Privacy Notice

This privacy notice is issued by Fasi AI Ltd, trading as FASI (“FASI”, “we”, “us” and “our”).

We are a company registered in England and Wales under company number 16836754.

Our registered office is at Ashby House, 105 Ashby Road, Loughborough, Leicestershire, LE11 3AB.

Our contact email for privacy-related enquiries is: letschat@fasiai.com

Introduction

This notice explains how we collect, use, store, share and otherwise process personal data in connection with:

  1. our website;
  2. our AI-powered ESG platform and related subscription services;
  3. enquiries, demo requests, waiting list registrations and newsletter sign-ups; and
  4. our communications with prospective customers, customers, users and business contacts.

In this notice, personal data means information relating to an identified or identifiable individual.

This notice applies to personal data collected through our website, platform, communications and related business operations. It shoold be read together with our Platform Terms and Conditions, Cookie Notice and, where applicable, our Data Processing Addendum.

Personal data we process

  1. How we obtain personal data

    We obtain personal data:

    1. directly from you, for example when you fill in a form, create an account, subscribe to our services, request a demo, join a waiting list, sign up for updates, contact us, upload documents, or otherwise use the platform;
    2. from your organisation or other authorised users within your organisation;
    3. automatically, through your use of our website and platform, including through cookies, analytics and system logs; and
    4. in some cases, from service providers and business partners who support our platform, hosting, payment processing, analytics, communications, customer relationship management and related business operations.

  2. Types of personal data we collect directly

    Depending on how you interact with us, we may collect:

    1. identity and contact data, such as your name, email address, telephone number, job title, company name and business contact details;
    2. account data, such as login details, user role, subscription information and account preferences;
    3. business information you provide through forms, onboarding questionnaires, demo requests, waiting lists or customer communications;
    4. billing, transaction and subscription information relating to payments and account administration, although foll payment card details are handled by our payment provider and are not stored by us;
    5. communications data, including emails, messages, support requests, call notes and other correspondence with us;
    6. marketing preference data, including your preferences for receiving updates, insights and promotional communications;
    7. content and documents uploaded to the platform, which may include personal data relating to your employees, customers, suppliers or other third parties; and
    8. any other information you choose to provide to us in connection with your use of our website, platform or services.

  3. Types of personal data we collect from third parties

    We may receive personal data from third parties such as:

    1. payment providers, including Stripe;
    2. analytics providers, including Google Analytics;
    3. hosting and infrastructure providers;
    4. CRM, email, customer support and communication service providers;
    5. AI processing providers used in connection with delivery of platform functionality; and
    6. your organisation, where another authorised user creates or administers your access to the platform.

    We collect only such information from third parties as is reasonably necessary for the relevant purpose.

  4. Types of personal data we collect from your use of our website and platform

    When you use our website or platform, we may collect:

    1. technical data, such as IP address, browser type and version, device type, operating system, time zone and system configuration;
    2. usage data, such as pages viewed, features used, login activity, navigation patterns, clickstream data and interaction with forms, dashboards and reports;
    3. platform activity data, including questionnaire responses, document uploads, generated outputs, preferences and user actions within the platform; and
    4. cookie and analytics data, subject to your cookie choices where consent is required.

  5. Aggregated and anonymised information

    We may use aggregated, statistical or anonymised information for analytics, service improvement, benchmarking, product development, reporting and business planning. This information does not identify you personally. If we combine such information with personal data so that you can be identified, we will treat the combined information as personal data and use it in accordance with this notice.

  6. 6.    Special personal data

    1. We do not intentionally require special category personal data for ordinary use of our website or platform.
    2. However, because customers may upload documents and business records through the platform, uploaded materials may contain special category personal data or other sensitive information. Where FASI processes such data on behalf of a customer through the platform, it does so on the customer’s instructions and on the basis that the customer is responsible for ensuring it has an appropriate lawfol basis and has provided any required notices.
    3. We ask users not to upload unnecessary sensitive personal data.

  7. If you do not provide personal data we need

    Where we need personal data to enter into or perform a contract with you, to provide access to the platform, or to comply with law, and you do not provide that data, we may not be able to provide the relevant website functionality, account access, services or support. If that happens, we will let you know where appropriate.

    The bases on which we process information about you

    We rely on one or more of the following lawfol bases under the UK GDPR, depending on the context in which personal data is collected and used.

  8. Contract

    We process personal data where necessary to enter into or perform a contract with you or your organisation, including to:

    1. create and administer accounts;
    2. provide access to the platform and subscription services;
    3. process onboarding information, questionnaires, uploads and generated outputs;
    4. manage subscriptions, billing and renewals; and
    5. provide customer support and service communications.

