Who We Are
\nAutoAI Labs Ltd (\"we\", \"us\", \"our\") is the Data Controller responsible for your personal data. We are a UK-registered company providing AI-powered automation consulting and product development services to SMEs and technology founders.
\nData Controller Details
\n- \n
- Registered Name \n
- AutoAI Labs Ltd \n
- Registered Address \n
- 12 Innovation Quarter, Manchester, M1 7AB, United Kingdom \n
- Company Number \n
- 14829374 \n
- ICO Registration Number \n
- ZB487293 \n
- Data Controller Email \n
- dpo@autoailabs.co.uk \n
If you have any questions about how we handle your personal data, you can contact us at any time using the details above or via the contact block at the end of this policy.
\nWhat Data We Collect
\nWe collect personal data only when necessary and always with a clear purpose. The categories of personal data we may collect include:
\n2.1 Data You Provide Directly
\n- \n
- Identity Data: Full name, job title, company name. \n
- Contact Data: Email address, phone number (if provided). \n
- Project Data: Any descriptions, requirements, or details you share about your project via our contact or enquiry forms. \n
- Communication Data: Records of correspondence between you and AutoAI Labs, including emails and chat messages. \n
2.2 Data Collected Automatically
\n- \n
- Usage Data: Pages visited, time on site, referring URLs, browser type, operating system, and device type, collected via our analytics platform. \n
- Technical Data: IP address (anonymised where possible), session identifiers, and approximate geolocation (country/city level only). \n
- Cookie Data: Data collected via cookies and similar tracking technologies — see Section 7 for full details. \n
2.3 Data We Do Not Collect
\nWe do not collect or process special category data (such as health, biometric, religious, or racial data), financial payment card data, or data relating to criminal convictions. We do not build individual user profiles for advertising purposes.
\nHow We Use Your Data
\nWe use personal data for the following purposes:
\n| Purpose | \nData Used | \nLegal Basis | \n
|---|---|---|
| Responding to your enquiry or contact form submission | \nIdentity, Contact, Project Data | \nContractual necessity / Legitimate interest | \n
| Sending you information about our services you requested | \nIdentity, Contact Data | \nConsent | \n
| Improving our website and user experience | \nUsage, Technical Data | \nLegitimate interest | \n
| Analytics and performance measurement | \nUsage, Cookie Data | \nConsent (where required) | \n
| Legal compliance and record-keeping | \nAll relevant categories | \nLegal obligation | \n
| Preventing fraud and ensuring security | \nTechnical Data | \nLegitimate interest | \n
Legal Basis for Processing
\nUnder UK GDPR, we must have a valid legal basis for every processing activity. We rely on the following bases:
\nConsent
\nWhere you have given us clear, specific, informed, and unambiguous consent — for example, opting in to marketing emails or accepting non-essential cookies.
\nContractual Necessity
\nWhere processing is necessary to fulfil a contract with you or to take steps at your request before entering a contract — for example, responding to a project enquiry.
\nLegitimate Interest
\nWhere we have a genuine and proportionate business reason — such as improving our services, preventing fraud, or responding to your direct communications — that doesn't override your rights.
\nLegal Obligation
\nWhere processing is required to comply with applicable UK law — for example, retaining financial records under HMRC requirements.
\nYou have the right to withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal. To withdraw consent, contact us at dpo@autoailabs.co.uk.
\nData Retention
\nWe retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including any legal, accounting, or reporting requirements. Our standard retention periods are:
\n| Data Category | \nRetention Period | \nReason | \n
|---|---|---|
| Enquiry and contact form data | \n3 years from last contact | \nLegitimate interest in potential re-engagement | \n
| Client project records | \n7 years from project end | \nLegal obligation (HMRC / Companies Act) | \n
| Marketing consent records | \nUntil consent withdrawn + 1 year | \nDemonstrating compliance | \n
| Website analytics data | \n26 months (anonymised) | \nLegitimate interest / Consent | \n
| Cookie consent logs | \n13 months | \nLegal obligation | \n
Once the relevant retention period expires, personal data is securely deleted or anonymised so that it can no longer be attributed to you.
