Legal
Privacy Policy
Last updated: March 2025
This Privacy Policy describes how Blacksmith Consulting ("we", "us", or "our") collects, uses, and protects information when you visit our website or engage with Apex Accelerator services.
1. Data Controller
The data controller responsible for your personal data is:
Blacksmith Consulting
Email: hendrik.reh@blacksmith-consulting.ai
2. Data We Collect
2.1 Data you provide directly
When you contact us or schedule a review call, we may collect:
- Name and job title
- Business email address
- Company name and industry
- Information you share in correspondence
2.2 Data collected automatically
When you visit our website, standard web server logs may record:
- IP address (anonymised where technically possible)
- Browser type and version
- Pages visited and time of visit
- Referring URL
We do not use tracking cookies or third-party analytics beyond what is strictly necessary to serve the site.
3. Legal Basis for Processing
We process personal data on the following legal bases under the GDPR:
- Legitimate interest (Art. 6(1)(f) GDPR) — to respond to business enquiries and operate our website.
- Contractual necessity (Art. 6(1)(b) GDPR) — to provide services to enterprise customers.
- Consent (Art. 6(1)(a) GDPR) — where you have explicitly opted in.
4. How We Use Your Data
We use the data we collect to:
- Respond to enquiries and schedule product reviews
- Deliver and improve our platform services
- Comply with legal obligations
- Detect and prevent fraud or security incidents
We do not sell, rent, or share your personal data with third parties for marketing purposes.
5. Data Retention
We retain personal data only for as long as necessary to fulfil the purpose for which it was collected or to comply with legal obligations. Contact and correspondence data is typically retained for up to 3 years. You may request deletion at any time (see Section 7).
6. Data Security
Apex Accelerator is built on a data-sovereignty-first architecture. All customer data processed by the platform is handled within your designated infrastructure. For website enquiry data, we apply appropriate technical and organisational measures to protect personal information against unauthorised access, alteration, or loss.
7. Your Rights
Under the GDPR you have the right to:
- Access — request a copy of the personal data we hold about you.
- Rectification — request correction of inaccurate data.
- Erasure — request deletion of your data ("right to be forgotten").
- Restriction — request that we limit processing of your data.
- Portability — receive your data in a structured, machine-readable format.
- Objection — object to processing based on legitimate interest.
- Withdraw consent — where processing is consent-based, withdraw at any time.
To exercise any of these rights, contact us at hendrik.reh@blacksmith-consulting.ai. You also have the right to lodge a complaint with your national data protection supervisory authority.
8. International Transfers
We do not transfer personal data outside the European Economic Area (EEA) without appropriate safeguards. Where third-party service providers are used (e.g. email hosting), we ensure adequate data protection agreements are in place in accordance with GDPR Chapter V.
9. Changes to This Policy
We may update this Privacy Policy from time to time. The date at the top of this page indicates when it was last revised.
10. Contact
For any privacy-related questions or to exercise your rights:
hendrik.reh@blacksmith-consulting.ai