top of page

Privacy Policy

1. Our Commitment to Privacy

Smart Systems Automation Limited ("we", "us", "our") is committed to protecting personal data and respecting the privacy of individuals who interact with our services. This Privacy Policy explains how we collect, use, store, and protect personal data when operating our AI-powered automation services, in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

 

2. What This Privacy Policy Covers

This Privacy Policy sets out:

  • What personal data we collect

  • How and why we use personal data

  • The lawful bases we rely on

  • How long we keep personal data

  • Who we share personal data with

  • The rights individuals have under UK data protection law

This policy applies only to processing carried out by Smart Systems Automation Limited. Where we provide services to a business customer, that business may have its own privacy policy governing how it uses personal data.

 

3. Who We Are

Company name: Smart Systems Automation Limited

Company number: 16897117

Registered office: 53 Northumberland Road, EN5 1EB

ICO registration number: ZC071317 

Contact email: smartsystemsautomation@outlook.com

For the purposes of UK data protection law, we act as a data controller in respect of the personal data described in this policy.

 

4. Who This Policy Applies To

This Privacy Policy applies to:

  • Individuals who call or interact with AI systems operated by us

  • Individuals whose email addresses are processed through our email automation services

  • Individuals who are contacted as part of lead qualification workflows

  • Business customers who engage our services directly

Where we operate automation services on behalf of a business customer, that business may act as the data controller for its own purposes. In such cases, our role may be limited to providing the technology and associated processing.

 

5. Personal Data We Collect

We collect and process only the personal data necessary to provide our services. The data we collect depends on which services are being used:

 

5.1 AI Call Handling Services

  • Name and phone number

  • Call recordings (audio)

  • Call transcripts (text)

  • Call metadata (date, time, duration)

Call recordings and transcripts may be accessible to the relevant business customer using the AI call handling system.

 

5.2 Lead Qualification Services

  • Name and contact details (phone number, email address where provided)

  • Call recordings and transcripts from qualification calls

  • AI-generated summaries identifying lead quality and interest level

  • Information about callback scheduling and outcomes

 

5.3 Message Automation Services

  • Email addresses

  • Phone Number

  • WhatsApp engagement data

  • Names (where provided)

  • Email content and communication history

  • Email engagement data

  • Metadata about follow-up sequences and timing

 

5.4 Business Customer Data

For our direct B2B customers only, we may process:

  • Name and company name

  • Business email addresses and phone numbers

  • Financial details for invoicing and payment processing

 

6. How We Collect Personal Data

Personal data is collected when:

  • Individuals place inbound calls handled by our AI systems

  • Individuals are contacted as part of automated callback workflows

  • Email addresses are provided to our business customers for email automation services

  • Business customers communicate with us in connection with our services

Call recording is always enabled for calls handled by our AI systems. At present, callers are not informed verbally that recording is taking place at the start of the call. Business customers are responsible for ensuring appropriate notices are provided to callers where required.

 

7. How and Why We Use Personal Data

We use personal data for the following purposes only:

  • Answering caller and customer queries

  • Booking appointments and managing calendars on behalf of business customers

  • Initiating and managing automated callbacks to potential customers

  • Transcribing and summarizing sales calls to identify lead quality

  • Routing qualified leads to business customers' sales teams

  • Sending automated outbound sales emails and follow-up sequences

  • Sending automated outbound sales WhatsApp messages and follow-up sequences

  • Tracking email engagement and managing email workflows

  • Operating, monitoring, and maintaining our automation systems

We do not:

  • Sell personal data

  • Use personal data for our own marketing or advertising

  • Use personal data for unrelated profiling activities

 

8. Lawful Bases for Processing

Under the UK GDPR, we rely on the following lawful bases:

  • Legitimate interests – where processing is necessary to operate automation services in a way that customers and business contacts would reasonably expect

  • Contractual necessity – where processing is required to perform our contract with a business customer

We do not rely on consent as our primary lawful basis for processing personal data.

 

9. Automated Decision-Making

Our AI automation systems may carry out certain actions automatically, such as:​

  • Routing or handling calls

  • Scheduling automated callbacks

  • Identifying lead quality from call summaries

  • Sending email follow-up sequences

These actions may occur without direct human intervention. However:

  • Individuals can request human assistance where required

  • Automated processing is limited to service-related functions

  • Decisions do not have legal or similarly significant effects on individuals

 

10. Sharing Personal Data

We do not sell personal data to third parties.

We may share personal data with trusted third-party service providers who support our services, including:

  • Telephony services: Twilio

  • AI services: Retell AI

  • Automation and integrations: Make.com

  • Email service providers as required for email automation

  • WhatsApp Business API providers

These providers process personal data on our behalf under contractual obligations designed to ensure appropriate data protection and security.

 

11. International Transfers

Some of our service providers may process personal data outside the United Kingdom. Where personal data is transferred internationally, we ensure that appropriate safeguards are in place in accordance with UK data protection law.

 

12. How Long We Keep Personal Data

We retain personal data only for as long as necessary for the purposes set out in this policy. Our current retention periods are:

  • Call recordings: 12 months

  • Call transcripts and summaries: 12 months

  • Email data and communication history: 12 months

  • WhatsApp data and communication history: 12 months

  • Contact details: 12 months

Personal data may be retained for longer where required to comply with legal obligations or to resolve disputes.

 

13. Data Security

We take appropriate technical and organisational measures to protect personal data, including:

  • Restricted access controls

  • Secure systems and infrastructure

  • Contractual safeguards with service providers

While we take data security seriously, no system can be guaranteed to be completely secure.

 

14. Your Data Protection Rights

Under the UK GDPR, individuals have the following rights:

 

14.1 Right to Be Informed

You have the right to be informed about how your personal data is used. This Privacy Policy is intended to provide that information.

 

14.2 Right of Access

You have the right to request confirmation of whether we process your personal data and to receive a copy of that data.

 

14.3 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data.

 

14.4 Right to Erasure

You have the right to request deletion of your personal data where there is no lawful reason for us to continue processing it.

 

14.5 Right to Restrict Processing

You may request that we restrict processing of your personal data in certain circumstances.

 

14.6 Right to Object

You have the right to object to processing based on legitimate interests.

 

14.7 Right to Data Portability

Where applicable, you may request that your personal data be provided to you in a structured, commonly used format.

 

14.8 Rights Relating to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing where such decisions produce legal or similarly significant effects.

 

15. How to Exercise Your Rights

To exercise any of the rights above, please contact us using the details set out in Section 3.

We may need to verify your identity before responding. We aim to respond within one month, in line with UK GDPR requirements.

 

16. Complaints

If you are not satisfied with how we handle personal data, you have the right to lodge a complaint with the UK supervisory authority:

Information Commissioner's Office (ICO)

www.ico.org.uk

 

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to our services or legal obligations. Any updates will be published on our website with an updated effective date.

​

This policy is up to date as at 01/02/2026

bottom of page