Privacy Notice

WHO WE ARE

Rel8 CX Limited ("Rel8", "we", "us", "our") is an AWS Advanced Partner providing agentic AI solutions for contact centres. We are committed to protecting your personal data and respecting your privacy.

PURPOSE OF THIS NOTICE

This Privacy Notice explains how we collect, use, share, and protect your personal data when you:

• Visit our website (rel8.cloud)
• Enquire about our services
• Become a client or supplier
• Communicate with us
• Use our AI-powered contact centre solutions

This notice applies to individuals who interact with Rel8 in any capacity. If you are a customer of one of our clients and your personal data is processed through our contact centre solutions, your data is controlled by our client, not by Rel8. Please refer to our client's privacy notice for information about how they process your data.

WHAT PERSONAL DATA WE COLLECT

We may collect and process the following categories of personal data:

Information You Provide to Us

Contact and Communication:

• Name and job title
• Company name and role
• Email address
• Telephone number
• Correspondence and communications with us

Business Enquiries:

• Information you provide when requesting information about our services
• Details you submit through contact forms on our website
• Information discussed during sales meetings or demonstrations

Client and Supplier Information:

• Contact details of client representatives
• Contractual information
• Payment and invoicing details
• Service delivery information

Information We Collect Automatically

Website Usage:

• IP address
• Browser type and version
• Operating system
• Pages visited and time spent on pages
• Referring website
• Date and time of access

Cookies and Similar Technologies:

We use cookies and similar technologies to improve your experience on our website. For detailed information about our use of cookies, please see our Cookie Policy below.

Information We Receive from Third Parties

Business Contact Information:

• Professional contact details from publicly available sources (LinkedIn, company websites)
• Information from business directories
• Referrals from existing clients or partners

HOW WE USE YOUR PERSONAL DATA

We use your personal data for the following purposes:

Providing Our Services

• Purpose: To deliver AI contact centre solutions to our clients
• Lawful Basis: Contract performance, legitimate interests

Responding to Enquiries

• Purpose: To respond to your questions and provide information about our services
• Lawful Basis: Legitimate interests (business development)

Managing Business Relationships

• Purpose: To manage relationships with clients, suppliers, and partners
• Lawful Basis: Contract performance, legitimate interests

Marketing Communications

• Purpose: To send you information about our services, case studies, and industry insights
• Lawful Basis: Legitimate interests (for business contacts), consent (for individuals)
• Your Rights: You can opt out of marketing at any time using the unsubscribe link in our emails or by contacting privacy@rel8.cloud

Website Improvement

• Purpose: To analyse website usage and improve user experience
• Lawful Basis: Legitimate interests

Compliance and Legal Obligations

• Purpose: To comply with legal and regulatory requirements
• Lawful Basis: Legal obligation, legitimate interests

Security and Fraud Prevention

• Purpose: To protect our systems, prevent fraud, and ensure security
• Lawful Basis: Legitimate interests

LEGAL BASIS FOR PROCESSING

Under UK data protection law, we must have a lawful basis to process your personal data. We rely on the following legal bases:

• Consent: Where you have given clear consent for specific purposes (e.g., marketing to individuals)
• Contract: Where processing is necessary to perform a contract with you or take steps at your request before entering a contract
• Legal Obligation: Where we need to comply with legal or regulatory requirements
• Legitimate Interests: Where processing is necessary for our legitimate business interests (e.g., business development, website analytics, fraud prevention), provided your rights and interests do not override those interests

WHO WE SHARE YOUR PERSONAL DATA WITH

We may share your personal data with the following categories of recipients:

Service Providers

We use carefully selected third-party service providers who process personal data on our behalf:

Infrastructure and Hosting:

• Amazon Web Services (AWS) - Cloud infrastructure (UK/Ireland data centres)
• Data stored exclusively in AWS eu-west-2 (London) and eu-west-1 (Ireland)

Business Systems:

• Microsoft Office 365 - Email and collaboration (EU data centres)
• Xero - Accounting software (secure cloud platform)
• CharlieHR - HR and recruitment platform (UK-based)

All service providers are required to:

• Process data only on our instructions
• Implement appropriate security measures
• Comply with UK GDPR requirements
• Sign Data Processing Agreements

Legal and Regulatory Authorities

We may disclose personal data to:

• Law enforcement agencies (when legally required)
• Regulatory bodies (e.g., Information Commissioner's Office)
• Courts and tribunals
• Professional advisers (lawyers, accountants, auditors)

Business Transfers

In the event of a merger, acquisition, or sale of business assets, your personal data may be transferred to the acquiring organisation.

INTERNATIONAL DATA TRANSFERS

Data Storage Location

All personal data is stored exclusively in the United Kingdom and European Economic Area:

• Primary location: AWS eu-west-2 (London, UK)
• Backup location: AWS eu-west-1 (Ireland, EEA)

Remote Access from Turkey

Our technical team includes members based in Turkey who may remotely access UK-hosted systems for software development, technical support, and system integration purposes.

