General Data Protection Regulation

Our company is based in Singapore and we use cloud servers allowing for your data to be hosted anywhere in the world. As a Singapore registered and operated enterprise and we will take all reasonable steps to comply with Singapore Law. However, we aim to comply also with the Laws in countries where we have customers. Our strategy at this time is to market our services exclusively in the UK so, along with Singapore, the UK is our compliance priority.

We will take all reasonable steps to ensure your data is kept private and inaccessible to third parties.

We will only ever share your data with a third party if we have your explicit consent.

We do collect information in your use of our products, including our website, which we use to improve your experience, our performance and for the management of our business.

We take all reasonable steps to ensure there are no data breaches, and will endeavour to report any such breaches to the appropriate regulator within 72 hours of becoming aware of them. We use industry standard services to anonymise your personal information in the event that there is a breach.

We will share your information with law enforcement agencies upon reasonable request. Under those circumstances, we will do what we can to ensure such requests are lawful in basis. Where your data is requested by a law enforcement agency outside your country of normal residence, we will endeavour to comply on the condition that there is a basis for co-operation between the your country and that third country in such matters.

The lawful basis under which we are collecting or processing your data is, firstly, for our legitimate interests as a business and to comply with our legal obligations. Where we enter into an agreement with a user, for example for the provision of services, regardless of whether we are remunerated for providing those services, we may also collect and process that user’s personal data in order to comply with such an agreement. We may also collect and process personal data for other purposes, if we have obtained the consent of that person to do so.

We may retain personal data for up to seven years after we collect that data. We will not retain data for this length of time where we have no lawful basis, or for which we have no use, however, as an Artificial Intelligence company, the manner in which a person uses our website and services is crucial intelligence to us for the evolution of those services. We will periodically purge identifiable user information where it is no longer needed or lawfully allowed to be kept, even if we retain non-identifying data. Once we have purged identifying information, any associated data will not be considered personal and private information.

The provision of our services involves the development and use of automated algorithms that are both informed by user data and which impact on how user data is used.

We will respect your rights and take all reasonable steps to comply with them. Specifically, you may revoke your consent to data processing at any time, and upon such a request, we will seek to comply with your request as quickly as is reasonably possible. You may view any personal data of yours we hold and are entitled to an overview of how we process your data. We will send you your data or delete it on request. If you inform us of concerns about how our algorithms are using your data, we will investigate and rectify those algorithms if they are not compliant with your rights. If you feel we have not complied with your rights, you may lodge a complaint with the relevant authority. As our core focus at the moment is in the UK, it is worth informing you that the relevant authority in the UK is the Information Commissioner.

The data we collect is considered to be mostly low risk. The services we are providing and developing are targeted at adults in a business context and the information we are collecting is mostly relevant to this context, limiting the personal nature of the information. We are not developing services likely to be used by minors or vulnerable people, who would reasonably expect a high standard of care to be taken. As a business focused on selling to businesses, there is a greater likelihood that the information we are collecting is business information rather than consumer information.

Without sharing our security strategy in a manner that might aid those who actively seek to obtain data illegally, there are certain steps we have taken to obfuscate personally identifying information and other sensitive information in the event that our systems are breached. We have taken particular care where that information relates to online payments. We will periodically review the risks associated with our use of personal information and consider whether the steps we are taking protect our users sufficiently. On 15th November 2018, we have undertaken a self-assessment, using the tools provided by the Information Commissioner in the UK. On that basis, we believe we are not obligated to pay a fee to the Information Commissioner or to appoint a Data Protection Officer.

Our activities only rarely and peripherally involve monitoring the activity of data subjects and the activity we may monitor is limited. We do not process “special category” personal information, as defined in the EU’s GDPR. We will periodically review this, particularly if we make significant changes to the data we collect or how we use it. Despite our belief that we are not required to appoint a Data Protection Officer, our Managing Director, Alexander Hilton, has been designated our Privacy Officer, to take responsibility for overseeing how your data is used.

Our approach to your data is driven by an active desire to be trusted by you, both for your protection and to ensure our reputation is resilient. We don’t think we can succeed as a business if we don’t protect your information. We’re also nervous that we might get it wrong, so from time to time, we will have a think about what data we collect and store, and how we process it, and consider whether data can be purged or whether our systems should be changed.

We’re aware that, as a tech startup, our environment is pretty intense most of the time. We endeavour to ensure this intensity doesn’t distract from our data protection obligations and we are cautious not to cut corners in our compliance. However, if you think we have got it wrong, we want to hear from you. You can email us at

Alexander Hilton
Managing Director,
The Actionable Insights Brewing Company
(AIBC Pte Ltd.)