UK and EU Privacy Notice

At Smart AI Compliance, we are fully committed to keeping your data safe by ensuring complete compliance with data protection laws, and to always using your data responsibly.

This Privacy Notice applies to business partners, clients and potential clients that deal with Smart AI Compliance. It describes how we collect, share, use and protect your information about you based on your interactions with us. It allows you to fully understand and make choices about how your data is being used.

Who we are

We at Smart AI Compliance are the Data Controller of your personal data.

If you have any questions or concerns at all, you can contact us at info@smartaicompliance.com

Purposes for Collecting Your Personal Data

We will process your personal data for the following purposes:

  • To liaise with potential clients
  • Ensure compliance with AI Act.
  • Where applicable, to fulfil our role as your Authorised Representative.
  • To effectively deliver our services (including, where the service is training, to confirm your attendance at the training sessions);
  • Invoice;

The Types of Personal Data that We Process

The types of personal data that we collect and process will depend upon the information you provide to us. We will use that personal data for some or all of the reasons set out in this Privacy Notice. Typically, the types of personal data we collect include the following:

  • Name and personal details (including any business names, the names of employees and Directors within the organisation);
  • Your contact details (eg, email address, telephone number, address);
  • Records of products and services that you have enquired about or obtained from us;
  • Information about the nature of your company, such as the work that is undertaken and the location of offices;
  • If relevant, information about your AI Systems;
  • If relevant, information in relation to your AI documentation and AI compliance (including, but not necessarily limited to, the AI System’s instructions, for use, technical documentation or conformity assessment);
  • If relevant, information about your privacy compliance program;
  • Any details in your communications with us;
  • Your attendance at any training sessions, where applicable; and
  • Your training records, where applicable.

Legal Basis

Generally, we will process your personal data for the above purposes on the legal basis that the processing is in Smart AI Compliance’s legitimate interest. Our legitimate interests include:

  • Identification and assessment of business partners;
  • Participation in pre-contractual communications;
  • Commercial interests in corporate transactions;
  • Business relationship management; and
  • To ensure we provide quality assistance to customers.

Generally, Where we do rely on consent to process your personal data, you may withdraw that consent at any time.

International Data Transfers

We will maintain your data within the UK and European Union. If your personal data will be transferred outside the UK and the European Economic Area, we will ensure your data is fully protected and treated in accordance with the GDPR and UK GDPR. While some countries have adequate protections for personal data under applicable laws, in other countries additional steps will be necessary to ensure appropriate safeguards are in place to protect your personal data. These include imposing contractual obligations to ensure these safeguards are put in place or requiring the recipient to subscribe to or be certified with an ‘international framework’ for the protection of personal data.

How long we retain your data

We use the following criteria to determine retention periods for your personal data:

  • Retention in case of queries. We’ll retain your personal data as long as necessary to deal with your queries (e.g. if your application is unsuccessful) or for a sensible period in order for us to reply to your online query and then deal with queries you raise upon receipt);
  • Retention in case of claims. We’ll retain your personal data for as long as legal claims can be brought and defended.
  • Retention in accordance with legal and regulatory requirements. We’ll retain your personal data after your account, product or service has been closed or has otherwise come to an end based on our legal and regulatory requirements.

Your Data Rights

Your have the following rights under the GDPR and UK GDPR (noting that some may not apply to your particular situation):

  • The right to be informed about our processing of your personal data;
  • The right to have your personal data corrected if it is inaccurate and to have incomplete personal data completed;
  • The right to object to processing of your personal data;
  • The right to restrict processing of your personal data;
  • The right to have your personal data erased (the “right to be forgotten”);
  • The right to request access to your personal data and information about how we process it;
  • The right to move, copy or transfer your personal data (“data portability”); and
  • Rights in relation to automated decision making including profiling.

You have the right to complain to the Data Protection Authority in the jurisdiction in which you live. If you are in the UK, the appropriate body is the Information Commissioner’s Office. It has enforcement powers and can investigate compliance with data protection law: ico.org.uk. The Information Commissioner’s Office can be contacted at:

Information Commissioner’s Office
Wycliffe House, Water Lane
Wilmslow
Cheshire
United Kingdom
SK9 5AF
(+44) 0303 123 1113

If you have any questions at all, feel free to contact us, and we will be glad to assist you.

Changes to this Privacy Notice

The effective data of this Privacy Notice is 29 August 2024.

We will inform you if there are significant changes to this Privacy Notice or where we intend to process your personal data for a new purpose before we start that new processing activity.