Aveni Limited
External Privacy Notice
Last Updated: 20/01/2026
Aveni Limited (“Aveni”, “we, “us”, “our”), a company registered in Scotland under registration number SC600143, whose registered address is 58 Morrison Street, Edinburgh, Scotland, EH3 8BP, is committed to protecting and respecting your privacy. We are committed to the protection of the Personal Data we process in line with the data protection principles set out in the UK General Data Protection Regulation and the EU General Data Protection Regulation (2016/679), the Privacy and Electronic Communications (EC Directive) Regulations 2003 and the Data Protection Act 2018.
Where Aveni Limited is the Controller of your Personal Data, we are registered in the UK with the Information Commissioner’s Office (“ICO”), registration number ZA925667.
We have appointed an external data protection officer (“DPO”), details as follows:
Evalian Limited
West Lodge
Leylands Business Park
Colden Common
Hampshire
SO21 1TH
United Kingdom
Email: dpo@evalian.co.uk
Website: www.evalian.com
As an information-led business, we place great importance on ensuring the quality, confidentiality, integrity and availability of the data we hold and in meeting our data protection obligations when processing Personal Data. We are committed to protecting the security of your Personal Data, using a variety of technical and organisational measures to help protect your Personal Data from unauthorised access, use or disclosure.
We update this privacy notice from time to time in response to changes in applicable laws and regulations, to our processing practices and to the products and services we offer. When changes are made, we will update the date at the bottom of this document. Please review this privacy notice periodically to check for updates.
Unless we notify you otherwise, we are the controller of the Personal Data we process about you. This means that we decide what Personal Data to collect and how to process it.
The purpose of this privacy notice is to explain what Personal Data we collect about you and how we process it. This privacy notice also explains your rights, so please read it carefully. If you have any questions, you can contact us using the information provided below under the ‘How to contact us’ section.
This privacy notice applies to you if:
‘Personal Data’ means any information from which someone can be identified either directly or indirectly. For example, you can be identified by your name or an online identifier.
Data protection legislation requires us to identify an appropriate lawful basis to process Personal Data. The lawful bases we rely on as Controller are detailed below with the types of processing to which they apply:
We will only use your Personal Data when the law allows. Most commonly, we will use your Personal Data in the following circumstances:
Categories of individuals | Categories of Personal Data | Purpose of Processing | Lawful Basis | Retention Period |
|---|---|---|---|---|
Client or Supplier | Name, job title, email address, phone number, company you work for | Contracting new Clients or Suppliers. | Contract | 6 years following termination of the contract |
Client | Name, job title, work email address, work phone number, company you work for | Providing you with our Services and carrying out Client instructions in connection with those Services. | Contract | 6 years following termination of the contract |
Former Clients | Name, job title, work email address, work phone number, company you work for | Managing queries relating to services we have provided historically. Legitimate interests: business continuity, trade goodwill, brand and reputation protection. | Legitimate interests | 2 years following last meaningful contact |
Client, Supplier, Business Contact | Name, job title, work email address, work phone number, company you work for | Managing our relationships with clients, suppliers, or business contacts. Legitimate interests: business continuity, trade goodwill, brand and reputation protection. | Legitimate interests | 2 years following last meaningful contact |
Data Subject | Name, email address, address | Complying with Data Subject right requests | Legal Obligation | 1 year following completion of request |
Data Subject | Name, email address, address | Communicating with relevant Controllers or processors about Data Subject right requests | Legal Obligation | 1 year following completion of request |
Client | Name, job title, work email address, work phone number, company you work for | Processing orders for our Products or Services. | Contract | 6 years following termination of the contract |
Clients, former Clients, Suppliers, website users | Name, email address, phone number, company you work for | Seeking views or feedback about our Products or Services. Legitimate interests: Service evaluation, quality improvement, compliance evidence. | Legitimate interests | 2 years following last meaningful contact |
Clients or former Clients | Name, email address, phone number, company you work for | Notifying about changes to our Services. Where no current contract exists, our legitimate interests are business continuity, trade goodwill, and brand and reputation protection. | Contract or Legitimate interests | 2 years following last meaningful contact |
Clients, former Clients, Suppliers, website users | Name, email address, phone number, company you work for | Handling an enquiry or complaint. Where no current contract exists, our legitimate interests are business continuity, trade goodwill, and brand and reputation protection. | Contract or Legitimate interests | 2 years following last meaningful contact |
Clients, Prospective Clients, Former Clients | Name, email address, phone number, company you work for | Sending marketing communications and other company updates | Consent | 2 years following last meaningful contact or when you withdraw your consent |
Where Personal Data is processed because it is necessary for the performance of a contract to which you are a party, we will be unable to provide our services without the required information.
There may be instances where we need to process Special Category Personal Data, such as health, race or ethnicity information. We will ensure the relevant special conditions are met and documented where required by law.
Personal Data is any information relating to an identified or identifiable natural person. We process the information you give us, whether through interactions with our Website or by any other form of correspondence.
As a Controller we would normally collect the following categories of Personal Data:
The above list is representative and non-exhaustive.
We collect Personal Data through several means, for example:
We may use Personal Data for the following purposes:
The above list is non-exhaustive and representative. For more information on how we use Personal Data for specific activities you can contact us as detailed below.
Google Calendar Integration
We integrate with the Google Calendar service to assist with meeting and appointment scheduling. The personal data shared with us by Google and processed for this function includes:
This information is shared with meeting organisers and invitees only, used only for this purpose and retained in accordance with our Personal Data Retention Policy (see section 13, below).
Our services are not designed for children or those under the age of 18. If we do become aware of anyone using our services who may be under 18, we will take all reasonable steps to ensure we do not process their data any further and will communicate this to them directly.
Please note, Personal Data will not be used for any automated decision-making processes, including profiling, with legal or similarly significant effects on Data Subjects.
We may need to share your Personal Data with other departments and members of our organisation, such as IT / technical support (including any help and assistance with our AI service offering).
There may also be instances where we may need to share your Personal Data with any competent law enforcement body, regulatory organisation, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation or (ii) to exercise, establish or defend our legal rights.
There may be instances where we need to transfer your Personal Data outside the UK. We may need to share your data with companies who are in the European Economic Area (The EU member states, plus Norway, Iceland and Liechtenstein – “EEA”) or another adequate listed country, or to third countries who may not have the same data protection laws as the UK. If we need to transfer your information outside the UK, we will take steps to ensure appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this notice.
We may at times use processors to help us fulfil our contractual duties and obligations. We have put in place agreements with them and ensured the correct data protection language, obligations and responsibilities are incorporated in these agreements. A list of sub-processors is available upon request by contacting us using the details below.
We use cookies on our websites. More information to how we use cookies can be found in our Cookie Notice available here.
This website contains links to other websites, which are clearly marked as such. Please note that we have no control over external websites and are not responsible for the protection and privacy of any information which you may provide to them.
We would like to send you marketing news and updates regarding our company, products and services. You can opt into marketing communications by filling out the form at the bottom of our website.
In order to send you marketing communications, we require your consent. You can withdraw this consent at any time (i.e. opt out) by clicking on the relevant unsubscribe link at the bottom of the email. You also have the ability to opt out by contacting using the details below. We do not sell your personal data to anyone for any purpose.
We do not conduct any automated decision making and profiling within our organisation.
We regularly review our data retention practices ensuring we only retain Personal Data for as long as necessary, in line with our data processing activities. We have created a Personal Data Retention Policy to help document relevant retention periods.
As a Controller we will retain Personal Data for as long as is necessary for the purposes of the processing and a reasonable time afterwards. As a Processor we will retain Personal Data as determined by our client Controllers. When Personal Data is to be deleted we will either delete it manually or anonymise it if deletion is not possible.
We may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of our business. Any Personal Data that you have provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will be permitted to use that data only for the purposes for which it was originally collected by us.
We are ISO 27001 certified and copies of our certification are available upon request. We have also put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions and are subject to a duty of confidentiality.
If you are based in the UK or EEA, your Data Subject rights are as follows:
If you would like to exercise any of the above rights, please contact us as detailed below.
If you would like to contact us directly to talk to us about a concern or to raise a complaint about the way we are processing your Personal data, please use our contact details below.
If you feel we have not dealt with your complaint satisfactorily, you may submit a complaint to the ICO via this link https://ico.org.uk/make-a-complaint/.
We will review this notice and make changes to it from time to time. We recommend you check this notice to see where changes have been made and to ensure you are able to review updated information at all times.
You may contact our head office using the following details:
58 Morrison Street,
Edinburgh,
Scotland.
EH3 8BP
Email: info@aveni.ai
Phone: +44 (0)3330 165 242
Last updated: 20th January 2026
