GDPR Compliance
Last updated: 1 February 2025
Our GDPR Commitment
EngineVult AI is committed to full compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We build data protection into every service we deliver — not as a legal checkbox, but as a fundamental engineering principle. All AI systems we deploy for clients are designed with privacy by design and data protection by default.
Data Processing Agreements
When EngineVult AI processes personal data on behalf of a client (e.g., as part of an AI Voice Agent deployment), we act as a Data Processor and enter into a formal Data Processing Agreement (DPA) with the client (the Data Controller). Our DPA covers the scope and purpose of processing, security measures, sub-processor arrangements, data subject rights support, breach notification procedures, and post-contract data deletion.
Lawful Bases for Processing
All personal data processing by EngineVult AI is conducted under a documented lawful basis: Legitimate Interests (for internal analytics and business development), Contract (for service delivery), Consent (for marketing communications and specific AI applications), and Legal Obligation (for regulatory compliance). We conduct Legitimate Interests Assessments (LIAs) where this basis is applied.
Data Subject Rights
We support all UK GDPR data subject rights: right of access (Subject Access Requests responded to within 30 days), right to rectification, right to erasure, right to restrict processing, right to data portability, right to object, and rights related to automated decision-making. Submit requests to contact@enginevult.ai.
Security Measures
EngineVult AI implements appropriate technical and organisational measures including: encryption in transit (TLS 1.3) and at rest (AES-256), access controls with role-based permissions, regular security assessments, incident response procedures, and staff data protection training. We conduct Data Protection Impact Assessments (DPIAs) for high-risk processing activities.
Sub-Processors
We use a limited number of carefully vetted sub-processors for cloud infrastructure, AI model inference, and communication services. All sub-processors are bound by GDPR-compliant agreements and process data within the UK/EEA or under appropriate transfer mechanisms (Standard Contractual Clauses). A current list of sub-processors is available on request.
Contact Our DPO
For any GDPR-related queries, data subject rights requests, or to request our DPA template: contact@enginevult.ai | EngineVult AI, London, United Kingdom.