The ai Corporation Privacy Notice

1. Introduction

The UK Data Protection Act 2018 & GDPR requires UK organisations processing personal information to inform individuals of their processing activities by providing and displaying a privacy notice as part of customers’ right to be informed and to ensure transparency of processing. This privacy statement sets out:

• what information The ai Corporation Limited collects from you and why;
• how The ai Corporation uses and protects any information that you give; and
• how you can access and manage your information.

The ai Corporation Limited is registered with the UK Information Commissioner’s Office (ICO) under number ZA31815.

The ai Corporation Limited (also known and trading as ai Corporation) is registered in the United Kingdom, with its registered address at Floor 3 Orion Gate, Guildford Road, Woking, Surrey, UK, GU22 7NJ.

The ai Corporation Limited respects your privacy and is committed to protecting your personal data. This privacy notice (“Privacy Notice”) will inform you about how we use and look after your personal data when you visit our website or when we provide our services to you. We will tell you about your privacy rights and how the law protects you.

2. The ai Corporation Limited as Data Processor

If you are a customer of one of our partners, this Privacy Notice does not apply in respect of your financial and/or payment services account data you provide to our clients, as we are not the data controller of such data.

In these circumstances, The ai Corporation Limited is acting as a data processor and our partners remain the data controller in respect of such personal data. To the extent that we are acting as a data processor, we will process such personal data in accordance with our partners’ documented instructions and any agreements in place with our partners and obligations of a data processor in line with the GDPR & Data Protection Act 2018.

Our partners are responsible for ensuring that their customers’ privacy is respected, including communicating to customers in their own privacy policies and with whom their personal data is being shared with and processed by. You should review the Privacy Notice of our relevant clients for more information on what personal data they will collect from you and what will be shared with us as a data processor for our clients.

3. The ai Corporation Limited as a Data Controller

The ai Corporation Limited may also act as a data controller and make decisions about processing activities. In such cases The ai Corporation Limited has overall control of the personal data being processed and is ultimately responsible for the processing in line with the obligations of a data controller under the GDPR & Data Protection Act 2018. The ai Corporation  is obliged by law to ensure we adhere to the key principles:

• Lawfulness, fairness and transparency
• Purpose limitation
• Data minimisation
• Accuracy
• Storage limitation
• Integrity and confidentiality (security)
• Accountability

4. The Data we Collect About You

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed, i.e. anonymous data.

For clients and users of our products and services, we may collect, use, store and transfer different kinds of personal data about you, which we have grouped together as follows:

• Identity Data includes first name, last name, username or similar identifier, title, date of birth and gender.
• Contact Data includes billing address, correspondence address, email address and telephone numbers.
• Financial Data includes bank account details, credit reference data, financial accounts and reporting, business plan, plus historic payments volume and values.
• Transaction Data includes details about payments to and from you and other details of services you have purchased from us. Includes details of card and other electronic payments details, transaction data – purchases and refunds, end-customer disputes leading to chargebacks, and other payment related data as permitted by the payment networks and our third-party relationships.
• Technical Data includes internet protocol (IP) address, your login data, browser type, language and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website and our services.
• Social Media Data includes Facebook, Twitter, Instagram, LinkedIn, etc.
• Usage Data includes information about how you navigate and use our website and services.
• Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
• Hiring Data includes work history usually in the form of a CV, identity, contact details, education qualifications and employment references.

We do not collect any Special Categories of Personal Data about you. This includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data.

For prospective contractors of The ai Corporation, we may collect, use, store and transfer different kinds of personal data about you when you apply or tender for contracts with The ai Corporation. Sensitive data may be required for The ai Corporation employees which may include information within your CV or resume and any additional information we may request over the phone or via email to support our processing of your job application. Please see our Employee Privacy Notice.

5. How is Your Data Being Collected?

We use different methods to collect data from and about you including through:

• Direct interactions. You may give us your Identity, contact and financial data by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:

1. Apply for our services.
2. Apply for a job with us.
3. Enter into an agreement with us.
4. Subscribe to our services or publications.
5. Give us some feedback.
   

