PRIVACY AND DATA PROTECTION POLICY

Last updated: 3 February 2026

1. INTRODUCTION

GARDAIN AI Ltd (“GARDAIN”, “we”, “us”, “our”) is committed to protecting the privacy and personal data of individuals with whom we interact, including website visitors, prospective clients, business contacts and professional partners.

This Privacy Policy explains how we collect, use, store, disclose and protect personal data in accordance with the UK General Data Protection Regulation (“UK GDPR”), the EU General Data Protection Regulation (“EU GDPR”) where applicable, and other relevant data protection laws.

This policy applies to personal data collected through our website and through our professional and business communications.

2. INFORMATION ABOUT US

  • Legal entity: GARDAIN AI Ltd

  • Jurisdiction of incorporation: United Kingdom

  • Operational regions: United Kingdom, European Union, United Arab Emirates

  • Role under data protection law: Data Controller

  • Contact: human@gardain.com

GARDAIN does not process end-customer or consumer data on behalf of clients via this website. This policy relates solely to personal data processed in connection with GARDAIN’s own operations.

3. SCOPE AND DATA SUBJECTS

This Privacy Policy applies to the processing of personal data relating to the following categories of individuals (“Data Subjects”):

  • Website visitors

  • Prospective clients and business contacts

  • Professional partners and service providers

  • Individuals engaging with GARDAIN’s marketing, communications or business development activities

GARDAIN does not knowingly collect or process personal data relating to children.

4. CATEGORIES OF PERSONAL DATA WE COLLECT

Depending on the nature of your interaction with us, we may collect and process the following categories of personal data:

4.1 Website and Technical Data

  • Internet Protocol (IP) address

  • Device identifiers

  • Browser type and version

  • Operating system

  • Referring URLs

  • Pages visited and interactions

  • Date, time and duration of visits

4.2 Communication Data

  • Emails, messages or enquiries sent to us

  • Records of professional correspondence

4.3 Engagement and Inference Data

  • Website engagement patterns

  • Content interactions

  • Inferred professional interests derived from engagement data

Inferences are limited to professional and business contexts only.

5. SOURCES OF PERSONAL DATA

We collect personal data from the following sources:

  • Directly from you when you contact us or interact with our website

  • Automatically through cookies and tracking technologies

  • Publicly available professional sources (such as company websites or professional networks)

  • Third-party service providers acting on our behalf

6. PURPOSES OF PROCESSING AND LAWFUL BASES

We process personal data for the purposes and on the lawful bases set out below:

Purpose of Processing

  • Operating, maintaining and improving our website

  • Understanding engagement with our services

  • Responding to enquiries and communications

  • Business development and professional outreach

  • Managing professional relationships

  • Security, fraud prevention and system integrity

  • Compliance with legal and regulatory obligations

Lawful Basis

  • Legitimate Interests

  • Legitimate Interests

  • Legitimate Interests / Performance of a Contract

  • Legitimate Interests

  • Legitimate Interests

  • Legitimate Interests / Legal Obligation

  • Legal Obligation

Where processing is based on legitimate interests, we have carried out a balancing assessment to ensure that our interests do not override your rights and freedoms.

7. USE OF ANALYTICS, CRM AND TRACKING TOOLS

GARDAIN uses the following tools:

  • Squarespace – website hosting and content management

  • Google Analytics 4 (GA4) – website performance and usage analytics

  • Google Tag Manager – deployment and management of tracking technologies

  • Google Search Console – search performance monitoring and site indexing insights

  • Jeeva – CRM and inbound engagement analysis

  • Zoho – CRM infrastructure supporting Jeeva

  • Slack – internal communications (no public data ingestion)

Jeeva may associate website engagement data with publicly available professional contact information to support relevant B2B business development activity.

Analytics and engagement tools operate only where cookie consent has been provided.

Google Search Console provides aggregated and anonymised information about how our website appears in search results and does not use cookies or directly identify individual users.

8. COOKIES AND SIMILAR TECHNOLOGIES

Details of our use of cookies and similar technologies are set out in the Cookie Policy below.

9. DATA SHARING AND DISCLOSURE

We do not sell personal data.

We may disclose personal data to:

  • Trusted service providers acting as processors on our behalf

  • Professional advisers (legal, compliance, audit)

  • Regulatory authorities where legally required

All third parties are contractually required to process personal data securely and only in accordance with our instructions.

10. INTERNATIONAL DATA TRANSFERS

Some of our service providers are located outside the UK and EU, including in the United States.

Where personal data is transferred internationally, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs)

  • Adequacy decisions where applicable

11. DATA RETENTION

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, regulatory, accounting and business requirements.

When personal data is no longer required, it is securely deleted or anonymised.

12. DATA SUBJECT RIGHTS

Depending on your location, you may have the right to:

  • Access your personal data

  • Rectify inaccurate data

  • Request erasure

  • Restrict processing

  • Object to processing

  • Withdraw consent (where applicable)

  • Lodge a complaint with a supervisory authority

Requests may be submitted to: human@gardain.com

13. AUTOMATED DECISION-MAKING

GARDAIN does not engage in automated decision-making or profiling that produces legal or similarly significant effects.

14. SECURITY MEASURES

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse or disclosure.

While no system can guarantee absolute security, we maintain industry-standard safeguards and governance practices.

15. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. The most current version will always be published on our website.

16. CONTACT

For questions or concerns relating to this Privacy Policy, contact:
human@gardain.com