Legal

Privacy Policy

Effective 1 January 2026 · Last updated 10 June 2026

1. Introduction

This policy explains how Gildoni Ltd collects, uses, shares, and protects personal information when you visit gildoni.com or contact us. We take your privacy seriously and handle your information in line with the EU General Data Protection Regulation (GDPR), the UK GDPR, the ePrivacy Directive, and the Israeli Privacy Protection Law. Where one of these gives you a stronger protection than another, you get the stronger protection.

2. Data controller

The data controller responsible for your personal information is:

Gildoni Ltd, company number 517214912, of 4 Shimon Ben Zvi Street, Givatayim, Israel 5363202. For any privacy matter, email privacy@gildoni.com. We aim to acknowledge requests within 72 hours and to respond substantively within 30 days.

3. Our representative in the European Union

As a company based outside the European Union that offers services to people in the EU, we are in the process of formally designating a representative in the EU under Article 27 of the GDPR. Until that designation is complete, please direct any enquiry you would otherwise send to an EU representative to privacy@gildoni.com, and we will deal with it directly.

4. Scope of this policy

This policy covers personal information processed through our website and our business communications. It does not cover the separate terms of a client engagement, which are set out in the relevant signed agreement, and it does not cover other websites or services we link to, which have their own policies. Your use of the website is also governed by our Terms of Service, and our use of cookies is described in detail in our Cookie Policy.

5. Personal data we collect

We collect personal information in three ways.

5.1 Information you give us directly. When you make an enquiry, book a briefing, or correspond with us, we may collect your name, job title, and company; your email, telephone, and postal address; the content of your message; your communication preferences and any consent you give; and scheduling details such as meeting times and availability.

5.2 Information we collect automatically. When you visit the site we collect technical data (IP address, browser type and version, operating system, device type), usage data (pages visited, time on the site, referral source, and on-page interactions), approximate location derived from your IP address, and cookie data as described in Section 10.

5.3 Information from third-party sources. In the course of business development we may collect professional information from public sources such as LinkedIn profiles, company websites and business registries, and website analytics tools.

5.4 Information from calls and meetings. When we hold a discovery or lead-generation call or a briefing with you, we may create a written transcript of the conversation so we have an accurate note of what was discussed. We do not retain an audio or video recording of these calls; the transcript is the record we keep. We use a meeting-assistant tool to produce the transcript, and we will tell you on the call that it is being transcribed.

5.5 Information you enter into the Think Partner app. Our Think Partner application at thinkpartner.gildoni.com lets you try the method directly. When you use it, the text you type is processed by generative AI models so the app can evaluate your input and respond. Section 9 explains how we handle that processing and the tools involved.

5.6 Information when you subscribe to our dispatch. When you sign up for our email dispatch through the form in the site footer, we collect your email address and your consent to receive it. We use a double opt-in, so you confirm your subscription by clicking a link we send you, and you can unsubscribe at any time using the link in every email.

6. How we use your personal data and our lawful basis

We use your information only where we have a lawful basis to do so.

  • To respond to enquiries: identity, contact, and communication data, on the basis of our legitimate interests, kept for three years from last contact.
  • To manage meetings, briefings, and workshops: identity, contact, and booking data, on the basis of performing or preparing a contract, kept for seven years (tax and contract law).
  • To deliver consultancy services: identity, contact, communication, and company data, on the basis of performing a contract, kept for seven years.
  • For marketing and thought-leadership communications: identity, contact, and preference data, on the basis of your consent, kept until you withdraw it plus a short period.
  • For website analytics: technical, usage, and location data, on the basis of your consent, kept for up to 14 months.
  • For business development and prospecting: professional contact data, on the basis of our legitimate interests, kept for three years from last contact.
  • For company-level visitor identification: technical and usage data, on the basis of our legitimate interests, kept for 90 days.
  • For legal and regulatory compliance and for financial records: the relevant data, on the basis of our legal obligations, kept as the law requires (up to seven years under Israeli tax law).

7. Who we share your data with

We do not sell your personal information, and we do not share it for anyone else's marketing. We do use a small number of trusted providers who process information on our behalf, under contracts that bind them to use it only as we instruct.

  • Website hosting and content delivery (the site is hosted on Vercel).
  • Domain management (GoDaddy).
  • Scheduling: strategic-briefing bookings are handled by Cal.com.
  • Website and product analytics, delivered through Google Tag Manager (Google Analytics 4 and Microsoft Clarity), and cookieless analytics (Vercel Web Analytics).
  • Advertising and conversion measurement (the LinkedIn Insight Tag).
  • Email newsletter delivery: our dispatch is sent through MailerLite, an EU-based provider, which stores subscriber email addresses and engagement data such as opens and clicks on our behalf, and manages the double opt-in and unsubscribe.
  • Email and productivity (Google Workspace).
  • Video conferencing for meetings (Microsoft Teams, Zoom).
  • Call transcription: a meeting-assistant tool that produces written transcripts of our calls. We do not record audio or video.
  • The Think Partner app (thinkpartner.gildoni.com) is built on Lovable, which uses generative AI models to process the text you enter in the app.
  • Generative AI tool providers, as described in Section 9.

We may also share information with our professional advisers (legal, financial, and accounting, all under confidentiality), and with authorities where the law, a court, or a regulator requires it. If the business is ever reorganised, any new controller would be bound by a policy at least as protective as this one.

