Compliance
GDPR Policy
CohandlerAI is fully compliant with the UK and EU General Data Protection Regulation (GDPR).
1. Our Role Under GDPR
Under GDPR, your business is the Data Controller — you determine the purpose and means of processing customer data. CohandlerAI acts as the Data Processor — we process data only on your documented instructions.
We enter into a Data Processing Agreement (DPA) with every UK and EU business, clearly defining our respective responsibilities and obligations under GDPR Articles 28 and 29.
2. Lawful Basis for Processing
Processing required to provide our core AI receptionist service to your business
Processing necessary to fulfil our subscription service agreement with your business
Processing required to comply with applicable laws and regulatory requirements
Where customers have explicitly consented to their data being captured and stored during calls or messages
3. Data Subject Rights
Right of Access
Customers can request a copy of their personal data
Right to Rectification
Customers can request correction of inaccurate data
Right to Erasure
Customers can request deletion of their data
Right to Restriction
Customers can request limited processing of their data
Right to Portability
Customers can receive their data in a portable format
Right to Object
Customers can object to processing of their data
4. International Data Transfers
Where data is processed outside the UK or EU, CohandlerAI ensures appropriate safeguards are in place including Standard Contractual Clauses (SCCs) approved by the European Commission, and UK International Data Transfer Agreements (IDTAs) as required by UK GDPR post-Brexit.
5. Data Breach Notification
In the event of a personal data breach, CohandlerAI will notify affected businesses within 24 hours of becoming aware. We will provide full details of the nature of the breach, categories of data affected, likely consequences, and measures taken to address it.
6. Data Protection Officer
CohandlerAI has appointed a Data Protection Officer (DPO). Contact our DPO at shahzaib111.ms@gmail.com for any GDPR-related queries or Data Processing Agreements.
7. Supervisory Authority
UK clients have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk. EU clients may contact their local data protection supervisory authority.