Policies & Compliance

1. Purpose

This Data Protection Policy sets out how Recruitment Direct UK Ltd processes and safeguards personal data in connection with the AI-RD1 platform.

The Company is committed to complying with:

• UK GDPR
• Data Protection Act 2018
• Privacy and Electronic Communications Regulations (PECR)
• Applicable telecommunications legislation

AI-RD1 is designed to support lawful processing of personal data whilst Clients remain responsible for determining lawful basis and compliance obligations.

2. Scope

This policy applies to:

• Client account data
• Authorised user information
• Contact data uploaded by Clients
• Platform usage data
• Optional transcript data (where enabled)

3. Roles and Responsibilities

In relation to personal data processed via AI-RD1:

• The Client acts as Data Controller.
• Recruitment Direct UK Ltd acts as Data Processor.
• The Client determines: the purpose of processing; the lawful basis for processing; and the categories of individuals contacted.
• AI-RD1 processes personal data solely on documented Client instructions.

4. Categories of Data Processed

5. Audio Processing

AI-RD1 does not provide call recording functionality.

Audio transmitted through the platform:

• Is processed in real time;
• Is not recorded;
• Is not stored;
• Is not archived.

No permanent audio files are retained.

6. Transcript Handling

AI-RD1 does not store transcripts by default.

Clients may optionally enable temporary transcript storage for quality assurance or operational review.

Where enabled:

• Retention is fully controlled by the Client;
• A recommended maximum retention period of five (5) days applies;
• Transcripts are automatically deleted after the configured period;
• No permanent transcript archives are maintained.

The Client is responsible for ensuring transcript retention complies with UK GDPR and the Data Protection Act 2018.

7. Lawful Basis

The lawful basis for outreach communications is determined by the Client.

This may include:

• Consent (where required under PECR);
• Legitimate interests;
• Contractual necessity.

Recruitment Direct UK Ltd does not determine lawful basis on behalf of Clients.

8. International Data Transfers

AI-RD1 may utilise global cloud infrastructure.

Where personal data is transferred outside the United Kingdom, appropriate safeguards are implemented in accordance with UK GDPR, including contractual and technical protections.

9. Security Measures

Recruitment Direct UK Ltd implements appropriate technical and organisational safeguards, including:

• Encrypted transmission (TLS);
• Role-based access controls;
• Secure hosting infrastructure;
• Monitoring and incident management procedures.

Access to personal data is restricted to authorised personnel.

10. Data Retention

Client account data is retained for the duration of the contractual relationship and a reasonable period thereafter.

Transcript data, where enabled, is automatically deleted after the Client-configured retention period.

Audio recordings are not retained.

11. Data Subject Rights

Where Recruitment Direct UK Ltd acts as Processor, data subject requests will be referred to the relevant Client as Data Controller.

Requests relating to platform processing may be directed to the Company using the contact details below.

12. Data Breach Management

In the event of a confirmed personal data breach affecting Client data, Recruitment Direct UK Ltd will notify the relevant Client without undue delay and provide reasonable assistance where required by law.

13. Policy Updates

This policy may be updated periodically to reflect operational or regulatory developments.

Company Information

1. Purpose

This Data Processing Agreement ("DPA") forms part of the AI-RD1 Terms of Service between Recruitment Direct UK Ltd ("Processor") and the Client ("Controller").

This DPA governs the processing of personal data in accordance with:

• UK GDPR
• Data Protection Act 2018
• Applicable data protection legislation

AI-RD1 is designed to support lawful processing of personal data whilst Clients remain responsible for determining lawful basis and compliance obligations.

2. Roles of the Parties

3. Nature and Purpose of Processing

Processing activities may include:

• Hosting contact data uploaded by the Client;
• Real-time audio processing during calls;
• Optional temporary transcript storage (if enabled by the Client);
• Platform administration and support services.

The purpose of processing is to enable automated or AI-assisted business communications as instructed by the Client.

4. Categories of Data

Personal data processed may include:

• Names;
• Telephone numbers;
• Email addresses (where applicable);
• Business contact information;
• Client account and user information.

The Processor does not independently determine data categories or purposes.

5. No Call Recording

AI-RD1 does not provide call recording functionality.

Audio transmitted through the platform:

• Is processed in real time;
• Is not recorded;
• Is not stored;
• Is not archived.

No permanent audio files are retained.

6. Transcript Retention

AI-RD1 does not store transcripts by default.

Where enabled by the Client:

• Retention is fully controlled by the Client;
• A recommended maximum retention period of five (5) days applies;
• Transcripts are automatically deleted after the configured period;
• No permanent transcript archives are maintained.

The Controller is responsible for ensuring transcript retention complies with UK GDPR.

