How we collect and use any personal information.
(i) national implementing laws, regulations and secondary legislation in the UK, including the Data Protection Act 2018 (which implemented the UK version of the General Data Protection Regulation (GDPR) 2018); and
1. About us.
2. Our legal grounds for processing your personal data.
3. Your individual rights.
4. Information collection, use and storage.
5. Sharing personal information.
7. Contacting you.
8. How to contact us.
9. How to contact the appropriate authority.
1. About us
1.1 Aerogility Limited and Aerogility Inc (‘we’, ‘us’, ‘your’ and ‘ours’) are providers of model-based AI software solutions. Aerogility Ltd is registered in England and Wales under company number 07013236 and our registered office is at 5 St. John’s Lane, London, England, EC1M 4BH. Aerogility Inc is registered in the State of Delaware, USA. We are a member of the Aerogility group of companies.
1.2.1 you provide your personal data directly to us (in circumstances where we are not acting on behalf of someone else) for example, through use of our website, or
1.2.2 we are provided with your personal data by another member of our group of companies for financial, management or administrative purposes (for example, we may be provided with your email address and telephone details, if you are a business contact or customer of a member of our group of companies, so that we have visibility of who that company’s customers and contacts are) we will normally be considered to be a ‘data controller’. This means that we are responsible for deciding how we hold and use personal information about you.
In these circumstances, our business customer is responsible for deciding how we hold and use personal data about you and it will, therefore, normally be the ‘data controller’. Our use of your personal data is governed by the terms of that contract.
2. Our legal grounds for processing your personal data
2.1 Where we are acting as a data controller:
2.1.1 we may process your personal data to enable us to comply with any request you make of us or to comply with any obligations we owe to you including enabling us to perform a contract with you or to comply with our legal obligations.
2.1.2 we may also process your personal data for the purposes of our own legitimate interests, provided that those interests do not override any of your own interests, rights and freedoms relating to the protection of personal data.
This includes processing for statistical, management and business development purposes, for example seeking your thoughts and opinions on the services we provide to you and notifying you about any changes to our products and services. It may also include processing for marketing purposes, such as providing you with information related to any our products or services which we think may interest you (but always subject to your rights set out in section 3).
2.1.3 we may also process your personal data for other purposes but (unless this is in circumstances where the reason for doing so is compatible with the original purpose or we have other lawful grounds for doing so) this will usually only happen where we have obtained your specific consent. If that is the case, then you also have the right, at any time, to withdraw your consent, which you can do by following the process set out in section 8.
2.1.4 Please note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.
2.2 Where we are acting as a data processor:
2.2.1 the business that has provided your personal information to us is itself responsible for ensuring that it has lawful grounds to do so and for providing us with instructions as to the specific types of personal data we are permitted to process; and
2.2.2 the ground(s) upon which that business is entitled to process your personal data is determined by them not us (and may vary from organisation to organisation); and
2.2.3 unless Data Protection Legislation requires or permits otherwise, we will process that personal data only in accordance with their instructions and for the purposes of enabling us to perform our obligations under our contract with them.
3. Your individual rights
Access to information
3.1 We want to make sure that you are fully aware of your data protection rights. These are set out in summary form in sections 3.5 to 3.13 below and apply to us in our role as a data controller. You can also obtain more detailed information about your rights under the Data Protection Legislation from the Information Commissioner’s office.
Our contact details for the purposes of requesting access to your personal data or exercising any of your other data protection rights are in section 8.
3.2 In order to comply with any request related to data protection matters, we may first require you to verify your identity and we will normally fulfil any request by sending information electronically, unless the request expressly specifies a different method. We will not charge a fee for responding to your request, other than in circumstances where you make a request which is manifestly unfounded or excessive or you request further copies of information which we have already provided to you. In that case, we are entitled to charge a reasonable administrative fee.
3.3 Please also note that, where we are acting as a data processor, we will not be responsible for answering your request ourselves but will pass it onto the business organisation that provided us with your personal data (in their role as data controller) so that they may then determine how best to respond to it.
