AHAI.co.uk

Privacy Policy

Last Updated: 26 November 2024 | Effective Date: 26 November 2024

1. Introduction

Welcome to AHAI (accessible at ahai.co.uk).

We respect your privacy and are committed to protecting your personal data. This privacy policy will inform you as to how we look after your personal data when you visit our website (hosted on Google Firebase), interact with our "Shadow AI" tools, or engage our consultancy services.

This policy aims to give you information on how AHAI collects and processes your personal data through your use of this website, including any data you may provide through our enquiry forms, diagnostic quizzes, or newsletter sign-ups.

2. Who We Are

The Data Controller

AHAI is the trading name of Alex Harvey.

For the purpose of the UK General Data Protection Regulation (UK GDPR), Alex Harvey is the Data Controller responsible for your personal data.

Contact Details

If you have any questions about this privacy policy or our privacy practices, please contact us:

Full Name: Alex Harvey

Email: Alex@ahai.co.uk

Location: Kent, United Kingdom

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

3. The Data We Collect About You

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Identity Data: First name, last name, job title, and organisation type (e.g., School or Business).
  • Contact Data: Email address and telephone number.
  • Profile Data: Your responses to our "Shadow AI" or "Data Risk" scorecards, including your organisation's risk status (Red/Amber/Green).
  • Technical Data: Internet Protocol (IP) address, browser type and version, time zone setting, operating system and platform, and other technology on the devices you use to access this website.
  • Usage Data: Information about how you use our website and services.

We do not collect Special Categories of Personal Data (e.g., race, health, biometric data) via this website.

4. How Your Personal Data is Collected

We use different methods to collect data from and about you including:

Direct Interactions

You may give us your Identity and Contact Data by filling in forms or by corresponding with us by email. This includes data you provide when you:

  • Request a "Strategy Call" or Audit via our contact forms.
  • Complete a "Shadow AI" or "Data Risk" Scorecard.
  • Subscribe to our publications/newsletter.
  • Request marketing to be sent to you.

Automated Technologies

As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions, and patterns.

  • Hosting: We use Google Firebase and Google Cloud Platform (GCP). These platforms automatically log request data (like IP addresses) for security and load-balancing.
  • Analytics: We use Google Analytics to understand how visitors interact with our website to improve user experience.
  • Security: We use Google reCAPTCHA on our forms to protect against spam and automated abuse. This service collects hardware and software information, such as device and application data, and sends it to Google for analysis.

5. How We Use Your Personal Data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Performance of Contract: Where we need to perform the service you have requested (e.g., delivering your Audit Report or Technical Configuration).
  • Legitimate Interest: Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. (e.g., using your Quiz score to recommend the correct service tier).
  • Legal Obligation: Where we need to comply with a legal obligation.

Purposes for which we will use your data

Purpose/Activity: To register you as a new client lead
Type of Data: Identity, Contact
Lawful Basis: Performance of a contract

Purpose/Activity: To process and deliver your "Risk Score" results
Type of Data: Identity, Contact, Profile
Lawful Basis: Legitimate Interest (To provide the diagnostic service you requested)

Purpose/Activity: To manage our relationship with you (Notifying of changes, asking for reviews)
Type of Data: Identity, Contact
Lawful Basis: Performance of a contract; Legal obligation

Purpose/Activity: To administer and protect our business and this website (hosting, troubleshooting, data analysis)
Type of Data: Identity, Technical
Lawful Basis: Legitimate Interest (Running our business, network security)

Purpose/Activity: To deliver relevant website content and measure effectiveness (Google Analytics)
Type of Data: Identity, Contact, Usage, Technical
Lawful Basis: Legitimate Interest (Studying how customers use our services)

Purpose/Activity: To protect our site from spam and abuse (Google reCAPTCHA)
Type of Data: Technical, Usage
Lawful Basis: Legitimate Interest (Network security and fraud prevention)

6. Infrastructure & Hosting (Google Firebase)

Our website is hosted on Google Firebase, a service provided by Google.

Data Residency: We configure our Firebase and Google Cloud resources to prioritise data processing within the UK/EU wherever technically feasible to align with our own "Safe-Start" principles.

Security: Firebase utilises industry-standard security protocols (HTTPS encryption) to protect data in transit between your browser and our servers.

7. Disclosures of Your Personal Data

We may share your personal data with the parties set out below:

  • Google Cloud / Firebase: For website hosting and database management.
  • Google Analytics: For website traffic analysis and performance monitoring.
  • Google reCAPTCHA: For spam prevention and security on enquiry forms.
  • Google Workspace: For email communication and document storage (stored securely in our own configured Tier 2 environment).
  • Typeform / Google Forms: If we use these tools for data collection.
  • Professional Advisers: Lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance, and accounting services.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law.

8. International Transfers

Many of our external third parties (like Google) are based outside the UK so their processing of your personal data will involve a transfer of data outside the UK.

Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data.
  • Where we use certain service providers (like Google), we may use specific contracts approved for use in the UK which give personal data the same protection it has in the UK (Standard Contractual Clauses).

9. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way.

We enforce Multi-Factor Authentication (MFA) on all AHAI administrative accounts.

We limit access to your personal data to the Founder and strictly vetted contractors who have a business need to know.

10. Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements.

  • Client Data: Kept for 6 years after the end of the contract (for tax/legal purposes).
  • Lead/Quiz Data: Kept for 2 years. If you do not engage with us after 2 years, we will delete your data.

11. Your Legal Rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data, including the right to:

  • Request access to your personal data (Subject Access Request).
  • Request correction of your personal data.
  • Request erasure of your personal data.
  • Object to processing of your personal data.
  • Request restriction of processing your personal data.
  • Request transfer of your personal data.
  • Right to withdraw consent.

If you wish to exercise any of the rights set out above, please email us at Alex@ahai.co.uk.

12. Cookies

Our website hosted on Firebase uses cookies and similar technologies to function.

  • Essential Cookies: Required for the site to work (e.g., load balancing, security tokens).
  • Analytics Cookies: Used by Google Analytics to help us improve the site.
  • Security Cookies: Used by Google reCAPTCHA to identify legitimate users and block bots.

You can set your browser to refuse all or some browser cookies. If you disable or refuse cookies, please note that some parts of this website (especially enquiry forms protected by reCAPTCHA) may become inaccessible or not function properly.