Data Protection Statement

Comprehensive information regarding personal data processing by AiLex Consulting in accordance with the General Data Protection Regulation (EU) 2016/679. SCIENTIA ET LEX — professional compliance through regulatory precision.

GDPR Compliant Processing

How Does AiLex Process Personal Data?

Systematic data protection compliance ensuring appropriate safeguards

Data Controller

AiLex Consulting Limited
Company Registration: 16491025
Registered Office: 17 Alderson Way, Aylesbury, UK
Email: privacy@ailexconsulting.com
Telephone: +44 (0)7789 416336
Data Protection Officer: Matthew Grant
Email: dpo@ailexconsulting.com

Personal Data Categories

Contact Information

Name, business email, telephone, postal address, organisation details

Professional Information

Role, responsibilities, AI system information, compliance requirements

Technical Data

Website analytics, device information, interaction preferences

What Are the Legal Bases for Data Processing?

Systematic processing framework with appropriate legal foundations

Processing Purposes

Consultation delivery Contract performance
Assessment reporting Contract performance
Professional communication Legitimate interests
Regulatory updates Consent
Website analytics Legitimate interests

Data Sources

Direct Collection

Contact forms, assessment enquiries, email correspondence, consultations

Website Interaction

Page navigation, document downloads, contact preferences

Professional Networks

LinkedIn connections, conference participation, industry referrals

What Rights Do Individuals Have Under GDPR?

Comprehensive rights framework ensuring data subject protection

i Right of Access

Request confirmation of processing and copies of personal data

Right of Rectification

Correct inaccurate data and complete incomplete information

🗑 Right of Erasure

Request deletion when processing no longer necessary

🔒 Right to Restrict

Limit processing whilst retaining data

📦 Data Portability

Receive data in structured, machine-readable format

Right to Object

Object to processing based on legitimate interests

Data Security Measures

Encryption: AES-256 protocols for data at rest and in transit
Access controls: Multi-factor authentication and role-based permissions
Staff training: Regular data protection awareness programmes
Incident response: Documented breach detection and response procedures

Cookie Usage

Essential Website functionality
Analytics Performance analysis
Functional Preference storage
Marketing Professional updates

Cookie preferences managed through browser settings or website preferences.

How Can I Exercise My Data Protection Rights?

How do I request access to my personal data?

Contact our Data Protection Officer at dpo@ailexconsulting.com with your request. We respond within one month, providing confirmation of processing and copies of your personal data with appropriate identification verification.

What happens in case of a data breach?

We maintain comprehensive incident response procedures ensuring appropriate detection, containment, and notification. Serious breaches are reported to the ICO within 72 hours, with affected individuals notified when required.

How long is personal data retained?

Retention periods vary by processing purpose: contract performance data for engagement duration plus 6-7 years, professional communication for 3 years from last contact, and analytics data for 26 months maximum.

Data Protection Enquiries

Professional support for data protection rights and compliance matters

Data Protection Officer

Matthew Grant
Email: dpo@ailexconsulting.com
Telephone: +44 (0)7789 416336

Supervisory Authority

Information Commissioner's Office (ICO)
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
ico.org.uk
Contact Data Protection Officer Submit Data Subject Request
Current Version: 2.1 | Last Updated: 1st June 2025
Response timeframes: General enquiries 5 days • Data subject requests 1 month • Urgent matters 24 hours