8. International transfers of personal data

Gildoni Ltd is in Israel, which the European Commission recognises as providing an adequate level of data protection, so transfers between the EEA and Israel are lawful without additional safeguards. Some of the providers above are in, or process data in, other countries including the United States. Where information is transferred to a country without an adequacy decision, we rely on appropriate safeguards such as the European Commission's standard contractual clauses, together with any supplementary measures needed. To ask about the safeguards for a particular transfer, email privacy@gildoni.com.

9. Processing of personal data through generative AI tools

As an AI consultancy, we use generative AI tools in our own work, and we are transparent about it.

9.1 How we use them. We may use AI tools to help draft and review responses to enquiries, to analyse business documents and proposals, to transcribe and summarise calls, to take notes, and for general business operations such as research and document preparation. Our Think Partner app at thinkpartner.gildoni.com is built on Lovable, and the text you enter into the app is processed by generative AI models so the app can evaluate your input and respond. The providers we may use include OpenAI, Google, Microsoft, and Lovable, and similar AI tools adopted over time.

9.2 Safeguards. We put a data-processing agreement in place with an AI provider before processing personal information through its tools. We apply data minimisation, we do not input special-category data without an explicit legal basis, and where a provider is outside the EEA we require transfer safeguards. We instruct providers to opt our data out of model training where that option exists. AI output is never the sole basis for a decision that significantly affects a person without human review.

9.3 Limitations. AI tools can produce inaccurate output, so a person always reviews anything before we rely on it. If you have a concern about our use of AI, email privacy@gildoni.com.

10. Cookies and similar technologies

We use cookies and similar technologies on the website. Strictly necessary cookies keep the site working and do not need consent. Analytics, advertising-measurement, and functional cookies are used only with your consent, which we collect through a consent banner when you first visit and which you can change at any time using the link in the footer. Refusing non-essential cookies does not stop you using the site. The full detail, including every cookie, its provider, purpose, and duration, is in our Cookie Policy.

11. Profiling and automated processing

We carry out limited profiling, and never in a way that produces a legal or similarly significant effect on you by automated means alone.

Where you consent to advertising cookies, the LinkedIn Insight Tag may include you in audiences we use to measure interest in our work and, in future, to show relevant professional advertising on LinkedIn. This rests on your consent, which you can withdraw at any time using the link in the footer or by emailing privacy@gildoni.com. We do not carry out company-level visitor de-anonymisation, and we do not make decisions that produce a legal or similarly significant effect on you by automated means alone.

12. How long we retain your personal data

We keep information only as long as we need it:

  • Enquiries and correspondence: three years from last contact.
  • Client and contractual data: seven years from the end of the contract.
  • Financial and invoicing records: seven years from the transaction.
  • Marketing consent records: for the duration of consent plus three years.
  • Newsletter subscriber data: until you unsubscribe plus a short period.
  • Website analytics data: up to 14 months.
  • Cookie consent logs: three years.
  • Recruitment data: two years from receipt.
  • Data relating to a legal claim: for the applicable limitation period.

At the end of the retention period we securely delete or anonymise the information, and instruct our processors to do the same.

13. How we protect your personal data

We use sensible measures to protect your information, including encryption in transit (TLS/HTTPS), access controls and role-based permissions, reputable enterprise-grade cloud providers, and regular reviews of our security practices. If a personal-data breach occurs that is likely to pose a risk, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay where the law requires. No system is completely secure, but we take the protection of your information seriously and act quickly if something goes wrong.

14. Children's data

This website and our services are intended for business professionals. They are not directed at children, and we do not knowingly collect information from anyone under 18. If you believe a child has given us their information, email privacy@gildoni.com and we will delete it.

15. Your data protection rights

Subject to the conditions in the law, you have the right to: access the information we hold about you and receive a copy; have inaccurate or incomplete information corrected; have your information erased; restrict our processing; receive your information in a portable, machine-readable format; object to processing based on our legitimate interests or to direct marketing; not be subject to a decision based solely on automated processing that produces a legal or similarly significant effect (we do not make such decisions); and withdraw consent at any time without affecting processing carried out before withdrawal.

To use any of these rights, email privacy@gildoni.com with the subject line "Data Subject Request", telling us your name, an email or other identifier, and what you are asking for. The first request is free, and we may ask you to verify your identity.

16. Right to lodge a complaint with a supervisory authority

If you believe we have not handled your information properly, you can complain to a supervisory authority, although we would rather you came to us first so we can put it right. Depending on where you are, the relevant authority may be your EU member state's data protection authority, the German Federal Commissioner for Data Protection and Freedom of Information (BfDI) and the state authorities, the UK Information Commissioner's Office (ico.org.uk), or the Israeli Privacy Protection Authority.

The website may link to, or embed content from, other services such as scheduling, video, and social media. Those third parties have their own privacy policies, and we are not responsible for their content or their practices.

18. Changes to this privacy policy

We may update this policy from time to time, for example if we add a tool to the site or the law changes. We will revise the "last updated" date above, and for significant changes we will give additional notice. Please check back occasionally.

19. Contact us

For any question about this policy or your information, or to use any of your rights, email privacy@gildoni.com, or write to Gildoni Ltd, 4 Shimon Ben Zvi Street, Givatayim, Israel 5363202.

You can read how we use cookies in our Cookie Policy, and the terms that govern this website in our Terms of Service.