Insight Engine
Services
Explore Discover new data and digital opportunities, prove their value, and unlock your business potential.
Discovery
Data Sprints & Design Sprints
Service Blueprints
Strategy

Map out technology-driven strategies to forge your data, AI, and digital-first future vision.
Vision & Charter
Strategy Design
Roadmap
Data Risk Assessment
Data Governance Strategy
AI Strategy
Transform Build strong data and digital foundations, strengthened by ML, AI, data science, and apps, to achieve your goals.
Data Foundations
Data Products
Digital Products
Content Services
Enable Establish self-service analytics, citizen data science, and low-code/no-code platforms to support your business intelligence.
Community Self-service
Skills On Demand
Managed Services
Organisational Enablement
Discover our services
Learn
Blogs

From deep dives to quick tips, become an industry leader with Aiimi.
Videos

Webinars, explainers, and chats with industry leaders, all on-demand.
Guides

All of our expert guides in one place. No form fills - just download and go.
CIO+ Hub

Practical advice, CIO success stories, and expert insights for today’s information leaders.
Explore
Customer Stories

Discover how customers across a range of industries have realised value and growth with Aiimi.
Data Risk Assessment

Our free Data Risk Assessment helps you quickly identify your most urgent data risk areas and biggest opportunities for automated data governance.
Partners

Accelerate your success by partnering with Aiimi. Our partner portal is your complete toolkit for driving success.
Our Work
About
Contact
Legal

Privacy Policy.

Table of content

# 1. Introduction

Aiimi is committed to protecting the privacy and security of the personal data of our clients and the data of their individual customers. In accordance with the Data Protection Act 2018 this privacy notice sets out how we collect, use, store and dispose of the personal data provided to us by our clients to conduct data activities on their behalf.

With respect to any personal data of your customers that you provide to us, we would be a “data processor”, which means we hold data on behalf of you, as the Data Controller, to carry out an operation or set of operations, such as consultation of that data.

This notice is provided so that you, our clients, are aware of what personal data we hold and how we use it. It is also provided to our employees so they understand their obligations for storing, using and disposing of the data provided to Aiimi. It is provided from Aiimi’s perspective, herein referred to as “we” and “our” for our customers and their staff, herein referred to as “you” and “your”.

# 2. When do we collect your personal data?

2.1 Your Personal Data
We collect your data when you first become an Aiimi customer and on various other occasions when you make contact with us (or when we need to contact you) either directly such as by phone or email, or via an electronic medium such as visiting our web-site. We collect your personal data to enable us to carry out our contract with you and to provide you with the most relevant information.
2.2 Your Customers' Data
As part of our engagement with you, we may be asked to analyse the data of your customers to provide insight on your customer base, support decision making and achieve your strategic objectives. On these occasions the information regarding each individual customer will be kept to a minimum and will be specific to the use case you’ve engaged us to work on.

# 3. What personal data do we collect and use?

3.1 Your Personal Data
When we ask you for personal data, we will make clear to you why the data is needed. The personal data we may collect and use includes your contact details e.g. your name, address, telephone number, and email address.

UseBasis of Use
To provide you with our services, including confirmation of your instructions to ensure we carry them out accurately. And to improve our products and services.Our legitimate interest in carrying out a contract with you.
To process your payment for our services.Our legitimate interest in carrying out a contract with you.
To provide you with the information you have requested from us.Our legitimate interest in carrying out a contract with you.
We may cite you as a referee in tenders and proposals, including the use of case studies of our work with you, unless you tell us otherwise.Our legitimate interest to ensure we are able to present tenders and proposals that demonstrate our work and provide references.

We may use cookies and other tracking capabilities for purposes including website analytics, engagement analytics, logging your preferences, and enabling remarketing activities. Our use of Cookies is outlined in our Cookie Policy. We also use email marketing software which uses a clear image to track the results of the campaign, including information on whether recipients have opened or clicked email content. If you wish to turn off tracking for future emails you receive from Aiimi, please use our communications preferences link to opt out, block emails from our address, or turn off / reject downloading of images.

3.2 Your Customers' Personal Data

In accordance with your requirements of our engagement with you, we may need to access or receive the personal data of your customers.
The data we may ask for in relation to your customers will vary according to your requirements, but will typically include information such as customer identifiers, location information, transactional history and the like.

UseBasis of Use
To analyse the data you provide us in response to your requirementsOur legitimate interest in carrying out a contract with you.

# 4. Your obligations to your customers

4.1 Change of purposes
In accordance with the DPA you should have provided a Data Privacy Notice to your customers advising them how their data will be collected, stored, managed and processed, as well as any 3rd parties you will be providing the data to.
If our engagement with you is not included in your existing Data Privacy notice, you are obliged to update your data privacy notice to inform your customers of these activities.

