Skip to main content
BoardServe

Legal

Privacy Policy

Last updated: 29 May 2026

This policy explains how BoardServe collects, uses and protects personal data when you use our website and platform.

This privacy policy is a template provided for transparency and should be reviewed by your data protection adviser before you rely on it. It does not constitute legal advice.

Who we are

BoardServe is operated by The Governance Forum Limited(“we”, “us”), a company registered in England & Wales under company number 06881402. We act as the data controller for personal data collected through our website. When you use the BoardServe platform as a customer's board or organisation member, your organisation is typically the data controller and we act as a data processor on its behalf.

The data we collect

  • Enquiry data — your name, work email, organisation, role, phone number and message when you contact us or request a demo.
  • Account & assessment data — information you and your organisation provide within the platform, including questionnaire responses, declarations and governance documents.
  • Technical data — limited information such as device and browser type collected to operate and secure the service. We choose the most privacy-preserving defaults and do not run intrusive tracking.

How we use your data and our lawful basis

We process personal data where we have a lawful basis to do so, including:

  • to respond to your enquiry and provide a demo (our legitimate interests in responding to prospective customers, or steps prior to a contract);
  • to provide, secure and improve the platform under our contract with your organisation;
  • to comply with our legal and regulatory obligations.

Sharing and sub-processors

We share personal data only with service providers who help us run the platform (for example, hosting, database and email delivery), under contracts that require appropriate safeguards. We do not sell personal data. A current list of sub-processors and a Data Processing Agreement are available on request.

Where your data is stored

Board and platform data is stored and processed within the UK and EU. Where any transfer outside the UK/EEA is necessary, we put appropriate safeguards in place as required by UK GDPR.

Retention

We keep personal data only for as long as necessary for the purposes described above, or as required by law and our customer agreements, after which it is securely deleted or anonymised.

Your rights

Under UK GDPR you have rights to access, rectify, erase, restrict and object to processing of your personal data, and to data portability. To exercise these rights, contact us at hamada@tgf.global. You also have the right to complain to the Information Commissioner's Office (ICO).

Contact

For any privacy question or request, please contact us at hamada@tgf.global.