Timescales for responding
3.4 If you make a request of us (in our role as a data controller), we will normally have one month to respond to you. If we need something from you to be able to deal with your request (e.g. an ID document), the time limit will begin once we have received this. This time limit may also be extended in certain circumstances so, if there is any reason why our response to you might take longer than a month, we will let you know.
Summary of your rights
3.5 Withdrawal of consent — where our legal ground for processing your personal data is based upon you having given us your consent to do so, you have the right, at any time, to withdraw that consent (please see section 2.1.3 above). Please note that this will not affect the lawfulness of any processing carried out before you withdraw your consent.
3.7 Right of access — you have the right to obtain:
3.7.1 confirmation that your personal data is being processed;
3.7.2 access to your personal data.
3.8 Right to rectification — you are entitled to have your personal data rectified if it is inaccurate or incomplete.
3.9 Right to erasure — (sometimes referred to as ‘the right to be forgotten’). The broad principle underpinning this right is to enable you to request the deletion or removal of your personal data whether there is no compelling reason for its continued processing.
3.10 Right to restrict processing — you are entitled to restrict the processing of your personal data if:
3.10.1 you are contesting the accuracy of the personal data (until the accuracy has been verified);
3.10.2 you object to the processing, in circumstances where the processing was necessary for the performance of a public interest task or on the grounds of our or someone else’s legitimate interests (whilst we consider whether those legitimate grounds override your interests).
3.10.3 the processing is unlawful but you have decided not to have it erased but requested restriction instead.
3.10.4 if we no longer need the personal data but still have it and you require it to establish, exercise or defend a legal claim.
3.11 Right to data portability — in certain limited circumstances, individuals are able to obtain and reuse their personal data for their own purposes across different services by being allowed to move, copy or transfer personal data easily from one IT environment to another. The nature of our products and services is such that it is unlikely that this right will apply.
3.12 Right to object — you are entitled to object to:
3.12.1 processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
3.12.2 direct marketing (including profiling); and
3.12.3 processing for purposes of scientific/historical research and statistics.
3.13 Rights relating to automated decision-making and profiling — these rights don’t apply in all circumstances but, where they do apply, they effectively provide you with safeguards against the risk that a potentially damaging decision is taken solely using or supported by automated means, without human intervention.
4. Information collection, use and storage
4.1 If you contact us, we will keep a record of that correspondence.
4.2 We may also collect and process personal data that you provide by filling in forms or making requests for information via our website or using the contact details on our website. This includes material contributed through any interactive service, including information that you (or someone authorised by you on your behalf) input into our products and services.
4.3 Please note that:
4.3.1 it is your responsibility (irrespective of whether you are acting as an individual or a business user of our products and services) to always ensure that when you provide us with any personal data relating to any third party, that third party has given their prior consent (or you have other lawful grounds) to enable you to do so; and
4.3.2 any personally identifiable information you elect to make publicly available on our website (e.g. posting comments on a blog page, if that type of facility is available for your use) will be visible to others.
4.4 As mentioned previously, we may (in our role as a data processor) be provided with information about you from another business or collect information about you or from you on their behalf.
4.5 We acknowledge our obligation to ensure that the personal information we hold about you is as accurate and up to date as possible so, should your personal information change, please notify us of that change, in writing, as soon as possible.
4.7 When you visit our website, we may collect information from you automatically through cookies or other similar technology. You will have seen from our website that you can choose which cookies and web/analytics tools you accept or decline.
4.8 Cookies are small text files that may be placed on your computer when you visit a website or click on a URL. Cookies (and other similar technologies) may collect your IP address, support security and authentication services, gather information from visitors to websites such as pages visited and how often they are visited and also enable certain features on the website.
Cookies may include ‘single-session cookies’ which generally record information during only a single visit to our website and then are erased, and ‘persistent’ cookies, which are generally stored on your computer or other device unless or until they are deleted or are set to expire. We may use our own cookies or third party cookies.
