Privacy Policy

1. Introduction

This Privacy Policy explains how Sax AI Limited ("we," "our," or "us") collects, uses, shares, and protects personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Your privacy is important to us. This Privacy Policy explains what information we collect about you and why, what we do with that information, and how we handle it. At Sax AI Limited, we care about the confidentiality and privacy of your data and are fully committed to protecting it. The business of Sax AI Limited does not include selling or renting your information, so your personal data will not be sold to third parties and will only be used in the manner specified in this Privacy Policy.

This Privacy Policy sets out the conditions for the processing of personal data of users ("Users") who visit the website, request information, participate in business activities, or use the services provided by Sax AI Limited, as we act as Data Controller only for our corporate website and business operations.

We provide Know Your Business (KYB) services to investment banks in the United Kingdom ("Clients"). In providing these services, we act as a data processor under GDPR and Data Processing Agreements, processing personal data on behalf of our Clients, who are the data controllers.

2. Contact Information

Data Controller (for our corporate website and business operations): Sax AI Limited. 76 Wynford Road, London, N1 9SN, UK. Email: dpo@hiresax.ai

Data Protection Officer: Eva Vives Email: dpo@hiresax.ai

3. Personal Data We Process

3.1. Processing of Users' personal data by Sax AI Limited (as Controller)

The data that we process as Controllers may include contact information (name, email, phone number), payment data and any other data supplied by the User.

3.2. Processing of personal data on behalf of the Clients by Sax AI Limited (as Data Processor)

As part of our KYB services, we may process the following personal data on behalf of our Clients:

• Identity Information: Full names, dates of birth, nationality, ID document details (passport, driving license, etc.)
• Contact Information: Addresses, email addresses, phone numbers
• Financial Information: Source of wealth and funds, employment details
• Business Relationship Information: Role within the company (officer, Ultimate Beneficial Owner, signatory)
• Authentication Information: User credentials for our platform
• Technical Information: IP addresses, browser information, device information

4. How We Collect Personal Data

4.1. How we collect your data (as Controller)

As Controller, we collect personal data through our website form, other inbound inquiries entering our CRM and user lists.

We collect personal data directly from you and through automated means to deliver our services, respond to inquiries, and comply with legal obligations.

Direct Collection: Via website contact forms, email inquiries, support tickets, and registrations, capturing details like name, email, phone, and message content stored in our secure CRM (e.g., inbound leads and user lists).

Third-Party Sources: Limited to public directories or partners with consent (e.g., event co-hosts), always documented in our RoPA.

We only collect what is necessary and inform you at collection points and are transparent about all data being collected.

4.2. On behalf of the Clients by Sax AI Limited (as Data Processor)

In our capacity as processor, we do not collect personal data directly from individuals. Instead, we receive personal data from our Clients or from users authorized by our Clients who upload data through our application.

5. Purpose and Legal Basis for Processing

5.1. Processing of Users' personal data by Sax AI Limited (as Controller)

The legal basis for processing your data is:

• The contractual relationship between the User and Sax AI Limited.
• The legitimate interest of Sax AI Limited.
• The explicit consent of the User to receive information about Sax AI Limited or the Service, or to share information with speakers or guests at events. The User may withdraw this consent at any time.

5.2. Processing of personal data on behalf of the Clients by Sax AI Limited (as Data Processor)

We process personal data for the following purposes:

• To provide KYB verification and automation services to our Clients
• To validate the identity and address of individuals involved in business relationships
• To assist our Clients in meeting their regulatory obligations
• To maintain the security of our services
• To improve our services

The legal basis for our processing is:

• Contractual Necessity: We process data according to the contractual terms established with our Clients (the data controllers)

6. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements, after which they will be securely deleted or anonymized unless a longer retention period is required by law.

We will delete or anonymize personal data when:

• There is no longer a business need for the data
• The contract with our Client expires
• A valid erasure request is approved by the data controller
• The maximum legal retention period has been reached

7. Data Sharing and International Transfers

We may share personal data with:

Our third-party service providers who process data on our behalf, including:

• Amazon Web Services (AWS)
• Google Workspace
• Auth0
• Google Cloud Platform
• Slack
• Calendly
• Vanta

Personal data may be transferred to:

• The United Kingdom (outside the EEA but covered by an adequacy decision)
• Services that process data outside the EEA (e.g., Microsoft Bing Search API)

For any international transfers not covered by adequacy decisions, we implement appropriate safeguards such as Standard Contractual Clauses (SCCs).

8. Data Security

We maintain appropriate technical and organizational measures to protect personal data, including:

• ISO 27001 certified information security management system
• Encryption of personal data
• Regular security assessments
• Access controls
• Staff training on data protection

9. Your Rights

As we primarily act as a data processor, individuals should direct requests regarding their rights to our Clients (the data controllers). However, we will assist our Clients in fulfilling such requests.

In the cases where we act as Controllers, we acknowledge all the rights guaranteed by law to our Users. These rights include:

• Right to access
• Right to rectification
• Right to erasure
• Right to restrict processing
• Right to data portability
• Right to object
• Rights related to automated decision making and profiling

You can exercise your rights by writing to dpo@hiresax.ai. Sax AI Limited has an internal policy in place to respond to DSRs (Data Subject Requests) with the formalities and procedures established under the UK GDPR.

If you are in the UK, you can contact the Information Commissioner's Office (ICO) for further information or to lodge a complaint.

10. Automated Decision Making

Our KYB services involve automated processing to verify identity and business information. This may include some elements of profiling and automated decision-making as part of the KYB process. However, our Clients are responsible for implementing appropriate measures to safeguard individuals' rights, such as providing information about the logic involved and ensuring human intervention where necessary.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The most current version will be posted on our website with the effective date.

12. How to Complain

If you have concerns about our data processing activities, please contact our Data Protection Officer at dpo@hiresax.ai.

You also have the right to lodge a complaint with a supervisory authority. The UK supervisory authority is the Information Commissioner's Office (ICO): https://ico.org.uk/make-a-complaint/