Privacy Policy
Effective Date: 18 March 2026
Last Updated: 18 March 2026
1. Data Controller
GOLDENPAYS LTD
2. Data We Collect
2.1 Account Data
- Full name
- Work email address
- Department and role
- Employee ID (if applicable)
2.2 Usage Data
- Questions asked to the AI assistant
- Documents accessed
- Feedback provided (ratings and comments)
- Timestamps of interactions
2.3 Technical Data
- IP address (anonymized after 30 days)
- Browser type and version
- Device information
- Session data
3. Legal Basis for Processing
Under UK GDPR, we process your personal data based on:
Contract (Article 6(1)(b))
Processing necessary to fulfill your employment contract
Legitimate Interest (Article 6(1)(f))
Improving onboarding experience and workplace safety
4. How We Use Your Data
✅ We Use Data To:
- • Provide AI-powered assistance
- • Answer your work-related questions
- • Improve response accuracy
- • Ensure compliance and safety
- • Generate anonymized analytics
❌ We Never:
- • Sell your data to third parties
- • Use data for marketing without consent
- • Share data between different companies
- • Monitor personal device activity
- • Train external AI models with your data
5. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | 6 months after contract termination |
| Conversation history | 6 months (then anonymized) |
| Audit logs | 10 years (legal requirement - EU AI Act) |
| Anonymized analytics | Indefinitely (no personal data) |
6. Your Rights
Under UK GDPR, you have the right to:
🔍 Access
Request a copy of your personal data
✏️ Rectification
Correct inaccurate information
🗑️ Erasure
Request deletion of your data
🚫 Object
Opt-out of specific processing
📦 Portability
Export data in machine-readable format
⏸️ Restriction
Limit how we process your data
To exercise your rights:
Email: dpo@goldenpays.uk
Response time: Within 30 days
7. Data Security
We implement industry-standard security measures:
Encryption
AES-256 at rest
TLS 1.3 in transit
Access Control
Multi-factor authentication
Role-based access
Monitoring
24/7 threat detection
Regular security audits
8. International Transfers
All data is hosted on Google Cloud Platform (London, UK). We do not transfer personal data outside the European Economic Area (EEA) without appropriate safeguards under UK GDPR.
In the event of international transfers, we ensure Standard Contractual Clauses (SCCs) are in place as required by the ICO.
9. Cookies
We use only essential cookies for:
- Authentication (session management)
- Security (CSRF protection)
We do not use tracking cookies, advertising cookies, or third-party analytics cookies.
10. AI-Specific Disclosures (EU AI Act)
⚠️ You are interacting with an AI system
GoldenGuide uses Large Language Models (LLMs) to generate responses. While we implement strict controls (RAG, source citations, human review), AI-generated content may occasionally contain errors.
Your responsibilities:
- Always verify critical information with your supervisor
- Report incorrect responses using the feedback button
- Do not rely solely on AI for safety-critical decisions
11. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of significant changes via:
- Email notification (to your work email)
- In-app notification on your next login
- Updated “Last Modified” date at the top of this page
12. Contact & Complaints
Contact our Data Protection Officer:
Email: dpo@goldenpays.uk
Phone: +44 7856 417248
Right to Complain to the ICO:
If you're not satisfied with our response, you can contact the UK supervisory authority:
Information Commissioner's Office (ICO)
Website: ico.org.uk
Phone: 0303 123 1113
Email: casework@ico.org.uk