The AI, Privacy and Security Agency

Privacy Policy

Background

The AI, Privacy and Security Agency, referred to as “AIPrivSec” throughout this document, are specialist providers of consultancy in the areas of information security and data privacy for businesses wishing to maintain or achieve a gold standard in these areas. Our special focus is their application to protect and regulate the deployment and use of Artificial Intelligence (AI).

Scope

This privacy policy describes how we collect, protect, use, share and store the personal data of data subjects whose data we process in accordance with the requirements of the GDPR and all relevant national legislative instruments. It also outlines their legally enforceable rights and choices relating to that information.
Our contact details are provided at the end of this document.

Personal Data

Under the EU’s General Data Protection Regulation (GDPR) personal data is defined as: “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”
For the purposes of this privacy policy, all reference to “data” “data subject data” “personal data” “data being processed” or other derivatives thereof will be intended to mean “personal data” as defined above unless otherwise expressly stated or defined.

Responsibilities

Data Protection Officer

The Data Protection Officer is responsible for ensuring that this notice is made available to data subjects prior to the collection or processing of their personal data by AIPRIVSEC. Our DPO can be reached by email on dpo@aiprivsec.co.uk

The Data Protection Officer is responsible for ensuring that this notice is made available to data subjects prior to AIPrivSec.  collecting and processing their personal data. Our DPO can be reached by email on dpo@aiprivsec.co.uk

Employees/Staff

All Employees/Staff who interact with data subjects are responsible for ensuring that this notice is drawn to the data subjects’ attention and their consent to the processing of their data in the ways detailed herein is secured before this processing occurs.

AIPrivSec Privacy Notice

Our contact details are provided at the end of this document.

Who does this notice apply to?

This notice applies to following individuals and categories of individuals:


● Customers: Individuals who register for our content or request our support; Individuals making payment transactions; Visitors to our premises; Anyone calling one of our phone numbers; and Anyone visiting or using any one of our Websites; (“Customer Data”)
● Contacts: We retain contact data for the period where it is in our Legitimate Interest to help us to grow and improve our organisation. This includes suppliers, partners, contractors and contingent workers, prospective clients, other business contacts, merchants accepting payments and other individuals whose personal data we collect in the course of our business (“Contact Data”); and
● Employees: Current employees, former employees, dependents and beneficiaries of employees, former employees, and prospective employees in connection with their working relationship or application for employment (“Employment Data”).
Note: Employees should refer to AIPrivSec’s Employee Privacy Notice for details.

This notice applies to following individuals and categories of individuals:

  • Customers: Individuals who register for our content or request our support; Individuals making payment transactions; Visitors to our premises; Anyone calling one of our phone numbers; and Anyone visiting or using any one of our Websites; (“Customer Data“)
  • Contacts: We retain contact data for the period where it is in our Legitimate Interest to help us to grow and improve our organisation. This includes suppliers, partners, contractors and contingent workers, prospective clients, other business contacts, merchants accepting payments and other individuals whose personal data we collect in the course of our business (“Contact Data”); and
    Employees: Current employees, former employees, dependents and beneficiaries of employees, former employees, and prospective employees in connection with their working relationship or application for employment (“Employment Data“).

Note: AIPrivSec Employees should refer to AIPrivSec’s Employee Privacy Notice for details.

When do we collect personal data?

  • For identification and information verification purposes
  • To provide training or consulting services
  • When fulfilling a transaction initiated by or involving a Data Subject
  • To build or maintain relationships with customers and potential customers
  • For other forms of Business development
  • During business planning
  • Maintaining the security of data collected and processed
  • When maintaining & supporting technology including infrastructure; software and Database systems
  • For protecting AIPrivSec’s legal rights or assets
  • When enforcing our rights or the rights of other persons in a financial transaction
  • For fraud prevention or investigation, or other risk management purposes
  • In response to a lawful request from a court or government agency or to otherwise comply with applicable law or compulsory process
  • On the written request of the Data Subject, where appropriate and
  • For other purposes required or permitted by law or regulation
  • Note: AIPrivSec Employees should refer to AIPrivSec’s Employee Privacy Notice for details.
  • When enforcing our rights or the rights of other persons in a financial transaction

Why do we collect personal data?

