This Privacy Policy explains how Accountability in Action (we, us, our) collects, uses, stores and protects personal information when you visit our website, contact us, book a consultation, use our services, attend our events, engage with our content or otherwise interact with us.
We are committed to using personal information responsibly, transparently and only where we have a lawful basis to do so. This Privacy Policy should be read together with any contract, statement of work, data processing agreement or other written terms that apply to a specific client engagement.
1. Who we are
Accountability in Action provides responsible technology, AI, automation, accountability systems, training and implementation support for professional services organisations, including law firms.
For the purposes of applicable data protection law, the data controller is Accountability in Action. Where we refer to AIA UK, we mean the UK-facing brand, website or service offering of Accountability in Action.
2. What this Privacy Policy covers
This Privacy Policy applies to personal information we collect about:
- visitors to our website;
- people who contact us through our website or by email;
- people who book calls, consultations or discovery sessions with us;
- prospective clients and clients;
- client team members and business contacts;
- attendees of training sessions, workshops, webinars, events or open chats;
- professional contacts, suppliers, contractors, collaborators and partners;
- people who engage with our resources, publications, podcast, social media or other content;
- individuals whose personal information is provided to us during client projects.
This Privacy Policy does not apply to websites, platforms or services operated by third parties, even where we link to them from our website.
3. Personal information we collect
We may collect and process different types of personal information depending on how you interact with us.
3.1 Information you provide directly
When you complete a form, contact us, book a call or communicate with us, we may collect:
- your full name;
- organisation or firm name;
- job title or professional role;
- email address;
- phone number, if you provide it;
- information about your organisation;
- the type of support you are interested in;
- the topic or category of your enquiry;
- your message or enquiry;
- correspondence and follow-up communications;
- meeting notes, call notes and agreed next steps;
- any information you choose to provide when requesting a consultation, proposal, workshop, training session or support.
Our website contact form may ask you to provide your full name, organisation, email address, the type of support you need and your message. Please do not submit confidential, privileged, sensitive or unnecessary personal information through our website contact form.
3.2 Client and project information
When we work with clients, we may process information connected with the delivery of our services, including:
- business contact details of client representatives and team members;
- organisational information;
- information about workflows, responsibilities, processes and systems;
- information about technology tools, software, automation needs and operational challenges;
- project documents, notes, implementation plans and training materials;
- information required to support tool selection, implementation, configuration, migration, optimisation or adoption;
- information relating to AI governance, accountability systems, risk controls and internal procedures;
- communications relating to support, training, workshops, implementation and ongoing client relationship management;
- billing, contract and account management information.
Where client materials include personal information about employees, contractors, clients, customers or other third parties, we will process that information only as needed for the agreed engagement and in accordance with the relevant contract, statement of work or data processing agreement.
3.3 Website and technical information
When you visit our website, we may collect limited technical information, such as:
- IP address;
- browser type and version;
- device type;
- operating system;
- approximate location derived from technical data;
- pages visited;
- date and time of visit;
- referral source;
- website usage and interaction data;
- form submission data;
- security logs.
Some of this information may be collected through cookies or similar technologies. More information is provided in section 11.
3.4 Marketing, events and relationship information
If you subscribe to updates, attend an event, join a webinar, participate in a workshop, connect with us professionally or engage with our content, we may process:
- your name;
- email address;
- organisation or firm name;
- job title or role;
- communication preferences;
- event or webinar registration details;
- attendance information;
- areas of professional interest;
- content engagement information;
- records of whether you have opted in or opted out of marketing.
3.5 Information from third parties and public sources
We may receive or collect information from:
- your organisation, where it engages us to provide services;
- another contact who introduces or refers you to us;
- event organisers or professional networks;
- publicly available professional sources, such as company websites, professional directories or LinkedIn;
- third-party platforms used for booking, communication, events, analytics or business administration.
3.6 Special category data and confidential information
We do not intentionally collect special category personal data through our website. Special category data includes information about health, racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data used for identification, sex life or sexual orientation.
Because we work with professional services organisations, including law firms, some client projects may involve confidential, privileged or sensitive material. Where this is necessary, it should be handled under a separate written agreement with appropriate safeguards, access controls and instructions.
4. How we collect personal information
We may collect personal information:
- directly from you when you contact us, complete a form, book a call, send us an email or communicate with us;
- from your organisation where it engages us to provide services;
- through our website, cookies and similar technologies;
- through meeting, booking, email, CRM, project management, analytics or cloud service providers;
- from publicly available professional sources;
- from referrals, introductions, events, webinars, workshops or business partners;
- during the delivery of consulting, implementation, training or support services.
