Call us: 01908 410917
info@aiboffins.co.uk

GDPR Compliance

How we protect your data rights under UK and EU data protection laws

Last updated: 27/10/2025•UK GDPR Compliant

Our GDPR Commitment

AI Boffins is committed to full compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We recognize the importance of protecting your personal data and ensuring your privacy rights are respected.

This page outlines our GDPR compliance measures and how we protect your data rights. For detailed information about our data practices, please see our Privacy Policy.

Data Controller Information

Data Controller: AI Boffins

Address: Milton Keynes, UK

Email: info@aiboffins.co.uk

Phone: 01908 410917

ICO Registration: We are registered with the Information Commissioner's Office and comply with all UK data protection requirements.

Legal Basis for Data Processing

Under UK GDPR, we process your personal data based on the following legal grounds:

Contract (Article 6(1)(b))

Processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.

  • Providing our AI services
  • Processing payments and billing
  • Managing your account
  • Providing customer support

Legitimate Interest (Article 6(1)(f))

Processing is necessary for our legitimate interests, provided these interests do not override your fundamental rights and freedoms.

  • Improving our services and user experience
  • Website analytics and performance monitoring
  • Security and fraud prevention
  • Business development and marketing (with opt-out rights)

Consent (Article 6(1)(a))

Processing is based on your explicit consent, which you can withdraw at any time.

  • Marketing communications
  • Non-essential cookies
  • Third-party data sharing
  • Newsletter subscriptions

Legal Obligation (Article 6(1)(c))

Processing is necessary for compliance with our legal obligations.

  • Tax and accounting requirements
  • Regulatory compliance
  • Legal proceedings
  • Data retention requirements

Your GDPR Rights

Under UK GDPR, you have the following rights regarding your personal data:

Right of Access

You can request a copy of your personal data and information about how we process it.

Right to Rectification

You can request correction of inaccurate or incomplete personal data.

Right to Erasure

You can request deletion of your personal data in certain circumstances.

Right to Restriction

You can request limitation of processing in certain circumstances.

Right to Portability

You can receive your data in a structured, machine-readable format.

Right to Object

You can object to processing based on legitimate interests or for direct marketing.

How to Exercise Your Rights

To exercise your GDPR rights, please contact us using the following methods:

Contact Methods

We will respond to your request within one month, or within two months for complex requests. We may need to verify your identity before processing your request.

Data Security Measures

We implement appropriate technical and organizational measures to ensure data security:

Technical Measures

  • Encryption of data in transit and at rest
  • Secure servers and cloud infrastructure
  • Regular security updates and patches
  • Access controls and authentication
  • Firewall and intrusion detection systems

Organizational Measures

  • Staff training on data protection
  • Data protection policies and procedures
  • Regular security audits and assessments
  • Incident response procedures
  • Data protection impact assessments

Data Breach Procedures

In the event of a personal data breach, we have procedures in place to:

  • Detect and assess the breach within 72 hours
  • Notify the Information Commissioner's Office if required
  • Notify affected individuals if there is a high risk to their rights
  • Document all breaches and remedial actions taken
  • Implement measures to prevent future breaches

International Data Transfers

Your personal data is primarily processed within the UK and European Economic Area (EEA). When we transfer data outside the EEA, we ensure appropriate safeguards are in place:

  • Adequacy decisions by the UK government
  • Standard Contractual Clauses (SCCs)
  • Binding Corporate Rules (BCRs)
  • Certification schemes

Data Protection Officer

While we are not legally required to appoint a Data Protection Officer (DPO), we have designated a data protection contact who can assist with any GDPR-related queries:

Data Protection Contact: AI Boffins Privacy Team

Email: info@aiboffins.co.uk

Response Time: Within 2 business days

Supervisory Authority

You have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have not handled your personal data in accordance with UK GDPR:

Information Commissioner's Office

Website: ico.org.uk

Phone: 0303 123 1113

Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Updates to GDPR Compliance

We regularly review and update our GDPR compliance measures to ensure we meet all requirements. Any significant changes will be communicated to you through:

  • Updates to our Privacy Policy
  • Email notifications for significant changes
  • Website notices
  • Direct communication for material changes

Contact Us

If you have any questions about our GDPR compliance or data protection practices, please contact us:

AI Boffins

GDPR Email: info@aiboffins.co.uk

Phone: 01908 410917

Address: Milton Keynes, UK