A

AiLex Consulting

AI-Enhanced Compliance Analysis

Data Protection Statement

Comprehensive information regarding personal data processing by AILEX Consulting in accordance with the General Data Protection Regulation (EU) 2016/679.

GDPR Compliant Processing

1. Data Controller Information

Controller

AILEX Consulting Limited
Company Registration: [Registration Number]
Registered Office: [Address]
Email: privacy@ailexconsulting.com
Telephone: +44 (0) 7XXX XXX XXX

Data Protection Officer

Matthew Grant
Email: dpo@ailexconsulting.com
For data protection enquiries and exercising your rights under GDPR

2. Personal Data Processing Overview

Categories of Personal Data

Contact Information

  • • Full name and professional title
  • • Business email address
  • • Telephone numbers
  • • Postal address
  • • Organisation details

Professional Information

  • • Professional role and responsibilities
  • • Organisation size and industry
  • • AI system information
  • • Compliance requirements
  • • Assessment priorities

Processing Purposes and Legal Bases

Purpose Legal Basis Retention Period
Consultation scheduling and delivery Contract performance (Art. 6(1)(b)) Duration of engagement + 6 years
Assessment and compliance reporting Contract performance (Art. 6(1)(b)) Duration of engagement + 7 years
Professional communication Legitimate interests (Art. 6(1)(f)) 3 years from last contact
Regulatory guidance updates Consent (Art. 6(1)(a)) Until consent withdrawal
Website analytics and improvement Legitimate interests (Art. 6(1)(f)) 26 months

3. Data Sources and Collection Methods

Direct Collection

  • • Contact form submissions
  • • Assessment enquiries
  • • Email correspondence
  • • Telephone consultations
  • • Professional meetings

Website Interaction

  • • Page navigation data
  • • Document downloads
  • • Contact preferences
  • • Device information
  • • Accessibility requirements

Professional Networks

  • • LinkedIn connections
  • • Conference participation
  • • Industry referrals
  • • Publication interactions
  • • Webinar attendance

4. Data Sharing and Third-Party Processors

Data Minimisation Principle: Personal data is shared only when necessary for service delivery or legal compliance, with appropriate safeguards and contractual protections.

Service Providers (Data Processors)

Service Provider Location Safeguards
Website hosting Netlify EU/UK Data Processing Agreement
Email services Microsoft 365 EU Standard Contractual Clauses
Document storage Microsoft OneDrive EU Business Associate Agreement
Video conferencing Microsoft Teams EU Standard Contractual Clauses

Professional Disclosure

Personal data may be disclosed to third parties in specific circumstances:

  • Legal obligations: Regulatory authorities, courts, or law enforcement when required by law
  • Professional advisors: Legal counsel, auditors, or insurance providers under confidentiality obligations
  • Service delivery: Associate consultants or specialist partners with written confidentiality agreements
  • Business transfers: Potential acquirers or successors with appropriate data protection warranties

5. Your Data Protection Rights

Under the General Data Protection Regulation, you possess comprehensive rights regarding your personal data. We are committed to facilitating the exercise of these rights promptly and transparently.

Right of Access

Request confirmation of processing and copies of your personal data

Right of Rectification

Correct inaccurate personal data and complete incomplete information

Right of Erasure

Request deletion of personal data when processing is no longer necessary

Right to Restrict Processing

Limit data processing in specific circumstances whilst retaining the data

Right to Data Portability

Receive personal data in a structured, machine-readable format

Right to Object

Object to processing based on legitimate interests or for direct marketing

Automated Decision-Making Rights

Protection against solely automated decision-making with legal effects

Consent Withdrawal

Withdraw consent at any time where processing is based on your consent

Exercising Your Rights

To exercise any of these rights, please contact our Data Protection Officer using the details provided in Section 1. We shall respond to valid requests within one month, though this may be extended to two months for complex requests.

Contact Data Protection Officer Submit Data Subject Request

6. Data Security and Protection Measures

We implement comprehensive technical and organisational measures to ensure appropriate security for personal data, considering the risks involved in processing and the nature of the data.