We collect and process personal information to:

  • Comply with legal requirements.
  • Maintain the security and safety of our services; and
  • Understand who to whom we are providing services for the safety of our staff and to protect our business.

In all cases where we collect personal data in a transparent fashion at the point of collection. Consent is our preferred lawful basis for data collection.

In some instances, we also collect personal data within processes where we have conducted a legitimate interest assessment which shows a compelling justification for collection of that data without undue or unexpected impact on the individuals whose data we are collecting. This includes collection of personal data for marketing purposes or when we ask customers to take part in customer surveys.

This is clearly stated in our communications and the opportunity to remove consent or to opt-out is always provided as part of those communications.

The situations where we collect data based on legitimate interest include, but are not limited to:

  • Promoting our business.
  • Undertaking market research, direct marketing, including analysis to create profiles and to conduct customer surveys.
  • When you post on social media about our business, we may use your contact details to respond to any complaints or comments.
  • Collecting website user data for statistical purposes (this contains no personally identifiable information). To support this our websites may use third-party marketing and analytical cookies. We do not include cookies in our marketing emails.

Please note that it is possible to reject or block cookies in your browser settings and to remove yourself from our marketing and survey emails by unsubscribing from them.

What personal data do we collect?

Customers’ Personal Data

Support and Billing

We need some information in order for us to engage with our customers to provide services to them and to bill customers for those services. This will usually consist of:

  • Your full name
  • Telephone or mobile number
  • Email address
  • Areas of interest
  • Additional data, such as bank details, are collected for the purposes of invoicing customer
Direct Marketing and Surveys

AIPrivSec also collects contact data such as name, telephone number and email address to allow it to conduct marketing or carry out surveys.

We may use that personal data for marketing purposes, to inform you of services which may, according to your past preferences, be of interest to you. We may also ask you to take part in one of our customer surveys using this data. These communications shall strictly adhere to applicable legal regulations.

Advertising and marketing shall be sent to you only if you opted in for these communications during the registration process, via e-mail or where you have expressed interest in one of our specialist areas or we have an existing relationship with you that suggests you may be interested in other services that we provide.

Your decision about direct marketing may be withheld in accordance with the opt-out rules described in each marketing e-mail or other form of communication. Typically that is possible by unsubscribing or by directly contacting AIPrivSec (please see contact details below). Should you opt out, AIPrivSec shall retain only such data necessary for provision of services in accordance with the rules set out in this policy.

Contacts Personal Data

AIPrivSec’s collects Suppliers, partners, contractors and contingent workers, prospective clients, other business contacts, merchants accepting payments and other business contacts personal data in the course of our business. AIPrivSec are committed to protecting these individuals’ rights and freedoms as they relate to data privacy and protection through the measures explained throughout this privacy notice.

Employee’s Personal Data

AIPrivSec respects employee privacy. Employees should refer to AIPrivSec’s Employee Privacy Notice for details

AIPrivSec’s Handling of Special Categories Data

AIPrivSec does not collect Special Category Data such as: Racial or Ethnic origin; Political opinions; Religious or philosophical beliefs; Trade Union membership; Genetic or biometric data used for the purpose of uniquely identifying an individual; Data concerning health; or Data concerning a natural person’s sex life or sexual orientation.

Where exceptions occur and Special Category Data is provided inadvertently by the data subject we erase this data on detection or notification.

Disclosing information to third parties

AIPrivSec respects individuals’ privacy. This means that, other than the for the purposes referred to in this policy, we will not process, sell or disclose any personal information to any other person, business or third-party without your consent, where we are legally obliged to do so (for example, if required to do so by court order or for the purposes of prevention of fraud) or where we see it as part of our duty of care

  • Where necessary we disclose your personal data to payment providers, technology providers, insurers, and other specialist professional and technical service providers and advisers to provide services; and
  • In some cases, it may be necessary to transfer your personal data outside the UK and European Economic Area. Where we do this, we will use appropriate and proportionate safeguards and require contractually that these greater or equal safeguards are implemented by the recipients (processor) who will be obliged to preserve your data privacy and protection rights. As part of this the processor will be restricted from passing your data to a third party or third country without our explicit consent which will only be granted where security is greater than or equal to the measures that we employ and where your rights are contractually preserved.