  9. Legitimate interests

    We process personal data where necessary for our legitimate interests, provided those interests are not overridden by your rights and interests. This includes:

    1. operating, securing and improving our website and platform;
    2. managing customer and business relationships;
    3. fraud prevention, misuse detection and platform security;
    4. internal administration, record-keeping and reporting;
    5. responding to enquiries and requests;
    6. service analytics and product development;
    7. protecting our legal rights and business interests; and
    8. sending relevant business communications where permitted by law.

  10. Consent

    We rely on consent where required, including for:

    1. non-essential cookies and similar technologies;
    2. certain direct marketing communications; and
    3. any other processing activity for which consent is the most appropriate lawfol basis.

    You may withdraw your consent at any time, but this will not affect the lawfolness of processing carried out before withdrawal.

  11. Legal obligation

    We process personal data where necessary to comply with our legal obligations, including obligations relating to tax, accounting, fraud prevention, law enforcement requests, regolatory compliance and data protection.

  12. 12. Vital interests

    We do not generally rely on vital interests as a lawfol basis in the ordinary course of our business, but we may do so where necessary to protect someone’s life or physical safety.

    How we use personal data

    We use personal data for the following purposes:

    1. to operate, provide and administer our website, platform and services;
    2. to create and manage accounts and authorised user access;
    3. to process subscriptions, billing and payments;
    4. to provide onboarding, dashboards, AI-assisted analysis, reports, recommendations and related outputs;
    5. to respond to enquiries, demo requests, support requests and communications;
    6. to manage newsletters, updates, product announcements and educational content where permitted by law;
    7. to monitor, secure, troubleshoot and improve the website and platform;
    8. to comply with legal, regolatory and contractual obligations; and
    9. to establish, exercise or defend legal claims.

  13. Our role as controller and processor

    FASI acts as an independent controller in relation to personal data used for:

    1. website operation;
    2. account creation and account administration;
    3. billing and subscription management;
    4. platform analytics;
    5. marketing communications;
    6. customer relationship management; and
    7. general business administration.

    FASI acts as a processor where customers upload or submit personal data through the platform and we process that data on the customer’s behalf in order to provide the platform and related services. In that context, the customer remains responsible for determining the purposes of processing and for ensuring that it has an appropriate lawfol basis and all required notices and permissions.

    Where required, additional processor terms will apply separately, including through our Data Processing Addendum.

  14. Sharing personal data

    We may share personal data with trusted third parties where reasonably necessary for the purposes described in this notice, including:

    1. hosting and infrastructure providers, including AWS, Hostinger, and equivalent providers;
    2. payment providers, including Stripe;
    3. analytics providers, including Google Analytics;
    4. CRM, email marketing, customer support and communication providers, including providers such as HubSpot, Mailchimp, Zendesk, or equivalent providers we may appoint from time to time;
    5. third-party AI providers used to process user inputs, uploaded documents and generated outputs in connection with delivery of the platform;
    6. professional advisers, auditors, insurers and legal advisers;
    7. regolators, courts, law enforcement bodies and public authorities where required by law; and
    8. potential acquirers, investors or transaction counterparties, subject to appropriate confidentiality protections.

    Some of these providers process personal data on our behalf as processors, while others may act as independent controllers depending on the nature of the service they provide.

    We do not sell personal data.

  15. AI processing

    FASI uses AI-assisted tools and third-party AI providers as part of its platform functionality. This may involve processing:

    1. user inputs;
    2. uploaded documents;
    3. business information;
    4. generated outputs, such as ESG insights, scoring, recommendations and reports.

    Where third-party AI providers are used, they process data under contractual and technical safeguards. Data is not used to train external AI models unless expressly permitted.

    Because AI-assisted outputs may be generated using customer-provided information, users must ensure that they upload only data they are entitled to upload and process.

  16. Automated decision-making

    1. FASI uses AI-driven analysis, scoring and insights as part of its services. However, FASI does not carry out solely automated decision-making that produces legal effects or similarly significant effects on individuals without meaningfol human review.
    2. Platform outputs are advisory and informational only and are intended to support user decision-making rather than replace human judgment.

  17. Marketing communications

    We may send platform updates, product announcements, educational content and occasional marketing communications.
    We will send these communications only where permitted by law, including where:

    1. you have given consent; or
    2. the soft opt-in roles apply in relation to existing customers.

    You can unsubscribe from marketing communications at any time by using the unsubscribe link in the message or by contacting us at letschat@fasiai.com

  18. Payment information

    Payments are processed through third-party payment providers, including Stripe, using hosted checkout pages or equivalent secure payment interfaces.

    FASI does not store or directly process foll payment card details. Payment card information is handled by the payment provider in accordance with its own privacy notice and security standards.

