Last updated: 4 November 2025

This Privacy Notice explains how ResourceKraft Ltd. ("Company", “ResourceKraft”, “we”, “us”) processes personal data when you visit our websites, contact us by email, join our Microsoft Teams or Zoom meetings (including meetings analysed with AI tools such as Microsoft Copilot), receive our marketing, use our services, or otherwise interact with us.

If you have any questions or wish to exercise your data protection rights, contact: [email protected].

• Controller: ResourceKraft Ltd., Block 9, LEDP Building, LEDP Campus, Roxboro, Limerick, V94 C66H, Ireland

• Email: [email protected]

• Supervisory authority: Data Protection Commission (DPC), Ireland. You may lodge a complaint at dataprotection.ie.

• Identity & contact details: name, employer, job title, email, phone, postal address.

• Communications data: emails you send us; chat/messages in meetings; recordings/transcripts; AI-generated meeting summaries, actions and decisions.

• Usage/technical data: IP address, device/browser info, timestamps, pages viewed, basic analytics and security logs.

• Commercial data: enquiries, proposals, orders, contracts, billing and support history.

• Marketing preferences: subscriptions and opt-in/opt-out choices.

• Recruitment data (if you apply): CV, qualifications, references.

We do not intentionally collect children’s data and our services are for business users.

• Directly from you by email, web forms, events, support tickets, and during online or in-person meetings.

• Automatically via our websites and Microsoft 365 (limited technical/usage data).

• From third parties (partners, referrals, publicly available business sources) where lawful.

We process personal data only where a lawful basis under GDPR applies:

• To respond to enquiries, provide quotations, deliver and support services
  Legal basis: performance of a contract or steps prior to contract; legitimate interests (running our business).

• To host and manage online meetings (Teams/Zoom), including optional recording, transcription and AI analysis (e.g., Copilot) to produce minutes, action items and summaries
  Legal basis: legitimate interests (effective collaboration, accurate records). Where we record or store transcripts, we will clearly notify participants at the start of the meeting; where required, we will rely on consent.

• To secure our systems, prevent fraud/abuse, and maintain service integrity
  Legal basis: legitimate interests; legal obligation where applicable.

• To send business updates or marketing
  Legal basis: consent (where required) or legitimate interests for B2B communications. You can opt out at any time.

• To meet legal and regulatory obligations (e.g., tax, accounting, compliance)
  Legal basis: legal obligation.

• Recruitment and hiring
  Legal basis: steps prior to contract; legitimate interests; consent where appropriate.

We do not sell personal data.

• What may be processed: participant names, organisation, email, chat content, spoken audio/video, screen content, and derived artefacts (e.g., transcripts, summaries, actions, decisions).

• Notice & choice: we display the platform’s recording/AI notice where applicable. If you prefer not to be recorded or analyzed, please decline to join, turn off your camera/mic, or ask us to pause/disable recording or AI features.

• Purpose: process and fulfil your service requests accurately; improve our customer service quality, maintain records for business continuity; resolve any potential disputes or misunderstandings

• Sharing: only authorized personnel involved in processing your requests will access recordings on a need-to-know basis.

We use necessary cookies and limited analytics on our websites to operate and improve the site. For details and choices, see our Cookie Notice (linked from our website).

• IT and cloud providers (primarily Microsoft 365, Teams, SharePoint/OneDrive/Exchange; Zoom where used).

• CRM, email and marketing tools (for B2B communication and list management).

• Professional advisers and auditors (legal, tax, compliance).

• Event, training and survey platforms used for specific engagements.

• Authorities or courts where required by law.
  All suppliers act under contract as processors or separate controllers, as applicable.

We primarily use EU/EEA data centres where available. Where data is transferred outside the EEA/UK, we rely on appropriate safeguards (e.g., EU Standard Contractual Clauses and, where applicable, UK IDTA/Addendum) plus supplementary measures.

We apply appropriate technical and organisational measures to protect personal data (access controls, encryption in transit and at rest where supported by our platforms, role-based access, logging/monitoring, backup and recovery, supplier due diligence, staff training). No system is 100% secure, but we continually review and improve our controls.

We keep personal data only as long as needed for the purposes above, then delete or anonymise it. Unless we’ve agreed a different project-specific policy, we follow Microsoft 365 defaults in our tenant:

• Emails (Exchange Online): retained in user mailboxes by default unless the user or a policy deletes/archives them.

• Teams/OneDrive/SharePoint content (including meeting artefacts, transcripts and Copilot outputs): retained by default in the host workspace unless users or space owners delete or retention policies apply.

• Teams meeting recordings: stored in OneDrive/SharePoint with the service’s default expiry/retention configured by our tenant (if an expiry is in effect, owners can extend or retain where there is a valid business need).

• Contracts, billing and financial records: retained for the statutory periods required under Irish law (typically 6+ years for core records).

If you need exact retention details for a given project or workspace, email [email protected] and we will confirm the current default/policy state for that data set.

Subject to conditions and exemptions in GDPR, you have the right to:

• Access your personal data and receive a copy

• Rectify inaccurate or incomplete data

• Erase data (right to be forgotten)

• Restrict processing

• Object to processing (including to B2B direct marketing)

• Data portability (where applicable)

• Withdraw consent at any time where processing is based on consent

To exercise any right, contact [email protected]. We will verify your identity and respond within the statutory timeframe.

You can opt out of marketing emails via the unsubscribe link or by emailing [email protected]. Service/transactional messages may still be sent.

Our websites and meeting invites may link to third-party sites or services. Those providers operate their own privacy practices. Please review their notices.

We may update this Notice from time to time. The “Last updated” date shows the latest version. Significant changes will be highlighted on our website or notified directly where appropriate.

• Email: [email protected]

• Post: ResourceKraft Ltd., Block 9, LEDP Building, LEDP Campus, Roxboro, Limerick, V94 C66H, Ireland