Privacy Policy for Anaiya Group Ltd

Effective Date: 30th June 2025
Last Updated: 24th July 2025

1. Introduction
   Anaiya Group Ltd (“we,” “our,” or “us”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website www.anaiya.org, engage with our services, or interact with us through various channels including social media platforms, email communications, and consultation sessions.
   This policy applies to all personal data we process about you, whether you are a website visitor, prospective client, current client, business partner, or any other individual whose personal data we may process in connection with our business activities. We are committed to being transparent about how we collect and use your data and to meeting our data protection obligations under applicable laws, including the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018.
2. Information We Collect
   2.1 Personal Information You Provide Directly
   We collect personal information that you voluntarily provide to us when you: Contact Forms and Inquiries: When you complete contact forms on our website, request Information about our services, or reach out to us via email, we collect information such as your name, email address, phone number, company name, job title, and any message or inquiry details you provide. Consultation Bookings: When you book a consultation or strategy session with us, we collect your name, email address, phone number, company information, preferred meeting times, and any specific topics or challenges you wish to discuss during the session. Newsletter Subscriptions: If you subscribe to our newsletter or thought leadership content, we collect your email address, name, and any preferences you specify regarding the type of content you wish to receive. Event Registrations: When you register for webinars, workshops, or other events we host, we collect registration information including your name, email address, company details, and any specific interests or questions you indicate. Service Engagement: During the provision of our consulting services, we may collect additional information relevant to your project requirements, organisational structure, strategic objectives, and other business-related data necessary to deliver our services effectively.
   2.2 Information Collected Automatically
   When you visit our website or interact with our digital platforms, we automatically collect certain information through various technologies: Website Usage Data: We collect information about how you use our website, including pages visited, time spent on pages, links clicked, and the path you take through our site. This helps us understand user behaviour and improve our website experience. Device and Browser Information: We collect information about the device and browser you use to access our website, including device type, operating system, browser type and version, screen resolution, and similar technical information. IP Address and Location Data: We collect your IP address, which may provide general location information (such as city or region). We do not collect precise geolocation data without your explicit consent. Cookies and Similar Technologies: We use cookies, web beacons, and similar tracking technologies to enhance your browsing experience, remember your preferences, and analyse website traffic. Detailed information about our cookie usage is provided in our Cookie Policy.
   2.3 Information from Third Parties
   We may receive information about you from third-party sources, including: Social Media Platforms: If you interact with us on social media platforms such as LinkedIn, Twitter, or other professional networks, we may receive information from these platforms in accordance with their privacy policies and your privacy settings. Business Partners and Referrals: We may receive information about you from business partners, referral sources, or other professional contacts who recommend our services or facilitate introductions. Public Sources: We may collect information about you from publicly available sources, such as company websites, professional directories, or published articles, particularly when conducting research to better understand your organisation or industry context.
3. How We Use Your Information
   We use the personal information we collect for various legitimate business purposes, including:
   3.1 Service Delivery and Client Management
   Consultation and Strategy Services: We use your information to schedule, prepare for, and conduct consultation sessions, strategy meetings, and other professional services. This includes understanding your business context, preparing relevant materials, and following up on action items discussed during our engagements. Project Management: For ongoing consulting engagements, we use your information to manage project timelines, coordinate with your team members, track deliverables, and ensure effective communication throughout the engagement period. Customised Solutions: We analyse the information you provide to develop customised AI strategies, digital transformation roadmaps, and leadership development solutions that align with your specific organisational needs and objectives.
   3.2 Communication and Relationship Management
   Responsive Communication: We use your contact information to respond to your inquiries, provide requested information about our services, and maintain ongoing communication related to your interests or engagements with us. Thought Leadership and Educational Content: We use your email address and preferences to send you relevant thought leadership content, industry insights, research findings, and educational materials that align with your indicated interests in AI strategy, digital transformation, and leadership development. Event Invitations and Updates: We may use your information to invite you to relevant webinars, workshops, industry events, or other educational opportunities that we believe would be valuable to you based on your professional interests and previous interactions with us.
   3.3 Business Operations and Improvement
   Website and Service Enhancement: We analyse usage data and feedback to improve our website functionality, enhance user experience, and develop new service offerings that better meet the needs of our clients and prospects. Market Research and Analysis: We may use aggregated and anonymised data to conduct market research, analyse industry trends, and develop insights that inform our service development and thought leadership content. Quality Assurance: We use information from client interactions and feedback to maintain and improve the quality of our services, identify areas for enhancement, and ensure we consistently meet our professional standards.