Technical Safeguards

Encryption at rest and in transit: All personal data encrypted using industry-standard AES-256 protocols
Access controls: Multi-factor authentication and role-based access permissions
Network security: Firewalls, intrusion detection, and regular security monitoring
Data backups: Regular, encrypted backups with secure off-site storage

Organisational Measures

Staff training: Regular data protection training and awareness programmes
Privacy by design: Data protection integrated into all business processes
Incident response: Documented procedures for data breach detection and response
Regular audits: Quarterly security assessments and compliance reviews

7. International Data Transfers

Where personal data is transferred outside the European Economic Area, we ensure appropriate safeguards are in place to protect your information in accordance with GDPR requirements.

Transfer Mechanisms

Adequacy decisions: Transfers to countries with European Commission adequacy findings
Standard Contractual Clauses: European Commission-approved contractual terms
Binding Corporate Rules: Internal governance frameworks for multinational organisations
Certification schemes: Approved data protection certification programmes

Transfer Impact Assessment: We conduct systematic assessments of third-country legal frameworks to ensure adequate protection levels for transferred personal data.

8. Data Breach Notification Procedures

In the unlikely event of a personal data breach, we maintain comprehensive procedures to ensure appropriate response and notification in accordance with GDPR Article 33 and 34 requirements.

1 Detection & Assessment

  • • Immediate incident identification
  • • Risk assessment and categorisation
  • • Impact evaluation on data subjects
  • • Containment measures implementation

2 Regulatory Notification

  • • ICO notification within 72 hours
  • • Comprehensive breach documentation
  • • Risk mitigation measures taken
  • • Ongoing investigation updates

3 Individual Notification

  • • Direct communication to affected individuals
  • • Clear explanation of breach nature
  • • Recommended protective actions
  • • Contact information for further enquiries

Breach Response Contact

If you become aware of any potential data protection incident involving your personal data, please contact us immediately:

Report Security Incident +44 (0) 7XXX XXX XXX (24/7)

9. Cookies and Website Technology

Our website uses cookies and similar technologies to enhance your browsing experience, analyse site performance, and support our business operations. This section provides detailed information about our cookie usage.

Cookie Type Purpose Duration Third Party
Essential Website functionality and security Session No
Analytics Site performance and user behaviour analysis 26 months Google Analytics
Functional Remember preferences and settings 12 months No
Marketing Professional content and industry updates 6 months LinkedIn Insights

Managing Cookie Preferences

You may control and manage cookies through your browser settings. Please note that disabling certain cookies may affect website functionality.

View Cookie Policy

10. Contact Information and Complaints Procedure

We are committed to addressing any concerns regarding our data processing practices. If you have questions or wish to file a complaint, please use the contact methods below.

Data Protection Enquiries

dpo@ailexconsulting.com
+44 (0) 7XXX XXX XXX
AILEX Consulting Limited
[Registered Address]
United Kingdom

Supervisory Authority

If you are not satisfied with our response to your data protection concerns, you have the right to lodge a complaint with the relevant supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Telephone: 0303 123 1113
Website: ico.org.uk

Response Timeframes

General Enquiries
Response within 5 working days
Data Subject Requests
Response within 1 calendar month
Urgent Matters
Response within 24 hours

11. Updates to This Statement

We review this Data Protection Statement regularly to ensure it remains current with our processing activities and regulatory requirements. Any material changes will be communicated through appropriate channels.

Version Information

Current Version: 2.1

Last Updated: 1st June 2025

Next Review: 1st December 2025

Previous Versions: Available upon request

Change Notification Methods

  • Website banner notification for 30 days
  • Direct email notification to active clients
  • Professional newsletter inclusion
  • LinkedIn company update for significant changes

Material Changes Requiring Notification

  • New processing purposes or legal bases
  • Additional categories of personal data
  • Changes to international transfer arrangements
  • Significant retention period modifications
AILEX Consulting Limited
Scientia et Lex
Data Protection Compliance Since 2025

This Data Protection Statement demonstrates our commitment to the highest standards of data protection compliance, ensuring your personal information receives appropriate safeguards whilst enabling the delivery of expert AI governance services.

Discuss Data Protection Requirements Contact Data Protection Officer