How long do we keep personal data

Details of the periods that AIPrivSec retains, and processes personal data can be found in AIPrivSec’s Data Retention Policy. In summary, for the purposes of this document, we operate the following broad guidelines for the retention and processing of personal data:

Employment Data

Up to 6 years following employment. Employees should refer to AIPrivSec’s Employee Privacy Notice for full details.

Customer Data

For 3 years or until such time as the purpose for which the data was collected is no longer valid whichever is the shorter

Contact Data

We retain contact data for the period where it is in our Legitimate Interest to retain it to help us grow and improve our organisation. This includes AIPrivSec’s suppliers, partners, contractors and contingent workers and prospective customers.

Where we process personal data on the basis of your consent, we will retain it for as long as required for the specified purpose. We also keep your data

  • For a period that allows us to fulfil our contract with you, provide services to you or respond to your questions or complaints.
  • For the period required by local law concerning keeping records.
  • To allow us to uphold or protect contractual or legal rights; or
  • Where it is in your or another party’s vital interests or our legitimate interests.

We may also be required to keep personal data in line with any statutory limitation periods and for tax, legal or regulatory purposes.

Keeping your data up-to-date

It is your duty to inform us if any of your personal information which we hold about you needs to be updated. We may contact you at any time if you have used our services with us where we suspect that we hold incorrect information about you.

Web Site and Cookies

How we use cookies

When you use our websites, we aim to make your experience engaging. In order to do this, we or the service provider that we use may use cookies. Cookies are small text files which are sometimes downloaded on your computer or mobile device when you first visit our website so that we can remember who you are.

Usually, cookies contain two pieces of information: a site name and unique user ID. Cookies cannot be used alone to identify you, although they may be used to identify your IP address. Cookies help us and/or third-party websites recognise your device the next time you visit and may remember details such as your username and preferences, analyse how the website is performing, or allow us to recommend content we believe is relevant to you.

Generally, cookies used on this website may perform the following functions:

Essential Cookies:

These temporary cookies only remain in the cookies folder of your browser until you leave our website.

Performance Cookies:

These cookies are stored on your computer – they contain no personal information and are used to improve performance and assist in navigation. They remain in the cookies folder of your browser for longer than “Essential” cookies (dependent on your browser settings).

We use or allow third parties to serve cookies that fall into the categories above. We use Google Analytics to help us monitor our website traffic, and cookies may also be served via AIPrivSec.com or any of our subsidiary domains, online surveys, and online publications.

We may also use third party cookies to help us with market research, revenue tracking, improving site functionality and monitoring compliance with our Terms and Conditions and Copyright Policy as stated in our Terms and Conditions.

By using our website, you agree that we can place these types of cookies on your device. We may change ‘HOW WE USE COOKIES’ from time to time. It is your responsibility to check the policy regularly. You will be deemed to have accepted any amendments to the policy if you continue to make use of the website after a change to ‘HOW WE USE COOKIES’ has been made.

We have links to social networking websites (for example but not limited to: Facebook, Twitter, LinkedIn) from AIPrivSec. These websites may place cookies on your computer. We do not control how they use their cookies. We suggest you check their website to see how they are using cookies.

For more information about cookies, visit www.aboutcookies.org which includes useful information on cookies and how to block cookies using different types of browser. Please note that by blocking or deleting cookies, you may not be able to take full advantage of our websites.

Third Party Websites

Our website may contain links to other websites promoting their business to our customers. AIPrivSec indemnifies itself against all data use on third party websites. Please refer to their relevant privacy policy and terms and conditions.

Google Analytics & Demographic Data

We may use Google Analytics or other analysis tools to collect information about visitor behaviour on our website. Google Analytics stores information about what pages you visit, how long you are on the site, how you got here and what you click on. This Analytics data is collected is not tied to personally identifiable information. We therefore do not collect or store your personal information (e.g. your name or address) so this information cannot be used to identify who you are.

