top of page

Privacy Policy

1. Our Commitment to Privacy

Smart Systems Automation Limited ("we", "us", "our") is committed to protecting personal data and respecting the privacy of individuals who interact with our services. This Privacy Policy explains how we collect, use, store, and protect personal data when operating our AI-powered automation services, in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

 

2. What This Privacy Policy Covers

This Privacy Policy sets out:

  • What personal data we collect

  • How and why we use personal data

  • The lawful bases we rely on

  • How long we keep personal data

  • Who we share personal data with

  • The rights individuals have under UK data protection law

This policy applies only to processing carried out by Smart Systems Automation Limited. Where we provide services to a business customer, that business may have its own privacy policy governing how it uses personal data.

 

3. Who We Are

Company name: Smart Systems Automation Limited

Company number: 16897117

Registered office: 53 Northumberland Road, EN5 1EB

ICO registration number: ZC071317 

Contact email: smartsystemsautomation@outlook.com

For the purposes of UK data protection law, we act as a data controller in respect of the personal data described in this policy.

 

4. Who This Policy Applies To

This Privacy Policy applies to:

  • Individuals who call or interact with AI systems operated by us

  • Individuals whose email addresses are processed through our email automation services

  • Individuals who are contacted as part of lead qualification workflows

  • Business customers who engage our services directly

Where we operate automation services on behalf of a business customer, that business is the data controller for the personal data of its customers, prospects, and contacts. In such cases, we act as a data processor, and our processing is governed by the terms of our service agreement with that business.

 

5. Personal Data We Collect

We collect and process only the personal data necessary to provide our services. The data we collect depends on which services are being used:

 

5.1 AI Call Handling Services

  • Name and phone number

  • Call recordings (audio)

  • Call transcripts (text)

  • Call metadata (date, time, duration)

Call recordings and transcripts may be accessible to the relevant business customer using the AI call handling system.

 

5.2 Lead Qualification Services

  • Name and contact details (phone number, email address where provided)

  • Call recordings and transcripts from qualification calls

  • AI-generated summaries identifying lead quality and interest level

  • Information about callback scheduling and outcomes

 

5.3 Message Automation Services

  • Email addresses

  • Phone Number

  • WhatsApp engagement data

  • Names (where provided)

  • Email content and communication history

  • Email engagement data

  • Metadata about follow-up sequences and timing

 

5.4 Business Customer Data

For our direct B2B customers only, we may process:

  • Name and company name

  • Business email addresses and phone numbers

  • Financial details for invoicing and payment processing

​

6. Our Own Business Prospecting Activity

Smart Systems Automation Limited may also process personal data for the purposes of our own direct marketing and business development activities.

What data we process

  • Name and corporate email address

  • Company name

How we obtain this data

  • From publicly available sources, including company websites, business directories, and B2B prospecting platforms

Lawful basis

  • We rely on legitimate interests (UK GDPR Article 6(1)(f)) as our lawful basis for this processing. We have assessed that our interest in promoting our services to relevant business contacts is not overridden by the rights and interests of recipients, on the basis that: (a) we only contact named individuals at UK-incorporated businesses in a professional capacity; (b) our communications are relevant to their business role; and (c) recipients can opt out at any time

How long we keep this data

  • No longer than 12 months from the date of collection, or until an opt-out is received, whichever is earlier

Your right to object

  • You have the absolute right to object to us processing your personal data for direct marketing purposes at any time. Please contact us at smartsystemsautomation@outlook.com and we will suppress your details immediately

 

7. How We Collect Personal Data

Personal data is collected when:

  • Individuals place inbound calls handled by our AI systems

  • Individuals are contacted as part of automated callback workflows

  • Email addresses are provided to our business customers for email automation services

  • Business customers communicate with us in connection with our services

Call recording is always enabled for calls handled by our AI systems. Business customers are required under the terms of our service agreement to ensure appropriate notices are provided to callers informing them that calls may be recorded before or at the start of each call.

 

8. How and Why We Use Personal Data

We use personal data for the following purposes only:

  • Answering caller and customer queries

  • Booking appointments and managing calendars on behalf of business customers

  • Initiating and managing automated callbacks to potential customers

  • Transcribing and summarizing sales calls to identify lead quality

  • Routing qualified leads to business customers' sales teams

  • Sending automated email communications (including marketing, transactional, and service-related messages) and follow-up sequences on behalf of business customers

  • Sending automated outbound sales WhatsApp messages and follow-up sequences

  • Tracking email engagement and managing email workflows

  • Operating, monitoring, and maintaining our automation systems

We do not:

  • Sell personal data

  • Use personal data for our own marketing or advertising

  • Use personal data for unrelated profiling activities

 

9. Lawful Bases for Processing

Under the UK GDPR, we rely on the following lawful bases:

  • Legitimate interests – where processing is necessary to operate automation services in a way that customers and business contacts would reasonably expect

  • Contractual necessity – where processing is required to perform our contract with a business customer

We do not rely on consent as our primary lawful basis for processing personal data.

