This policy is dated 7 June 2026. Version 1.1.
1. Who we are and how to contact us
GMD is the controller responsible for your personal data in respect of our own website users, prospects and business contacts (referred to in this policy as you).
You can contact us about this policy or to exercise your rights by email at enquiries@gmdautomation.ai.
Where GMD processes personal data on behalf of a customer in the course of providing its services, GMD acts as a processor and the relevant customer is the controller. That processing is governed by the data protection provisions of the master services agreement between GMD and that customer, and not by this policy.
2. The personal data we collect about you
We may collect, use, store and transfer the following kinds of personal data:
- Identity Data, including your name, title, job title and the organisation you represent.
- Contact Data, including your email address and telephone number.
- Enquiry and AI Interaction Data, including the content of your communications with us by email, telephone or LinkedIn, and the content of your interactions with our AI consultant on the Site. Our AI consultant is provided through an embedded text chat on our contact page, and we process the messages you send in order to operate the chat and respond to your enquiry.
- Transaction Data, including details of services provided to you or the organisation you represent and, where applicable, the payment and direct debit details needed to collect our charges.
- Technical and Usage Data, including your IP address, browser type and version, device information and information about how you use the Site.
- Marketing and Communications Data, including your marketing and communication preferences and records of our correspondence with you.
We do not intentionally collect any special category data (such as data about your health, race, religion or political opinions). Please do not provide such data to us, including through our AI consultant, unless we have specifically requested it.
3. How your personal data is collected
We collect personal data:
- directly from you, when you email us, telephone us, connect with us on LinkedIn, use our AI consultant, or otherwise correspond with us;
- automatically, as you interact with the Site, through cookies and similar technologies and through the embedded AI consultant when you use it (see clause 9 (Cookies and similar technologies)); and
- from third parties and public sources, such as Companies House and professional networking platforms.
4. How and why we use your personal data
We will only use your personal data when the law allows us to. The purposes for which we use it, and the lawful bases we rely on, are set out below:
| Purpose / activity | Type of data | Lawful basis |
|---|---|---|
| To respond to your enquiries, including through our AI consultant | Identity; Contact; Enquiry and AI Interaction | Legitimate interests (to respond to and develop business enquiries) |
| To negotiate and perform a contract for services | Identity; Contact; Transaction | Performance of a contract |
| To collect our charges, including by direct debit | Identity; Contact; Transaction | Performance of a contract; legitimate interests |
| To administer, secure and improve the Site and our business | Identity; Contact; Technical; Usage | Legitimate interests; legal obligation |
| To send you marketing about our services and measure its effectiveness | Identity; Contact; Usage; Marketing and Communications | Consent; legitimate interests |
| To comply with our legal and regulatory obligations | Identity; Contact; Transaction | Legal obligation |
5. Marketing
We may send you business-to-business marketing communications about our services where we have a lawful basis to do so. You can ask us to stop sending marketing communications at any time by following the opt-out links in any such communication or by contacting us using the details in clause 1.
6. Who we share your personal data with
We share personal data with the following categories of recipient, who act as our processors or service providers and are permitted to use it only on our instructions:
- Netlify, which hosts and serves our Site;
- Render, which hosts the backend service that runs the AI consultant on our contact page and relays your chat messages to and from the AI model;
- Anthropic, whose Claude AI model generates the AI consultant's responses and processes the content of your chat messages for that purpose;
- Supabase, which hosts the knowledge base the AI consultant draws on to answer your questions;
- Airtable, where we store the enquiry and booking details you provide through the AI consultant so that we can respond to you;
- Cal.com, which we use to schedule any consultation or appointment you book;
- Google, whose web fonts service is used to display the Site, and which may receive your IP address when fonts are requested by your browser;
- our payment and direct debit provider, which processes payments and collects our charges; and
- our professional advisers (such as our lawyers, accountants and insurers), and regulators or authorities where we are required by law to share information.
We may also share personal data with a buyer or successor if we sell or transfer our business or assets.
7. International transfers
Some of our service providers are based outside the United Kingdom, principally in the United States. These include Anthropic, Render and Airtable, which support our AI consultant, and Google, which provides our web fonts. Where we transfer personal data outside the UK, we ensure an appropriate safeguard is in place, such as a UK adequacy determination, the International Data Transfer Agreement, or the International Data Transfer Addendum to the EU Standard Contractual Clauses, together with any supplementary measures identified by a transfer risk assessment.
8. Data security and retention
We maintain appropriate technical and organisational measures to protect your personal data, including transport-layer encryption and a strict content security policy on our Site. We limit access to your personal data to those who have a business need to know it, and we have procedures to deal with any suspected personal data breach.
We retain personal data only for as long as reasonably necessary for the purposes for which we collected it, including to satisfy any legal, regulatory, tax, accounting or reporting requirements.
9. Cookies and similar technologies
This clause explains how we use cookies and similar technologies on the Site. A cookie is a small text file placed on your device when you visit a website; in this clause the term also includes similar technologies such as pixels, tags and browser local storage. We use these in accordance with the Privacy and Electronic Communications (EC Directive) Regulations 2003 and the UK GDPR: strictly necessary cookies do not require your consent, and for all other cookies we obtain your consent through our consent banner, which you may withdraw at any time.
Our Site is a static website and we keep our use of cookies to a minimum. The cookies and similar technologies we use fall into the following categories:
- Strictly necessary, which are required for the Site to function and to remember your preferences, including your theme preference and your cookie consent choices. These do not require your consent.
- AI consultant session storage, being a first-party identifier that our embedded chat on the contact page stores in your browser's session storage so your conversation stays consistent for the duration of your visit. It is set only when you use the chat, contains no personal data, and is cleared when you close your browser.
- Web fonts, being the Google web fonts used to display the Site. Your browser requests these fonts from Google, which may receive your IP address. This does not set a cookie but involves a third-party connection.
We do not currently use analytics or advertising cookies on the Site. If we introduce analytics in future, we will update this policy and obtain your consent before any such cookie is set. The cookies and similar technologies in use are summarised below:
| Name / source | Type | Purpose | Duration |
|---|---|---|---|
| Theme and consent preferences (first-party) | Strictly necessary | Remembers your display and cookie consent choices | Until cleared by you |
| AI consultant session id (first-party) | Functional | Keeps your chat conversation consistent during your visit to the contact page | Cleared when you close your browser |
| Google Fonts (third-party connection) | Functional | Delivers website fonts | No cookie set |
You can manage your preferences at any time through our cookie consent banner or settings link, and through your browser settings, which allow you to refuse or delete cookies. Disabling certain cookies, or declining the AI consultant, may mean that parts of the Site do not function properly.
10. Your legal rights
Under data protection law you have the right to: request access to your personal data; request correction or erasure of it; object to or request restriction of processing; request the transfer of your data; and, where we rely on consent, withdraw that consent at any time.
To exercise any right, contact us at enquiries@gmdautomation.ai. You will not normally have to pay a fee, and we aim to respond within one month. You also have the right to complain to the Information Commissioner's Office (www.ico.org.uk), although we would welcome the opportunity to resolve your concerns first.
11. Changes to this policy
We keep this policy under review and may update it from time to time. The date at the top of this policy shows when it was last updated, and we will post any updated version on the Site.