Privacy Policy

We power automation and insight direct from the voice of your customers

AI in action

1.  Introduction

Aveni Ltd. (“Aveni” referred to as “We, “Our” or “Us”) understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of everyone who visits this website, (“Our Site”) and will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under data protection legislation.

Data protection legislation means the UK GDPR and other applicable laws including (but not limited to) the EU GDPR 2016 and the Privacy Electronic Communication Regulation (“PECR”) 2011. This also includes any replacement legislation which may come into effect from time to time.

Aveni is both a data controller and a data processor and this notice sets out how we act as both roles.

As we are based and headquartered in the United Kingdom (UK), we are registered with the Information Commissioners Office (the ICO) with registration number ZA925667.

You contact our head office using the following details:


1 Rutland Court





Phone: +44 (0)3330 165 242

We have also appointed an external data protection officer (DPO) and their details are as follows:

Evalian Limited

West Lodge

Leylands Business Park

Colden Common


SO21 1TH

United Kingdom


Phone: +44 (0)333 050 0111



2. Lawful Basis for Data Processing

Data protection legislation requires Aveni to identify an appropriate lawful bases to process personal data. The lawful basis we rely on as a data controller are detailed below with brief examples for when they may apply:


For opting into marketing communications, newsletters, competitions etc

Contractual Obligation

To take steps into entering and concluding contracts of employment

Legal Obligation

Where needed for tax reasons such as HMRC purposes

Legitimate Interests

To help answer any questions or concerns that may be sent to us from individuals who we may have no prior existing relationship with

There may be instances of where we may need to process certain categories of data referred to as Special Category Personal Data. These may include personal data related to health, race and ethnicity as examples, but where identified and needed, we will ensure the relevant special conditions are applied and documented where needed.

As a data processor we process personal data in line with the lawful basis determined by the data controller. For the purposes of our software platform and AI services, this would be legitimate interests.

3. Personal Data Collected

Due to the nature of our business and data processing activities we would collect and process various categories of personal data from various data subjects. Examples of data subjects whose data we process as a data controller can include job applicants, employees, visitors/guests to our premises and those who send us enquiries through our website.

As a data controller we would normally collect the following categories of personal data:

  • Names
  • Job details (company and job function)
  • Contact information
  • Recruitment data (CVs and cover letters)
  • Technical data (e.g. IP Addresses)

The above list is representative and non-exhaustive.

As a data processor, we may process and store the following categories of personal data, which can include (but is not limited to):

  • Audio call recordings
  • Meta data of call recordings
  • Quality reviews

We collect personal data through several means. Examples can include:

  • When you complete an online form on our website
  • Contact by phone, email or other communications (e.g. LinkedIn)
  • Applying to any of recruitment vacancies
  • When you use any of our services
  • From third-party sources, professional contacts or third parties who send us your details as prospective clients, candidates, associates or business partners

The above list is representative and non-exhaustive.


4. How We Use Personal Data

We may use personal data for various activities which can include the following activities:

  • To contract with you as a new client or supplier
  • To provide services to you and carry out your instructions in connection with our services
  • To manage queries relating to services we have provided to you historically
  • To manage our relationship with you as a client, supplier or professional contact
  • To process job applications
  • Action any data subject right requests
  • Communicate with relevant data controllers any communications received from a data subject including (but not limited to) data subject right requests
  • Process an order for a product or other service
  • Seek your views or comments on the services we provide
  • Notify you of changes to our services
  • Handle an enquiry or complaint you have made
  • Sending marketing communications and other company updates

The above list is non-exhaustive and representative. For more information to how we use personal data for specific activities you can contact us as detailed above.


5. Recruitment and Criminal Data Processing

From time to time we may advertise job vacancies through our website (see our careers section) and on websites such as LinkedIn. When we receive candidate information we may receive personal data such as your name, CV information and other information which may be used to help your application to stand out (e.g. may be immediately available). We will be sure to only retain candidate data for as long as reasonably necessary which is typically 6 months if a candidate is unsuccessful.

The same applies with any direct applications received LinkedIn. If we screen a profile and CV information and the candidate is unsuccessful we will only make sure we only have that data for as long as necessary which again would be up to 6 months.

Our roles require employees to go through basic DBS checks and more information can be found in our separate recruitment privacy notice in our careers section.


6. Children’s Data

Our services are not specifically designed for children and for those under the age of 18. If we do become aware of anyone using our services who may be under 18, we will take all reasonable steps to ensure we do not process their data any further and will communicate this to them directly.