4.9 We may also use various web/analytics tools to understand how our website is being used in order to improve user experience (such as web beacons, which are a technique delivered through a web browser or in an email, to unobtrusively — and usually invisibly — check that a user has accessed some content and/or track the journey of the user navigating through the website or a series of websites) as well as tools to provide us with statistics relating to the use of our website.
Please note that, because the management of cookies differs as between different browsers, you should consult the documentation of your own browser in order to manage your cookies.
Please also note that if you delete or block cookies which are necessary to enable our website to carry out certain functions, this may cause you to be unable to use all or part of our website and/or services.
The types of information we hold about you
4.12 When we are acting as a data controller, the information we hold about you may include the following:
4.12.1 your personal details (such as your name, address, email address, landline and/or mobile phone numbers);
4.12.2 details of any contact we have had with you (for example, when you make an enquiry of us or we provide you with an outline of and/or quote for our products or services);
4.12.3 details of any products or services provided to you, as well as
any associated payment-related information;
4.12.4 IP addresses, tracking and/or other cookie data (please see our
4.12.5 any information you input into our products and services.
4.13 When we are acting as a data processor, the information we hold may include the following:
4.12.1 your business contact details and/or the business contact details of your customers or other end users (such as name, job title, address, email address, landline and/or mobile phone number(s));
4.12.2 details of any contact we have had with you (for example, when you make an enquiry of us or we provide you with a quote for our products or services);
4.12.3 details of any products or services provided to you, as well as any associated payment-related information;
4.12.4 all of the various types of personal data which (irrespective of whether you are acting as a data controller or a data processor) you have expressly or implicitly (taking into account the nature of the products and services we are providing to you) authorised us to process under any contract between you and us;
4.12.6 any information you input into our products and services.
4.14 Depending upon the enquiry, product or service purchased, we may also hold other types of information e.g. information you provide us to through contact form on the website.
4.15 We may also collect, store and process data which may not be directly about you but relates to the way in which our products and services are used. We typically use this for statistical, research, business and product development purposes.
How long do we hold personal data for?
4.16 Where we are acting as a data controller, we will only retain your personal data for as long as is necessary to fulfil the purposes for which it is collected. Subject to paragraph 4.17 below, normally this will result in personal data being deleted from our systems no later than 24 months from the date it was last processed (other than to the extent that we need to retain it for the purposes of complying with our legal or contractual obligations including those relating to our statutory and regulatory obligations and our financial, business and tax affairs).
4.17 Please note that our retention period may need to be longer than the period specified in paragraph 4.16 in circumstances where we are using personal data in connection with any of our financial, management or administrative activities relating to a member of our group of companies.
4.18 In assessing whether any longer retention period is appropriate for your personal data, we take into consideration:
4.18.1 the purposes for which we originally collected the personal data;
4.18.2 the lawful grounds on which we based our processing;
4.18.3 the type of personal data we have collected;
4.18.4 the amount and categories of your personal data; and
4.18.5 whether the purpose of the processing could reasonably be fulfilled by other means.
4.20 Please note that, if you or we terminate any service we provide to you, then (irrespective of whether we are acting as a data controller or a data processor) we do not accept any obligation to retain any or all of the personal data provided to us in connection with or processed by that service and we may delete it from our systems at any time.
Storage and security
4.21 Information (including personal data) collected through our website and services may be stored and processed in the UK, Europe, the United States, or any other country in which we or our subsidiaries, group companies, affiliates or service providers maintain facilities.
4.22 Regardless of where data is stored and processed, we are committed to taking all reasonable steps to ensure that your personal data is secure. In order to prevent unauthorised access or disclosure, we put in place suitable technological, physical, electronic and managerial procedures to safeguard and secure all personal data stored and processed by us. We also ensure that any subcontractor or other service provider which we engage to support our business activities or help deliver our products and services and which has access to your personal data, commits to us, in writing, to do the same.
4.23 If we transfer your personal data to any country outside of the UK for processing, please be assured that we will only do so in compliance with the Data Protection Legislation.
