
  • CRM — HubSpot.
  • Analytics — Plausible (privacy-friendly, cookieless).
  • Recruitment — Greenhouse.
  • Accounting & payroll — Stripe, Gusto.

We may also disclose personal data where required by law, in response to a valid legal process, or to protect the rights, property, or safety of Bindongtech, our clients, or others.

/ Section 07International transfers

Where personal data is transferred outside the European Economic Area or the United Kingdom, we rely on:

  • The EU–US Data Privacy Framework for transfers to US sub-processors that participate in the DPF;
  • The European Commission’s Standard Contractual Clauses (2021/914), and the UK Addendum, where the DPF does not apply;
  • Supplementary technical and organisational measures (encryption in transit and at rest, pseudonymisation, access controls).

/ Section 08Retention

  • Enquiry data from unconverted prospects: 24 months from last contact.
  • Client engagement records: duration of the engagement plus 7 years (statutory record-keeping).
  • Marketing email list: until you withdraw consent.
  • Analytics: 24 months in aggregate, then permanently aggregated to non-identifying form.
  • Recruitment: 12 months for unsuccessful applicants; longer with consent.

/ Section 09Your rights

Depending on your jurisdiction you have some or all of the following rights:

  • Access a copy of the personal data we hold about you.
  • Rectify inaccurate or incomplete data.
  • Erasure ("right to be forgotten") in defined circumstances.
  • Restrict our processing in defined circumstances.
  • Portability of data you provided to us in a structured, commonly used format.
  • Object to processing based on legitimate interests, including profiling for direct marketing.
  • Withdraw consent at any time where consent is the legal basis.
  • Lodge a complaint with a supervisory authority (e.g. the Information Commissioner’s Office in the UK, or your local DPA in the EU).

To exercise any of these rights, write to privacy@bindongtech.com. We respond within 30 days, free of charge, except in cases of manifestly unfounded or excessive requests.

/ Section 10Security

Bindongtech operates an information-security programme aligned to ISO/IEC 27001:2022. Controls include role-based access, mandatory MFA, encryption of data at rest and in transit, quarterly access reviews, annual third-party penetration testing, and a documented incident-response plan. Our SOC 2 Type II report is available under NDA on request.

/ Section 11Children

Our services are addressed to businesses. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided data to us, contact privacy@bindongtech.com and we will delete it.

/ Section 12Changes to this policy

We update this policy when our practices, our vendors, or the law change. The "Last updated" date at the top reflects the effective date of the most recent version. Material changes are also communicated in our monthly briefing if you subscribe.

/ Section 13Contact the Data Protection Officer

For any privacy enquiry, complaint, or rights request:

You can also raise concerns with our finance and audit committee at audit@bindongtech.com.

End of policy · version 2.4 · 12 May 2026