We collect personal information you provide directly, including your name, email address, and where relevant your organisation name and job title. This may be shared through contact forms, enquiry submissions, account registration on our Aria platform, or when entering into a consulting engagement with us.

We also collect technical information automatically when you visit our websites, including your IP address, browser type, pages visited, and time spent on site. This data is collected through cookies and similar technologies to help us understand how visitors engage with our content and to improve performance across our website at www.aicompliance.uk.

We use your information to respond to enquiries, deliver contracted services, issue invoices, and manage our ongoing relationship with you. Where you have subscribed to our Aria platform, we use your data to provide access, send service updates, and ensure your account functions correctly. We do not sell, rent, or share your personal data with third parties for marketing purposes.

We may use aggregated, anonymised data to improve our products and services. Where we rely on legitimate interests as our lawful basis for processing, we conduct a Legitimate Interests Assessment and ensure that your rights are not overridden. Where you have submitted your email address to receive a resource such as a downloadable policy template, guide, or framework, we process your data on the basis of your consent under UK GDPR Article 6(1)(a). We use that email address to deliver the resource you requested and to send related AI governance, compliance, and product updates. You can withdraw consent at any time by clicking the unsubscribe link in any email we send you, with no effect on the lawfulness of any processing carried out before withdrawal.

Essential cookies are required for our websites to function and are placed automatically. Analytics and preference cookies are placed only when you have given your explicit consent via our cookie banner. You can update your cookie preferences at any time by using the cookie settings link in our website footer, and you can withdraw consent without affecting the lawfulness of earlier processing.

We use third-party analytics tools, including Google Analytics, to understand how visitors interact with our websites. These tools collect anonymised, aggregated data only. Where we use embedded third-party content or services, those providers may also set their own cookies, which are governed by their own cookie policies. Please see our full Cookie Policy for a complete breakdown of what we use and why.

We use Microsoft Azure for cloud infrastructure, payment processors for subscription billing, Brevo for email marketing and customer relationship management, and LeadShark for LinkedIn engagement automation used to deliver resources to people who request them through our LinkedIn content. None of our third-party providers are permitted to use your data for their own purposes. Each operates under a written Data Processing Agreement that meets UK GDPR requirements. We do not transfer your data outside the UK or EEA without ensuring adequate safeguards, such as UK IDTA-compliant standard contractual clauses, are in place.

Where our services involve AI tools such as Anthropic Claude (enterprise tier) or Microsoft Copilot, any data processed through those platforms is governed by their respective data processing agreements, which we have assessed for UK GDPR compliance. We publish a separate AI Data Processing Notice that details precisely how AI tools interact with client and user data across our services.

Under UK GDPR you have the right to access, correct, delete, or restrict the processing of your personal data. You also have the right to data portability and to object to processing based on legitimate interests. To exercise any of these rights, contact us at [[email protected]]. We will acknowledge your request within 72 hours and respond in full within one calendar month.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at www.ico.org.uk or by calling 0303 123 1113. Our ICO registration number is [ZC011851]. This Privacy Policy is reviewed at minimum every 12 months and updated whenever our practices change materially.