Back to Home

Compliance

GDPR Policy

CohandlerAI is fully compliant with the UK and EU General Data Protection Regulation (GDPR).

1. Our Role Under GDPR

Under GDPR, your business is the Data Controller — you determine the purpose and means of processing customer data. CohandlerAI acts as the Data Processor — we process data only on your documented instructions.

We enter into a Data Processing Agreement (DPA) with every UK and EU business, clearly defining our respective responsibilities and obligations under GDPR Articles 28 and 29.

2. Lawful Basis for Processing

Legitimate Interests

Processing required to provide our core AI receptionist service to your business

Contract Performance

Processing necessary to fulfil our subscription service agreement with your business

Legal Obligation

Processing required to comply with applicable laws and regulatory requirements

Consent

Where customers have explicitly consented to their data being captured and stored during calls or messages

3. Data Subject Rights

Art. 15

Right of Access

Customers can request a copy of their personal data

Art. 16

Right to Rectification

Customers can request correction of inaccurate data

Art. 17

Right to Erasure

Customers can request deletion of their data

Art. 18

Right to Restriction

Customers can request limited processing of their data

Art. 20

Right to Portability

Customers can receive their data in a portable format

Art. 21

Right to Object

Customers can object to processing of their data

4. International Data Transfers

Where data is processed outside the UK or EU, CohandlerAI ensures appropriate safeguards are in place including Standard Contractual Clauses (SCCs) approved by the European Commission, and UK International Data Transfer Agreements (IDTAs) as required by UK GDPR post-Brexit.

5. Data Breach Notification

In the event of a personal data breach, CohandlerAI will notify affected businesses within 24 hours of becoming aware. We will provide full details of the nature of the breach, categories of data affected, likely consequences, and measures taken to address it.

6. Data Protection Officer

CohandlerAI has appointed a Data Protection Officer (DPO). Contact our DPO at shahzaib111.ms@gmail.com for any GDPR-related queries or Data Processing Agreements.

7. Supervisory Authority

UK clients have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk. EU clients may contact their local data protection supervisory authority.

© 2026 CohandlerAI. All rights reserved.