Privacy Notice: For prospective customers

What data we hold

As a prospective customer, we will hold very little information about you:

• Records of communications with you, if you get in touch (e.g. if you phone or email us)

We also generate log files from various servers: this will include an IP address assigned to you or, more likely, to someone who provides you with Internet access. If you do not want us to see your actual IP address, feel free to visit us via Tor.

Using your information

References to the basis of processing (e.g. "(Basis: Art. 6(f).)") are a reference to the article of the General Data Protection Regulation under which we undertake the processing in question.

Responding to your enquiries

We use the information we hold about you to respond to your enquiry, such as helping work out the best service for you.

(Basis: Art. 6(b): this is necessary to deliver the service to you.)

Staff training and quality assurance

We use recordings of communications you have with our staff, including call recordings, for staff training and quality assurance purposes

(Basis: Art. 6(f): we do this for the legitimate interest of providing the best possible service to you.)

Securing our services

We use the information we hold about you to defend our networks and services from attacks.

(Basis: Art. 6(c): we have to do this to comply with legal and regulatory obligations.)

Evidencing contracts and protecting our legal risks

We use information we hold, including any call recordings, to help demonstrate the existence or content of contracts, prevent and detect fraud, and for establishing and defending our legal rights.

(Basis: Art. 6(f): we do this for the legitimate interest of protecting A&A.)

Engaging with courts or alternative dispute resolution services

If we are need to do so as part of a court or ADR process, we will process your personal information to either bring a claim, or defend a claim or dispute.

(Basis: Art. 6(f): we do this for the legitimate interest of protecting A&A.)

Responding to binding requests from courts, law enforcement and other agencies, or regulators

If we are served with a binding order (for example, a court order, a notice under the investigatory powers framework, or a notice from the Information Commissioner’s Office) which includes you, we will be required to process your personal data to be able to comply with it.

(Basis: Art. 6(c): we have to do this to comply with legal and regulatory obligations.)

Technical data

We may use the logs from our servers to assist with A&A’s security, as well as to determine visitor behaviour and help us plan our business strategy (e.g. such as working out which pages on the site are most popular, or whether particular events have caused an increase in traffic).

(Basis: Art. 6(c): we have legal and regulatory obligations to protect our clients and their information. Art. 6(f): strategy planning is a legitimate, indeed sensible, thing for a business to do.)

Securing our premises

We operate CCTV, covering public internal and external areas of our premises.

(Basis: Art. 6(f): we do this for the legitimate interest of protecting A&A.)

Mailing lists

We run some mailing lists, to which you can subscribe if you wish.

(Basis: Art. 6(a): you consent to being on the mailing list for as long as you choose to remain a subscriber.)

Your data and the EEA

We do not transfer or process data outside the European Economic Area unless the processing requires it (for example, where you are corresponding with us from outside the EEA and we reply to you).

What if you don’t give us your data?

We cannot force you to provide us with data, and it is your choice whether you give us everything we need to provide our services to you or not. If you choose not to provide us with the data we need, we may not be able to provide you with the service.