7. Processor Obligations

The Processor shall:

• Process personal data lawfully and fairly on Controller instructions;
• Implement appropriate technical and organisational measures;
• Ensure authorised personnel are subject to confidentiality obligations;
• Assist the Controller in responding to data subject requests where reasonably required;
• Notify the Controller without undue delay in the event of a personal data breach affecting Client data.

8. Subprocessors

The Processor may engage third-party subprocessors for:

• Cloud hosting infrastructure;
• Telecommunications services;
• AI processing services.

All subprocessors are subject to contractual data protection obligations.

A current list of subprocessors is available upon request.

9. International Data Transfers

AI-RD1 may utilise global cloud infrastructure.

Where personal data is transferred outside the United Kingdom, the Processor implements appropriate safeguards in accordance with UK GDPR, including contractual and technical protections.

10. Security Measures

The Processor implements appropriate technical and organisational safeguards including:

• Encrypted transmission (TLS);
• Role-based access controls;
• Secure hosting infrastructure;
• Monitoring and incident response procedures.

11. Data Subject Rights

The Processor shall provide reasonable assistance to the Controller in responding to data subject rights requests under UK GDPR.

12. Deletion or Return of Data

Upon termination of the Services, personal data shall be deleted or returned to the Controller in accordance with contractual obligations and applicable law.

Transcript data (if enabled) is automatically deleted after the configured retention period.

Audio recordings are not retained.

13. Liability

Liability under this DPA is subject to the limitations set out in the AI-RD1 Terms of Service.

Company Information

1. Purpose

This Security & Infrastructure Policy outlines the technical and organisational measures implemented by Recruitment Direct UK Ltd to protect data processed through the AI-RD1 platform.

AI-RD1 is designed using privacy-by-design and security-by-design principles aligned with UK GDPR requirements.

2. Infrastructure Security

AI-RD1 operates on secure cloud-based infrastructure which may be geographically distributed.

Security measures include:

• Encrypted data transmission (TLS/HTTPS)
• Secure server environments
• Network security controls and firewalls
• Logical separation of environments where applicable
• System hardening practices

Infrastructure is configured to reduce exposure to unauthorised access and data compromise.

3. Access Controls

Access to AI-RD1 systems is restricted through:

• Role-based access control
• Authentication safeguards
• Restricted administrative privileges
• Access granted on a need-to-know basis

Authorised personnel are subject to confidentiality obligations.

4. Audio and Communication Controls

AI-RD1:

• Does not provide call recording functionality
• Does not store audio recordings
• Does not maintain audio archives

Audio transmitted through the platform is processed in real time solely to enable live communication functionality and is not permanently retained.

5. Transcript Controls

AI-RD1 does not store transcripts by default.

Where transcript storage is enabled by a Client:

• Retention is fully controlled by the Client
• A recommended maximum retention period of five (5) days applies
• Transcripts are automatically deleted after the configured period
• No permanent transcript archives are maintained

6. Monitoring and Incident Management

AI-RD1 systems are monitored to detect:

• Unauthorised access attempts
• Suspicious activity
• Operational irregularities

In the event of a confirmed personal data breach affecting Client data, Recruitment Direct UK Ltd will notify the relevant Client without undue delay in accordance with UK GDPR requirements.

7. Subprocessors and Third-Party Providers

AI-RD1 may utilise trusted third-party service providers for:

• Cloud hosting
• Telecommunications services
• AI processing services

All subprocessors are contractually required to implement appropriate data protection and security safeguards.

8. International Infrastructure

AI-RD1 may utilise global infrastructure to deliver services.

Where personal data is transferred outside the United Kingdom, appropriate safeguards are implemented in accordance with UK GDPR, including contractual and technical protections.

9. Continuous Improvement

Security controls are periodically reviewed and updated to address evolving risks, regulatory changes, and technological developments.

Company Information

1. Purpose

This policy explains how artificial intelligence (AI) is used within the CallPilot platform and outlines our commitment to responsible and lawful AI deployment.

2. How AI Is Used

CallPilot uses AI technologies to:

• Process live audio input during calls
• Generate conversational responses
• Facilitate automated call interactions
• Support communication efficiency

AI operates in real time to enable platform functionality.

3. No Autonomous Decision-Making

CallPilot does not:

• Make legally binding decisions
• Enter into contracts
• Approve financial transactions
• Take independent enforcement action

All business decisions remain the responsibility of the client.

4. No Call Recording

CallPilot does not provide call recording functionality.

Audio transmitted through the platform is processed in real time and is not recorded, stored, or archived.

5. Transcript Handling

CallPilot does not store transcripts by default.

Clients may enable temporary transcript storage for quality or performance review purposes.

