Privacy Policy
1. Who we are
AI Governance Direct Limited ("we", "us", "our") is a UK-based independent financial assessment service specialising in AI investment analysis for business owners and boards.
Registered address:
AI Governance Direct Limited
34 Boundary Drive
Liverpool
L25 0QD
United Kingdom
Email: terence@aigovernancedirect.com
ICO Registration Number: C1895253
For the purposes of the UK General Data Protection Regulation (UK GDPR), we are the data controller of the personal data described in this policy.
2. What data we collect
We collect and process the following personal data when you interact with us via our website contact forms:
• Name
• Email address
• Organisation name and role
• Any other information you choose to include in the free‑text fields of the form
We do not intentionally collect special category data (such as health information or data about criminal convictions) through our website. Please do not include such information in any free‑text fields.
3. How we collect your data
We collect personal data directly from you when you:
• Complete and submit a contact form on our website
• Request information about our services
• Ask to schedule a meeting or call
4. Why we use your data (lawful bases)
We use your personal data only where we have a lawful basis under UK GDPR, namely:
a) Legitimate interests
We process your data where it is necessary for our legitimate interests as a consulting firm and where your interests and fundamental rights do not override those interests. This includes:
• Responding to your enquiries and messages
• Providing information about our services
• Maintaining basic records of interactions for internal governance and quality purposes
b) Pre‑contractual steps and performance of a contract
Where you request our services, we may process your data as necessary to take steps at your request prior to entering into a contract, and to perform any contract we enter into with you.
c) Legal obligations
We may process and retain certain information where we are required to do so to comply with applicable legal or regulatory obligations.
We do not rely on consent as our primary lawful basis for processing the data described above. Where we do rely on consent (for example, for any future optional marketing communications), you will always have a clear opportunity to withdraw that consent.
5. How we use your data
We use the personal data we collect via our website to:
• Read and respond to your enquiries
• Provide information about our services, methodologies and governance frameworks
• Arrange and manage meetings and calls
• Keep appropriate internal records of key correspondence
• Improve how we explain and deliver our services
We do not use your personal data for automated decision‑making that produces legal or similarly significant effects.
6. How we share your data
We do not sell your personal data and we do not share it with third parties for their own marketing purposes.
We may share your data with:
• Professional advisers (such as legal or accounting advisers) where reasonably necessary for our own governance, compliance and business management
• Service providers who support our website, email and document management systems, acting as processors on our behalf and under appropriate contractual safeguards
• Regulators, law enforcement or other authorities where required by law or where necessary to protect our rights or those of others.
7. International transfers
Our core operations are based in the UK. Some of our service providers may process data in the UK, the European Economic Area (EEA) or other countries.
Where personal data is transferred outside the UK, we will take appropriate steps to ensure that an adequate level of protection is in place, such as:
• Ensuring the destination country has an adequacy regulation from the UK government; or
• Putting in place appropriate safeguards, such as the International Data Transfer Agreement (IDTA) or other approved contractual clauses.
8. How long we keep your data
We retain personal data only for as long as is reasonably necessary for the purposes described in this policy, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.
In general:
• Enquiry‑related data will typically be retained for up to 3 years from our last meaningful contact with you, unless a longer period is justified by our legitimate interests or legal obligations.
• If you become a client, we may retain relevant data for longer periods in line with professional, legal and regulatory requirements.
9. How we protect your data
We take appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction or damage. These measures are proportionate to the nature of the data we process and the risks associated with its use.
10. Your rights under UK GDPR
Under UK GDPR, you have a number of rights in relation to your personal data. Subject to certain conditions and exemptions, you may have the right to:
• Access your personal data and receive a copy
• Rectify inaccurate or incomplete data
• Erase your personal data (the "right to be forgotten")
• Restrict our processing of your data
• Object to our processing where we rely on legitimate interests
• Data portability, where applicable
You also have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects.
To exercise any of these rights, please contact us using the email address set out at the start of this policy.
11. Contact and complaints
If you have any questions about this privacy policy or how we handle your personal data, please contact:
AI Governance Direct Limited
Email: terence@aigovernancedirect.com
You also have the right to lodge a complaint with the UK supervisory authority for data protection, the Information Commissioner’s Office (ICO):
Information Commissioner’s Office
www.ico.org.uk
12. Changes to this policy
We may update this privacy policy from time to time to reflect changes in our activities, legal requirements or best practice. The updated version will be posted on this page with an updated "last updated" date.
Last updated: 23 March 2026