Section 01
Who We Are
CE Optimisation LLP ("CE Optimisation", "we", "us", "our") is a UK-registered limited liability partnership providing AI automation and systems services to small and medium-sized businesses.
Data contact: privacy@ceoptimisation.com
We are the data controller in respect of personal data collected through this website, our outreach activity, and our pre-sales process. Where we process personal data on behalf of clients as part of service delivery, we act as a data processor; that processing is governed by a separate Data Processing Agreement with each client.
Section 02
What Personal Data We Collect and How
2.1 Website enquiry and contact forms
When you submit an enquiry through ceoptimisation.com, we collect your name, email address, company name, and any information you choose to include in your message.
2.2 Calendly booking
When you book a call or audit through our Calendly scheduling link, we collect your name, email address, company name (where provided), and your calendar availability. This data is handled by Calendly, LLC — see Section 4.
2.3 Pre-audit questionnaire (Tally)
Before a scheduled Business Audit call, you may be asked to complete a pre-questionnaire hosted on Tally.so. This collects information about your business operations, including approximate staff numbers, current tools and processes, and primary pain points. This may incidentally include information about your own staff or customers. You are asked not to include sensitive personal data (as defined under UK GDPR Article 9) in your questionnaire responses.
2.4 Outreach and prospecting
We conduct outreach to business owners and decision-makers via LinkedIn and email. In doing so, we process publicly available information including names, job titles, company names, LinkedIn profile URLs, and business email addresses. This data is sourced from LinkedIn and, where applicable, through legitimate B2B data practices. It is used solely to assess whether our services may be relevant to your business and to make initial contact.
2.5 Email correspondence
When you correspond with us by email, we retain that correspondence and the personal data it contains for the purposes of managing our relationship with you.
2.6 Technical and usage data
If analytics or tracking tools are active on ceoptimisation.com, we may collect standard technical data including IP address, browser type, device type, pages visited, and time on page. Where this constitutes personal data, it is processed on the basis of consent obtained via our cookie notice. Please see our Cookie Policy for full details.
Section 03
Why We Use Your Personal Data and Our Legal Basis
Under UK GDPR, we must identify a lawful basis for each purpose for which we process personal data. Our purposes and corresponding legal bases are as follows:
| Purpose | Legal Basis |
|---|---|
| Responding to inbound enquiries and booking requests | Legitimate interests — to engage with people who have contacted us about our services |
| Managing and fulfilling a Business Audit call | Performance of a contract or pre-contractual steps at your request |
| Processing pre-audit questionnaire responses | Performance of a contract or pre-contractual steps at your request |
| Conducting outreach and prospecting to business owners | Legitimate interests — to promote our services to individuals reasonably likely to have an interest in them, balanced against your right not to receive unsolicited contact |
| Managing ongoing client relationships and service delivery | Performance of a contract |
| Complying with legal and regulatory obligations | Legal obligation |
| Maintaining business records for accounting and tax purposes | Legal obligation / Legitimate interests |
| Website analytics and performance monitoring (where active) | Consent |
On our legitimate interests for outreach: We have assessed that our legitimate interest in communicating with business owners about relevant services is not outweighed by the interests or rights of the individuals we contact. We target only business contacts in their professional capacity, our communications are limited in frequency, and every communication includes a straightforward means of opting out. You may object to this processing at any time — see Section 6.
Section 04
Who We Share Your Data With
We do not sell personal data. We do not share personal data with third parties for their own marketing purposes.
We use the following third-party service providers who may process personal data on our behalf as data processors. Each is subject to data protection terms ensuring your data is handled appropriately.
| Processor | Purpose | Location | Transfer Mechanism |
|---|---|---|---|
| Calendly, LLC | Appointment scheduling | United States | UK IDTA / Calendly DPA |
| Tally BV | Pre-audit questionnaire hosting | Belgium (EU) | UK-EU Adequacy Regulations |
| Anthropic, PBC | AI processing infrastructure (Claude API) | United States | UK IDTA / Anthropic DPA |
| Make.com (Celonis SE) | Workflow automation and system integration | Czech Republic (EU) | UK-EU Adequacy Regulations |
| Instantly.ai | Email outreach platform | United States | UK IDTA / Instantly DPA |
| Microsoft Corporation | Business email and productivity | United States | UK IDTA / Microsoft DPA |
| n8n GmbH | Workflow automation (where applicable) | Germany (EU) | UK-EU Adequacy Regulations |
International transfers: Where personal data is transferred to the United States or other countries outside the UK, we ensure that appropriate safeguards are in place in accordance with UK GDPR Chapter V. For US-based processors, we rely on the UK's International Data Transfer Agreement (IDTA) framework or, where applicable, the UK Extension to the EU-US Data Privacy Framework.
