This privacy policy applies to the AESOP Solutions website at [DOMAIN] and the report services provided through it.
The data controller is Integrity Defence Solutions UK Ltd, a company registered in England and Wales under company number [COMPANY REG NO], with its registered office at [REGISTERED ADDRESS].
We are registered with the Information Commissioner's Office (ICO) under registration number [ICO REG NO]. [ACTION: Confirm IDS UK is actually ICO-registered. If not, this is a pre-launch compliance step — register at ico.org.uk before the site goes live]
If you have any questions about this policy or how we handle your data, please contact us at [PRIVACY EMAIL — TO BE CONFIRMED BY TIM].
We collect only the data we need to provide the report service and comply with our legal obligations. The table below sets out what we collect, why, and the lawful basis we rely on under UK GDPR.
| Data | Purpose | Lawful basis |
|---|---|---|
| Name, email address, company name | To identify you, communicate with you, and deliver your report | Contract performance (Article 6(1)(b)) |
| Company registration number or LinkedIn profile URL | To verify that requests come from genuine organisations (spam/fraud prevention) | Legitimate interests (Article 6(1)(f)) |
| Your question and amplifying context | To produce your report | Contract performance (Article 6(1)(b)) |
| Any documents you share with us | To incorporate your data into a Tailored report | Contract performance (Article 6(1)(b)) |
| Payment data (processed by Stripe) | To take payment for your report | Contract performance (Article 6(1)(b)) |
| Contact form submissions | To respond to your enquiry | Legitimate interests (Article 6(1)(f)) |
The AESOP analytical platform used to produce your report is operated by Integrity Defence Solutions Inc ("IDS Inc"), our parent company, on infrastructure hosted in the United States (Amazon Web Services). As a result, data you submit — including your question, any supporting context or documents, and your completed report — may be transferred to and processed in the United States.
We are committed to ensuring your data is protected whenever it is transferred outside the UK. We rely on a UK International Data Transfer Agreement (IDTA) between IDS UK and IDS Inc as the appropriate safeguard for this transfer, committing both parties to the data protection standards required under UK GDPR.
[ACTION — Roger/solicitor: A UK IDTA between IDS UK and IDS Inc must be in place and signed before this privacy policy is published. Tim to confirm the specific AWS services and regions in scope so the IDTA covers the correct data flows.]
Payment data is processed by Stripe Inc in accordance with Stripe's own privacy policy and data transfer safeguards. We do not control Stripe's data transfer arrangements.
We do not sell your personal data. We do not share it with third parties for marketing. We share data only in the following limited circumstances:
We keep your personal data for as long as necessary to fulfil the purposes above and to comply with our legal obligations:
If you choose the Public tier, we will publish an anonymised version of your report on our website one week after delivery. Before publication, we remove your name, company name, and any information that could — by reverse engineering — identify you or your organisation. The sector analysis and general recommendations are not removed, as these can reasonably apply to any organisation in that sector. If you have concerns about the anonymisation of your report, please contact us before the one-week window closes.
You have the following rights regarding your personal data. To exercise any of them, contact us at [PRIVACY EMAIL — TO BE CONFIRMED BY TIM]. We will respond within one calendar month.
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.
We use only strictly necessary cookies to support the operation of this website (for example, to maintain your session during the payment process). We do not use analytics, advertising, or tracking cookies. For more detail, see our Cookie Policy.
We may update this policy from time to time. When we do, we will update the "Last updated" date at the top and, where the changes are significant, notify you by email if you have an active order with us.
For any questions about this privacy policy or your personal data, contact us at [PRIVACY EMAIL — TO BE CONFIRMED BY TIM] or write to us at our registered address above.