GDPR Compliance - BeautyTech AI | AI Systems Limited

Data Controller: AI Systems Limited, registered in England and Wales (Company No. 16985922).
Registered address: 13 Macleod Road, London, N21 1SW.
Contact: info@btai.uk

AI Systems Limited is committed to protecting privacy and rights in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Our Commitment

Processing personal data lawfully, fairly, and transparently
Collecting data for specified, explicit, and legitimate purposes only
Ensuring data is adequate, relevant, and limited to what is necessary
Keeping data accurate and up to date
Retaining data only for as long as necessary
Processing data securely with appropriate technical and organisational measures

2. Lawful Basis for Processing

Consent (Article 6(1)(a)): Clear consent for specific purposes
Contract (Article 6(1)(b)): Necessary for contract performance
Legitimate Interest (Article 6(1)(f)): Our interests that do not override your rights

3. Data We Process

Identity data: Name, business name
Contact data: Email, phone number (WhatsApp)
Technical data: IP address, browser type, device info, cookies
Usage data: Pages visited, interaction patterns, session duration
Communication data: Messages sent through our AI chat system

4. Your Rights Under UK GDPR

Contact info@btai.uk to exercise any right:

Right to be Informed (Articles 13-14)
Right of Access (Article 15): Copy of your data within 30 days, free
Right to Rectification (Article 16)
Right to Erasure (Article 17)
Right to Restrict Processing (Article 18)
Right to Data Portability (Article 20): CSV or JSON format
Right to Object (Article 21)
Automated Decision-Making (Article 22): Our AI assists human decisions but does not make autonomous decisions affecting your legal rights

5. Data Processing for AI Services

Our salon clients are the Data Controllers for their customer data
AI Systems Limited acts as a Data Processor on behalf of clients
We process data only as instructed per Data Processing Agreements
AI responses do not involve profiling or automated individual decision-making under Article 22

6. International Data Transfers

Transfers outside the UK use UK adequacy decisions, Standard Contractual Clauses (SCCs) approved by the ICO, and supplementary measures where required.

7. Data Security Measures

TLS/SSL encryption for data in transit
Encryption at rest for stored personal data
Role-based access controls
Regular security audits and vulnerability assessments
Incident response procedures
Staff training on data protection

8. Data Breach Notification

ICO notified within 72 hours (Article 33)
Affected individuals notified without undue delay for high-risk breaches (Article 34)
Breach register maintained for all incidents

9. Data Protection Impact Assessments

We conduct DPIAs (Article 35) for high-risk processing including large-scale AI data processing and new technology introductions.

10. Third-Party Processors

All processors are bound by written Data Processing Agreements (Article 28), including documented instructions, confidentiality, and data subject request assistance.

11. Supervisory Authority

Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Website: ico.org.uk
Helpline: 0303 123 1113

You may lodge a complaint with the ICO at any time.

12. Contact Us

AI Systems Limited
Data Protection Contact
13 Macleod Road, London, N21 1SW
Email: info@btai.uk
Admin: admin@btai.uk

We respond to all data protection enquiries within 30 days.