Privacy policy

Avsec Resilience Limited

Avsec Resilience Limited (“we”, “us”, or “our”) is committed to protecting and respecting your privacy.

This policy (together with our website terms of use and any other documents referred to in it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.

By visiting www.avsec-resilience.com (“our site”), you acknowledge that you have read and understood the practices described in this policy.

1. Data Controller

For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, the data controller is:

Avsec Resilience Limited
Chiltern House
45 Station Road
Henley on Thames
Oxfordshire
RG9 1AT
United Kingdom

ICO Registration Number: Z3503195

2. Information We May Collect From You

We may collect and process the following data about you:

A. Information You Give to Us

You may provide information by:

  • Filling in forms on our site

  • Registering for services or training courses

  • Purchasing training or consultancy services

  • Corresponding with us by phone, email, or chatbot

  • Participating in surveys, promotions, or events

  • Reporting issues with our site

This may include:

  • Name

  • Address

  • Email address

  • Telephone number

  • Organisation and job title

  • Payment and billing information

  • Professional credentials

  • Photographs (where voluntarily provided)

  • Chat messages and uploaded files

B. Information We Collect Automatically

With regard to each visit to our site, we may automatically collect:

  • IP address

  • Browser type and version

  • Time zone setting

  • Operating system and platform

  • Pages visited and clickstream data

  • Page response times

  • Length of visits

  • Interaction information (scrolling, clicks, mouse-overs)

C. Chatbot & AI Communications

Our site may use an automated chatbot system to assist with enquiries.

When using the chatbot, we may collect:

  • Your name and contact details (if provided)

  • Chat messages and conversation transcripts

  • Uploaded documents

  • IP address and device information

  • Date and time of interaction

Chatbot responses are generated automatically and may involve processing by third-party AI service providers.

Important:
Users must not submit restricted aviation security information, classified materials, or sensitive operational security data via the chatbot.

Chat transcripts may be stored for up to 12 months for customer service, training, and quality monitoring purposes, unless longer retention is required for contractual or legal reasons.

D. GPT Tools and AI Assistants

Our website provides access to a range of AI-powered GPT tools, including support assistants and advisory tools.

When using these tools, we may process:

  • User inputs, prompts, and queries
  • Responses generated by the AI system
  • Interaction data (e.g. usage patterns and session activity)

These tools may be powered by third-party AI providers, and information submitted may be processed by those providers in order to generate responses.

We do not require users to provide personal data to use these tools. However, if personal data is included within user inputs, it will be processed in accordance with this policy.

Important:
Users must not submit:

  • Sensitive personal data
  • Confidential business information
  • Security-sensitive or restricted information

GPT tool outputs are generated automatically and are provided for general guidance only. They may not always be accurate, complete, or up to date.

We may store limited interaction data to:

  • Improve tool performance
  • Monitor usage and quality
  • Support system development

Where possible, data is minimised and/or anonymised.

3. Cookies

Our site uses cookies to distinguish you from other users. This helps us provide a good experience and improve our services.

Cookies may also be used in connection with chatbot functionality and website analytics.

For detailed information, please see our Cookie Policy.

4. Lawful Basis for Processing

Under UK GDPR, we rely on the following lawful bases:

  • Contractual necessity – to deliver training and consultancy services

  • Legitimate interests – to respond to enquiries, improve services, and maintain site security

  • Legal obligation – to comply with regulatory requirements

  • Consent – where required (e.g., marketing communications)

You may withdraw consent at any time where processing is based on consent.

5. How We Use Your Information

We use your information:

  • To fulfil contracts for training and consultancy services

  • To respond to enquiries

  • To provide requested information

  • To improve our website and services

  • To administer and secure our site

  • To monitor service quality

  • To send service-related communications

  • To send marketing communications where permitted

  • To operate, maintain, and improve our AI-powered GPT tools

6. Disclosure of Your Information

We may share your personal information with:

  • Service providers and subcontractors

  • IT hosting providers

  • Payment processors

  • Analytics providers

  • AI chatbot service providers

  • Professional advisers

  • Regulatory authorities where required

Where we use third-party AI providers, data may be processed in accordance with their data processing terms.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law.

7. International Transfers

Some of our third-party service providers may process data outside the United Kingdom.

Where this occurs, we ensure appropriate safeguards are in place, such as:

  • UK International Data Transfer Agreements (IDTAs)

  • Standard Contractual Clauses (SCCs)

  • Adequacy regulations

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Secure hosting environments

  • SSL encryption for payment transactions

  • Access controls

  • Internal confidentiality policies

However, transmission of information via the internet is not completely secure, and we cannot guarantee absolute security.

9. Data Retention

We retain personal data only as long as necessary for:

  • Providing services

  • Legal and regulatory compliance

  • Accounting requirements

  • Legitimate business purposes

Training records may be retained in accordance with regulatory or contractual requirements.

Chat transcripts are generally retained for up to 12 months.

10. Your Rights

Under UK GDPR, you have the right to:

  • Access your personal data

  • Rectify inaccurate data

  • Erase your data (“right to be forgotten”)

  • Restrict processing

  • Object to processing

  • Data portability

  • Withdraw consent (where applicable)

  • Lodge a complaint with the UK Information Commissioner’s Office (ICO)

To exercise your rights, contact:
info@avsec-resilience.com

11. Access to Information (DSAR)

You have the right to request access to personal data we hold about you.

We will respond within one month unless the request is complex. We may charge a reasonable fee where permitted by law.

Where disclosure would involve information about another individual, we will only provide such data where legally permitted.

12. Links to Other Websites

Our site may contain links to third-party websites. We are not responsible for their privacy policies.

13. Changes to This Policy

Any changes to this privacy policy will be posted on this page and, where appropriate, notified by email.

14. Contact

Questions, comments, and requests regarding this privacy policy are welcomed and should be addressed to:

Contact us