# 5. Automated Decision Making

Automated decision making occurs when an electronic system uses personal data to make decisions without human intervention. An example of this is where a customer record is selected by an algorithm for a direct marketing or customer communication campaign based on a set of parameters.
The GDPR allows organisations to make automated decisions in the following circumstances:

  • Where it is necessary to perform a contract with the customer, and their rights have been safeguarded;
  • Where it is authorised by European Union or Member state law applicable to Aiimi or to you, our customer;
  • When the customer has given explicit written consent, and their rights have been safeguarded

We do not envisage that we will need to make any additional decisions using an automated process, however you will be notified in writing if this changes. As part of our engagement with you, we may conducting profiling activities using the personal data you have provided, however this will be agreed with you and documented in the Statement of Work that we have in place with you.

# 6. Data Sharing

We will not share your personal data, or the personal data of your customers with other organisations, except where we have a requirement to store your data on a hosted system that we use for the day to day operation of our business. An example of this is our Office 365 tenancy with Microsoft and our CRM system hosted by Hubspot. Aiimi maintains a register of such service providers in accordance with Article 30 of the GDPR and reviews the data privacy safeguards that the suppliers implement and the data processing agreements between our organisation and the service provider on an annual basis.

# 7. Data Security

We have put in place measures to securely protect your personal information:

  • to prevent your personal data, or the personal data of your customers, from being lost, used or accessed in an unauthorised way
  • to deal with any suspected data security breach, and will notify you and any applicable regulator of a suspected breach where are legally required to
  • data provided to by you to us is done in a secure manner

These measures include:

  • Accessing your data from a secure FTP site or SSL protected hosted service such as Office 365;
  • Holding your customer data in a secure project workspace that is ring-fenced from other data received from other customers;
  • Running secure virtual servers for data analytics projects that are commissioned solely for use on an individual customer engagement;
  • Securely wiping or returning data to you at the completion of an engagement.

# 8. Data Retention

8.1 How long will you use my information for?

We will store and use your data as long as you are a customer of Aiimi’s. Your personal data will only be collected, stored and used to service Aiimi’s contract with you and your organisation.
Your contact information may be stored for a longer period in order for us to contact you with information about a product or service that we have reasonable grounds to believe that you will be interested in. You may ask us to remove your contact details, however in this case we will typically retain a record of your contact details in order to ensure that you are not contacted via these methods in the future. Your details will be recorded with a tag that states “Do not contact”.

8.2 How long will you use my customers' data for?

The personal data of your customers will only be retained for as long as necessary to fulfil the purposes of our engagement with you and will be destroyed following completion of our engagement (as per the Statement of Work or individually agreed Security Protocol).

# 9. Rights of Access, Rectification and Erasure

9.1 Informing us of changes

Please inform us if your personal data changes during your working relationship with us. This will help us ensure that your data is correct, and we are able to fulfil our contract with you.

9.2 Your rights relating to your personal data

In line with the Data Protection Act, in certain circumstances, you have several rights with respect to your personal data. You can:

  • Request access to your personal data. This is known as a Data Subject Access Request and enables you to ask about and receive a copy of your personal data that we hold and check that we are processing it lawfully.
  • Request correction of your personal data that we hold, this enables you to have any incomplete or incorrect information we hold about you corrected.
  • Request erasure of your personal data. This enables you to ask us to delete or remove personal information where we no longer have a legitimate reason for storing it.
  • Object to processing of your personal data where we are relying on a legitimate interest (either of Aiimi or a third-party) and you have a reason which makes you want to object to processing on this ground
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of your personal data, for example if you want to establish the accuracy of your data or understand the reason for us processing it.
  • Request the transfer of your personal data to another party, for example if you want to transfer your data to a new service provider.

If you wanted to exercise any of your rights, we may ask for specific information from you to confirm your identity and ensure your right to access this information. We will never disclose any of your personal data to anyone acting on your behalf. This is to protect your personal data and ensure it is not disclosed to any person who does not have the right to access it.
If you would like to exercise any of the above rights, please contact the Aiimi’s Information Governance Committee, who jointly perform the functions of a Data Protection Officer in writing. We will not ask you to pay a fee to exercise any of these rights. However, we may charge a fee if we consider your request is unfounded or excessive. In some circumstances we can refuse to comply with your request, this is most likely to be the case where we are satisfied that the personal data we hold is accurate or where the request is repetitive in nature.

# 10. Right to Withdraw Consent

In the future there may be limited circumstances where we will ask for your consent to the collection, processing and transfer of your personal information of your personal data for a specific purpose; you have the right to withdraw your consent for that specific processing activity. If you would like to withdraw your consent, please contact Aiimi’s Information Governance Committee in writing at the address on our website.

# 11. Changes to this notice

We will review this notice on an annual basis, or when we are advised of regulatory changes, whichever is the soonest. Following the reviews we may update this notice. The current in force version of this will always be available on our website. We may also communicate with you in other ways about the processing of your personal data.