1. Who we are
This Privacy Notice explains how Zavvion Limited trading as Zavvion AI (“Zavvion”, “we”, “us” or “our”) collects and uses personal data through this website, enquiries, newsletter sign-ups and service delivery.
Controller: Zavvion Limited trading as Zavvion AI.
Company details: Zavvion Limited is the legal website operator.
Email: info@zavvion.com. Phone: 0044 203 576 1 675.
Data Protection Officer (DPO): Cham Arachchi, via info@zavvion.com.
ICO registration: We are registered with the Information Commissioner’s Office (ICO) as a data protection fee payer.
Language: We operate in English. Please contact us in English where possible so we can respond accurately.
We act as a controller for our own website visitors, business contacts, leads, suppliers and clients. We may act as a processor when we process a client’s customer, lead, attendee, caller or end-user data only on that client’s instructions.
2. Personal data we collect
Depending on how you use the website or services, we may collect:
- Contact details: name, email address, phone number, company name and job role.
- Enquiry details: industry, business stage, operational bottlenecks, messages and any information you choose to send us.
- Newsletter details: email address, marketing preferences and unsubscribe records.
- Website and device data: IP address, browser type, pages visited, timestamps, approximate location from server logs and security logs.
- Client project data: workflow maps, CRM fields, call scripts, lead records, booking data, communication templates, invoices, payment status and support tickets.
- Voice and communications data: call metadata, call recordings, transcripts, SMS, email or chat content where this is part of an agreed client implementation.
- Payment and billing data: billing contact, invoice details and payment status. Card or bank details should normally be processed by a payment provider, not stored directly by us.
Please do not send us special category data, medical information, confidential legal documents, financial account details or children’s data through the website contact form unless we have specifically agreed a secure process with you.
3. How and why we use personal data
| Purpose | Examples | Likely lawful basis |
|---|---|---|
| Respond to enquiries | Reviewing your contact form message and contacting you about your request. | Legitimate interests; taking steps before a contract. |
| Provide services | Operational assessment, workflow mapping, CRM configuration, AI receptionist, lead response, booking, follow-up and reporting systems. | Contract; legitimate interests. Where we process client end-user data, we usually act as processor under the client’s instructions. |
| Newsletter and marketing | Sending updates about AI automation, revenue operations and services. | Consent for newsletter sign-ups and certain individual subscribers; legitimate interests for some B2B contacts where lawful and with opt-out. |
| Improve and secure the website | Server logs, anti-spam checks, troubleshooting and security monitoring. | Legitimate interests; legal obligation where applicable. |
| Business administration | Accounts, tax records, client management, supplier management and legal record keeping. | Contract; legal obligation; legitimate interests. |
| AI and automation delivery | Configuring prompts, workflows, call-routing, lead scoring, reminders and reporting. | Contract; legitimate interests; processor obligations where handling client-controlled data. |
We will not sell your personal data.
4. AI and automation processing
Our services may use AI or automation to help with customer response, call handling, lead qualification, appointment booking, follow-up, review requests, reporting and workflow automation.
AI outputs can be inaccurate, incomplete or unsuitable without human review. We do not use AI systems to make legally or similarly significant decisions about individuals through this website unless this is specifically disclosed and agreed.
Clients remain responsible for deciding what their AI workflows may say, when human escalation is required, whether call recording or transcription is lawful, and whether extra rules apply in regulated sectors such as healthcare, legal services, financial services, insurance, employment or children’s services.
6. International transfers
Some providers may process personal data outside the UK. Where this happens, we will use a lawful transfer route where required, such as UK adequacy regulations, the UK International Data Transfer Agreement, the UK Addendum to EU standard contractual clauses, or another lawful safeguard or exception.
Transfers used for client systems must be checked against the client contract, sector rules and the final sub-processor list.
7. How long we keep data
| Data type | Retention approach |
|---|---|
| Website enquiries | Usually up to 24 months after the last meaningful contact, unless a client relationship starts or a dispute requires longer retention. |
| Newsletter records | Until you unsubscribe or we stop sending the newsletter. We may keep a suppression record so we do not contact you again. |
| Client project records | For the contract term and then normally up to 6 years, unless deletion, return, legal retention or dispute requirements apply. |
| Call recordings and transcripts | Normally up to 90 days unless a different client, legal, security or sector requirement applies. |
| Invoices and accounting records | For as long as needed for accounting, tax, audit and legal record keeping. |
| Security and server logs | Usually short-term unless needed to investigate security, fraud, abuse or legal claims. |
8. Your rights
Depending on the circumstances, you may have rights to access, correct, erase, restrict, object to processing, data portability, withdraw consent and complain to the Information Commissioner’s Office.
Your right to object to direct marketing is absolute. You can opt out of marketing at any time by using the unsubscribe link in our emails or contacting info@zavvion.com.
If we process your data on behalf of one of our clients, we may need to refer your request to that client because they are the controller.
You can complain to the ICO if you are unhappy with how we handle your personal data. We would appreciate the chance to deal with your concern first by contacting our DPO, Cham Arachchi.
9. Security
We use appropriate technical and organisational measures designed to protect personal data. These may include access controls, role-based permissions, secure configuration, encryption where appropriate, audit logs, backups, staff confidentiality and supplier due diligence.
No online system is completely secure. Do not submit highly sensitive information through a standard web form unless we have agreed a secure process.
10. Children
The website and services are intended for business users aged 18 or over. We do not knowingly collect children’s personal data through the website.
If a client implementation may involve children or young people, this must be assessed separately before launch.
11. Changes to this notice
We may update this Privacy Notice from time to time. The latest version will be posted on this page.
Last updated: 18 May 2026.