5. How we use personal information and our lawful bases
We only use personal information where we have a lawful basis under applicable data protection law. Depending on the situation, our lawful bases may include contract, legitimate interests, consent, legal obligation, and the establishment, exercise or defence of legal claims.
| Purpose | Personal information used | Lawful basis |
|---|---|---|
| Responding to enquiries | Name, organisation, email address, message, business need | Legitimate interests; steps prior to entering into a contract |
| Managing contact form submissions | Name, organisation, email address, enquiry topic, message | Legitimate interests; steps prior to entering into a contract |
| Booking and managing consultations or discovery calls | Contact details, calendar details, meeting notes, business need | Legitimate interests; steps prior to entering into a contract |
| Preparing proposals, quotes, statements of work or engagement terms | Contact details, organisation details, project requirements, commercial information | Steps prior to entering into a contract; legitimate interests |
| Providing consulting, implementation, training, workshops and support | Client contact details, project information, workflow information, communications | Contract; legitimate interests |
| Supporting AI, automation, software and workflow implementation | Business contact details, system information, workflow data, project materials | Contract; legitimate interests; legal obligation where applicable |
| Managing client relationships | Contact details, correspondence, account notes, project history | Contract; legitimate interests |
| Delivering events, webinars, workshops or open chats | Name, organisation, email address, attendance details, participation information | Contract; legitimate interests; consent where applicable |
| Sending relevant business updates or marketing | Name, email address, organisation, preferences, engagement history | Consent where required; legitimate interests where permitted |
| Improving our website and services | Website usage data, analytics data, feedback, enquiry trends | Legitimate interests; consent where required for cookies |
| Website security, fraud prevention and troubleshooting | IP address, logs, technical data, security records | Legitimate interests; legal obligation |
| Billing, accounting and financial administration | Contact details, invoice details, payment records, tax information | Contract; legal obligation; legitimate interests |
| Managing suppliers, contractors and partners | Contact details, communications, contract records | Contract; legitimate interests |
| Complying with legal, regulatory, tax or accounting obligations | Relevant records, correspondence, contracts, financial information | Legal obligation; legitimate interests |
| Handling complaints, disputes or claims | Relevant correspondence, records, contracts, evidence and communications | Legitimate interests; legal obligation |
Where we rely on legitimate interests, we consider whether our interests are overridden by your rights, freedoms and reasonable expectations. You may object to processing based on legitimate interests in certain circumstances.
6. AI, automation and technology tools
Our services involve responsible technology, AI, automation, software implementation, governance and accountability systems. We may use third-party software tools to support our work, including tools for document preparation, workflow mapping, project management, research, analysis, communication, training, implementation and service delivery.
Where we use AI or automation tools in connection with client work, we aim to apply appropriate safeguards, including:
- using personal information only where necessary for the relevant purpose;
- avoiding the use of sensitive, confidential or privileged information unless this has been agreed and appropriate safeguards are in place;
- avoiding unnecessary personal information in prompts, inputs, test data or demonstrations;
- not intentionally using client personal information to train public AI models;
- applying human oversight to outputs used in client work;
- assessing privacy, confidentiality, security and professional risk before using tools for client projects;
- using access controls and appropriate contractual terms with service providers where required;
- processing personal information only on the client's documented instructions where we act as a processor.
We do not use solely automated decision-making that produces legal or similarly significant effects for website visitors or prospective clients.
7. Marketing communications
We may contact business contacts with relevant information about our services, events, resources, publications, workshops, webinars, updates or professional insights where permitted by law.
We may send marketing communications where:
- you have given consent;
- you have engaged with us in a business or professional context and we believe the information may be relevant to your role or organisation;
- the law otherwise permits us to do so.
You can opt out of marketing communications at any time by clicking the unsubscribe link in an email, replying to the communication, or contacting us at eryk@accountability-in-action.com.
We will not sell your personal information to third parties for marketing purposes.
8. When we act as controller and when we act as processor
In most cases, we act as a controller for personal information used to manage our website, enquiries, marketing, events, client relationships, contracts, billing and business administration.
In some client projects, we may act as a processor where we process personal information on behalf of a client. This may happen, for example, where we assist with software implementation, workflow design, data migration, automation, AI adoption, training, support or system optimisation using data controlled by the client.
Where we act as a processor, the client remains responsible for deciding why and how the personal information is processed. Our processing will be governed by the relevant contract, statement of work, data processing agreement or written instructions.
9. Who we share personal information with
We may share personal information with trusted third parties where necessary and lawful, including:
- website hosting providers;
- website maintenance and security providers;
- email and communication providers;
- calendar and booking tools;
- CRM, project management and productivity tools;
- cloud storage and document management providers;
- analytics and website performance providers;
- IT, security and support providers;
- AI, automation, research, productivity or workflow tools, where appropriate;
- professional advisers, such as lawyers, accountants and insurers;
- payment, invoicing, bookkeeping or accounting providers;
- event, webinar, podcast or training platforms;
- contractors, consultants or collaborators who support our services;
- regulators, public authorities, courts or law enforcement bodies where required by law;
- clients, where information is relevant to the services we provide to them;
- prospective buyers, investors or advisers in connection with a business transaction, restructuring or sale, where applicable.
We require service providers to protect personal information and to use it only for the purposes for which it was shared.
10. International transfers
Accountability in Action is based in the United States. If you are located in the United Kingdom, European Economic Area or another jurisdiction with data protection transfer rules, your personal information may be transferred to, stored in or accessed from the United States or other countries.