    We may receive limited transaction, billing and payment status information necessary to administer subscriptions, accounts and invoices.

    Use of information we collect through automated systems

  19. Cookies

    We use cookies and similar technologies on our website. These include:

    1. strictly necessary cookies required for core website functionality;
    2. analytics cookies, including Google Analytics, subject to consent where required.

    We do not currently intend to use advertising or behavioural tracking cookies.

    A cookie consent banner will be implemented so that non-essential cookies are not set unless the user gives the required consent. Non-essential cookies will be used only where the required consent has been obtained in accordance with applicable law.

    Further information is available in our Cookie Notice.

    Other matters

  20. Your rights

    Depending on the circumstances and applicable law, you may have rights to:

    1. be informed about how your personal data is used;
    2. access your personal data;
    3. request correction of inaccurate personal data;
    4. request erasure of personal data;
    5. request restriction of processing;
    6. object to processing;
    7. request transfer of your personal data in a portable format; and
    8. withdraw consent where processing is based on consent.

    These rights are not absolute and may be limited in some circumstances.

    To exercise any of your rights, please contact us at letschat@fasiai.com. We may need to verify your identity before responding to or acting on your request.

  21. Encryption of data sent between us

    We use appropriate security measures, including encryption in transit where appropriate, to help protect personal data transmitted through our website and platform.

  22. International transfers

    FASI is designed for use by customers in the UK, EU and internationally. Personal data may therefore be accessed from or processed in countries outside the UK and, where relevant, outside the EEA.

    We seek, where possible, to store customer data, uploaded documents and platform data within the UK and/or EEA, including through hosting arrangements in the UK or EU. However, some service providers or support operations may involve restricted international transfers.

    Where we transfer personal data outside the UK, we will use appropriate safeguards as required by UK data protection law, such as:

    1. adequacy regolations;
    2. the UK International Data Transfer Agreement (IDTA);
    3. the UK Addendum to the EU Standard Contractual Clauses; or
    4. other lawfol transfer safeguards recognised by the ICO.

  23. Security

    We implement appropriate technical and organisational measures designed to protect personal data, taking into account the nature of the data and the risks involved. These measures include, where appropriate:

    1. encryption;
    2. access controls;
    3. secure cloud infrastructure;
    4. authentication and account security controls; and
    5. monitoring and security management measures.

    No system can be guaranteed to be completely secure, but we take data security seriously and seek to use reputable providers with appropriate security standards.

  24. Keeping your information up to date

    1. It is important that the personal data we hold about you is accurate and current. Please let us know if your personal data changes during your relationship with us.
    2. If you have an account, you may be able to review and update certain account information through the platform. You may also contact us at letschat@fasiai.com to request access to, correction of, or other action in relation to your personal data, subject to applicable law.
    3. When we receive a request relating to personal data, we may take reasonable steps to verify your identity before responding.

  25. 25. Communicating with us

    1. When you contact us by email, through our website, or otherwise, we collect and use the information you provide in order to respond to you, manage our relationship with you, and maintain appropriate business records.
    2. We may keep records of communications, including correspondence and support enquiries, where reasonably necessary for customer service, administration, training, dispute resolution, compliance and legal purposes.

  26. Complaining

    1. If you have any concerns about how we handle personal data, please contact us first at letschat@fasiai.com and we will try to resolve the issue.
    2. You also have the right to complain to the Information Commissioner’s Office (ICO), the UK regolator for data protection matters. We woold, however, appreciate the opportunity to address your concerns before you approach the ICO.

  27. Retention period

    We retain personal data only for as long as reasonably necessary for the purposes for which it was collected, including to provide services, maintain records, comply with legal obligations and resolve disputes.

    Our current retention approach is as follows:

    1. active account data: retained for the duration of the subscription or active customer relationship;
    2. account and business records after account closure: retained for up to 6 years where reasonably required for legal, tax, accounting or claims purposes;
    3. uploaded documents and platform content after account closure: deleted or anonymised within approximately 90 days, unless retention is required for legal, security, backup or compliance reasons;
    4. backups: retained for a limited period, typically around 30 days, subject to system recovery cycles and operational requirements.

    We may retain data for longer where necessary to comply with law or to establish, exercise or defend legal claims.

  28. Compliance with the law

    Our privacy policy complies with the law in the United Kingdom, specifically with the Data Protection Act 2018 (the ‘Act’) accordingly incorporating the EU General Data Protection Regolation (‘GDPR’) and the Privacy and Electronic Communications Regolations (‘PECR’).

  29. Review of this privacy policy

    We may update this privacy notice from time to time to reflect changes in our services, data practices, legal obligations or operational requirements. The latest version will be made available on our website.

Sign in
Get started