Data Privacy

GDPR Policy

Last updated: March 30, 2026

Home/GDPR Policy

Our Commitment to GDPR

AZi Solutions is committed to complying with the General Data Protection Regulation (GDPR) for users and clients in the European Economic Area (EEA) and United Kingdom. This page supplements our Privacy Policy with specific information for individuals exercising their rights under GDPR.

Data Controller

AZi Solutions acts as the data controller for personal data collected via our website and in connection with our services. Our contact for data protection matters is: [email protected]. We do not currently require a designated Data Protection Officer (DPO) under Article 37 of GDPR based on our scale of operations, but we take our data protection obligations seriously.

Lawful Bases for Processing

We process personal data only when we have a lawful basis to do so:

  • Consent (Article 6(1)(a)): Newsletter subscriptions, non-essential cookies. You can withdraw consent at any time.
  • Contract (Article 6(1)(b)): Processing necessary to deliver services you have engaged us for.
  • Legitimate Interests (Article 6(1)(f)): Website analytics, improving our services. We have conducted Legitimate Interest Assessments (LIAs) where this basis applies.
  • Legal Obligation (Article 6(1)(c)): Where required by applicable law, such as financial record keeping.

Your GDPR Rights

Under GDPR, you have the following rights:

  • Right of Access (Article 15): Request a copy of all personal data we hold about you, free of charge, within 30 days.
  • Right to Rectification (Article 16): Request correction of inaccurate or incomplete data without undue delay.
  • Right to Erasure (Article 17): Request deletion of your data where there is no compelling reason for continued processing ("right to be forgotten").
  • Right to Restriction (Article 18): Request that we restrict processing of your data in certain circumstances.
  • Right to Data Portability (Article 20): Receive your data in a structured, machine-readable format and transmit it to another controller.
  • Right to Object (Article 21): Object to processing based on legitimate interests at any time.
  • Rights related to automated decision-making (Article 22): We do not engage in fully automated decision-making or profiling that produces legal or significant effects.

To exercise any of these rights, email [email protected] with your request. We will respond within 30 days (extendable to 90 days for complex requests, with notification).

Data Transfers Outside the EEA

When we transfer personal data outside the EEA or UK, we ensure appropriate safeguards are in place. For transfers to the UAE (where we are based), we rely on standard contractual clauses (SCCs) and assess the legal framework in the destination country. We use Google Analytics (USA) under the EU-US Data Privacy Framework. If you have questions about specific transfers, contact us at [email protected].

Data Retention

We retain personal data only for as long as necessary for the purpose it was collected. Specifically: contact form enquiries are retained for 3 years; client project data is retained for 7 years (contractual and legal requirements); newsletter subscriber data until unsubscribed; analytics data for 26 months (Google Analytics default). You may request earlier deletion of your data at any time.

Right to Lodge a Complaint

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with your national supervisory authority. In the UK, this is the Information Commissioner's Office (ICO) at ico.org.uk. In the EU, it is the supervisory authority in your country of residence. We would however appreciate the opportunity to address your concerns directly before you contact a supervisory authority.

Questions About This Policy?

If you have any questions about this policy or how we handle your data, please get in touch.

Contact Us [email protected]
💬How can I help?