• 
  
  
  
  
  
  
• Automated technologies or interactions. As you interact with our website, we may automatically collect Technical Data about your computing equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies.
• Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources as set out below:

1. Analytics providers such as Google based outside the EU.
2. Social media networks
3. Identity and Contact Data from publicly availably sources such as credit bureaux based inside the EU, former employers, references, etc.

6. How Long do we Hold Your Information for?

The time period for which we keep information varies according to what we use the information for and in line with our retention period. Unless there is a specific legal requirement for us to keep information, we will keep your information for as long as it is relevant and useful for the purpose for which it was collected.

Where we are using your personal information to send you marketing information we will retain it for as long as you have an active account with us and then for 18 months after your account ceases to be active in line with our retention period and as long as contractually/legally required. We will retain your account information for 7 years in line with relevant tax and contract requirements.

You are entitled to request that we erase your personal information at any time, for example where you cease to be an active customer of ours.  Whilst we will generally seek to comply with your request, there will be circumstances where we are entitled to retain such personal information (e.g. in respect of legal claims, fraud investigations).

7. Controlling your Personal Information

You may choose to restrict or control the collection or use of your personal information in the following circumstances:

• when you are asked to fill in a form on the website or elsewhere (ensure that you do not tick any box which consents to our use of your personal information if you do not want us to use your personal information for those purposes);
• if you have previously agreed to us using your personal information for specific purposes and wish to change your mind (for example in relation to marketing or customer surveys);
• If you wish for your personal information to be erased from our systems.

8. Your Rights under the GDPR

The ai Corporation Limited works to ensure transparency in our processing activities relating to your personal data and it is your right under the legislation to be informed about the information being processed about you by The ai Corporation as a data controller. The legislation gives individuals control over their personal information which entitles you as a data subject to the below rights:

Request to access the information being or about you. This entitles you to receive a copy of the information held about you.

Request rectification of incorrect or inaccurate information being processed about you access information that is being processed.

Request restriction processing by asking The ai Corporation to suspend the information being processed about you.

Request data portability which allows you transfer information you have provided to The ai Corporation directly to another service provider. Request for The ai Corporation to stop processing your personal information.

Right to erasure (also known as right to be forgotten), which allows you to request for your personal data to be erased. This request is not absolute and will be considered depending on the specific circumstances upon assessment.

Rights relating to automated decision making protect individuals if relation to automated decision-making that has legal or similarly significant effects on the individual as a data subject.

The right to be informed requires that individuals are informed about the collection and use of their personal data.

The right to object allows individuals to stop or prevent you from processing their personal data.

Exemptions

The UK GDPR and the Data Protection Act 2018 set out exemptions from some of the rights and obligations in some circumstances for example where personal data is kept for the purpose of preventing, detecting or investigating offences and related matters; and where the data is given by another person in confidence. In line with the accountability principle, The ai Corporation will justify and document our reasons for relying on an exemption to ensure we can demonstrate our compliance.

If you believe that any information we are holding on you is incorrect or incomplete, please write, email or call us as soon as possible using the details below. We will promptly correct any information found to be incorrect.

To protect your privacy and security, we will take reasonable steps to verify your identity where necessary before granting access or making corrections.

9. Lawful Basis of Processing

To process your personal data, The ai Corporation Limited must have a valid reason to process your data lawfully in line with Article 6 of the GDPR. We will process your information based on;

• Consent
• Legal obligations
• Legitimate interest
• Contractual obligation
• Vital interest
• Public interest

10. Consent

Consent is a vital area in some of our processing activities and consent must be freely given with a positive affirmation for the specific purpose to which the consented processing relates to. Explicit consent must be given in writing and should you want to remove consent, you may do so at any time by writing to us at GDPR Enquiries, The ai Corporation Limited, Floor 3 Orion Gate, Guildford Road, Woking, Surrey GU22 7NJ or by emailing us at support@aicorporation.com

Withdrawing consent

Where we process your personal data based on your consent, you can withdraw your consent at any time. This does not affect the legality of any processing carried out before you withdrew your consent.