Important Safeguards:

• All data remains physically stored in UK/EEA AWS infrastructure
• No data is transferred to or stored in Turkey
• Remote access is via secure encrypted VPN connections only
• Standard Contractual Clauses (SCCs) are in place
• Multi-factor authentication is required for all access
• All access is logged and monitored
• Team members are bound by the same confidentiality and security obligations as UK staff

Other International Transfers

We do not routinely transfer personal data outside the UK/EEA. If such transfers become necessary, we will implement appropriate safeguards including:

• Standard Contractual Clauses approved by the UK Information Commissioner's Office
• Transfer Impact Assessments
• Additional security measures as appropriate

HOW LONG WE KEEP YOUR PERSONAL DATA

We retain personal data only as long as necessary for the purposes for which it was collected:

Data Category	Retention Period	Reason
Enquiry and marketing contacts	3 years from last interaction	Business development
Client contact information	Duration of relationship + 6 years	Contract performance, legal obligations
Supplier information	6 years after contract end	Legal obligations (tax, audit)
Financial records	6 years	HMRC requirements
Marketing consent	Until consent withdrawn	Compliance with consent requirements
Website analytics	12 months	Website improvement
Security logs	12 months	Security and fraud prevention

When retention periods expire, we securely delete or anonymise personal data. You may request earlier deletion by exercising your right to erasure (subject to legal exceptions).

YOUR RIGHTS

Under UK data protection law, you have the following rights:

Right to Be Informed

You have the right to clear information about how we use your personal data (this notice).

Right of Access

You can request a copy of the personal data we hold about you. We will respond within one month.

Right to Rectification

You can ask us to correct inaccurate or incomplete personal data.

Right to Erasure ("Right to Be Forgotten")

You can request deletion of your personal data in certain circumstances (e.g., data no longer necessary, consent withdrawn).

Right to Restrict Processing

You can request that we limit how we use your personal data in specific situations.

Right to Data Portability

You can request your personal data in a structured, machine-readable format (where processing is based on consent or contract).

Right to Object

• You can object to processing based on legitimate interests
• You can object to direct marketing at any time (we will always comply)

Rights Related to Automated Decision-Making

We do not use automated decision-making that produces legal or similarly significant effects. If we implement such systems in the future, we will provide appropriate safeguards and the right to human review.

How to Exercise Your Rights

We will respond to your request within one month (extendable by two months for complex requests). We may need to verify your identity before responding.

Most requests are free of charge. We may charge a reasonable fee for manifestly unfounded or excessive requests.

DATA SECURITY

We take the security of your personal data seriously and implement appropriate technical and organisational measures:

Technical Security

Encryption:

• All data encrypted at rest (AES-256)
• All data encrypted in transit (TLS 1.2+)
• Encrypted backups

Access Controls:

• Multi-factor authentication for all privileged access
• Role-based access controls (least privilege)
• Strong password policies via 1Password Enterprise

Device Security:

• Full-disk encryption on all company devices (FileVault 2)
• Mobile Device Management (MDM) enforcement
• Remote wipe capability

Network Security:

• Cloud-native architecture (no on-premise servers)
• AWS security groups and network segmentation
• Web Application Firewall (WAF)
• DDoS protection

Monitoring:

• 24/7 security monitoring
• Automated threat detection
• Comprehensive audit logging

Organisational Security

• Clear desk and screen policies
• Security awareness training for all staff
• Background checks for all employees
• Confidentiality agreements
• Incident response procedures
• Regular security assessments and penetration testing

COOKIES AND SIMILAR TECHNOLOGIES

What Are Cookies?

Cookies are small text files placed on your device when you visit our website. They help us provide a better user experience and understand how our website is used.

Cookies We Use

Strictly Necessary Cookies:

• Essential for website functionality
• Cannot be disabled
• Examples: Session management, security

Analytics Cookies:

• Help us understand how visitors use our website
• Used to improve website performance and content
• Examples: Google Analytics (anonymised IP addresses)

Preference Cookies:

• Remember your settings and preferences
• Examples: Language preferences, cookie consent choices

Your Cookie Choices

You can control cookies through your browser settings:

• Accept all cookies: Allow all cookies for full website functionality
• Reject non-essential cookies: Block analytics and preference cookies
• Manage individual cookies: Configure specific cookie preferences in your browser

Browser Settings:

• Most browsers allow you to refuse or delete cookies
• See your browser's help section for instructions
• Note: Blocking essential cookies may affect website functionality

Analytics Opt-Out:

• Google Analytics: https://tools.google.com/dlpage/gaoptout

CHILDREN'S PRIVACY

Our services are not directed at children under 16 years of age. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us at privacy@rel8.cloud and we will delete it.

CHANGES TO THIS PRIVACY NOTICE

We may update this Privacy Notice from time to time to reflect changes in our practices or legal requirements.

How we notify you:

• Updated "Last Updated" date at the top of this notice
• Significant changes will be highlighted on our website
• Material changes may be communicated via email to clients and active contacts

Your responsibility:

• Please review this notice periodically
• Continued use of our services after changes constitutes acceptance

Previous versions:

• Available upon request from privacy@rel8.cloud

YOUR RIGHT TO COMPLAIN

If you are unhappy with how we have handled your personal data, you have the right to complain to the UK supervisory authority:

We encourage you to contact us first (privacy@rel8.cloud) so we can try to resolve your concerns directly.

CONTACT US

If you have any questions about this Privacy Notice or how we handle your personal data:

TRANSPARENCY COMMITMENT

Rel8 CX Limited is committed to transparency and accountability in our data protection practices. We:

• Process personal data lawfully, fairly, and transparently
• Collect only the data we need
• Keep your data secure
• Respect your rights
• Are accountable for demonstrating compliance

Our certifications and compliance:

• ICO registered (ZC028999)
• UK GDPR compliant
• ISO 27001 aligned (roadmap in progress)
• AWS Advanced Partner

END OF PRIVACY NOTICE

This Privacy Notice was last updated on November 2025 and applies to personal data processed by Rel8 CX Limited from this date onwards.