Where personal information is transferred internationally, we will take steps designed to ensure that appropriate safeguards are in place where required by applicable law. These may include:
- transferring data to countries covered by adequacy regulations or adequacy decisions;
- using the UK International Data Transfer Agreement;
- using the UK Addendum to the EU Standard Contractual Clauses;
- using EU Standard Contractual Clauses where applicable;
- carrying out transfer risk assessments where required;
- applying appropriate contractual, technical and organisational safeguards.
11. Cookies and similar technologies
Our website may use cookies and similar technologies to make the website work, improve performance, understand usage and support security.
Cookies are small files placed on your device. Similar technologies may include pixels, tags, scripts, local storage and tracking technologies.
11.1 Types of cookies we may use
| Type | Purpose | Consent required? |
|---|---|---|
| Strictly necessary cookies | Required for the website to function, maintain security, submit forms or remember essential choices | No |
| Analytics cookies | Help us understand how visitors use the website and improve performance | Yes, unless an exemption applies |
| Functionality cookies | Remember preferences or support enhanced website features | Usually yes, unless strictly necessary |
| Marketing or tracking cookies | Measure campaigns or support targeted advertising | Yes |
| Third-party embedded content cookies | May be set by external platforms such as booking tools, media players, podcasts, social platforms or external content providers | Usually yes |
11.2 Managing cookies
Where required, we will ask for your consent before placing non-essential cookies or similar technologies on your device. You can also control cookies through your browser settings. If you disable some cookies, parts of the website may not work properly.
If our website uses analytics, marketing cookies, embedded content, booking tools, video players, podcast players or social media plugins, these tools may set their own cookies or collect technical information. Their use may be subject to the privacy policies and cookie policies of the relevant third-party providers.
12. How long we keep personal information
We keep personal information only for as long as necessary for the purposes described in this Privacy Policy, including to meet legal, accounting, tax, reporting and contractual requirements.
| Data type | Typical retention period |
|---|---|
| Website enquiry records | Up to 24 months after the last interaction |
| Consultation and proposal records | Up to 24 months if no engagement follows, unless needed longer for legal or business reasons |
| Client contract and project records | Up to 7 years after the end of the client relationship, unless a different period is agreed or required |
| Billing, invoice, accounting and tax records | Usually 6 to 7 years, or longer if required by law |
| Marketing records | Until you opt out, withdraw consent or become inactive for a defined period |
| Event, webinar or workshop records | Usually up to 24 months after the event |
| Website analytics data | Usually up to 26 months, unless a different period applies in the relevant analytics tool |
| Security logs | Usually up to 12 months, unless needed to investigate an incident or protect legal rights |
| Supplier and contractor records | For the duration of the relationship and then as needed for legal, tax, accounting or dispute purposes |
We may keep limited information for longer where necessary to establish, exercise or defend legal claims, comply with legal obligations, resolve disputes or enforce agreements.
13. How we protect personal information
We use appropriate technical and organisational measures to protect personal information against unauthorised access, loss, misuse, alteration or disclosure.
These measures may include:
- access controls;
- password protection;
- multi-factor authentication where appropriate;
- secure cloud systems;
- encryption where appropriate;
- limited access on a need-to-know basis;
- supplier due diligence;
- contractual confidentiality obligations;
- internal governance for AI and technology use;
- secure deletion or archiving processes;
- security monitoring and logging where appropriate.
No method of transmission over the internet is completely secure. However, we take reasonable steps to protect the personal information we process.
14. Your rights
Depending on where you are located and which data protection laws apply, you may have rights in relation to your personal information.
Under UK data protection law, these may include:
- the right to be informed about how your personal information is used;
- the right to access your personal information;
- the right to have inaccurate personal information corrected;
- the right to have incomplete personal information completed;
- the right to have personal information erased in certain circumstances;
- the right to restrict processing in certain circumstances;
- the right to object to processing based on legitimate interests;
- the right to object to direct marketing at any time;
- the right to data portability in certain circumstances;
- the right to withdraw consent where processing is based on consent;
- rights relating to automated decision-making, where applicable.
To exercise your rights, please contact us at eryk@accountability-in-action.com.
We may need to verify your identity before responding to a request. We will usually respond within one month where UK data protection law applies, unless the request is complex or we are legally permitted to extend the response period.
15. Complaints
If you are unhappy with how we use your personal information, please contact us first so we can try to resolve the issue.
If UK data protection law applies, you also have the right to complain to the UK Information Commissioner's Office:
If you are located outside the UK, you may also have the right to complain to your local data protection authority, regulator or supervisory authority.
16. Third-party links and external platforms
Our website may contain links to third-party websites, platforms or services. These may include social media platforms, booking tools, podcast platforms, event platforms, online marketplaces, professional directories, publication platforms or external resources.
We are not responsible for the privacy practices of third-party websites or services. You should read their privacy notices before providing personal information to them.
17. Children's privacy
Our website and services are intended for business and professional users. They are not directed at children.
We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can take appropriate action.
18. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our services, website, legal obligations or data protection practices.
The latest version will be published on this page with the updated date shown at the top.
19. Contact us
If you have any questions about this Privacy Policy, how we handle personal information or how to exercise your rights, please contact us at: