PRIVACY POLICY

ENLIGHTEN CONSULTANCY UK COMPANY LIMITED
Last updated: 24/01/2023



1. Introduction
This Privacy Policy explains how ENLIGHTEN CONSULTANCY UK COMPANY LIMITED (“we”, “us”, “our”) collects, uses, stores, and protects personal data when providing our services, 
including Servadra – Enquiry Gate and Servadra – After-sales Desk.
 
We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. 

2. Who We Are (Data Controller)

ENLIGHTEN CONSULTANCY UK COMPANY LIMITED 
Registered in England and Wales 
Registered Office: Suite 6238, Unit 3A, 34–35 Hatton Garden, Holborn, London, EC1N 8DX

We act as:
Data Controller for our own business operations
Data Processor when handling personal data on behalf of our clients

3. Scope of This Policy

 This policy applies to: 
- Website visitors
- Prospective clients
- Business clients and their authorised users
- End-users interacting with Servadra on behalf of our clients

This policy does not cover third-party websites or services linked from our platform. 

4. Personal Data We Collect

Depending on the context, we may collect the following categories of data:

4.1 Business Contact Information  

- Name
- Company name
- Business email address
- Business telephone number

4.2 Service Interaction Data  

- Enquiry messages submitted through Servadra
- Conversation logs related to support interactions
- Metadata such as timestamps and interaction type

4.3 Technical and Usage Data  
- IP address
- Browser type and device information
- Usage statistics and system logs

4.4 Client-Provided Content  
- Knowledge base materials uploaded by clients
- Operational rules and escalation instructions

⚠️ Clients must not upload sensitive personal data (e.g. medical, biometric, criminal records) unless explicitly agreed in writing. 

5. How We Use Personal Data

We process personal data only for legitimate business purposes, including: 
- Providing and operating the Servadra services
- Handling enquiries and support requests
- Monitoring system performance and behaviour
- Ensuring compliance with defined boundaries and escalation rules
- Improving service reliability and security
- Legal and regulatory compliance

We do not use personal data for: 

- Automated decision-making with legal or significant effect
- Unrestricted AI model training
- Advertising or resale of data

6. Lawful Basis for Processing

Under UK GDPR, our lawful bases include: 
- Performance of a contract – to deliver agreed services
- Legitimate interests – to operate, secure, and improve our services
- Legal obligation – compliance with UK law
- Consent – where explicitly obtained (e.g. marketing communications)

7. AI Processing and Safeguards

Servadra uses AI-assisted processing under strict controls: 
- AI operates only within approved knowledge sources
- No unrestricted or self-learning behaviour
- Mandatory escalation to human staff when outside scope
- Human oversight is built into the service design

AI outputs are assistive, not authoritative. 

8. Data Sharing and Subprocessors

We may share data only with: 
- Cloud hosting providers
- Infrastructure and security service providers
- AI model providers (strictly for service delivery)

All subprocessors are: 
- Bound by contractual confidentiality obligations
- Required to meet appropriate data protection standards

We do not sell personal data to third parties. 

9. International Data Transfers

Where data is processed outside the UK: 
- Transfers are safeguarded by appropriate mechanisms
- Such as UK-approved contractual clauses or equivalent protections

We ensure data remains protected to UK GDPR standards. 

10. Data Retention

We retain personal data only as long as necessary: 
- Evaluation/demo data: automatically deleted after the demo period
- Active client data: retained for the duration of the service
- Operational logs: retained for monitoring and compliance purposes

Retention periods may vary depending on legal and contractual obligations. 

11. Data Security
We implement appropriate technical and organisational measures, including: 
- Access controls and authentication
- Encrypted data storage where appropriate
- Monitoring and logging of system activity

However, no system can be guaranteed to be completely secure. 

12. Your Rights Under UK GDPR
Individuals have the right to: 
- Access their personal data
- Request correction of inaccurate data
- Request deletion (where legally permitted)
- Restrict or object to processing
- Request data portability

Requests can be made via our contact form. 

13. Client Responsibilities

Clients are responsible for: 
- Ensuring they have the legal right to provide personal data
- Informing their own customers or users about AI-assisted processing
- Not uploading unnecessary or sensitive personal data

14. Cookies and Tracking

Our website may use essential cookies for functionality and security.
We do not use intrusive tracking or behavioural advertising cookies without consent. 

15. Changes to This Policy

We may update this Privacy Policy from time to time.
The latest version will always be published on our website.
 
16. Contact Us

For privacy-related enquiries or data requests, please contact us via the website Contact Form.