5. Sharing personal information
5.1 Where we are acting as a data processor, we will share your personal data with the business that has engaged or otherwise permitted us to process your personal data (or authorised us to collect that data on their behalf) in the manner and to the extent set out in the contract between them and us. That business may be the data controller of your personal data or it may be another data processor interposed between the data controller and us.
5.1 Regardless of whether we are acting as a data processor or a data controller, we may need to share your personal data from time to time with other organisations, typically those which provide services to us in support of our business activities and/or delivery of the products and services which we provide to you. This may include third parties such as technology service providers, third party subcontractors, payment service providers and businesses that help us manage our customer relationships and marketing activities. If this is the case, we will do in accordance with the protections that are afforded to you under the Data Protection Legislation and we will always ensure that we have a written contract in place with them before we allow them access to your personal data or provide your personal data to them. A list of our current suppliers (with whom we may need to share your personal data) is available by writing to us using the contact details listed in this policy.
5.4 Other than as set out above, we do not rent, sell or distribute your personally identifiable information to third parties unless we have your permission or are required or permitted by law to do so.
6.1 We would like to send you information about our products and services from time to time as well as announcements, articles and press releases that we think you might like (including those of our group companies).
6.2 We may engage marketing companies to help us do this and we may use our (and their) software tools to help us track your engagement with us and monitor our marketing campaigns.
6.3 In some circumstances we may have a legal right to send you marketing material, in others you may have given us your consent to do so. Either way, you always have the right, at any time, to stop us from contacting you for marketing purposes or to stop us passing your personal data to third parties for marketing purposes (assuming you have previously given your consent to us to that). You can do this by opting out from our marketing emails at any time by clicking on the ‘Unsubscribe’ link within the email or by simply contacting us (see section 8) in writing.
7. Contacting you
7.1 If we wish to contact you we may do so by phone, email, text, fax or post.
7.2 If you have notified us of a preferred method of communication, we will always try to comply with that. Please let us know if we inadvertently contact you in some other unexpected way so that we can then check and, where necessary, update our records.
8. How to contact us
UK and non-EEA enquiries
Call: +44 (0)20 7250 4797
Write to: Aerogility Ltd, 5 St John’s Lane, London, England, EC1M 4BH
8.2 As a result of the UK leaving the EU, there are circumstances where the EU GDPR requires us to have an EU representative to act as a point of contact to:
8.2.1 facilitate the exercise of data subjects’ rights within the EEA; and
8.2.2 co-operate with the competent supervisory authorities in respect of any action, investigation or claim under the EU GDPR.
8.3 To that end, we have appointed an EU representative, which is Datarep. They can be contacted as detailed in this document.
8.4 We always work hard to treat our customers fairly and hope that you will not experience any reason to make a complaint about the way in which we have collected, stored or processed any of your personal data. However, if you do wish to make a complaint please always contact us, in the first instance, and we will endeavour to resolve the matter as quickly as we can.
California (USA) residents
8.5 The California Civil Code permits California residents that use the Aerogility website to request certain information regarding how Aerogility discloses their personal information to third parties for such third parties’ direct marketing purposes, and what choices they have.
If this applies to you and you would like to make such a request, please contact us on firstname.lastname@example.org. Please include the following in the subject line: ‘Attention: Privacy Officer — California Privacy Rights’.
Also, we must let you know about Do Not Track signals. Some browsers support a Do Not Track feature, which is intended to be a signal to websites that you do not wish to be tracked across different websites you visit. Aerogility websites do not currently change the way they operate based upon detection of a Do Not Track or similar signal.
9. How to contact the appropriate authority
UK and non-EEA enquiries
9.1 If you are based in the UK or outside of the EEA and wish to report a complaint or if you feel that we have not addressed a concern that you may have about our data processing activities in a satisfactory manner, you may contact the Information Commissioner’s Office or telephone them on 0303 123 1113.
9.2 If you are based within the EEA and wish to report a complaint or if you feel that we have not addressed a concern that you may have about our data processing activities in a satisfactory manner, you may contact your local Supervisory Authority (who may then contact our EU representative).