Privacy Policy | AI-Si Data Protection | GDPR Compliant | Birmingham UK
Effective: February 11, 2026

Privacy Policy

AI-Si is committed to protecting your personal data. This policy explains how we collect, use, store, and protect information in accordance with UK GDPR and Data Protection Act 2018.

In Plain English

We collect minimal data, never sell it, and you can request deletion at any time. If you have a question about your data, contact us and we’ll respond within 30 days.

Last reviewed: February 2026  |  Next review due: February 2027

1Who We Are

Data Controller: Simon Steggles, trading as AI-Si | Business Address: Royal Town of Sutton Coldfield, Birmingham, England | Contact: simon@ai-si.com | 07973 210895 | Services: Fractional AI Director services, AI strategy consulting, governance frameworks, staff training, and implementation support for UK SMEs and councils.

Your Rights: Under UK GDPR, you have the right to access, rectify, erase, restrict processing, data portability, and object to processing of your personal data. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

2What We Collect

You Provide:

  • Contact: Name, email, phone, company, job title
  • Enquiries: Forms, emails, calls
  • Service Data: Project requirements, specs, training records
  • Payment: Billing address, payment method (never card details)

Automatic Collection:

  • Usage: IP, browser, device, pages, time, referrals
  • Cookies: Essential functionality (Section 8)
  • Communications: Email records, call notes

Third Parties:

  • LinkedIn: Profile if you connect
  • Referrals: Business connections info

Why This Matters

We collect only what’s necessary for professional AI consulting. Every data point serves a specific purpose: service delivery, legal compliance, or business improvement.

Data minimisation: If we don’t need it, we don’t collect it.

Transparency: You always know what we have and why.

3How We Use Your Data

Service Delivery (Contract Performance)

  • Responding to enquiries and quotes
  • Delivering AI consulting, governance, training, implementation
  • Managing client relationships and projects
  • Processing payments and financial records

Communication (Legitimate Interest)

  • Service updates, project reports, deliverables
  • Questions and support requests
  • AI industry developments (opt-in marketing only)

Legal Compliance (Legal Obligation)

  • Tax and accounting records (7 years)
  • Data protection regulations and lawful requests
  • Fraud, security threats, legal claims protection

Business Improvement (Legitimate Interest)

  • Website usage analysis for UX improvement
  • Service quality feedback
  • New service development

7Your Rights Under UK GDPR

  1. Access: Request copy of your personal data
  2. Rectification: Correct inaccurate or incomplete data
  3. Erasure: Request deletion (subject to legal retention)
  4. Restrict Processing: Limit how we use your data
  5. Data Portability: Receive data in structured, common format
  6. Object: Object to processing based on legitimate interests (including marketing)
  7. Withdraw Consent: Withdraw consent for marketing or consent-based processing
  8. Lodge Complaint: Complain to ICO if we’ve mishandled your data

Exercise Your Rights: Email simon@ai-si.com or call 07973 210895. We respond within 30 days.

ICO: Website: ico.org.uk | Helpline: 0303 123 1113 | Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Marketing Rules

Opt-In Required: We only send marketing emails with your explicit consent.

Easy Unsubscribe: Every email has unsubscribe link or contact simon@ai-si.com.

No Spam: Valuable, relevant content only.

Your Control: Withdraw consent anytime, no questions asked.

4Data Sharing

We do not sell, rent, or trade your data. Limited sharing only:

Service Providers

  • Email: Google Workspace
  • Hosting: Website provider
  • Payments: Stripe (never see card numbers)
  • Calendar: Calendly or Google

All processors have DPAs ensuring UK GDPR compliance.

International Transfers: Data primarily UK. Non-UK/EEA providers have Standard Contractual Clauses.

5Retention

We retain data only as long as necessary:

  • Enquiry (No Contract): 2 years
  • Client Projects: 7 years
  • Financial Records: 7 years (HMRC)
  • Marketing Consent: Until withdrawal or 3 years inactivity
  • Analytics: 26 months

After retention, data is securely deleted or anonymized.

Right to Erasure: Request early deletion. We comply unless legal obligation to retain.

6Security

Technical

  • Encryption: HTTPS/TLS in transit, at rest
  • Access: Passwords, 2FA, role-based
  • Storage: UK GDPR compliant cloud
  • Backups: Encrypted, off-site

Organizational

  • minimisation: Only necessary info
  • Training: Royal Navy Cat 3 Positive Vetting
  • Incident Response: ICO reporting (72-hour)
  • Reviews: Security audits, policy updates

8Cookies

Essential (Always Active)

  • Session management and functionality
  • Security and fraud prevention
  • Cannot be disabled without breaking site

Analytics (Optional)

  • Google Analytics: Visitor usage
  • Anonymized IP, no personal ID
  • 26-month retention

Control: Manage via browser settings. DNT: We honor Do Not Track signals.

9Children

Age Restriction: Services for businesses and professional organisations only.

No Collection: We don’t knowingly collect data from individuals under 18.

Immediate Deletion: If we discover child data, we delete it immediately.

10Changes

We may update this policy periodically.

