Data Protection

Data Protection Policy: Richah UK Ltd

Effective Date: February 27, 2026 Version: 1.0

1. Introduction

Richah UK Ltd ("the Company") is committed to a policy of protecting the rights and privacy of individuals in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. As an AI solutions company, we recognise the importance of data ethics and the secure processing of personal information.

2. Scope of Policy

This policy applies to all personal data processed by the Company, including data collected via our website, contact forms, and any data handled during the provision of our AI services. It applies to all employees, contractors, and third-party partners.

3. Data Protection Principles

The Company will ensure that all personal data is:

  1. Lawful, Fair, and Transparent: Processed lawfully, fairly, and in a transparent manner.

  2. Purpose Limitation: Collected for specified, explicit, and legitimate purposes.

  3. Data Minimisation: Adequate, relevant, and limited to what is necessary.

  4. Accuracy: Accurate and, where necessary, kept up to date.

  5. Storage Limitation: Kept in a form which permits identification for no longer than is necessary.

  6. Integrity and Confidentiality: Processed in a manner that ensures appropriate security, using technical and organisational measures.

  7. Accountability: The Company is responsible for, and able to demonstrate compliance with, these principles.

4. Responsibility for Data Protection

The directors of Richah UK Ltd hold ultimate responsibility for ensuring compliance. Any queries regarding data protection should be directed to:

  • Data Lead: theteam@Richah.UK

  • Address: Burnbank, Lamplugh, CA14 4TY

5. Data Security Measures

We implement robust technical and organisational measures to protect personal data, including:

  • Encryption: Using industry-standard encryption for data in transit and at rest.

  • Access Control: Restricting access to personal data to only those employees or contractors who require it for their specific job functions.

  • UK-Based Infrastructure: Maintaining all primary servers and data storage within the United Kingdom.

  • Regular Audits: Periodically reviewing our data processing activities and security protocols.

6. AI Ethics and Data Processing

As an AI-focused company, we adhere to the following additional standards:

  • Anonymisation: Where possible, we use anonymised or pseudonymised datasets for AI model training to protect individual identities.

  • Transparency in Logic: We aim to ensure that any AI-driven processing of personal data is explainable and free from unlawful bias.

  • Human Oversight: We maintain human oversight over significant data processing activities.

7. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, the Company will notify the Information Commissioner’s Office (ICO) within 72 hours of becoming aware of the breach. Affected individuals will be notified without undue delay if the breach is likely to result in a high risk to their rights.

8. Subject Access Requests (SARs)

Individuals have the right to access the personal data we hold about them. We will respond to all Subject Access Requests within one month of receipt, provided the identity of the requester can be verified.

9. Data Retention and Disposal

Personal data will be deleted or destroyed securely when it is no longer required for the purpose for which it was collected. Our retention periods are reviewed annually.

10. Policy Review

This policy will be updated as necessary to reflect changes in legislation or Company practices.

Contact Information: Richah UK Ltd Burnbank, Lamplugh, CA14 4TY Email: theteam@Richah.UK