ACESS Logo

Data Protection Policy

Last Updated:

1. Introduction & Scope

ACESS.ai ("we", "us", "our") is committed to protecting and respecting your data. This Data Protection Policy outlines our commitment to complying with data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (GDPR). This policy applies to all personal data processed by us, including data of our employees, customers, suppliers, and other individuals.

2. Data Protection Principles

We adhere to the principles relating to the processing of personal data set out in the GDPR, which require personal data to be:

  • Processed lawfully, fairly, and in a transparent manner.
  • Collected for specified, explicit, and legitimate purposes.
  • Adequate, relevant, and limited to what is necessary.
  • Accurate and, where necessary, kept up to date.
  • Kept in a form which permits identification of data subjects for no longer than is necessary.
  • Processed in a manner that ensures appropriate security.

3. Lawful Basis for Processing

We will only process personal data where we have a lawful basis to do so. The primary lawful bases we rely on are:

  • Consent: Where you have given us clear consent for us to process your personal data for a specific purpose.
  • Contract: Where processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.
  • Legal Obligation: Where processing is necessary for us to comply with the law.
  • Legitimate Interests: Where processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data which overrides those legitimate interests.

4. Your Data Subject Rights

Under data protection law, you have rights including:

  • Your right of access - You have the right to ask us for copies of your personal information.
  • Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate.
  • Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
  • Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
  • Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.
  • Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

To exercise these rights, please contact us at support@acess.ai. You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

5. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. We limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

6. International Data Transfers

Personal data may be transferred to countries outside the UK and the European Economic Area (EEA). Such transfers will only take place if one of the following applies:

  • The country receiving the data is considered to provide an adequate level of protection for personal data.
  • We have put in place appropriate safeguards, such as standard contractual clauses approved by relevant authorities.
  • A specific exception applies under data protection law.

7. Data Protection Officer (DPO)

We have appointed a Data Protection Officer to oversee compliance with this policy. If you have any questions about this policy or our data protection practices, please contact the DPO at support@acess.ai.