   3.4 Legal and Compliance Purposes
   Legal Obligations: We may use your information to comply with applicable laws, regulations, legal processes, or governmental requests, including but not limited to tax reporting, regulatory compliance, and response to lawful requests from authorities. Contract Performance: We use your information to fulfil our contractual obligations, enforce our terms of service, and protect our legal rights and interests. Risk Management: We may use your information for risk assessment, fraud prevention, and security purposes to protect our business, clients, and stakeholders from potential threats or harmful activities.
4. Legal Basis for Processing
   Under the General Data Protection Regulation (GDPR) and other applicable data protection laws, we must have a lawful basis for processing your personal data. The legal bases we rely on include:
   4.1 Legitimate Interests
   We process your personal data based on our legitimate interests in operating and growing our consulting business, provided these interests are not overridden by your fundamental rights and freedoms. Our legitimate interests include: Business Development: Developing and maintaining client relationships, identifying potential business opportunities, and growing our consulting practice in AI strategy, digital transformation, and leadership development. Service Improvement: Analysing how our services are used and received to improve our offerings, develop new solutions, and enhance client satisfaction. Marketing and Communications: Communicating with prospects and clients about our services, sharing relevant thought leadership content, and building our professional reputation in the industry.
   4.2 Contractual Necessity
   We process your personal data when it is necessary for the performance of a contract with you or to take steps at your request before entering into a contract. This includes: Service Delivery: Processing data necessary to deliver consulting services, conduct strategy sessions, and fulfil our contractual obligations to clients. Pre-contractual Activities: Processing data during the proposal phase, initial consultations, and other pre-contractual discussions and negotiations.
   4.3 Consent
   In some cases, we process your personal data based on your explicit consent, such as: Marketing Communications: Sending you marketing emails, newsletters, or promotional materials where you have specifically opted in to receive such communications. Special Categories of Data: Processing any sensitive personal data (if applicable) only with your explicit consent and for specific, legitimate purposes.
   4.4 Legal Obligations
   We may process your personal data to comply with legal obligations, such as: Regulatory Compliance: Meeting requirements under applicable business regulations, tax laws, and professional standards. Legal Proceedings: Responding to legal requests, court orders, or regulatory investigations.
5. How We Share Your Information
   We are committed to protecting your privacy and do not sell, rent, or trade your personal information to third parties for their marketing purposes. However, we may share your information in the following circumstances:
   5.1 Service Providers and Business Partners
   Technology Providers: We may share your information with trusted third-party service providers who assist us in operating our website, managing our customer relationship management (CRM) systems, providing email marketing services, or hosting our data. These providers are contractually obligated to protect your information and use it only for the specific services they provide to us. Professional Service Providers: We may share your information with professional advisors such as lawyers, accountants, auditors, and other consultants who assist us in operating our business. These providers are bound by professional confidentiality obligations. Collaboration Partners: In some cases, we may collaborate with other consulting firms, technology partners, or industry experts to deliver comprehensive solutions to our clients. In such cases, we will share only the information necessary for the collaboration and will ensure appropriate confidentiality agreements are in place.
   5.2 Legal and Regulatory Requirements
   Legal Compliance: We may disclose your information if required to do so by law, regulation, legal process, or governmental request, including but not limited to responding to court orders, subpoenas, or regulatory investigations. Protection of Rights: We may disclose your information when we believe it is necessary to protect our rights, property, or safety, or the rights, property, or safety of our clients, employees, or others.
   5.3 Business Transfers
   Merger or Acquisition: In the event of a merger, acquisition, reorganisation, or sale of all or substantially all of our assets, your personal information may be transferred to the acquiring entity as part of the transaction. We will provide notice of such transfer and any choices you may have regarding your information.
   5.4 Aggregated and Anonymised Data
   We may share aggregated, anonymised, or de-identified information that cannot reasonably be used to identify you. This may include industry trends, market research findings, or statistical information about our services and client outcomes.
6. Data Retention
   We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, comply with our legal obligations, resolve disputes, and enforce our agreements.