 Where we send communications on behalf of a business customer, that customer is responsible for ensuring a valid lawful basis exists for contacting each recipient, including any consent required under the Privacy and Electronic Communications Regulations 2003 (PECR). Our lawful basis for processing in that capacity is contractual necessity — we process personal data to fulfil our obligations under our service agreement with the business customer.

​

10. Automated Decision-Making

Our AI automation systems may carry out certain actions automatically, such as:​

  • Routing or handling calls

  • Scheduling automated callbacks

  • Identifying lead quality from call summaries

  • Sending email follow-up sequences

These actions may occur without direct human intervention. However:

  • Individuals can request human assistance where required

  • Automated processing is limited to service-related functions

  • Decisions do not have legal or similarly significant effects on individuals

 

11. Sharing Personal Data

We do not sell personal data to third parties.

We may share personal data with trusted third-party service providers who support our services. The specific providers used will depend on the services being delivered and the business customer's existing technology stack. Categories of third-party providers include:

  • Workflow automation platforms (e.g. Make.com)

  • Email service providers (e.g. Google Workspace, Microsoft 365, or other providers as used by the business customer)

  • AI and language processing services (e.g. OpenAI)

  • CRM and customer management platforms (e.g. Salesforce, HubSpot, or other systems as used by the business customer)

  • eCommerce and payment platforms (e.g. Shopify, WooCommerce, Stripe, or other platforms as used by the business customer)

  • Telephony and communication services (e.g. Twilio, WhatsApp Business API providers)

  • AI voice and call handling services (e.g. Retell AI)

  • Other business software and platforms as required to deliver our services

These providers process personal data on our behalf under contractual obligations designed to ensure appropriate data protection and security. Where we process data on behalf of a business customer, the specific third-party providers engaged will be confirmed in our service agreement with that customer.

 

12. International Transfers

Some of our service providers may process personal data outside the United Kingdom. Where personal data is transferred internationally, we ensure that appropriate safeguards are in place in accordance with UK data protection law, including the UK International Data Transfer Agreement (IDTA), the UK Addendum to EU Standard Contractual Clauses, or reliance on an adequacy decision where available.

 

13. How Long We Keep Personal Data

We retain personal data only for as long as necessary for the purposes set out in this policy. Our current retention periods are:

  • Call recordings: 12 months

  • Call transcripts and summaries: 12 months

  • Email data and communication history: 12 months

  • WhatsApp data and communication history: 12 months

  • Contact details: 12 months

Personal data may be retained for longer where required to comply with legal obligations or to resolve disputes.

Where we process data on behalf of a business customer as a data processor, retention is governed by our service agreement with that customer. Personal data will be deleted or returned to the business customer upon termination of the service agreement, in accordance with the timescales set out in that agreement.

​

14. Data Security

We take appropriate technical and organisational measures to protect personal data, including:

  • Restricted access controls

  • Secure systems and infrastructure

  • Contractual safeguards with service providers

While we take data security seriously, no system can be guaranteed to be completely secure.

 

15. Your Data Protection Rights

Under the UK GDPR, individuals have the following rights:

 

15.1 Right to Be Informed

You have the right to be informed about how your personal data is used. This Privacy Policy is intended to provide that information.

 

15.2 Right of Access

You have the right to request confirmation of whether we process your personal data and to receive a copy of that data.

 

15.3 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data.

 

15.4 Right to Erasure

You have the right to request deletion of your personal data where there is no lawful reason for us to continue processing it.

 

15.5 Right to Restrict Processing

You may request that we restrict processing of your personal data in certain circumstances.

 

15.6 Right to Object

You have the right to object to processing based on legitimate interests.

 

15.7 Right to Data Portability

Where applicable, you may request that your personal data be provided to you in a structured, commonly used format.

 

15.8 Rights Relating to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing where such decisions produce legal or similarly significant effects.

 

16. How to Exercise Your Rights

To exercise any of the rights above, please contact us using the details set out in Section 3.

We may need to verify your identity before responding. We aim to respond within one month, in line with UK GDPR requirements.

 

17. Complaints

If you are not satisfied with how we handle personal data, you have the right to lodge a complaint with the UK supervisory authority:

Information Commissioner's Office (ICO)

www.ico.org.uk

 

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to our services or legal obligations. Any updates will be published on our website with an updated effective date.

​

This policy is up to date as at 01/02/2026

bottom of page