SemantiSemanti
Menu
Legal

Privacy Policy

This policy explains how Semanti collects, uses, shares, and protects personal data when you use our website, contact us, work with us, or apply for a role.

Last updated:

Who we are

Semanti is based in the United Kingdom. For UK data protection law, including the UK General Data Protection Regulation and the Data Protection Act 2018, Semanti is the controller for the personal data described in this policy unless we say otherwise or a client contract provides otherwise.

You can contact our data protection officer at [email protected].

When this policy applies

This policy applies to personal data we process when you:

  • visit semanti.com or interact with our website;
  • contact us, request information, or meet with us;
  • subscribe to updates, attend events, or receive marketing communications;
  • work with us as a client, supplier, partner, adviser, or business contact;
  • apply for a role or participate in recruitment; or
  • otherwise interact with Semanti in a business context.

Some client engagements may involve Semanti processing personal data on behalf of a client. In those circumstances, the client is usually the controller and Semanti acts as processor under the relevant services agreement or data processing agreement. The client's own privacy notice may also apply.

Personal data we collect

The personal data we collect depends on your relationship with us. It may include:

  • name, business email address, phone number, job title, and organisation;
  • messages, enquiries, meeting details, preferences, and correspondence;
  • live chat messages, transcript metadata, page context, and agent replies;
  • account, contract, invoice, billing, procurement, and project information;
  • information supplied by clients or partners during service delivery, including data included in documents, datasets, systems, prompts, outputs, or support requests;
  • website and technical data, such as IP address, device type, browser type, pages viewed, referring URLs, logs, and security events;
  • newsletter, event, and marketing preference data, including opt-in and opt-out records; and
  • recruitment information, such as CVs, employment history, qualifications, interview notes, references, right-to-work information, and assessment materials.

We do not intentionally collect special category data unless it is necessary for a specific purpose, you choose to provide it, or a client supplies it as part of an agreed engagement. Special category data includes information about health, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data used for identification, sex life, or sexual orientation. Please do not send us this kind of information unless we have asked for it or it is clearly necessary.

How we collect personal data

We collect personal data from:

  • you directly, when you contact us, use forms, meet us, or apply for a role;
  • our website live chat, when you send a message or choose to provide contact details;
  • your organisation, colleagues, clients, suppliers, partners, or professional contacts;
  • publicly available sources, such as company websites, Companies House, professional directories, and business social networks;
  • our website, systems, and service providers through logs, security tools, cookies, and similar technologies; and
  • clients who provide data for us to process as part of an engagement.

Live chat

If you use Ask Semanti live chat, we process the message you send, contact details you choose to provide, technical context needed to operate the chat, and the replies from authorised Semanti team members.

We use live chat data to respond to enquiries, keep appropriate business records, secure the service, and understand whether the website is meeting visitor needs. Please do not include confidential, sensitive, or special category data unless it is necessary for your enquiry.

How we use personal data

We use personal data only where we have a lawful basis under UK data protection law. The main purposes and lawful bases are:

PurposePersonal dataLawful basis
Responding to enquiries and managing business relationshipsContact details, role, organisation, messages, live chat transcripts, meeting notes, and communication preferences.Legitimate interests in responding to you and developing business relationships. Contract where we need to take steps before entering into an agreement.
Providing services and managing client workClient contact details, project records, account information, service data, support requests, and information supplied during engagements.Contract, legitimate interests in delivering and improving services, and legal obligation where we must keep records or comply with law.
Operating, securing, and improving our website and systemsDevice, browser, IP address, pages viewed, logs, security events, and diagnostic information.Legitimate interests in running secure and reliable services. Consent where required for non-essential cookies or similar technologies.
Marketing, events, newsletters, and updatesBusiness contact details, subscription choices, interaction records, and marketing preferences.Consent where required by law, or legitimate interests for relevant business-to-business communications. You can opt out at any time.
Recruitment and hiringCVs, employment history, qualifications, interview notes, references, right-to-work information, and correspondence.Contract steps before employment, legitimate interests in assessing candidates, and legal obligation for required checks.
Legal, regulatory, finance, and governanceContracts, invoices, payment records, audit records, compliance files, and correspondence.Legal obligation, contract, and legitimate interests in managing our organisation, resolving disputes, and protecting legal rights.

