Beebot AI Ltd has a responsibility to document how we will protect your personal data. This is a legal requirement of the Data Protection Act (2018), Part 2, within the UK GDPR ‘Right to be Informed’. This privacy notice will outline our responsibilities to you. This privacy notice was last updated in April 2024.
1.1 Whilst every effort has been made to outline our responsibilities to you in as clear, concise, and easy to understand manner as possible, we do need to use certain terms throughout this privacy notice.
1.2 We will now provide an easy-to-understand definition of each term:
2.1 The scope for Beebot AI Ltd is any data subject, whose personal data is processed upon instruction, in line with UK privacy legislation including the DPA 2018, PECR (2003), and UK GDPR.
2.2 We also acknowledge any additional responsibilities requested by the industry regulator in the UK, the Information Commissioner’s Office (ICO).
2.3 The DPA 2018 and UK GDPR have a material scope covering personal data that is processed either electronically or is processed as part of a physical paper filing system.2.4 Beebot AI Ltd will adhere to the seven UK GDPR data processing principles when handling personal data:
2.5 All associates and employees of Beebot AI Ltd who interact with data subjects are responsible for ensuring that this privacy notice is drawn to their attention, at the earliest available opportunity.
3.1 Beebot AI Ltd is a private limited company, based in England, under company registration number 11702852, complying with the laws of the United Kingdom, paying further reference to the Companies Act (2006).
3.2 Beebot AI Ltd is registered with the ICO under registration number ZB066888.
3.3 Beebot AI Ltd acts as a data processor, data controller, and joint data controller. We are responsible for the personal data that we process (on behalf of the client/data subject), and have our own measures for ensuring compliance with the UK data controller regulations (personal data we are responsible for).
3.4 Beebot AI Ltd also determines the scope of the personal data processing, and for what purpose.
3.5 From time to time we may appoint data processors on behalf of Beebot AI Ltd. We will always ensure that a written agreement is in place with each of our data processors documenting how personal data will be processed, safeguarded, and stored. Beebot AI Ltd has the overall responsibility for all data processors.
3.6 Beebot AI Ltd has a duty of care acting as a data controller to appoint a Data Protection Officer (DPO). We have a legal obligation to notify the ICO of their name and contact details. Our appointed Data Protection Officer (DPO) is CSRB Limited. They can be contacted via email at dpo@csrb.co.uk.
3.7 Beebot AI Ltd uses lawful bases, as set out in UK GDPR Article 6, when we process your personal data:
3.8 Beebot AI Ltd may transfer personal data we collect about you to countries outside the UK, including the EEA/EU and the USA. We treat each international data transfer individually and assess the risk associated with the transfer and whether a suitable level of adequacy with UK data privacy legislation is available, within the country to where the personal data is being transferred.
3.9 Data transfers between the UK the EU/EEA can flow freely under the ‘Adequacy Decision’ agreed between the UK and European Parliament on 27 June 2021. This adequacy agreement is expected to last until 27th June 2025, after which this will be reviewed and our privacy notice amended accordingly. If the international data transfer is outside the EU/EEA/UK then risk assessment criteria and appropriate safeguards would be put in place, such as Data Protection Impact Assessments (DPIAs). We would then seek the explicit consent of the data subject.
4.1 Beebot AI Ltd processes personal data in a fair way. We do this by putting the individual’s rights at the heart of all processing with regards to personal data.
There are eight individual rights:
4.2 Beebot AI Ltd will only handle personal data in ways that individuals would reasonably expect and not use it in ways that have unjustified adverse effects on them.
4.3 Beebot AI Ltd will obtain personal data in a fair way. We will seek explicit consent from the data subject or securely transfer personal data into the business where a lawful base for processing can be identified from Article 6 of the UK GDPR, as identified in clause 3.7 above.
4.4 Beebot AI Ltd always considers the rights and freedoms of data subjects when processing personal data. This could be for individuals or those part of a wider group.
4.5 Beebot AI Ltd will have a written agreement with each client setting out the contract terms. In addition a Data Processing Agreement (DPA) will be issued by Beebot AI Ltd and/or the other party and signed by both parties.
5.1 Transparency is fundamentally linked to fairness. Beebot AI Ltd will always be clear, open, and honest with people from the start, about who we are, and how, and why we need to use your personal data.
5.2 Beebot AI Ltd will inform clients and data subjects from the outset regarding the types of personal data we need to process, usually within our business terms, contract documentation, this privacy notice, and other privacy documentation.
5.3 Beebot AI Ltd processes the following personal data types:
5.4 Beebot AI Ltd informs individuals about all personal data processing in a way that is easily accessible and easy to understand, using clear and plain language. We do this ensuring all Beebot AI Ltd.’s employees receive annual data protection and UK GDPR training, whilst having a company information governance framework with up-to-date policies, procedures, and processes.
5.5 Beebot AI Ltd hope we can resolve any query or concern you raise about our use of your personal data. You can contact Beebot AI Ltd in the first instance at any time by emailing info@beebotai.com or you can write to us at Beebot AI Ltd, 3-4 Oriel Court, Claremont Road, Sale, Manchester, M33 7DF.
5.6 Beebot AI Ltd has appointed a certified Data Protection Officer (DPO) to act in the interests of all parties. Should you require further information with regards to personal data processing and the protection of your personal data, please contact our nominated DPO at CSRB Limited. They can be contacted via email at dpo@csrb.co.uk.
5.7 Should we not be able to resolve the complaint, you have the right to lodge a complaint with the lead authority. The lead authority in the UK is the Information Commissioner’s Office (ICO), who may be contacted by telephone on 0303 123 1113 or by visiting www.ico.org.uk.
6.1 Beebot AI Ltd will always be clear about what the purpose is for any personal data processing from the very start. We process your personal data for the following purposes:
6.2 Beebot AI Ltd will record our purposes for personal data processing as part of our contract obligations. We will also specify them in any additional privacy documentation provided.
6.3 Beebot AI Ltd will only use your personal data for a new purpose if this is either compatible with the original purpose, or we obtain consent, or we have a clear lawful obligation, or function set out in UK law.
6.4 Where relevant, Beebot AI Ltd, may also share personal data with third parties, such as:
6.5 Beebot AI Ltd will share personal data with law enforcement or other authorities, if required by law.
7.1 Beebot AI Ltd always ensures the personal data we are processing is:
The UK GDPR does not define these terms. As this is the case, Beebot AI Ltd accepts these terms may have a differing definition from one individual to the other, as the processing will depend on the specified purpose for collecting and using the personal data.
7.2 In order to assess whether we are holding the right amount of personal data, we demonstrate clearly why we need it, before any data processing activities take place.
7.3 For special category data or criminal offence data, we understand the importance of collecting and retaining only the minimum amount of information.
7.4 Beebot AI Ltd undertakes an annual data protection audit with an external certified data protection service provider, to review our personal data processing, and to check that the personal data we hold is still relevant and adequate for the stated purposes.
8.1 Beebot AI Ltd will take all reasonable steps to ensure the personal data we hold is accurate and up to date.
8.2 Beebot AI Ltd will take reasonable steps to ensure that personal data we hold is not incorrect. This may involve contacting you via our official communication channels, to ensure all personal data held is accurate.
8.3 Beebot AI Ltd will always record the source of where personal data came from and ensure the source is compliant with UK privacy laws, including the UK GDPR.
8.4 If we need to keep a record of a mistake, where we have clearly identified it as a mistake, we add this to our records of processing for audit purposes, and continuous improvement.
8.5 Beebot AI Ltd.’s records of processing clearly identify any matters of opinion, and where appropriate whose opinion it is, and any relevant changes to the underlying facts.
8.6 Beebot AI Ltd will comply with the individual’s right to rectification, and carefully consider any challenges to the accuracy of the personal data.
8.7 As a matter of good practice, we keep records of processing of any challenges to the accuracy of the personal data.
9.1 Beebot AI Ltd will not keep personal data for any longer than is necessary to fulfil the original stated purpose for the processing of such personal data.
9.2 Beebot AI Ltd will only keep personal data for the period outlined to meet the requirements of the contract, legal obligation, or legitimate interest identified.
9.3 Any retention of personal data will be carried out in compliance with legal, professional body, and regulatory obligations. These data retention periods are subject to change, due to any revisions of associated legislation, regulations, or requirements.
9.4 Beebot AI Ltd acknowledges that UK privacy legislation does not determine how long personal data needs to be kept. This is up to the data controller to determine and document accordingly at the earliest possible opportunity.
9.5 Beebot AI Ltd has a personal data retention policy in place, which documents the categories of personal data we hold, what we use it for, and how long we intend to keep it.
9.6 Beebot AI Ltd periodically reviews the personal data we hold, and erases or anonymises it, when we no longer need to process it for the original purpose.
9.7 Beebot AI Ltd also considers any challenges to the retention of personal data. We understand that individuals have a right to erasure if we no longer need their personal data.
9.8 Beebot AI Ltd acknowledges there are exceptions to retention periods. Here we can keep personal data for longer if we are only keeping it for public interest archiving, scientific or historical research, or statistical purposes. We would always inform you if this was the case, along with our lawful basis for retention.
9.9 When Beebot AI Ltd is provided with an instruction to destroy data it must be destroyed irretrievably either in paper or electronic formats. Paper records will be destroyed by an approved contractor who can provide evidence of destruction and a certificate of destruction. Beebot AI Ltd will retain this certificate.
9.10 Beebot AI Ltd also has secure destruction procedures and processes for any of the devices it has used for the storage of personal data. Beebot AI Ltd will retain evidence of any equipment destruction and confirms that the destruction is beyond any prospect of retrieving data stored within the device.
10.1 Beebot AI Ltd will undertake an analysis of the risks presented by our personal data processing and use this to assess the appropriate level of security we need to put in place. We review our Business Continuity Plan (BCP) and Incident Response Plan (IRP) annually.
10.2 We have obtained the Cyber Essentials certification and are also ISO:27001 accredited. We have an information security policy and take steps to make sure the policy is implemented. We also undertake annual information security reviews. We make sure that we regularly review our information security policies and measures and, where necessary, improve them.
10.3 Beebot AI Ltd make sure that we can restore access to personal data in the event of any data incidents or personal data breaches, by the implementation of an appropriate data backup procedure.
10.4 Beebot AI Ltd conducts regular penetration testing and reviews of our measures to ensure they remain effective, and act upon the results of those tests where they highlight areas for improvement or heightened risk.
10.5 Where appropriate, we implement measures that adhere to an approved code of conduct or certification mechanism, such as the Cyber Essentials certification, and additional quality standards, such as ISO:27001.
10.6 We ensure that any data processor we engage implements appropriate technical safeguards for all data.
10.7 Beebot AI Ltd does track website behaviour in order to offer data subjects an enhanced client experience and for organisational analytics. The UK GDPR and PECR interprets data collected by cookies as personal. It prohibits the collection of personal data without consent, which means a website is only allowed to collect information that the user voluntarily inputs. This includes name, email address, phone number, or any other information that the user shares with the website. The cookie consent must be freely given, specific, informed, and unambiguous. Further information about the use of cookies can be found in the Beebot AI Ltd Cookie Policy.
11.1 Accountability is one of the UK GDPR data processing principles. Beebot AI Ltd takes our accountability commitments with the UK GDPR very seriously, as documented by this privacy notice.
11.2 Beebot AI Ltd has put in place several measures that we can, and in some cases must take, including:
11.3 Beebot AI Ltd understand that accountability obligations are ongoing. We review and, where necessary, update the measures we have put in place. For example, we continually enhance our privacy management framework, as this can help embed our accountability measures and create a culture of privacy across our organisation.
11.4 Beebot AI Ltd understand that being accountable can help build trust with individuals and may help mitigate any gaps in compliance, and thus any potential regulatory enforcement action.
11.5 If you have any questions or concerns about how we process and protect your personal data not covered in this privacy notice please contact Beebot AI Ltd by email at info@beebotai.com.