Data Processing Agreement — AI Takes Axion Ltd
Legal

Data Processing Agreement

How we handle personal data on your behalf in accordance with UK GDPR.

Version 2.0 Effective 1 May 2026 Company No. 17159021

01

Introduction

This Data Processing Agreement governs the processing of personal data between AI Takes Axion Ltd (Processor, Company Number: 17159021) and the client (Controller). It is governed by the UK GDPR and Data Protection Act 2018.

02

Definitions

  • Personal Data — any information relating to an identified or identifiable individual
  • Processing — any operation performed on personal data
  • Controller — determines the purposes and means of processing (the client)
  • Processor — processes personal data on behalf of the Controller (AI Takes Axion Ltd)
  • Sub-processor — any third party engaged by the Processor to process personal data

03

Role of the Parties

The client acts as the Data Controller. AI Takes Axion Ltd acts as the Data Processor. The Processor shall only process personal data on documented instructions from the Controller, unless required by law.

04

Subject Matter & Duration

Processing relates to the provision of AI automation, communication, booking, website hosting, marketing, and SEO services. Processing shall continue for the duration of the service agreement unless otherwise agreed or required by law.

05

Nature & Purpose of Processing

The Processor may process personal data to:

  • Manage communications — SMS, calls, chat, social messaging, email
  • Automate bookings and appointment management
  • Store and manage customer interactions via CRM
  • Host websites and process enquiry form submissions
  • Deliver SEO, content, and marketing automation services

06

Types of Personal Data

May include names, contact details (email, phone, address), appointment and booking data, communication content, website enquiry data, and technical and usage data.

07

Processor Obligations

The Processor shall:

  • Process personal data only on documented instructions from the Controller
  • Ensure all persons authorised to process data are bound by confidentiality
  • Implement appropriate technical and organisational security measures
  • Assist the Controller in complying with data subject rights obligations
  • Notify the Controller of any personal data breach without undue delay
  • Delete or return personal data upon termination of services unless legally required to retain it

08

Sub-Processors

The Controller authorises the Processor to engage sub-processors as necessary. Sub-processors may include GoHighLevel (CRM and hosting), Twilio (telephony and messaging), and other cloud hosting and analytics providers. The Processor shall ensure sub-processors are subject to equivalent data protection obligations.

09

International Data Transfers

Where personal data is transferred outside the UK, the Processor shall ensure appropriate safeguards are in place including UK-approved Standard Contractual Clauses or transfers to countries with adequacy decisions.

10

Data Breach Notification

The Processor shall notify the Controller without undue delay upon becoming aware of a personal data breach, and shall provide sufficient information to assist the Controller in meeting its reporting obligations under UK GDPR.

Have a question about this policy?

AI Takes Axion Ltd  ·  [email protected]  ·  aitakesaxion.com

Get in Touch
AI Takes Axion

AI-powered systems that help service businesses capture more leads, convert faster, and scale without the overhead.

© 2026 AI Takes Axion. All rights reserved.
contact@aitakesaxion.com
+44 7850 213852