AjaexPlatform

Privacy Policy

Effective date: 1st June 2025
Last updated: 29 April 2026

Ajaex UK Ltd ("Ajaex", "we", "us", "our") respects your privacy and is committed to protecting your personal data.

This Privacy Policy explains how we collect, use, disclose, and protect personal data when you:

  • visit our website at https://ajaexplatform.com
  • contact us, request a demo, or interact with us as a prospective customer
  • use Ajaex Platform as a customer, user, administrator, or authorised representative
  • otherwise communicate with us

1. Who we are

Ajaex UK Ltd is the controller of personal data covered by this Privacy Policy unless stated otherwise.

Company details

Ajaex UK Ltd
Unit 15, Attenburys Industrial Estate, West Timperley, Altrincham, WA14 5QE
Company number: 14205686
VAT registration number: 423415232
Email: info@ajaexplatform.com

If you have any questions about this Privacy Policy or your data, contact us at: info@ajaexplatform.com

2. The services this policy covers

Ajaex provides a configurable, UK-hosted operations platform for organisations including facilities management providers, public sector bodies, housing, and education organisations. The platform may include workflow management, tenant-based data separation, customer portals, automation, reporting, and AI-assisted features.

This Privacy Policy covers:

  • our public-facing marketing website
  • our sales and onboarding processes
  • our customer account and relationship management
  • our operation of the Ajaex Platform where we act as a controller

Where Ajaex Platform is used by a customer to process that customer's data, we generally act as a processor on behalf of that customer, and the customer's own privacy notice will apply to that processing.

3. What personal data we collect

We may collect, use, store and transfer the following categories of personal data:

A. Identity and contact data

  • name
  • job title
  • employer or organisation name
  • business email address
  • business phone number
  • postal address
  • account username or identifier

B. Account and platform data

  • login and authentication details
  • role, permissions, tenant or organisation association
  • profile information
  • audit history relating to user actions in the platform

C. Technical and usage data

  • IP address
  • browser type and version
  • device information
  • operating system
  • referral source
  • pages visited
  • session data
  • timestamps and log data
  • interactions with our website or platform

D. Communications data

  • enquiry forms
  • demo booking information
  • support requests
  • emails and correspondence
  • survey or feedback responses

E. Customer data uploaded or entered into the platform

Depending on how customers configure the platform, this may include personal data relating to their staff, contractors, customers, suppliers, residents, tenants, or service users.

F. AI feature inputs and outputs

If AI-assisted features are enabled, we may process prompts, selected input fields, generated outputs, confidence scores, classifications, and related review or audit data.

4. How we collect your personal data

We collect personal data:

  • directly from you when you contact us, request a demo, subscribe, or use the platform
  • automatically through cookies and similar technologies when you use our website
  • from your employer or organisation when they create or manage your user account
  • from integrations, administrators, or authorised users acting on behalf of a customer
  • from publicly available business sources such as company websites or professional networking sites where permitted by law

5. How we use your personal data

We use personal data for the following purposes:

To operate our website

  • to provide website content
  • to secure and administer the website
  • to understand website performance and improve user experience

Lawful basis: legitimate interests

To respond to enquiries and arrange demos

  • to contact you
  • to provide information you request
  • to book and manage demonstrations or sales discussions

Lawful basis: legitimate interests, and steps prior to entering into a contract

To provide and support the platform

  • to create and administer accounts
  • to provide customer access and tenant segregation
  • to manage service delivery, support, maintenance, updates, and security
  • to generate logs and audit trails

Lawful basis: contract, legitimate interests

To improve our products and services

  • to analyse usage patterns
  • to troubleshoot and diagnose issues
  • to test, develop, and enhance features

Lawful basis: legitimate interests

To operate AI-assisted features

  • to perform customer-authorised classification, automation, suggestions, or configuration assistance
  • to log AI-related actions for transparency, quality, validation, and audit purposes
  • to improve safety, reliability, and performance of our AI-enabled features where appropriate

Lawful basis: contract, legitimate interests, and where required, consent

To comply with legal and regulatory obligations

  • to meet legal, tax, accounting, audit, fraud prevention, and information security obligations

Lawful basis: legal obligation, legitimate interests

To manage our business relationship

  • billing and invoicing
  • contract administration
  • service notices
  • business continuity and record keeping

Lawful basis: contract, legal obligation, legitimate interests

6. AI and automated processing

Ajaex may offer AI-assisted functionality such as classification, routing, summarisation, suggestions, or platform configuration support. These features are designed to support users, not replace accountable human decision-making.

Where AI features are used:

  • the relevant inputs and outputs may be logged
  • results may be reviewable by authorised users
  • audit records may be retained
  • customers control whether and how certain AI workflows are enabled within their environment

We do not rely solely on automated decision-making that produces legal or similarly significant effects on individuals unless we have a lawful basis to do so and comply with applicable law.

7. Lawful bases under UK GDPR

Under UK data protection law, we rely on one or more of the following lawful bases:

  • Contract: where processing is necessary to perform a contract or take steps before entering into one
  • Legitimate interests: where processing is reasonably necessary for our business and does not override your rights
  • Legal obligation: where we must comply with law or regulation
  • Consent: where required, particularly for certain cookies or optional communications

8. Sharing your personal data

We may share personal data with:

  • hosting, infrastructure, and cloud service providers
  • analytics, security, communications, and support providers
  • professional advisers such as lawyers, accountants, insurers, and auditors
  • regulators, law enforcement, courts, or competent authorities where required
  • prospective buyers or investors in connection with a merger, acquisition, financing, or sale of assets
  • customer-authorised integrations or subprocessors where applicable

We require service providers acting on our behalf to protect personal data and only process it on our instructions where required.

9. International transfers

We aim to host and process data in the UK where possible. If we transfer personal data outside the UK, we will ensure appropriate safeguards are in place, such as:

  • adequacy regulations
  • the UK International Data Transfer Agreement
  • the UK Addendum to the EU Standard Contractual Clauses
  • other lawful transfer mechanisms

10. Data security

We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, and disclosure. These measures may include:

  • access controls
  • authentication and role-based permissions
  • audit logging
  • encryption in transit and at rest where appropriate
  • network and infrastructure security controls
  • backup and resilience measures

No internet-based system can be guaranteed completely secure, but we work to maintain a level of security appropriate to the risk.

11. Data retention

We retain personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, including to satisfy legal, contractual, regulatory, tax, accounting, dispute-resolution, and audit requirements.

Typical retention periods are:

  • marketing enquiries (uncontracted prospects): 24 months from last meaningful contact
  • customer account and contract records: duration of the contract plus 6 years, in line with the Limitation Act 1980 and HMRC record-keeping requirements
  • routine support records: 12 months; security and authentication audit logs: up to 24 months
  • cookie consent records: 12 months

Where data is no longer required, we will delete it or anonymise it.

12. Your rights

Subject to applicable law, you may have the right to:

  • access your personal data
  • correct inaccurate data
  • request erasure
  • restrict processing
  • object to processing based on legitimate interests
  • request data portability
  • withdraw consent where consent is relied upon

To exercise your rights, contact: info@ajaexplatform.com

You also have the right to complain to the UK Information Commissioner's Office (ICO) if you believe your data protection rights have been breached.

13. Third-party links

Our website or platform may contain links to third-party websites or services. We are not responsible for their privacy practices. Please review their privacy notices separately.

14. Children's privacy

Our website and platform are intended for business and organisational use and are not directed to children.

15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and revise the "Last updated" date above.