   6.1 Retention Periods
   Client Data: For current and former clients, we typically retain personal data for a period of seven (7) years after the conclusion of our engagement, or longer if required by applicable law or professional standards. Prospect Data: For individuals who have inquired about our services but have not become clients, we retain personal data for up to three (3) years from the last interaction, unless you request earlier deletion. Marketing Data: For individuals who have subscribed to our marketing communications, we retain personal data until you unsubscribe or request deletion, or for up to five (5) years of inactivity. Website Data: Technical data collected through our website is typically retained for up to two (2) years, unless longer retention is required for security or legal purposes.
   6.2 Secure Deletion
   When personal data is no longer needed, we securely delete or anonymise it using industry standard methods to ensure it cannot be recovered or reconstructed.
7. Data Security
   We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction.
   7.1 Technical Safeguards
   Encryption: We use encryption technologies to protect data both in transit and at rest, including SSL/TLS encryption for data transmission and AES encryption for data storage. Access Controls: We implement strict access controls to ensure that only authorised personnel can access personal data, and only to the extent necessary for their job functions. Network Security: Our systems are protected by firewalls, intrusion detection systems, and other security technologies to prevent unauthorised access. Regular Updates: We regularly update our software, systems, and security measures to address emerging threats and vulnerabilities.
   7.2 Organisational Safeguards
   Employee Training: All employees who have access to personal data receive regular training on data protection principles, security procedures, and their obligations under applicable privacy laws. Confidentiality Agreements: All employees, contractors, and service providers are bound by confidentiality agreements that include specific provisions regarding the protection of personal data. Incident Response: We have established procedures for detecting, investigating, and responding to data security incidents, including notification procedures as required by applicable law. Regular Audits: We conduct regular security audits and assessments to identify potential vulnerabilities and ensure our security measures remain effective.
8. Your Rights and Choices
   Under applicable data protection laws, you have certain rights regarding your personal information. These rights may vary depending on your location and the legal basis for our processing of your data.
   8.1 Access and Portability
   Right of Access: You have the right to request confirmation of whether we are processing your personal data and, if so, to receive a copy of that data along with information about how we are processing it. Data Portability: In certain circumstances, you have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
   8.2 Correction and Deletion
   Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you. Right to Erasure: In certain circumstances, you have the right to request that we delete your personal data, such as when the data is no longer necessary for the purposes for which it was collected or when you withdraw your consent.
   8.3 Processing Restrictions
   Right to Restrict Processing: In certain circumstances, you have the right to request that we restrict the processing of your personal data, such as when you contest the accuracy of the data or object to our processing. Right to Object: You have the right to object to our processing of your personal data in certain circumstances, particularly when we are processing data based on legitimate interests or for direct marketing purposes.
   8.4 Exercising Your Rights
   To exercise any of these rights, please contact us using the information provided in the “Contact Us” section below. We will respond to your request within the timeframes required by applicable law, typically within 30 days. We may need to verify your identity before processing your request to ensure the security of your personal data. In some cases, we may be unable to fulfil your request due to legal obligations or other legitimate reasons, which we will explain to you.
9. International Data Transfers
   As a UK-based company, we primarily process personal data within the United Kingdom and European Economic Area (EEA). However, some of our service providers and technology platforms may be located outside the UK and EEA.
   9.1 Safeguards for International Transfers
   When we transfer personal data outside the UK and EEA, we ensure appropriate safeguards are in place, including: Adequacy Decisions: Transferring data to countries that have been deemed to provide an adequate level of data protection by the UK or EU authorities. Standard Contractual Clauses: Using standard contractual clauses approved by the UK or EU authorities to ensure appropriate protection for transferred data. Certification Schemes: Working with service providers who participate in recognised certification schemes that provide appropriate data protection guarantees.
10. Children’s Privacy
    Our services are not directed to children under the age of 16, and we do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information promptly.
11. Changes to This Privacy Policy
    We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes to this policy, we will: Notification: Provide notice of the changes through our website, email communications, or other appropriate means. Effective Date: Update the “Last Updated” date at the top of this policy to indicate when the changes take effect. Continued Use: Your continued use of our services after the effective date of any changes constitutes your acceptance of the updated policy. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.
12. Contact Us
    If you have any questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please contact us:
    Anaiya Group Ltd
    Email: Info@anaiya.org
    Address: 86-90, Paul Street, London, EC2A 4NE
    
    For specific privacy-related inquiries or to exercise your data protection rights, please use the subject line “Privacy Inquiry” in your email communication. We are committed to addressing your privacy concerns promptly and transparently. If you are not satisfied with our response, you have the right to lodge a complaint with the relevant data protection authority in your jurisdiction.