Privacy Policy

1. Who We Are

Efficentia Ltd is the data controller responsible for your personal data.

2. What Data We Collect

2.1 Website Visitors

When you visit our website, we may collect:

• –IP address and browser/device information
• –Pages visited, time on site, and referral source
• –Cookie identifiers (see Section 7)
• –Any information you submit via contact or enquiry forms (name, email, phone number, company name, message)

2.2 Clients and Prospects

In the course of providing our services, we collect:

• –Contact details: name, email address, phone number, job title
• –Business information: company name, industry, size
• –Communications: emails, meeting notes, project correspondence
• –Financial information: invoice details and payment records (we do not store card data)

2.3 Client Systems Access

Where we are engaged to conduct AI audits, system integrations, or automation builds, we may access and process data held within your systems. This is done strictly within the agreed scope of the engagement. The nature of data processed will vary by project and is governed by a Data Processing Agreement (DPA) agreed with the client prior to access.

3. How We Use Your Data

We use personal data for the following purposes:

• –To respond to enquiries and provide our consultancy services
• –To manage client relationships and project delivery
• –To send invoices and manage payments
• –To conduct AI audits and produce analysis and recommendations
• –To improve our website and marketing performance (analytics)
• –To comply with legal and regulatory obligations

4. Legal Basis for Processing

We rely on the following lawful bases under UK GDPR:

• –Contract: processing necessary to perform a contract with you or take steps before entering one
• –Legitimate interests: improving our services, marketing to business contacts, website analytics
• –Legal obligation: compliance with applicable law
• –Consent: where we ask for it (e.g. cookies, marketing communications)

5. AI Tools and Sub-Processors

We use third-party AI tools to help interpret and analyse data as part of our service delivery. These tools may process data on our behalf as sub-processors. We ensure appropriate data processing terms are in place with each provider.

Current AI sub-processors include:

• –OpenAI (OpenAI, L.L.C.), openai.com/policies/privacy
• –Anthropic (Anthropic, PBC), anthropic.com/privacy

We do not share personal data with these tools beyond what is necessary for the task. Where client data is involved, this is governed by your DPA with us. We will notify clients of material changes to our sub-processor list.

6. Data Sharing

We do not sell your personal data. We may share data with:

• –Our AI sub-processors (see Section 5)
• –Our internal tools and platforms (CRM, cloud storage, project management software) used in the ordinary course of business
• –Professional advisers (legal, financial) where necessary
• –Law enforcement or regulatory bodies where required by law

7. Cookies

Our website uses the following types of cookies:

• –Essential cookies: required for the site to function
• –Analytics cookies: Google Analytics, used to understand how visitors use our site (anonymised where possible)
• –Marketing cookies: Meta Pixel, used to measure ad performance and build audience segments

You can manage your cookie preferences via our cookie consent tool when you first visit the site, or by adjusting your browser settings. Withdrawing consent does not affect the lawfulness of processing before withdrawal.

8. Data Retention

We retain personal data only for as long as necessary:

• –Enquiry data: up to 12 months if no engagement follows
• –Client data: for the duration of the engagement plus 6 years (to comply with legal and tax obligations)
• –Website analytics: in line with Google Analytics and Meta retention settings (typically 14–26 months)

Client system data accessed during an engagement is deleted or returned at the end of the project, as agreed in the DPA.

9. Your Rights

Under UK GDPR, you have the right to:

• –Access the personal data we hold about you
• –Correct inaccurate or incomplete data
• –Request erasure of your data (where applicable)
• –Object to or restrict certain processing
• –Data portability (where processing is based on consent or contract)
• –Withdraw consent at any time (where consent is the legal basis)

To exercise any of these rights, contact us at hello@efficentia.co.uk. We will respond within one calendar month.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk | 0303 123 1113.

10. Security

We take reasonable technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure. These include access controls, encrypted communications, and restricted data sharing within our team. No method of transmission over the internet is entirely secure; we cannot guarantee absolute security.

11. International Transfers

Some of our sub-processors (including OpenAI and Anthropic) are based in the United States. Where data is transferred outside the UK, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) or reliance on the UK's International Data Transfer Agreement (IDTA) framework.

12. Changes to This Policy

We may update this policy from time to time. The current version will always be available on our website. Material changes will be communicated to clients directly.