Bellosoft — Legal

Privacy Policy

Last updated: 29 May 2026

Bellosoft Limited ("Bellosoft", "we", "us", "our") is committed to protecting the personal data of our clients, prospects, partners and website visitors. This Privacy Policy explains how we collect, use, store, share and protect personal data in accordance with the UK General Data Protection Regulation ("UK GDPR"), the Data Protection Act 2018 ("DPA 2018") and the Privacy and Electronic Communications Regulations 2003 ("PECR").

By accessing our website, engaging our services or contacting us through any channel, you confirm that you have read and understood this Policy.

1. Who we are

Bellosoft Limited is a software house that develops bespoke software, e-commerce platforms, institutional websites and artificial intelligence solutions. Bellosoft Limited is the data controller responsible for personal data processed in connection with services provided to UK clients and visitors to our website.

Legal nameBellosoft Limited
Company number11972919
Registered officeSuite 8, 186 St. Albans Road, Watford, England, WD24 4AS
Nature of business (SIC)62012 — Business and domestic software development
Email[email protected] (or [email protected])

Bellosoft Limited is part of the wider Bellosoft group, which includes Bellosoft Programas de Computador LTDA (Brazil, CNPJ 27.505.691/0001-31). Personal data may be shared between group entities for the purposes set out in this Policy, subject to appropriate safeguards under Chapter V of the UK GDPR (see section 6).

2. Personal data we collect

2.1 Data you provide directly

When you complete a form on our website, respond to one of our advertising campaigns (including Meta Lead Ads on Facebook and Instagram), or contact us through any official channel, we may collect:

  • Full name
  • Email address
  • Telephone or messaging number (including WhatsApp)
  • Company name and your role
  • Company website
  • Company size
  • Indicative budget
  • Description of your challenge or requirement
  • The content of communications exchanged with us by email, messaging app, meetings and proposals

2.2 Data we collect automatically

When you browse our website, we may collect automatically:

  • IP address
  • Device type, operating system and browser
  • Pages visited and time spent
  • Referring source
  • Campaign identifiers (UTM parameters, ad ID, click ID)
  • Cookies and similar technologies (see section 8)

2.3 Data of contracted clients

In the course of delivering contracted services, we may process personal data supplied by the client strictly for contractual, operational and legal purposes. Specific terms are set out in each project's contract.

2.4 Data we do not request

We do not request special category data under Article 9 UK GDPR (racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic, biometric, health, sex life or sexual orientation data), nor financial credentials (card numbers, bank accounts, passwords) or copies of identity documents in our public forms. Please do not submit such information through unsecured channels.

We also record consent metadata associated with each form submission, including date and time of acceptance, the text presented to you and the version of this Policy applicable at the time.

3. How we use your personal data

We use personal data for the following purposes:

  • To respond to your commercial or institutional enquiry
  • To assess the technical and commercial context of your requirement
  • To send proposals, related materials and follow-up communications
  • To deliver and manage contracted services
  • To comply with legal, contractual and regulatory obligations
  • To measure the performance of our marketing campaigns and acquisition channels
  • To prevent fraud, abuse, spam and automated submissions
  • To improve the clarity, performance and conversion of our website, where analytics is permitted
  • To establish, exercise or defend legal claims

4. Lawful bases for processing

We process personal data on the following lawful bases under Article 6 UK GDPR:

  • Consent (Article 6(1)(a)) — for non-essential cookies, marketing emails to prospects, and other uses we explicitly request your consent for. You may withdraw consent at any time.
  • Performance of a contract or pre-contractual steps (Article 6(1)(b)) — to respond to enquiries that may lead to a contract, and to deliver services once contracted.
  • Compliance with a legal obligation (Article 6(1)(c)) — to meet our tax, accounting and other statutory duties under UK law.
  • Legitimate interests (Article 6(1)(f)) — including, where compatible with your rights and freedoms: securing our website and infrastructure, preventing fraud and abuse, measuring marketing performance, sending business-to-business prospect communications relevant to your role, and establishing or defending legal claims.

Where we rely on legitimate interests, we have carried out a balancing assessment. You may obtain further information about that assessment by contacting us at the address in section 14.

5. Who we share your data with

Bellosoft does not sell personal data.

We share personal data only where necessary, with:

  • Other Bellosoft group entities — including Bellosoft Programas de Computador LTDA (Brazil) — for service delivery, account management and group reporting (see section 6 for transfer safeguards).
  • Lead capture and CRM platforms — including Meta (Facebook Lead Ads) for the receipt of campaign leads, and our CRM platform for storing, organising and following up on those leads.
  • Hosting and infrastructure providers for the website.
  • Email and professional communications tools.
  • Analytics and measurement platforms where you have consented.
  • Advertising platforms (Meta Ads, Google Ads, LinkedIn Ads) to deliver campaigns and measure performance.
  • Public authorities, where required by law or in response to a lawful request.
  • Partners and subcontractors strictly necessary to deliver contracted services.