\nThird-Party Services
\nWe engage carefully selected third-party service providers (data processors) to help us operate our business. These providers only process your data on our instructions and are bound by data processing agreements (DPAs) that meet UK GDPR standards. Our key processors include:
\nEmail Service Provider
\nUsed to send and manage transactional and marketing emails. Data transferred under Standard Contractual Clauses (SCCs).
\n Transactional Email\nWeb Analytics Platform
\nPrivacy-first analytics to understand website usage. IP addresses are anonymised. Data is not shared with third parties for advertising.
\n Analytics\nCRM / Contact Management
\nUsed to manage client and prospect relationships, track communications, and store project-related notes securely.
\n CRM\nWebsite Hosting Provider
\nOur website is hosted on a secure, UK/EEA-based infrastructure. The hosting provider processes server logs containing technical data.
\n Hosting\nWe do not sell, rent, or trade your personal data to third parties for their own marketing purposes. We will only disclose your data to authorities if required to do so by law.
\nCookies
\nOur website uses cookies — small text files stored on your device — to improve functionality and understand how our site is used. We categorise cookies as follows:
\n \n \n \n \nYour Rights Under UK GDPR
\nAs a data subject, you have the following rights under UK GDPR. We will respond to all legitimate requests within one calendar month.
\nRight of Access
\nRequest a copy of the personal data we hold about you (Subject Access Request / SAR).
\nRight to Rectification
\nRequest correction of inaccurate or incomplete personal data we hold about you.
\nRight to Erasure
\nRequest deletion of your personal data where there is no compelling reason to continue processing (the \"right to be forgotten\").
\nRight to Restriction
\nRequest that we restrict processing of your data in certain circumstances — for example, while the accuracy of data is contested.
\nRight to Portability
\nReceive your personal data in a structured, commonly used, machine-readable format and transfer it to another controller.
\nRight to Object
\nObject to processing based on legitimate interests or for direct marketing purposes (you have an absolute right to object to marketing).
\nAutomated Decision-Making
\nNot to be subject to solely automated decisions — including profiling — that produce legal or similarly significant effects. We do not currently use automated decision-making.
\nRight to Withdraw Consent
\nWithdraw any consent given at any time. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal.
\nTo exercise any of your rights, contact us at dpo@autoailabs.co.uk with your request. We may need to verify your identity before processing the request. There is no fee for most requests, unless they are manifestly unfounded or excessive.
\nInternational Transfers
\nSome of our third-party processors may be based outside the UK or EEA. Where personal data is transferred internationally, we ensure adequate protections are in place through one of the following mechanisms:
\n- \n
- UK Adequacy Regulations: Transfer to countries recognised by the UK Government as providing an adequate level of data protection (e.g. EEA member states, Canada, Israel). \n
- Standard Contractual Clauses (SCCs): Use of UK International Data Transfer Agreements (IDTAs) or approved SCCs that bind the recipient to UK GDPR-equivalent protections. \n
- Binding Corporate Rules (BCRs): Where the recipient organisation has approved BCRs in place. \n
You can request details of the specific safeguards in place for any transfer by contacting us at dpo@autoailabs.co.uk.
\nData Security
\nWe take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, loss, destruction, or alteration. Our security measures include:
\nWhile no system is 100% secure, we continuously review and improve our security measures. In the event of a personal data breach that is likely to result in risk to your rights and freedoms, we will notify the ICO within 72 hours and inform you without undue delay.
\nChildren's Data
\nOur services are directed exclusively at business professionals and are not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children.
\nIf you believe that a child has provided us with personal data without appropriate consent, please contact us immediately at dpo@autoailabs.co.uk and we will take prompt steps to delete that information.
\nChanges to This Policy
\nWe may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will:
\n- \n
- Update the \"Last updated\" date at the top of this page. \n
- Notify users of material changes via email (where we hold your contact details and the change significantly affects your rights). \n
- Maintain a version history so you can review what has changed. \n
We encourage you to review this policy periodically. Continued use of our website or services after any changes constitutes your acceptance of the updated policy.
\nVersion History
\nContact the Data Controller
\nIf you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact our Data Controller directly:
\nData Controller Contact Details
\nFor all data subject requests and privacy enquiries
\nYou also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113. We would, however, appreciate the opportunity to address your concerns before you approach the ICO.
\n