Privacy Policy

ENLIGHTEN CONSULTANCY UK COMPANY LIMITED
Last updated: 22 February 2026

1. Introduction

This Privacy Policy explains how ENLIGHTEN CONSULTANCY UK COMPANY LIMITED (“we”, “us”, “our”) collects, uses, stores, and protects personal data when you visit our website, submit an enquiry, or engage with our services.

We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Who We Are (Data Controller)

ENLIGHTEN CONSULTANCY UK COMPANY LIMITED
Registered in England and Wales
Registered Office: Suite 6238, Unit 3A, 34–35 Hatton Garden, Holborn, London, EC1N 8DX

We act as:

  • Data Controller for our own business operations and website enquiries.
  • Data Processor when handling personal data on behalf of our clients (where contractually defined).

3. Scope of This Policy

This policy applies to:

  • Website visitors
  • Prospective clients and enquiry submitters
  • Business clients and their authorised users
  • End-users interacting with Servadra on behalf of our clients (where applicable)

This policy does not cover third-party websites or services linked from our platform.

4. Personal Data We Collect

4.1 Business Contact Information

  • Name
  • Organisation name
  • Business email address
  • Business telephone number (if provided)

4.2 Demo and Pre-Engagement Submission Data

When you submit a demo request or introductory enquiry, we collect the information you provide for the purpose of arranging a structured discussion and confirming next steps.

This may include:

  • Your organisation type and sector (where provided)
  • Proposed operational scope (where selected)
  • Operational context you choose to share
  • Professional introduction interest (optional checkbox)

Selecting professional introduction interest does not grant partner status and does not create any automatic relationship. It is a declaration of interest only.

4.3 Service Interaction Data (Client Operations)

Where we provide services to clients, we may process service interaction data as part of the agreed operational scope. This may include enquiry messages and operational conversation logs (as defined by the client contract), as well as related metadata such as timestamps and interaction type.

4.4 Technical and Usage Data

  • IP address
  • Browser type and device information
  • Security and diagnostic logs

4.5 Client-Provided Content

Clients may provide knowledge materials, operational rules, or escalation instructions for deployment. Clients should not provide special category data (such as medical, biometric, or criminal record data) unless explicitly agreed in writing.

5. How We Use Personal Data

We process personal data only for legitimate business purposes, including:

  • Responding to website enquiries and demo requests
  • Email verification and communication security
  • Providing and operating services within agreed scope
  • Monitoring service stability, boundary adherence, and operational reliability
  • Maintaining governance integrity, auditability, and security
  • Legal and regulatory compliance

We do not use personal data for:

  • Automated decision-making with legal or similarly significant effect
  • Unrestricted AI model training
  • Advertising resale or data brokering

We do not conduct automated profiling or automated decision-making in relation to demo submissions or professional introduction interest.

6. Lawful Basis for Processing

Under UK GDPR, our lawful bases include:

  • Performance of a contract – where processing is necessary to deliver agreed services
  • Legitimate interests – to operate, secure, and improve our services and respond to business enquiries
  • Legal obligation – where compliance with UK law requires processing
  • Consent – where explicitly obtained (for example, marketing communications where applicable)

6A. Lawful Basis for Demo Processing

We process demo and pre-engagement submissions under:

  • Legitimate interests – to assess and respond to business enquiries
  • Steps taken at your request prior to entering into a contract – where you request a discussion or demonstration

7. Email Verification and Manual Review

Demo submissions are subject to email verification before review. Unverified submissions may be deleted.

Submissions are reviewed manually. No automated approval is applied.

8. AI Processing and Safeguards

Servadra uses AI-assisted processing under strict operational controls:

  • AI operates only within approved knowledge sources
  • No unrestricted or self-learning behaviour
  • Mandatory escalation when outside approved scope or where judgement is required
  • Human oversight embedded within the service design

AI outputs are assistive and do not replace human judgement.

9. Data Sharing and Subprocessors

We may share data only with providers necessary to deliver and secure the service, such as:

  • Hosting and infrastructure providers
  • Security and monitoring providers
  • Email delivery providers (for verification and service communications)
  • AI model providers (strictly for service delivery, where applicable)

All subprocessors are contractually bound to appropriate confidentiality and data protection standards. We do not sell personal data.

10. International Data Transfers

Where data is processed outside the UK, transfers are safeguarded by appropriate UK-approved contractual clauses or equivalent protections.

11. Data Retention

Demo submissions that are not email-verified may be deleted automatically.

Verified demo submissions are retained for a limited period to allow follow-up discussion and review. If no engagement proceeds, information is retained for up to 24 months unless deletion is requested.

Where engagement begins, relevant information may be incorporated into the client record and retained in accordance with contractual and regulatory requirements.

Audit logs relating to governance, security, and approval decisions are retained for integrity and compliance purposes.

12. Data Security

We implement appropriate technical and organisational measures including access controls, role-based permissions, monitoring, and logging. However, no system can be guaranteed to be completely secure.

13. Your Rights Under UK GDPR

You have the right to:

  • Access your personal data
  • Request correction of inaccurate data
  • Request deletion (where legally permitted)
  • Restrict or object to processing
  • Request data portability

Requests can be made via our website contact form.

14. Client Responsibilities

Clients are responsible for ensuring:

  • They have the legal right to provide personal data for processing
  • They inform their own customers or users about AI-assisted processing where applicable
  • They do not provide unnecessary or sensitive personal data unless explicitly agreed

15. Cookies and Tracking

Our website may use essential cookies for functionality and security. We do not use intrusive tracking or behavioural advertising cookies without consent.

16. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be published on our website.

17. Contact Us

For privacy-related enquiries or data requests, please contact us via our website contact form.

This policy is intended to describe our approach to privacy and governance in plain language. Where a client contract applies, contractual terms may define additional operational details and responsibilities.