Privacy Policy

1. Data Controller

Andrea Technology Solutions Ltd is the data controller responsible for your personal data.

2. Personal Data We Collect

We may collect and process the following categories of personal data:

a) General Website Data

• Name, email address, and message content (contact forms)
• Email address (newsletter subscriptions)
• Usage data (IP address, browser type, pages visited, timestamps)

b) Product-Specific Data

DriveConnect AI:

• Learner drivers: lesson progress, booking history, preferences
• Approved Driving Instructors (ADIs): certification status and professional contact details

JobAssist AI:

• CVs, resumes, job descriptions, and related professional data submitted by users
• AI-generated content is intended to assist, not replace, human judgement
• Users are responsible for reviewing all outputs before relying on them
• Data is stored solely for the user’s personal job tracking and not reused or redistributed.

DigiMart AI:

• Search queries, product preferences, and credit usage history

TaxMate AI:

• Financial and tax-related information submitted for Making Tax Digital (MTD) services

3. How We Use Your Personal Data

We use your data to:

• Provide and operate our services and SaaS platforms
• Facilitate connections between users (e.g. learners and instructors)
• Generate personalised outputs (e.g. CVs, cover letters, tax insights)
• Process marketplace interactions and search functionality
• Respond to enquiries and customer support requests
• Send marketing communications (where you have opted in)
• Improve website performance, functionality, and user experience
• Monitor usage and prevent fraud or misuse

4. Legal Basis for Processing

We process personal data under the following lawful bases:

• Contract – where processing is necessary to deliver our services
• Consent – for marketing communications and non-essential cookies
• Legitimate Interests – for analytics, service improvement, and platform security
• Legal Obligation – where required to comply with UK law

Where we rely on legitimate interests, we ensure that such interests are balanced against your rights and freedoms.

5. Sharing Your Personal Data

We do not sell or rent your personal data.

We may share your data with:

• Cloud infrastructure and hosting providers
• Analytics providers (e.g. Google Analytics)
• Email and communications platforms (e.g. Brevo, Resend)
• Service participants (e.g. sharing relevant data between learners and ADIs within DriveConnect AI)

All third parties are required to respect the security of your personal data and process it in accordance with the law.

6. International Data Transfers

We prioritise processing and storing personal data within the United Kingdom and European Economic Area (EEA).

Our core infrastructure and service providers are configured to operate within European data centres, including:

• Cloud infrastructure and identity services (Google Cloud – Europe region)
• AI processing services (Vertex AI – Europe region)
• Database and storage systems (Supabase – Europe region)
• Email and communications platforms (Brevo – Europe region)
• Payment processing services (Mollie – Europe region)

However, some third-party services, such as Google Analytics, may involve limited processing of personal data outside the UK/EEA, including in the United States.

Where personal data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place, including:

• Transfers to countries recognised as providing an adequate level of protection by the UK Government
• Use of standard contractual clauses or equivalent legal mechanisms
• Additional technical safeguards where appropriate (such as data minimisation and IP anonymisation)

7. Cookies

We use cookies and similar technologies to operate and improve our website.

• Strictly necessary cookies are always active
• Analytics and marketing cookies are used only with your consent

You can manage or withdraw your consent at any time via our cookie banner.

8. AI Processing & Data Use

We use artificial intelligence technologies to deliver certain services.

• Purpose limitation: Data is processed solely to provide the requested service
• No model training: Your personal data is not used to train general AI models
• Data isolation: Inputs (e.g. CVs, tax data) are processed in secure, isolated environments
• Confidentiality: Outputs are generated specifically for you and not shared with other users

9. Data Retention

We retain personal data only as long as necessary:

• Contact enquiries: up to 12 months
• Account and service data: duration of use + up to 6 years (legal/accounting purposes)
• Analytics data: typically up to 26 months
• AI-processed documents: retained only as necessary to provide the service

10. Your Rights

Under UK GDPR, you have the right to:

• Access your personal data
• Request correction of inaccurate data
• Request deletion of your data
• Object to processing
• Restrict processing
• Request data portability
• Withdraw consent at any time

To exercise your rights, contact: privacy@andreatech.co.uk

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).

11. Data Security

We implement appropriate technical and organisational measures, including:

• Encryption of data at rest and in transit
• Secure cloud infrastructure
• Access controls and authentication mechanisms
• Monitoring and security best practices

12. Children’s Privacy

Our services are not intended for children under 13.

Where services may be used by individuals under 18 (e.g. learner drivers), we implement appropriate safeguards and expect parental or guardian involvement where applicable.

13. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for their privacy practices.

14. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available at:
andreatech.co.uk/privacy-policy

15. Contact

If you have any questions about this Privacy Policy or your data: