1. Introduction

At Aimai, we are committed to protecting the privacy and security of personal data in accordance with the General Data Protection Regulation (GDPR) and other relevant data protection laws in the United Kingdom.

2. Data Controller and Data Processor

Aimai, registered in the UK, acts as both a data controller and data processor. As a data controller, Aimai determines the purposes and means of processing personal data. As a data processor, Aimai processes personal data on behalf of our clients in accordance with their instructions.

3. Lawful Basis for Processing

Aimai processes personal data only when there is a lawful basis to do so, which may include:

• The data subject has given consent to the processing of their personal data for one or more specific purposes.
• Processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract.
• Processing is necessary for compliance with a legal obligation to which Aimai is subject.
• Processing is necessary for the purposes of the legitimate interests pursued by Aimai or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

4. Data Collection and Use

Aimai collects and processes personal data only for specified, explicit, and legitimate purposes. We ensure that the personal data we collect is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed. Personal data is not retained for longer than is necessary for the purposes for which it was collected.

5. Data Subject Rights

Aimai respects the rights of data subjects under the GDPR, including the right to:

• Access personal data
• Rectify inaccurate personal data
• Erase personal data (right to be forgotten)
• Restrict processing of personal data
• Object to processing of personal data
• Data portability
• Withdraw consent

6. Data Security

Aimai implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage of personal data.

7. Data Transfers

Aimai ensures that any transfers of personal data outside of the UK or the European Economic Area (EEA) are conducted in compliance with the GDPR, including the use of appropriate safeguards such as standard contractual clauses or adequacy decisions.

8. Data Breach Notification

Aimai has procedures in place to detect, report, and investigate personal data breaches. In the event of a data breach that is likely to result in a risk to the rights and freedoms of individuals, Aimai will notify the relevant supervisory authority and affected data subjects without undue delay.

9. Data Protection Impact Assessments (DPIAs)

Aimai conducts DPIAs for processing activities that are likely to result in a high risk to the rights and freedoms of data subjects. DPIAs are carried out prior to the processing of personal data and involve assessing the necessity, proportionality, and risks associated with the processing.

10. Privacy by Design and Default

Aimai integrates data protection into our processing activities from the outset (privacy by design) and ensures that only necessary personal data is processed (privacy by default).

11. Training and Awareness

Aimai provides regular training and awareness programs for employees who are involved in the processing of personal data to ensure compliance with data protection laws and regulations.

12. Accountability and Record-Keeping

Aimai maintains records of our data processing activities and implements measures to demonstrate compliance with the GDPR, including maintaining documentation of processing activities, data protection policies, and procedures.

13. Contact Information

For inquiries regarding data protection or to exercise your rights under the GDPR, please contact our Data Protection Officer.

14. Policy Updates

Aimai may update this GDPR Compliance Policy from time to time to reflect changes in legal or regulatory requirements. We encourage data subjects to review this policy periodically for any updates.

Welcome to Aimai's GDPR Compliance Policy!

We're committed to safeguarding your privacy and complying with the General Data Protection Regulation (GDPR) and other relevant UK data protection laws. Here's what you need to know in simple terms:

1. Protecting Your Data

We take your privacy seriously and follow GDPR rules to keep your personal data safe and secure.

2. Who Handles Your Data

Aimai, based in the UK, is responsible for handling your data. We're both a data controller (deciding how data is used) and a data processor (acting on behalf of our clients).

3. Why We Process Data

We only process your data when we have a valid reason, like if you give us consent, if it's necessary for a contract, if it's required by law, or if it's in our or a third party's legitimate interest.

4. How We Use Your Data

We only collect and use your data for specific, clear, and lawful purposes. We make sure we don't collect more data than we need and we don't keep it for longer than necessary.

5. Your Rights

You have rights under GDPR, like accessing your data, correcting it if it's wrong, deleting it if you want, restricting its use, objecting to its use, and moving it to another service.

6. Keeping Your Data Safe

We use appropriate security measures to protect your data from unauthorized access, loss, or damage.

7. Transferring Data Safely

If we need to transfer your data outside the UK or the European Economic Area, we make sure it's done legally and securely.

8. Reporting Data Breaches

If there's a breach that could risk your rights and freedoms, we'll tell you and the authorities promptly.

9. Assessing Risks

Before processing sensitive data, we assess the risks to make sure your rights and freedoms are protected.

10. Privacy from the Start

We build privacy protections into everything we do and only process the data we really need.

11. Training Our Team

Our staff get regular training to make sure they handle your data properly and follow the rules.

12. Being Accountable

We keep records of how we use data and make sure we're following the rules.

13. How to Contact Us

If you have questions about your data or want to exercise your rights, you can contact our Data Protection Officer.

14. Policy Updates

Sometimes we might need to update this policy to meet new legal requirements. We'll let you know if we do.

We hope this policy helps you understand how we handle your data at Aimai. If you have any questions, just get in touch!