Effective Date: 15 May 2025

DataDecisions.ai ("we", "our", or "us") is committed to protecting the privacy and security of personal data. This Privacy Policy outlines how we collect, use, disclose, and safeguard personal data in connection with our data licensing services provided to corporate clients.

This policy applies to personal data processed by DataDecisions.ai in the course of providing data products and related services to our corporate clients. It does not apply to the processing activities of our clients, who act as independent data controllers.

We collect and process personal data for the following purposes:

Client Relationship Management: Contact details of client representatives (e.g., names, email addresses, phone numbers) to manage our business relationships.

Service Provision: Data necessary to deliver our data products and services, which may include pseudonymized or anonymized datasets.

Compliance and Legal Obligations: Information required to comply with legal and regulatory obligations.

We ensure that the personal data we process is adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.

Our processing of personal data is based on:

Contractual Necessity: Processing necessary for the performance of a contract with our clients.

Legal Obligations: Compliance with legal and regulatory requirements.

Legitimate Interests: Processing necessary for our legitimate interests in conducting and managing our business, provided that such interests are not overridden by the rights and interests of data subjects.

We may share personal data with:

Service Providers: Third-party vendors and service providers who perform services on our behalf, such as IT support and data hosting.

Legal and Regulatory Authorities: As required by applicable laws and regulations.

Business Transfers: In the event of a merger, acquisition, or sale of assets, personal data may be transferred to the acquiring entity.

We ensure that any third parties with whom we share personal data are subject to appropriate data protection obligations.

If personal data is transferred outside the UK or the European Economic Area (EEA), we ensure that appropriate safeguards are in place, such as standard contractual clauses approved by the UK Information Commissioner's Office (ICO).

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, or destruction. These measures include encryption, access controls, and regular security assessments.

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. The retention period varies depending on the nature of the data and the purposes of processing.

Under the UK GDPR, individuals have the following rights:

Access: The right to request access to their personal data.

Rectification: The right to request correction of inaccurate or incomplete data.

Erasure: The right to request deletion of their personal data under certain circumstances.

Restriction: The right to request restriction of processing under certain conditions.

Objection: The right to object to processing based on legitimate interests.

Data Portability: The right to receive their personal data in a structured, commonly used, and machine-readable format.

To exercise these rights, individuals can contact us at privacy@datadecisions.ai.

Our website may use cookies and similar tracking technologies to enhance user experience and analyze website traffic. Users can manage their cookie preferences through their browser settings.

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify clients of any significant changes and indicate the date of the latest revision.