All third parties acting as our processors are bound by written agreements that meet the requirements of Article 28 UK GDPR, including confidentiality, security and limited use of personal data.

6. International data transfers

Some recipients of personal data — including other Bellosoft group entities (notably Bellosoft Programas de Computador LTDA in Brazil) and certain technology providers (including Meta, our CRM platform, our hosting provider and our email tools) — are located outside the United Kingdom, including in Brazil, the European Economic Area (EEA), the United States and other jurisdictions.

Where the destination country is not the subject of an adequacy regulation under section 17A DPA 2018, we put in place an appropriate safeguard under Article 46 UK GDPR, such as:

  • The International Data Transfer Agreement ("IDTA");
  • The European Commission Standard Contractual Clauses with the UK International Data Transfer Addendum issued by the ICO; or
  • Another mechanism approved by the ICO.

You may request a copy of the relevant safeguard by contacting us at the address in section 14.

7. How long we keep your data

We retain personal data only for as long as necessary for the purposes set out in this Policy, including:

  • Responding to and following up on your commercial enquiry
  • Meeting contractual obligations to clients
  • Complying with statutory retention periods (for example, accounting records must be retained for at least six years under UK tax law)
  • Establishing, exercising or defending legal claims

Once personal data is no longer required, we will delete, anonymise or securely archive it, as appropriate.

Cookie preferences are stored locally in your browser until you clear site data or a new consent banner is presented.

8. Cookies and similar technologies

We use cookies and similar technologies to:

  • Ensure the website functions correctly (essential cookies)
  • Remember your preferences (language, cookie consent)
  • Measure usage, performance and conversion (analytics cookies)
  • Attribute and optimise advertising campaigns (Meta Pixel, Google Tag and similar)

In accordance with PECR, non-essential cookies (analytics and advertising) are set only after you provide explicit consent through our cookie banner. You may withdraw consent or change your preferences at any time by reopening the banner, clearing site data in your browser, or configuring your browser to block cookies — noting that some features may be affected.

9. Security

We adopt robust, up-to-date technical and organisational measures to protect personal data against unauthorised access, loss, destruction, alteration or disclosure. These measures include access controls, encryption in transit, segregation of environments, supplier due diligence and incident response procedures.

No system is entirely free from risk. In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours where required, and inform affected data subjects in accordance with Article 34 UK GDPR.

10. Your rights under UK GDPR

As a data subject, you have the following rights under Articles 15 to 22 UK GDPR:

  • Right of access — to obtain confirmation that we process your data and a copy of it
  • Right to rectification — to have inaccurate or incomplete data corrected
  • Right to erasure ("right to be forgotten") — in the circumstances set out in Article 17
  • Right to restriction of processing — in the circumstances set out in Article 18
  • Right to data portability — to receive your data in a structured, commonly used, machine-readable format, where Article 20 applies
  • Right to object — to processing based on legitimate interests, and at any time to direct marketing
  • Right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects or similarly significant effects (Article 22)
  • Right to withdraw consent at any time, where processing is based on consent

To exercise any of these rights, please write to [email protected] (or [email protected]) identifying the request and the data concerned. We may ask for proof of identity before responding, to protect you against unauthorised disclosure.

We will respond without undue delay and, in any event, within one month of receipt of your request, as required by Article 12(3) UK GDPR. That period may be extended by up to two further months where necessary, taking into account the complexity and number of requests.

11. Children

Our website and services are directed at business and professional contacts. We do not knowingly collect personal data from children under 13 (the UK's age of digital consent under section 9 DPA 2018). If we become aware that we have collected personal data from a child without verified parental consent, we will delete it.

12. Changes to this Policy

We may update this Policy from time to time to reflect changes in law, technology, operations or service providers. The version in force will always display the date of last update at the top of this document. Material changes will be flagged prominently on our website.

13. Complaints — the Information Commissioner's Office

You have the right to lodge a complaint with the UK's data protection supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Helpline: 0303 123 1113 · Website: ico.org.uk

We would, however, appreciate the opportunity to address your concerns before you approach the ICO — please contact us first using the details below.

14. Contact

For any question, request or complaint relating to this Privacy Policy or our processing of your personal data:

Primary contact for data protection enquiries: Mateus Bellozupko
Email: [email protected] (or [email protected])
Postal address: Bellosoft Limited, Suite 8, 186 St. Albans Road, Watford, England, WD24 4AS