This notice explains how GBX Circle Ltd (“we”, “us”, “GBX Circle”) collects, uses, stores, and shares your personal data when you visit bils.ai, register for BILS 2027, attend our forums, or otherwise interact with the Circle.
We have written this in plain language. If anything is unclear, write to hello@gbxcircle.com and we will explain it.
The data controller is GBX Circle Ltd, a private limited company registered in England & Wales. Contact: hello@gbxcircle.com. For privacy-specific questions: privacy@gbxcircle.com.
We collect only what is necessary to run the forum and to communicate with you about it. Specifically:
We do not knowingly collect data about anyone under 18.
| Purpose | Legal basis (GDPR Art 6) |
|---|---|
| Process your registration and provide the forum | (b) performance of a contract |
| Reply to your enquiries | (b) contract / (f) legitimate interests |
| Curate invitations and communications about future forums | (f) legitimate interests (B2B professional communication) |
| Send marketing emails outside the forum’s direct context | (a) your consent — you can withdraw any time |
| Meet legal, tax, accounting obligations | (c) legal obligation |
We keep registration and forum-attendance data for three years from your last interaction with the Circle, after which we delete or fully anonymise it. Tax and accounting records are kept for the statutory retention period (currently six years in England & Wales).
We share your data only with the processors who help us run the forum. Each processor signs a Data Processing Agreement (DPA) with us and is GDPR-compliant.
| Processor | Role | Region |
|---|---|---|
| HubSpot | CRM · email · forms | EU / US (SCCs in place) |
| Netlify | Website hosting | US (SCCs in place) |
| Vimeo | Video hosting · in-the-room interviews | US (SCCs in place) |
| Google Workspace | Email · documents · calendar | EU / US (SCCs in place) |
| Calendly | Meeting scheduling | US (SCCs in place) |
| Sanity | Structured content for the forum sites | EU (Frankfurt) |
We do not sell your data and we do not share it with third-party advertising networks.
Where personal data leaves the UK or the EEA, we rely on the European Commission’s Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum. We do not transfer data to jurisdictions without an adequacy decision or appropriate safeguards.
bils.ai sets only essential cookies needed for site function (such as your gate session). We do not run analytics, advertising, or fingerprinting cookies on this domain today. If we ever introduce analytics, we will add a consent banner and update this notice before turning them on.
The embedded Vimeo player sets its own cookies if you press play; these are governed by Vimeo’s policy linked above.
Under the UK GDPR, EU GDPR, and equivalent laws (including the California Consumer Privacy Act), you have the right to:
To exercise any of these rights, write to privacy@gbxcircle.com. We will respond within one month.
The site is served over HTTPS with HSTS, a strict Content Security Policy, and modern transport security. Our internal systems use multi-factor authentication and least-privilege access. If a breach occurs, we will notify affected individuals and the ICO within 72 hours as required.
Material changes will be flagged on this page with an updated “Last updated” date at the top. The historical versions are archived on request.
For any privacy question or to exercise a right: