Speak to our team

Privacy Policy

Last updated: 15th August 2024

1. Introduction

Aveni Limited (“Aveni”, “we, “us”, “our”), a company registered in Scotland under registration number SC600143, whose registered address is 58 Morrison Street, Edinburgh, Scotland, EH3 8BP, is committed to protecting and respecting your privacy. We are committed to the protection of the Personal Data we process in line with the data protection principles set out in the UK General Data Protection Regulation and the EU General Data Protection Regulation (2016/679), the Privacy and Electronic Communications (EC Directive) Regulations 2003 and the Data Protection Act 2018.

Where Aveni Limited is the Controller of your Personal Data, we are registered in the UK with the Information Commissioner’s Office (“ICO”), registration number ZA925667.

We have appointed an external data protection officer (“DPO”), details as follows:

Evalian Limited

West Lodge

Leylands Business Park

Colden Common

Hampshire

SO21 1TH

United Kingdom

Email: dpo@evalian.co.uk   

Phone: +44 (0)333 050 0111

Website: www.evalian.co.uk

As an information-led business, we place great importance on ensuring the quality, confidentiality, integrity and availability of the data we hold and in meeting our data protection obligations when processing Personal Data. We are committed to protecting the security of your Personal Data, using a variety of technical and organisational measures to help protect your Personal Data from unauthorised access, use or disclosure.

We update this privacy notice from time to time in response to changes in applicable laws and regulations, to our processing practices and to the products and services we offer. When changes are made, we will update the date at the bottom of this document. Please review this privacy notice periodically to check for updates.

We have separate privacy notices for job applicants and employees, available from Human Resources.

2. Lawful Basis for Data Processing

Data protection legislation requires us to identify an appropriate lawful basis to process Personal Data. The lawful basis we rely on as Controller are detailed below with brief examples for when they may apply:

Consent

For marketing communications, newsletters, competitions etc

Contractual Obligation

For provision of our services

Legitimate Interests

To answer any questions about our products and services

Where we are a Processor, we process Personal Data in line with the lawful basis determined by the Controller.

There may be instances where we need to process Special Category Personal Data, such as health, race or ethnicity information. We will ensure the relevant special conditions are met and documented where required by law.

3. Personal Data Collected

Personal Data is any information relating to an identified or identifiable natural person. We process the information you give us, whether through interactions with our Website or by any other form of correspondence.

As a Controller we would normally collect the following categories of Personal Data:

  • Name;
  • Job details (company and job function);
  • Contact details (email address/telephone number(s)); and
  • Technical data (e.g. IP Addresses).

The above list is representative and non-exhaustive.

As a Processor, we may process the following categories of Personal Data, which can include (but is not limited to):

  • Audio call recordings;
  • Meta data of call recordings; and
  • Quality reviews.

We collect Personal Data through several means, for example:

  • When you complete an online form on our website;
  • When you contact us by phone, email or other communications (e.g. LinkedIn);
  • When you use any of our services; or

From third-party sources, professional contacts or third parties who send us your details as prospective clients, associates or business partners.

4. How We Use Personal Data

We may use Personal Data for the following purposes:

  • To contract with you as a new client or supplier;
  • To provide services to you and carry out your instructions in connection with our services;
  • To manage queries relating to services we have provided to you historically;
  • To manage our relationship with you as a client, supplier or professional contact;
  • Comply with Data Subject right requests;
  • Communicate with relevant Controllers any communications received from a Data Subject including (but not limited to) Data Subject right requests;
  • Process an order for a product or other service;
  • Seek your views or comments on the services we provide;
  • Notify you of changes to our services;
  • Handle an enquiry or complaint; or
  • Sending marketing communications and other company updates.

The above list is non-exhaustive and representative. For more information on how we use Personal Data for specific activities you can contact us as detailed below.

Google Calendar Integration

We integrate with the Google Calendar service to assist with meeting and appointment scheduling. The personal data shared with us by Google and processed for this function includes:

  • Name of the calendar owner
  • Email address of the calendar owner
  • Events on the calendar (date and time, location of the virtual meeting i.e. MS Teams, Meet, Zoom, URL)
  • Attendees names
  • Attendees email addresses

This information is shared with meeting organisers and invitees only, used only for this purpose and retained in accordance with our Personal Data Retention Policy (see section 13, below).

5. Children’s Data

Our services are not designed for children or those under the age of 18. If we do become aware of anyone using our services who may be under 18, we will take all reasonable steps to ensure we do not process their data any further and will communicate this to them directly.

6. Data Sharing

We may need to share your Personal Data with other departments and members of our organisation, such as IT / technical support (including any help and assistance with our AI service offering).

There may also be instances where we may need to share your Personal Data with any competent law enforcement body, regulatory organisation, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation or (ii) to exercise, establish or defend our legal rights.

7. International Data Transfers

There may be instances where we need to transfer your Personal Data outside the UK. We may need to share your data with companies who are in the European Economic Area (The EU member states, plus Norway, Iceland and Liechtenstein – “EEA”) or another adequate listed country, or to third countries who may not have the same data protection laws as the UK. If we need to transfer your information outside the UK, we will take steps to ensure appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this notice.

8. Sub-Processors

We may at times use sub-processors to help us fulfil our contractual duties and obligations to our client Controllers. We have put in place agreements with them and ensured the correct data protection language, obligations and responsibilities are incorporated in these agreements. A list of sub-processors is available upon request by contacting us using the details below.

9. Cookies

We use cookies on our websites. More information to how we use cookies can be found in our Cookie Notice available here.

10. Links

This website contains links to other websites, which are clearly marked as such. Please note that we have no control over external websites and are not responsible for the protection and privacy of any information which you may provide to them.

11. Marketing Communications

We would like to send you marketing news and updates regarding our company, products and services. You can opt into marketing communications by filling out the form at the bottom of our website.

In order to send you marketing communications, we require your consent. You can withdraw this consent at any time (i.e. opt out) by clicking on the relevant unsubscribe link at the bottom of the email. You also have the ability to opt out by contacting using the details below. We do not sell your personal data to anyone for any purpose.

12. Automated Decision-Making and Profiling

We do not conduct any automated decision making and profiling within our organisation.

13. Data Retention

We regularly review our data retention practices ensuring we only retain Personal Data for as long as necessary, in line with our data processing activities. We have created a Personal Data Retention Policy to help document relevant retention periods.

As a Controller we will retain Personal Data for as long as is necessary for the purposes of the processing and a reasonable time afterwards. As a Processor we will retain Personal Data as determined by our client Controllers. When Personal Data is to be deleted we will either delete it manually or anonymise it if deletion is not possible.

14. What Happens If Our Business Changes Hands?

We may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of our business. Any Personal Data that you have provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will be permitted to use that data only for the purposes for which it was originally collected by us.

15. Data Security

We are ISO 27001 certified and copies of our certification are available upon request. We have also put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions and are subject to a duty of confidentiality.

16. Data Protection Rights

If you are based in the UK or EEA, your Data Subject rights are as follows:

  • Right to be informed
  • Right to access
  • Right to rectification
  • Right to erasure
  • Right to restrict processing
  • Right to objection
  • Right to portability
  • Right not to be subject to automated decision making and profiling

If you would like to exercise any of the above rights, please contact us as detailed below.

17. Concerns and Complaints

If you would like to contact us directly to talk to us about a concern or to raise a complaint about the way we are processing your Personal data, please use our contact details below.

If you feel we have not dealt with your complaint satisfactorily, you may submit a complaint to the ICO via this link https://ico.org.uk/make-a-complaint/.

  1. Review and Updates

We will review this notice and make changes to it from time to time. We recommend you check this notice to see where changes have been made and to ensure you are able to review updated information at all times.

 

You may contact our head office using the following details:

58 Morrison Street,

Edinburgh,

Scotland.

EH3 8BP

Email: info@aveni.ai