# 1. Introduction

Aiimi is committed to protecting the privacy and security of the personal data of our prospective customers, customers, and the data of their individual customers. In accordance with the Data Protection Act 2018 this privacy notice sets out how we collect, use, store and dispose of personal data.

With respect to any personal data of your customers that you provide to us, we would be a “data processor”, which means we hold data on behalf of you, as the Data Controller, to carry out an operation or set of operations, such as consultation of that data.

This notice is provided so that you, our prospective and current customers, are aware of what personal data we hold and how we use it. It is also provided to our employees so they understand their obligations for storing, using and disposing of the data provided to Aiimi. It is provided from Aiimi’s perspective, herein referred to as “we” and “our”, for our prospective and current customers and their staff, herein referred to as “you” and “your”.

# 2. When do we collect your personal data?

We collect your data when you first become an Aiimi customer and on various other occasions when you make contact with us (or when we need to contact you) either directly such as by phone or email, or via an electronic medium such as visiting our web-site or associated services, such as social media or recruitment sites. We collect your personal data to enable us to carry out our contract with you or as part of a legitimate interest to provide you with relevant information about our products and services.

We may obtain personal data directly from you or via services or providers that are designated for this purpose.

# 3. What personal data do we collect and use?

3.1 Your Personal Data
When we ask you for personal data, we will make clear to you why the data is needed.

The personal data we may collect and use includes your contact details e.g. your name, address, telephone number, and email address.

Use

Basis of Use

To provide you with our services, including confirmation of your instructions to ensure we carry them out accurately. And to improve our products and services.

Our legitimate interest in carrying out a contract with you.

To process your payment for our services.

Our legitimate interest in carrying out a contract with you.

To provide you with the information you have requested from us.

Our legitimate interest in carrying out a contract with you, or in providing you with information about which you have asked to be contacted by opting in.

We may cite you as a referee in tenders and proposals, including the use of case studies of our work with you, unless you tell us otherwise.

Our legitimate interest to ensure we are able to present tenders and proposals that demonstrate our work and provide references.

To execute relevant marketing activities.

Our legitimate interest in marketing our products and services to relevant organisations who may benefit from them.

We may use cookies and other tracking capabilities for purposes including website analytics, engagement analytics, logging your preferences, and enabling remarketing activities. Our use of Cookies is outlined in our Cookie Policy. We also use email marketing software which uses a clear image to track the results of the campaign, including information on whether recipients have opened or clicked email content. If you wish to turn off tracking for future emails you receive from Aiimi, please use our communications preferences link to opt out, block emails from our address, or turn off / reject downloading of images.

# 4. Automated Decision Making

Automated decision making occurs when an electronic system uses personal data to make decisions without human intervention. An example of this is where a customer record is selected by an algorithm for a direct marketing or customer communication campaign based on a set of parameters.

The GDPR allows organisations to make automated decisions in the following circumstances:

  • Where it is necessary to perform a contract with the customer, and their rights have been safeguarded;
  • Where it is authorised by European Union or Member state law applicable to Aiimi or to you, our customer;
  • When the customer has given explicit written consent, and their rights have been safeguarded

We do not envisage that we will need to make any additional decisions using an automated process, however you will be notified in writing if this changes. As part of our engagement with you, we may conducting profiling activities using the personal data you have provided, however this will be agreed with you and documented in the Statement of Work that we have in place with you.

# 5. Data Sharing

We will not share your personal data, or the personal data of your customers with other organisations, except where we have a requirement to store your data on a hosted system that we use for the day-to-day operation of our business, or under the basis of legitimate interest (for example in marketing our products to relevant organisations). Examples of this include our Office 365 tenancy with Microsoft, our CRM system hosted by HubSpot, and our advertising account with LinkedIn. Aiimi maintains a register of such service providers in accordance with Article 30 of the GDPR and reviews the data privacy safeguards that the suppliers implement and the data processing agreements between our organisation and the service provider on an annual basis.

# 6. Data Security

We have put in place measures to securely protect your personal information:

  • to prevent your personal data from being lost, used or accessed in an unauthorised way
  • to deal with any suspected data security breach, and will notify you and any applicable regulator of a suspected breach where are legally required to
  • data provided by you to us is done in a secure manner

These measures include:

  • Accessing your data from a secure FTP site or SSL protected hosted service such as Office 365

# 7. Data Retention

7.1 How long will you use my information for?

We will store and use your data as long as you are a customer of Aiimi’s or we consider that there is a legitimate business interest in offering you our products or services.

Your personal data may be stored for a period in order for us to contact you with information about a product or service that we have reasonable grounds to believe that you will be interested in. You may ask us to remove your contact details or opt out of one or several methods of communication from us. In this case, we will typically retain a record of your contact details to ensure that you are not contacted via these methods in the future. Your details will be recorded with a tag that states “Do not contact”.

Our current retention policy states that we will delete an individual’s personal data from our CRM system if any of the following conditions are met:

  • The individual asks us to delete their data
  • The individual is not a current customer or communications subscriber AND we have held their data for over 3 years with no evidence of successful contact made (for example, a delivered email)
  • We become aware that the data is outdated or inaccurate
  • We determine that Aiimi no longer has a legitimate interest in contacting the individual. For example, if we no longer offer a service or product that could reasonably benefit them.

Deletion is conducted on a quarterly basis.

# 8. Rights of Access, Rectification and Erasure

8.1 Informing us of changes

Please inform us if your personal data changes during your working relationship with us. This will help us ensure that your data is correct, and we are able to fulfil our contract with you.

8.2 Your rights relating to your personal data

In line with the Data Protection Act, in certain circumstances, you have several rights with respect to your personal data. You can:

  • Request access to your personal data. This is known as a Data Subject Access Request and enables you to ask about and receive a copy of your personal data that we hold and check that we are processing it lawfully.
  • Request correction of your personal data that we hold, this enables you to have any incomplete or incorrect information we hold about you corrected.
  • Request erasure of your personal data. This enables you to ask us to delete or remove personal information where we no longer have a legitimate reason for storing it.
  • Object to processing of your personal data where we are relying on a legitimate interest (either of Aiimi or a third-party) and you have a reason which makes you want to object to processing on this ground.
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of your personal data, for example if you want to establish the accuracy of your data or understand the reason for us processing it.
  • Request the transfer of your personal data to another party, for example if you want to transfer your data to a new service provider.

If you wanted to exercise any of your rights, we may ask for specific information from you to confirm your identity and ensure your right to access this information. We will never disclose any of your personal data to anyone acting on your behalf. This is to protect your personal data and ensure it is not disclosed to any person who does not have the right to access it.

If you would like to exercise any of the above rights, please contact Aiimi’s Information Governance Committee, who jointly perform the functions of a Data Protection Officer, in writing. We will not ask you to pay a fee to exercise any of these rights. However, we may charge a fee if we consider your request is unfounded or excessive. In some circumstances we can refuse to comply with your request, this is most likely to be the case where we are satisfied that the personal data we hold is accurate or where the request is repetitive in nature.

# 9. Right to Withdraw Consent

In the future there may be limited circumstances where we will ask for your consent to the collection, processing, and transfer of your personal information of your personal data for a specific purpose; you have the right to withdraw your consent for that specific processing activity. If you would like to withdraw your consent, please contact Aiimi’s Information Governance Committee in writing at the address on our website.

# 10. Changes to this notice

We will review this notice on an annual basis, or when we are advised of regulatory changes, whichever is the soonest. Following the reviews we may update this notice. The current in force version of this will always be available on our website. We may also communicate with you in other ways about the processing of your personal data.