Where enabled:

• Storage is client-controlled
• A recommended maximum retention period of five (5) days applies
• Transcripts are automatically deleted after the configured period
• CallPilot does not maintain permanent archives of call content

6. Human Oversight

Clients retain full control over:

• Campaign configuration
• Call scripts
• Target lists
• Communication objectives

CallPilot does not independently initiate communications without client instruction.

7. Responsible Use Requirements

Clients must not use CallPilot AI to:

• Engage in fraud or deception
• Conduct unlawful marketing
• Impersonate individuals or organisations
• Harass or intimidate recipients
• Violate telecommunications laws
• Conduct prohibited political or religious campaigning

8. Bias & Fairness

CallPilot aims to deploy AI technologies responsibly.

While AI systems are designed to operate reliably, clients are responsible for reviewing outputs and ensuring communications remain lawful and appropriate.

9. Continuous Improvement

AI models and platform capabilities may evolve over time. Updates are implemented to improve performance, compliance, and security.

10. Contact

For questions regarding AI usage: contact@swiftwave.ai

1. Purpose

This Acceptable Use Policy sets out the permitted and prohibited uses of the AI-RD1 platform.

By using AI-RD1, the Client agrees to comply with this policy in addition to the Terms of Service and all applicable laws.

2. Lawful Use Requirement

AI-RD1 may only be used for lawful business communication purposes.

The Client is solely responsible for ensuring compliance with:

• UK GDPR
• Data Protection Act 2018
• PECR
• Telecommunications legislation
• Consumer protection legislation
• All other applicable law

3. Prohibited Activities

The Client must not use AI-RD1 to:

• Conduct unlawful marketing communications
• Make automated marketing calls without lawful consent where required
• Circumvent TPS or Corporate TPS screening
• Use misleading, deceptive, or false messaging
• Harass, intimidate, or abuse individuals
• Impersonate individuals or organisations
• Conduct fraudulent activity
• Distribute unlawful content
• Engage in activity that may expose Recruitment Direct UK Ltd to regulatory risk

4. Data Compliance Obligations

The Client must ensure that:

• All personal data uploaded has been lawfully obtained
• Appropriate lawful basis exists for communications
• Suppression lists are maintained
• Consent records are retained where required
• Individuals are provided with legally required information notices

AI-RD1 does not verify the legality of Client data.

5. Call Handling Restrictions

AI-RD1:

• Does not provide call recording functionality
• Does not store audio recordings
• Does not maintain permanent transcript archives

Clients must not attempt to circumvent or bypass platform controls relating to audio or transcript handling.

6. System Integrity

Clients must not:

• Attempt to reverse engineer the platform
• Interfere with system security
• Upload malicious code
• Attempt unauthorised access
• Disrupt platform performance

7. Enforcement

Recruitment Direct UK Ltd reserves the right to:

• Suspend access
• Restrict functionality
• Terminate Services

Where misuse, unlawful activity, or regulatory risk is identified.

8. Reporting Concerns

Suspected misuse or compliance concerns may be reported to: accounts@rd1.co.uk

Company Information

1. Purpose

This Call Handling Policy explains how audio and call-related data are processed within the AI-RD1 platform.

This policy supports compliance with UK GDPR, the Data Protection Act 2018, and PECR.

2. No Call Recording

AI-RD1 does not provide call recording functionality.

The platform:

• Does not record calls
• Does not store audio files
• Does not maintain audio archives
• Does not retain voice recordings

Audio transmitted through AI-RD1 is processed solely in real time to enable live communication functionality.

3. Real-Time Audio Processing

Audio data is processed transiently for the purpose of:

• Enabling AI-assisted conversation
• Generating real-time responses
• Facilitating communication functionality

Once the call interaction concludes, audio data is not retained.

4. Transcript Handling

AI-RD1 does not store transcripts by default.

Clients may optionally enable temporary transcript storage for quality assurance or operational review purposes.

Where enabled:

• Transcript retention is fully controlled by the Client
• A recommended maximum retention period of five (5) days applies
• Transcripts are automatically deleted after the configured period
• No permanent transcript archives are maintained

The Client is responsible for ensuring transcript retention complies with UK GDPR and PECR.

5. Client Compliance Responsibilities

Clients are solely responsible for:

• Ensuring lawful basis for calls
• Obtaining consent where required under PECR
• Conducting TPS and Corporate TPS screening
• Maintaining suppression lists
• Providing any legally required disclosures to call recipients

AI-RD1 operates only on Client instruction and does not independently determine compliance requirements.

6. Caller Identification

Clients are responsible for ensuring that caller identification information is presented in compliance with applicable telecommunications regulations.

AI-RD1 does not authorise or support caller ID masking or unlawful spoofing.

7. Misuse Prevention

Recruitment Direct UK Ltd reserves the right to suspend or restrict access where call activity:

• Breaches applicable law
• Creates regulatory risk
• Violates the Terms of Service or Acceptable Use Policy

Company Information