Where we rely on legitimate interests, we consider the nature of the data, your reasonable expectations, the impact on you, and whether there is a less intrusive way to achieve the same purpose.

AI and client service data

Semanti works with artificial intelligence systems and may use AI tools, model providers, and automation to support research, drafting, analysis, software development, operational workflows, and client service delivery. We aim to use the minimum personal data needed for those purposes.

We do not knowingly use client confidential information or personal data to train public AI models unless the relevant agreement permits it. Where we use third party AI or cloud providers, we assess appropriate contractual, security, and data protection safeguards.

We do not use personal data collected through this website to make solely automated decisions that produce legal or similarly significant effects about you. If this changes, we will update this policy and provide the information and safeguards required by law.

Cookies and similar technologies

Our website may use essential cookies and similar technologies to operate the site, keep it secure, remember basic settings, and support administrative functions. These are necessary for the website to work.

If we use non-essential analytics, advertising, or tracking technologies, we will provide clear information and obtain consent where required by law. You can also control cookies through your browser settings, although blocking some cookies may affect website functionality.

Marketing communications

We may contact business contacts with relevant updates about Semanti, our work, events, and services. We will only send electronic marketing where permitted by applicable law. You can opt out of marketing at any time by using the unsubscribe link in our emails or contacting [email protected].

We may still send non-marketing messages, such as service, security, legal, or account communications.

Who we share personal data with

We may share personal data with:

  • hosting, cloud, IT, security, analytics, email, collaboration, CRM, finance, and administrative service providers;
  • AI, model, data, and software providers where needed for our work and subject to appropriate safeguards;
  • clients, suppliers, partners, advisers, auditors, insurers, and banks;
  • regulators, courts, law enforcement, public authorities, or other third parties where required by law or necessary to protect rights and security; and
  • potential buyers, investors, or advisers if we are involved in a merger, acquisition, restructuring, investment, or sale of assets.

We do not sell personal data.

International transfers

We are based in the UK, but some service providers, clients, partners, and systems may process personal data outside the UK. Where UK data protection law requires transfer safeguards, we use appropriate mechanisms such as adequacy regulations, the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or another lawful transfer mechanism.

How long we keep personal data

We keep personal data only for as long as reasonably necessary for the purposes described in this policy, including to meet legal, accounting, reporting, and security requirements. Retention periods vary by context. As a guide:

  • enquiry and business contact records are normally kept for up to 24 months after the last meaningful interaction, unless there is an ongoing relationship;
  • marketing records are kept until you opt out or we decide they are no longer useful for the purpose collected;
  • contract, finance, tax, and corporate records are normally kept for up to seven years;
  • recruitment records are normally kept for up to 12 months after a hiring decision unless we agree a longer talent-pool period with you;
  • website logs and security records are normally kept for up to 12 months, unless needed longer for security, investigation, or legal reasons; and
  • client project data is kept in line with the relevant client agreement, data processing agreement, statement of work, or deletion instruction.

Security

We use technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures may include access controls, encryption, supplier due diligence, logging, backups, and staff confidentiality obligations. No system is completely secure, so we keep our safeguards under review.

Your rights

Subject to legal limits, you may have the right to ask us to access, correct, erase, restrict, or transfer your personal data. You may also object to certain processing, object to direct marketing, and withdraw consent where we rely on consent.

To exercise your rights, contact [email protected]. We may need to verify your identity before responding.

Complaints

We would like the chance to resolve any concern first. You can contact our data protection officer at [email protected].

You also have the right to complain to the UK Information Commissioner's Office. You can find more information at ico.org.uk/make-a-complaint.

Children

Our website and services are intended for business audiences and are not directed at children. We do not knowingly collect personal data from children through this website.

Changes to this policy

We may update this policy from time to time. When we make material changes, we will take reasonable steps to bring them to your attention where required by law. The latest version will always be available on this page.