We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.  Where we do seek your permission, we will name the relevant third party at the time we seek such permission from you and any such permission shall be limited to that third party.

Sometimes we may have to pass information to statutory bodies authorised to obtain data under various legislation, such as the police or tax authority.

11. Disclosures of Your Personal Data

We require all third parties to respect the security of your personal data and to treat it in accordance with applicable law(s) and our own strict requirements. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

We will not sell, rent, lease or otherwise share your personal data other than as outlined in this Privacy Notice or without obtaining your consent beforehand. We will share your personal data with our staff and other members of our corporate group as necessary to carry out the purposes for which the information was supplied or collected.

Personal data may also be shared with our third-party service providers, data processors and affiliates who assist with the running of this website and our services including:

• Microsoft
• Azure Cloud

Our third-party service providers and data processors are subject to security and confidentiality obligations and are only permitted to process your personal information for specified purposes and in accordance with our instructions.

In addition, The ai Corporation may disclose personal data about you to our professional advisers including lawyers, auditors and insurers.

12. International Transfers and Safeguards

The ai Corporation may transfer your personal data outside the European Economic Area (EEA). Personal data may be stored and processed in any country where we have operations or where we engage service providers. We may transfer personal data that we maintain about you to recipients in countries other than the country in which the personal data was originally collected, including to the United States.

In such cases we will take measures to ensure that any such transfers comply with applicable data protection laws and that your personal data remains protected to the standards described in this Privacy Notice.

This means that The ai Corporation will take all reasonable legal, technical, and organisational measures to protect the data. We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.

Where we use providers based in the US, and outside the EEA, we may use standard contract clauses approved by the European Commission which give personal data the same protection it has in Europe.

13. Data retention

We will only retain your personal data for as long as is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, contractual, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances you can ask us to delete your data (please see Controlling your Personal Information – section 7).

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this aggregated information indefinitely without further notice to you.

14. Security

The security of your information is very important to us. As part of our commitment to keeping your data safe, our technical experts maintain physical, electronic and managerial procedures to keep safe the information we collect online.

Only authorised employees and carefully checked agents, contractors and sub-contractors, who provide a particular data processing service for us, are permitted access to your data. These people will only be allowed access to your data for the purposes identified within this Privacy Policy, processing it on our behalf or for IT security and maintenance purposes.

If a third party processing your data on our behalf is located in a non-EU country that does not have data protection laws equivalent to those in the EU, we will always take appropriate additional steps to ensure that your personal information is kept safe and secure by those processing your data on our behalf. This will generally involve ensuring that such third party agrees to sign up to a formal legal agreement committing such party to comply with standards equivalent to those that would apply where that party to be located within the EU.

15. Cookies

In order to improve service, provide to you with relevant content and to analyse how visitors use our website, we may use technologies, such as cookies, pixels or tracking software. Cookies are small files placed on your computer system and device containing the details of your browsing history on the website.

The ai Corporation uses Persistent Cookies which are stored on users’ devices in-between sessions. These cookies allow the preferences of our user across to be remembered. The length of time between a cookie being set and expiry is set by the website operator. A user can also delete previously set persistent cookies manually or configure the browser settings to delete cookies at a set interval.

16. Changes to the Privacy Policy and your duty to inform us of changes

We reserve the right to update this Privacy Notice at any time, and, where appropriate, we will notify you when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.

This policy replaces all previous versions and is correct as of April 2022. We reserve the right to change the policy at any time

This version was last updated on the effective date at the top of this Privacy Notice, being April 2022 and previous versions can be obtained by contacting us. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Data Protection Officer (DPO) contact information

A Jolly Consulting

Email: dpo@aicorporation.com

Tel: 020 7101 4861

How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us at dpo@aicorporation.com.

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Helpline number: 0303 123 1113

Website: https://ico.org.uk/