GDPR Compliance

Last updated: March 2026

Our Commitment to GDPR

Affective AI Limited is committed to protecting the privacy and security of personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page outlines how we ensure compliance and protect your rights.

Data Controller

Affective AI Limited acts as the Data Controller for personal data collected through our website and services. For data processed on behalf of our customers, we act as a Data Processor.

Contact:
Data Protection Officer
Affective AI Limited
North West House, 119 Marylebone Rd, London NW1 5PU
privacy@affectiveai.com

Lawful Basis for Processing

We process personal data under the following lawful bases:

  • Contract: Processing necessary to fulfil our service agreement
  • Legitimate Interest: Improving our services and security
  • Consent: Marketing communications (where applicable)
  • Legal Obligation: Compliance with laws and regulations

Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate data
  • Right to Erasure: Request deletion of your data
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a portable format
  • Right to Object: Object to processing based on legitimate interest
  • Rights Related to Automated Decision-Making: Request human review

Data Processing for Voice Analytics

Our sentiment analysis service processes voice data. We ensure GDPR compliance by:

  • Processing data only as instructed by our customers (Data Controllers)
  • Implementing strong encryption for data in transit and at rest
  • Not retaining audio data beyond the processing period unless instructed
  • Providing Data Processing Agreements (DPAs) to all customers
  • Supporting data subject access requests

International Data Transfers

We primarily store and process data within the UK and EEA. Where international transfers are necessary, we ensure appropriate safeguards such as Standard Contractual Clauses (SCCs) or adequacy decisions are in place.

Data Breach Notification

In the event of a personal data breach, we will notify the Information Commissioner's Office (ICO) within 72 hours where required. Affected individuals will be notified without undue delay if there is a high risk to their rights and freedoms.

Exercising Your Rights

To exercise any of your GDPR rights, please contact us at:
privacy@affectiveai.com

We will respond to your request within one month. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.