We may also disclose personal data where required to do so by law, by a court order, or by a regulatory authority.
Section 05
How Long We Keep Your Data
We do not retain personal data for longer than is necessary for the purposes for which it was collected.
| Data Category | Retention Period |
|---|---|
| Prospect data — not converted to client | 12 months from last contact |
| Prospect data — converted to client | Merged into client record (see below) |
| Pre-audit questionnaire data | Duration of client relationship, then 6 years |
| Client correspondence and service records | Duration of contract + 6 years (Limitation Act 1980) |
| Website enquiry and contact form submissions | 12 months from submission |
| Calendly booking data | 12 months from the scheduled call |
| Cold outreach contact records | 12 months from last contact, or immediately upon opt-out request |
| Accounting and invoicing records | 6 years from end of the relevant tax year (HMRC requirement) |
At the end of a retention period, personal data is securely deleted or anonymised.
Section 06
Your Rights
Under UK GDPR, you have the following rights in relation to your personal data:
- Right of access You can request a copy of the personal data we hold about you (a Subject Access Request).
- Right to rectification You can ask us to correct inaccurate or incomplete personal data.
- Right to erasure You can ask us to delete your personal data in certain circumstances, including where it is no longer necessary for the purpose it was collected, or where you withdraw consent.
- Right to restriction You can ask us to pause processing of your personal data in certain circumstances, for example while accuracy is disputed.
- Right to data portability Where processing is based on consent or contract and carried out by automated means, you can request your data in a structured, machine-readable format.
- Right to object You have the right to object to processing based on legitimate interests at any time. Where we process your data for direct marketing or outreach purposes, your objection will be honoured immediately and without question.
- Right not to be subject to automated decision-making We do not make decisions about you based solely on automated processing that produce legal or similarly significant effects.
- Right to withdraw consent Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of processing prior to withdrawal.
To exercise any of these rights, contact us at: privacy@ceoptimisation.com
We will respond within 30 days. There is no charge for making a request. We may need to verify your identity before processing your request.
Section 07
Cookies
Our website may use cookies and similar tracking technologies. Where cookies are used beyond those strictly necessary for the website to function, we obtain your consent via a cookie notice before setting them.
For full details of the cookies we use, their purpose, and how to manage your preferences, please see our Cookie Policy.
Section 08
How We Protect Your Data
We take appropriate technical and organisational measures to protect personal data against accidental loss, unauthorised access, disclosure, alteration, or destruction. These include:
- Encryption of data in transit (HTTPS across all web properties)
- Multi-factor authentication on all systems holding personal data
- Access controls limiting data access to personnel who require it
- Use of password management tools to prevent credential compromise
- Regular review of our data processing activities and the tools we use
No method of electronic transmission or storage is completely secure. In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours of becoming aware of it and, where required, notify affected individuals directly.
Section 09
Children's Data
Our services are directed at business owners and professionals. We do not knowingly collect personal data from individuals under the age of 18. If you believe we have inadvertently collected such data, please contact us immediately and we will delete it.
Section 10
Links to Other Websites
Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies independently.
Section 11
Changes to This Policy
We may update this Privacy Policy from time to time. Where changes are material, we will update the effective date at the top of this policy. We encourage you to review this page periodically. Continued use of our website or services following a change constitutes acceptance of the updated policy.
Section 12
How to Complain
If you have concerns about how we handle your personal data and are not satisfied with our response, you have the right to lodge a complaint with the UK's supervisory authority:
We would welcome the opportunity to address your concern directly before you escalate to the ICO. Please contact us at privacy@ceoptimisation.com in the first instance.
This policy applies to personal data processed by CE Optimisation LLP in connection with ceoptimisation.com and our business activities. It does not apply to personal data processed on behalf of clients under a Data Processing Agreement, which is governed by the terms of that agreement.