Data Protection & Privacy Policy

Last Reviewed: 1 April 2025
Next Review Due: 1 April 2026
Owner: Data Protection Officer, Collaboration Works Limited (CWorks)

1. Introduction

Collaboration Works (“CWorks”, “we”, “our”, “us”) is committed to protecting the privacy and security of personal data. This policy outlines how we collect, use, store, and share personal data in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable data protection laws.

This policy applies to all personal data collected or processed by CWorks in the course of providing AI consulting and technology services.

2. Lawful Basis for Processing

CWorks processes personal data under the following lawful bases, as defined in Article 6 of the UK GDPR:

  • Consent – where data subjects have given clear, affirmative consent.

  • Contract – where processing is necessary to fulfil a contract with the data subject.

  • Legal obligation – where processing is required by law.

  • Legitimate interests – where processing is necessary for our legitimate business interests and does not override the rights and freedoms of data subjects.

3. Types of Personal Data We Collect

We may collect and process the following types of personal data:

  • Identity data: name, job title, company, etc.

  • Contact data: email address, telephone number, business address.

  • Technical data: IP addresses, browser type, device information.

  • Usage data: analytics on how you interact with our website or services.

  • Client data: data provided to us as part of AI systems integration, consulting or workflow automation services.

We do not knowingly collect special category data unless explicitly required for a project and with appropriate safeguards.

4. How We Use Personal Data

We use personal data to:

  • Deliver AI consulting and system integration services.

  • Respond to inquiries or support requests.

  • Fulfil contractual obligations.

  • Communicate updates, insights, or marketing (if consented).

  • Maintain system security and improve performance.

  • Meet legal and regulatory requirements.

We never sell or rent personal data to third parties.

5. Data Sharing and Third Parties

We may share personal data with:

  • Trusted service providers (e.g. hosting, analytics, CRM platforms).

  • Legal or regulatory authorities, where required.

  • Subcontractors working under strict confidentiality and data protection terms.

All third-party processors are contractually bound to comply with the UK GDPR and our security standards.

6. Data Retention

CWorks retains personal data only as long as necessary for the purpose it was collected. Where applicable, we follow statutory retention periods. Upon expiry, data is securely deleted or anonymised.

7. Data Security

We take the security of your data seriously. Measures include:

  • Secure hosting infrastructure.

  • Access control and role-based permissions.

  • Encryption of data in transit and at rest.

  • Regular security reviews and risk assessments.

We are working toward Cyber Essentials certification.

8. International Data Transfers

Where personal data is transferred outside the UK, we ensure it is protected through appropriate safeguards, such as Standard Contractual Clauses (SCCs) or adequacy decisions.

9. Your Rights

Under the UK GDPR, you have the following rights:

  • Right to access your data.

  • Right to rectify inaccurate data.

  • Right to erasure (in certain circumstances).

  • Right to restrict or object to processing.

  • Right to data portability.

  • Right to withdraw consent at any time.
    Right to lodge a complaint with the ICO.

To exercise any of these rights, contact us using the details below.

10. Contact

If you have questions about this policy or how we handle your data, contact:

Data Protection Officer
Collaboration Works Limited
dpo@cworks365.com

Scroll to Top