Privacy Policy
How Aptimate Solutions Ltd collects, uses, and protects your personal data under UK GDPR.
Last updated: 8 April 2026
1. Who we are
Aptimate Solutions Ltd (“we”, “us”, “our”) is a company registered in England and Wales. We provide AI automation consulting, development, and managed services to UK businesses. For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, we are the data controller responsible for your personal data. You can contact us at any time at hello@aptimate.co.uk.
2. Data we collect
We collect personal data only when you actively provide it to us. We do not use analytics, tracking pixels, or behavioural profiling on this website. The data we may collect includes:
- Contact form submissions — first name, last name, email address, company name, area of interest, and your message, submitted via our contact form.
- Email correspondence — any information you provide when you email us directly at hello@aptimate.co.uk.
- Booking information — name, email, and scheduling details when you book a call through our Google Calendar integration.
- Server logs — our hosting provider (Vercel) automatically collects standard server logs, which may include your IP address, browser type, and pages visited. These are used solely for security and performance monitoring.
3. How we use your data
We use your personal data to:
- Respond to your enquiries and provide requested information
- Deliver our consulting and automation services
- Schedule and manage discovery calls
- Send follow-up communications related to your enquiry (we will not add you to marketing lists without your explicit consent)
- Maintain internal records for business administration
- Comply with legal obligations
4. Lawful basis for processing
Under UK GDPR, we process your data on the following bases:
- Consent (Article 6(1)(a)) — when you submit a contact form or subscribe to communications. You may withdraw consent at any time.
- Legitimate interests (Article 6(1)(f)) — to respond to enquiries, administer our business, and ensure website security. We balance these interests against your rights and freedoms.
- Contractual necessity (Article 6(1)(b)) — where processing is necessary to deliver services you have engaged us for.
- Legal obligation (Article 6(1)(c)) — where we are required to retain data for tax, accounting, or regulatory purposes.
5. Data processing and storage
Contact form submissions are processed through Google Apps Script and stored in Google Sheets within our Google Workspace account. An email notification is sent to our team for each submission. Your data is stored securely within our Google Workspace environment, which is protected by enterprise-grade encryption at rest and in transit.
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Enquiry data is typically retained for up to 24 months after your last interaction with us, after which it is securely deleted unless there is a continuing business or legal reason to retain it.
As required by Article 30 of UK GDPR, Aptimate Ltd maintains an internal record of processing activities, documenting the categories of data we process, the purposes, and the safeguards in place.
6. Third-party processors
We do not sell, rent, or trade your personal data. We share data only with the following trusted service providers, who process it on our behalf under appropriate data processing agreements:
| Provider | Purpose | Data location |
|---|---|---|
| Google Workspace | Email, form processing, data storage (Sheets), calendar bookings | EU/UK |
| Vercel | Website hosting and content delivery | Global (edge network) |
Where data is transferred outside the UK, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) or adequacy decisions recognised by the UK government.
Signed data processing agreements are in place with each processor listed above. If you would like to request a copy of any agreement, please email hello@aptimate.co.uk.
7. Cookies and tracking
This website does not set any cookies. We do not use Google Analytics, tracking pixels, retargeting tools, or any other behavioural tracking technology. Fonts are self-hosted, so no external requests are made to third-party font services. No cookie consent banner is required because no cookies are used.
For full details, see our Cookie Policy.
8. Your rights under UK GDPR
You have the following rights in relation to your personal data:
- Right of access — request a copy of the personal data we hold about you
- Right to rectification — request correction of inaccurate or incomplete data
- Right to erasure — request deletion of your personal data where there is no compelling reason for us to continue processing it
- Right to restrict processing — request that we limit how we use your data
- Right to data portability — request your data in a structured, machine-readable format
- Right to object — object to processing based on legitimate interests or direct marketing
- Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal
To exercise any of these rights, email us at hello@aptimate.co.uk. We will respond within 30 days. There is no fee for making a request unless it is manifestly unfounded or excessive.
9. Data breach procedure
In the event of a personal data breach, Aptimate Solutions Ltd will:
- Investigate promptly — identify the scope, cause, and categories of data affected as soon as a breach is detected.
- Notify the ICO — where the breach is likely to result in a risk to individuals’ rights and freedoms, we will report it to the Information Commissioner’s Office within 72 hours of becoming aware of it, as required by Article 33 of UK GDPR.
- Notify affected individuals — where the breach is likely to result in a high risk to your rights and freedoms, we will inform you without undue delay, as required by Article 34 of UK GDPR, including a description of the breach and the measures taken to address it.
- Record the breach — all breaches, whether reportable or not, are documented in our internal breach register, including the facts, effects, and remedial action taken.
If you believe your personal data has been compromised, please contact us immediately at hello@aptimate.co.uk.
10. Complaints
If you are unhappy with how we handle your personal data, we encourage you to contact us first so we can resolve your concern. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection. You can contact the ICO at ico.org.uk or by calling 0303 123 1113.
11. Changes to this policy
We may update this privacy policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this page periodically.
12. Contact us
If you have questions about this privacy policy or wish to exercise your data protection rights, please contact us:
Aptimate Solutions Ltd
Email: hello@aptimate.co.uk
Web: Contact page
Location: Hampshire, United Kingdom