Data Privacy Policy

Introduction

This Privacy Policy describes how Paladin AI Ltd and its related companies (collectively "Paladin AI", "we", "us", or "our") collect, use, process, and protect your personal data when you visit our website at paladin-ai.studio, use our services, or otherwise interact with us (collectively, "Services").

We are committed to protecting your privacy and handling your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and the Data Protection Act 2018.


What Personal Data We Collect

We may collect and process the following categories of personal data:

Information You Provide Directly

  • Contact Information: Name, email address, phone number, job title, company name

  • Enquiry Details: Information you provide when requesting consultations, quotes, or making enquiries

  • Communication Records: Records of our correspondence and interactions with you

  • Account Information: If you create an account, login credentials and profile information

  • Payment Information: Billing details and payment card information (processed securely through third-party payment processors)

Information We Collect Automatically

  • Technical Data: IP address, browser type and version, operating system, device type

  • Usage Data: Pages visited, time spent on pages, click patterns, referral sources

  • Location Data: General geographic location based on IP address

  • Cookie Data: As detailed in our Cookie Policy

Information from Third Parties

  • Professional Networks: Information from LinkedIn or other professional platforms if you connect through them

  • Business Partners: Information shared by partners or referral sources with your consent

  • Public Sources: Publicly available information about you or your company relevant to our business relationship

How We Use Your Personal Data

We process your personal data for the following purposes:

Service Delivery

  • Providing AI and automation consultancy services

  • Responding to your enquiries and communications

  • Managing client relationships and project delivery

  • Processing payments and managing billing

Business Operations

  • Maintaining and improving our website and services

  • Conducting business analysis and market research

  • Managing our customer relationship management systems

  • Complying with legal and regulatory requirements

Marketing and Communications

  • Sending newsletters and marketing communications (with your consent)

  • Providing updates about our services and industry insights

  • Conducting customer satisfaction surveys

Legal and Compliance

  • Protecting our legal rights and interests

  • Preventing fraud and ensuring security

  • Complying with legal obligations and regulatory requirements


Legal Basis for Processing

Under UK GDPR and EU GDPR, we process your personal data based on the following legal grounds:

  • Consent: Where you have given specific consent for processing (e.g., marketing emails)

  • Contract: Where processing is necessary to perform a contract with you or take steps before entering into a contract

  • Legitimate Interests: Where we have legitimate business interests that are not overridden by your rights (e.g., improving our services, security measures)

  • Legal Obligation: Where we must process data to comply with legal requirements


How We Share Your Personal Data

We may share your personal data in the following circumstances:

Service Providers

We work with trusted third-party service providers who process data on our behalf, including:

  • Cloud hosting providers

  • Email marketing platforms

  • Customer relationship management systems

  • Payment processors

  • Analytics providers (as detailed in our Cookie Policy)

Business Partners

With your consent, we may share relevant information with business partners who can assist with your requirements.

Legal Requirements

We may disclose personal data where required by law, regulation, court order, or government authority.

Business Transfers

In the event of a merger, acquisition, or sale of assets, personal data may be transferred as part of that transaction.


International Transfers

Some of our service providers may be located outside the UK and European Economic Area (EEA). Where we transfer personal data internationally, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the European Commission

  • Adequacy decisions confirming equivalent protection

  • Certified programmes providing appropriate safeguards


Data Retention

We retain your personal data only for as long as necessary for the purposes outlined in this policy or as required by law:

  • Client Data: Retained for the duration of our business relationship plus 7 years for accounting and legal purposes

  • Marketing Data: Retained until you withdraw consent or we determine it's no longer relevant

  • Website Analytics: As specified in our Cookie Policy

  • Legal Claims: Retained as long as necessary to defend legal claims


Your Rights

Under UK GDPR and EU GDPR, you have the following rights regarding your personal data:

Access and Portability

  • Right of Access: Request a copy of your personal data we hold

  • Data Portability: Receive your data in a structured, commonly used format

Correction and Deletion

  • Rectification: Correct inaccurate or incomplete personal data

  • Erasure: Request deletion of your personal data in certain circumstances

Processing Controls

  • Restrict Processing: Limit how we process your personal data in certain situations

  • Object to Processing: Object to processing based on legitimate interests or for marketing purposes

  • Withdraw Consent: Withdraw consent where processing is based on consent

Automated Decision-Making

  • Object to Automated Processing: Object to decisions based solely on automated processing, including profiling

To exercise these rights, contact us at help@paladin-ai.studio. We will respond within one month of receiving your request.


Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Encryption of data in transit and at rest

  • Regular security assessments and updates

  • Access controls and staff training

  • Secure data backup and recovery procedures

  • Incident response procedures


Children's Privacy

Our services are not directed at children under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe we have collected information from a child under 16, please contact us immediately.


Third-Party Links

Our website may contain links to third-party websites. This Privacy Policy does not apply to those sites. We encourage you to read the privacy policies of any third-party sites you visit.


Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

  • Posting the updated policy on our website

  • Sending email notification to registered users

  • Other appropriate communication methods

Your continued use of our services after changes take effect constitutes acceptance of the revised policy.


Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Paladin AI Ltd
Email: help@paladin-ai.studio

Data Controller Details:

  • Company: Paladin AI Ltd

  • Registered in: United Kingdom

  • Email: help@paladin-ai.studio

  • Data Protection Officer: help@paladin-ai.studio


Complaints

You have the right to lodge a complaint with a supervisory authority:

UK: Information Commissioner's Office (ICO)
Website: ico.org.uk
Phone: 0303 123 1113

EU: Your local data protection authority



Last Updated: 1st July 2025