Notification:

  • Updated date at top
  • Email to active clients
  • Homepage notice

Version: 1.0 (Feb 11, 2026)

Privacy FAQs

Common questions about data protection and your privacy rights

How does AI-Si protect my personal data?

+
AI-Si implements comprehensive technical and organizational measures including HTTPS/TLS encryption for data in transit and at rest, password-protected systems with two-factor authentication, UK GDPR compliant cloud storage (Google Workspace), encrypted backups with secure off-site storage, data minimisation practices, staff security training (Royal Navy Cat 3 Positive Vetting background), breach notification procedures with ICO reporting protocols (72-hour requirement), and regular security audits and policy updates.

What are my rights under UK GDPR?

+
Under UK GDPR, you have the right to access (request a copy of your personal data), rectification (correct inaccurate or incomplete data), erasure (request deletion subject to legal retention requirements), restrict processing (limit how we use your data), data portability (receive data in structured, common format), object to processing (including direct marketing), withdraw consent for marketing or consent-based processing, and lodge a complaint with the Information Commissioner’s Office (ICO) if we’ve mishandled your data. Contact simon@ai-si.com or call 07973 210895 to exercise these rights. We respond within 30 days.

Does AI-Si sell my personal data to third parties?

+
No. AI-Si does not sell, rent, or trade your personal data under any circumstances. We only share data with essential service providers (Google Workspace for email, hosting providers, Stripe for payment processing, Calendly for scheduling) who are bound by Data Processing Agreements (DPAs) ensuring UK GDPR compliance. These processors can only use your data on our instructions and for specified purposes. We may disclose data if required by law, court order, or governmental authority.

How long does AI-Si retain my personal data?

+
AI-Si retains personal data only as long as necessary: Enquiry data (no contract) for 2 years from last contact, client project data for 7 years after completion (accounting and tax requirements), financial records for 7 years (HMRC requirements), marketing consent until withdrawal or 3 years of inactivity, and website analytics for 26 months (Google Analytics default). After retention periods expire, data is securely deleted or anonymized. You can request early deletion (Right to Erasure) unless we have a legal obligation to retain the data.

What happens if there is a data breach?

+
In the unlikely event of a data breach affecting your personal data, AI-Si will notify you and the Information Commissioner’s Office (ICO) within 72 hours if required by UK GDPR. You will be informed of the nature of the breach, potential consequences, and remedial actions taken. We maintain comprehensive incident response procedures including immediate containment steps, resolution protocols, and preventive measures to avoid future incidents.

Can I opt out of marketing communications?

+
Yes. AI-Si only sends marketing emails (newsletters, service updates, industry insights) if you have explicitly opted in. You can unsubscribe at any time via the link in every email or by contacting simon@ai-si.com. We respect your inbox and only send valuable, relevant content. You can withdraw consent anytime with no questions asked.

Is my data transferred outside the UK?

+
Your data is primarily stored within the UK. If we use service providers outside the UK or European Economic Area (EEA), we ensure adequate safeguards are in place through Standard Contractual Clauses or equivalent mechanisms to protect your data in compliance with UK GDPR requirements for cross-border data protection.

How do I request access to my personal data?

+
To request access to your personal data (Subject Access Request), email simon@ai-si.com or call 07973 210895. We will respond within 30 days and provide a copy of the personal data we hold about you. There is no charge for this service unless your request is manifestly unfounded or excessive.

AI Use Disclosure

In the interests of transparency — and in line with the expectations of the procurement frameworks this consultancy works within — this section discloses how AI tools are used in the operation of AI-Si and the production of materials on this website.

How AI Is Used in This Business

  • AI-assisted tools are used to support drafting, editing, and formatting of website content, templates, and resources. All content is reviewed, validated, and authorised by Simon Steggles before publication.
  • AI tools are used in client engagements to support analysis, automation, and workflow design. The scope, tools, and data handling involved are agreed with each client before deployment.
  • No client data is processed by AI tools without explicit agreement and appropriate contractual safeguards, including a Data Processing Agreement where required.
  • AI-generated outputs are never represented as the sole basis for governance advice, legal interpretation, or compliance decisions. Human review and professional judgement are applied to all advisory outputs.

Data & Retention

  • AI tools used in content production operate under data minimisation principles — personal data is not inputted into AI tools unless required and authorised.
  • Where third-party AI platforms are used (such as large language models), data processing is governed by the provider’s UK GDPR-compliant terms. Details available on request.
  • No AI-generated content is produced using personal data sourced from clients or third parties without a documented lawful basis.
  • AI tool usage logs are retained for a minimum of 12 months in line with internal governance standards.

Questions about AI use: If you are a procurement officer, data protection lead, or client wishing to understand how AI tools are used in your specific engagement, please contact simon@ai-si.com. A full AI use statement aligned to your procurement requirements can be provided on request.

Questions About This Privacy Policy?

Email: simon@ai-si.com | Phone: 07973 210895 | Address: Royal Town of Sutton Coldfield, Birmingham, England

We are committed to transparency and protecting your privacy. Contact us directly with any concerns about how we handle your data.

Scroll to Top