You can find out more about Google’s position on privacy as regards its analytics service at http://www.google.co.uk/intl/en/analytics/privacyoverview.html

Tracking cookies also allows us to access aggregates demographic and audience data from online behavioural advertising services. This information has no personal or identifiable information contained within it. It is used only for us to evaluate the effectiveness of the website and see how different groups of users use and respond to the site, and in no way allow us to track people individually. You may opt out of this tracking by disabling cookies within your browser.

Website Security

The Internet is not a secure medium. However, we have chosen a UK-based, ISO-27001 certified provided who is required to have put in place various security procedures, including firewalls that are used to block unauthorised traffic to our website.

Your data, your rights

Your Rights

By submitting your information to us, you consent to the use of that information as set out in this Privacy Policy. At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:

  • You have the right to object to certain types of processing such as direct marketing
  • You have the right to object to automated processing, including profiling
  • You have the right to request a copy of the information that we hold about you
  • You have the right to ask us to correct the data that we hold about you that is inaccurate or incomplete
  • In certain circumstances you can ask for the data we hold about you to be erased from our records
  • Where certain conditions apply you have the right to ask that we restrict the processing of your personal data; and
  • You may have the right to have the data we hold about you transferred to another organisation.
  • Right to judicial review: if AIPrivSec refuses your request under rights of access

Note: we will always provide you with a reason as to why we have refused your rights request

  • You have the right to complain as outlined in Section 5 of this document

Note: Rights requests will be forwarded on to a third party if one is involved in the processing of your personal data.

Sharing of personal data

Your personal data will not be shared with, or provided to, any third party except in the following situations:

  • You consent.
  • Data is necessary.
  1. For provision of services – for example credit card details will be exchanged (a) with your bank for service provision to be confirmed; or
  2. AIPrivSec’s is obliged to provide the personal data on the basis of law or upon order by a public authority.
  • it is specifically allowed by applicable legal regulations.

Data Security

AIPrivSec makes every effort to ensure that your personal data is stored securely.

The aim is to eliminate unauthorized or unlawful processing of your personal data, or accidental, unauthorized or unlawful access, use, transferring, processing, copying, transmitting, alteration, loss or damage of your personal data. Despite all efforts and meeting all rules set out by applicable legal regulations, it is not possible to guarantee the security of your data, if it is transferred or transmitted in an unsecured way.

For this reason, we have introduced adequate physical, technical and organizational measures and plans to protect and secure all information collected by our services using

  • Using Cryptography, where necessary
  • Using password protection, where necessary; and
  • Restricting access to your personal data (i.e. access to your personal data is granted only to those employees or personnel for whom the access is indispensable for the purposes described in this document and in our full privacy policy).

We require that our partners, who provide supporting services that help us to store and otherwise process your personal data, apply the same high level of protection to your data.

Note: These measures do not remove your duty to secure your own personal data. You should, inter alia, regularly change your passwords and should never use predictable usernames and/or passwords, share your password with other persons, or grant access to your User account and/or disclose your personal data to other persons.

Complaints

In the event that you wish to make a complaint about how your personal data is being processed by AIPrivSec or third parties (as described in 4.6 Disclosing Information to Third Parties), or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority. In the first instance please raise that complaint with AIPrivSec’s Data Protection Officer in the first instance.

AIPrivSec’s Data Protection Officer (DPO) can be contacted as follows:

Contact Name:The Data Protection Officer
Email:dpo@Aiprivsec.co.uk

Our address is: 11 St Michaels Road, Bournemouth, BH2 5DP

Our Data Protection Officer can be contacted about any matters covered in this notice:

                 By email: dpo@aiprivsec.co.uk

If you remain unhappy with the handling of your case, then you have the right to contact the UK Information Commissioner’s Office (ICO) as follows:

By phone (UK)0303 123 1113
By phone (outside UK)+44 1625 545 700
ICO Web Pagehttps://ico.org.uk/make-a-complaint/your-personal-information-concerns/
Emaildataprotectionfee@ico.org.uk

Changes to this policy

We may change our Privacy Policy at any time. Continued use of our websites signify that you agree to any such changes.

Please be aware that the privacy policy is in English. For any support in a foreign language please contact dpo@Aiprivsec.co.uk