7. Data Sharing

Due to the nature of our business there may be at times we are required to share data with other departments and members of our organisation. Examples of when we may need to share data can include for recruitment purposes, IT concerns (including any help and assistance with our AI service offering), and any questions or concerns regarding data protection received from other departments.

Please note there may also be instances where we may need to share data with any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation or (ii) to exercise, establish or defend our legal rights.


8. International Data Transfers

There may be instances where we may need to transfer your data outside the UK. We may need to share your data with companies who are in the European Economic Area (The EU member states, Norway, Iceland and Liechtenstein), in an adequate listed country or in other third countries who may not have similar data protection laws to the UK. If we need to transfer your information outside the UK we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this notice.


9. Sub-Processors

We may at times use sub-processors to help us fulfil our contractual duties and obligations to our client controllers. We have put into place agreements with them and ensured the correct data protection language, obligations and responsibilities are incorporated in these agreements. A list of sub-processors is available upon request by contacting us using our details above.


10. Cookies

We use cookies on our websites. More information to how we use cookies can be found in our cookie notices where you can also change your consent.


11. Links

This website contains links to other websites, which are clearly marked as such. Please note that we have no control over external websites and are not responsible for the protection and privacy of any information which you may provide to them. Please refer to the website’s privacy notice when using it.


12. Marketing Communications

We would like to send you marketing news and updates regarding our company, products and services should you like to receive them. You can opt into marketing communications by filling out the form at the bottom of our website.

In order to send you these communications we would require your consent, and you can always change your preferences (i.e. opt out) by clicking on the relevant unsubscribe link at the bottom of the email. You also have the ability to opt out by contacting us over phone or email should you chose to do so.


13. HubSpot

HubSpot is our CRM system for storing existing and potential customer’s data. A customer’s data is added to HubSpot either by site visitors providing their contact information or when an Aveni user adds the information.

This is crucial as it enables us to give our customers and potential customers relevant, useful and personalized marketing, sales and customer services content. We also document communications, such as emails and meetings that have been held. We can also see whether you have opened an email or not. This informs us instantly whether what we send you is interesting, allowing us to tailor our communications to best serve our audience. 

This data is stored by us as long as you are a customer and/or have a relationship with us. If you have any questions, please feel free to contact us at


14. Automated Decision-Making and Profiling

We do not conduct any automated decision making and profiling within our organisation.

15. Data Retention

We regularly review our data retention practices to ensure we only retain personal data for as long as necessary in line with our data processing activities. We have created data retention policies and accompanying data retention schedules to help document relevant retention periods.

As a data controller we will retain personal data for as long as necessary in line with various requirements, such as for example, best practice recommendations (e.g. ICO recommendations), relevant guidelines (e.g. ACAS guidance) or for as long as mandated under specific legislation (e.g. HMRC requirements). We will also determine appropriate retention periods based on our legitimate interests where identified.

As a data processor we will retain personal data for as long as required as set by our client data controllers.

When data is needed to be deleted we will either delete manually or anonymise it if deletion is not possible.


16. What Happens If Our Business Changes Hands?

We may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of our business. Any personal data that you have provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will be permitted to use that data only for the purposes for which it was originally collected by us.


17. Data Security

We are ISO 27001 certified and copies of our certification are available upon request. We have also put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

If we become aware of any loss, misuse, alteration of personal data we will work closely with our IT team and other parties as necessary to investigate the incident at hand. We have put into place the relevant procedure and policies in place to investigate, mitigate and report (when needed to relevant parties) such instances.


18. Data Protection Rights

If you are based in the UK you have several Rights to how an organisation processes your personal data. The Rights are as follows:

  • Right to be informed
  • Right to access data
  • Right to rectification
  • Right to erasure
  • Right to restrict processing
  • Right to objection
  • Right to portability
  • Right not to subject to automated decision making and profiling

If you would like to exercise any of the above Rights you can do so by sending us a written request to our email address mentioned above.

Please also note and as mentioned above, if we receive a Rights request as a data processor, we will forward the request to the client controller who may then contact you directly for additional information or to confirm if the Right is exercised or not.


19. Concerns and Complaints

We understand you may have concerns and complaints to this notice and any aspects to how we process personal data. If you would like to contact us directly to talk to us about a concern or to raise a complaint, you can do so by using our contact details above.

You can also submit a complaint directly to the Information Commissioners Office (the ICO), the UK supervisory authority for data protection in the UK, via this link


20. Review and Updates

We will review this notice and make changes to it from time to time. We recommend that you check this notice to see where changes have been made and to ensure you are able to review updated information at all times.

This Privacy Policy was last updated on 27 January 2023.