This notice explains how AutomateX Ltd ("AutomateX", "we", "us") collects, uses and protects personal data when you use automatex.uk, take our PACED Readiness Assessment, or join the PACE OS waitlist. We are committed to handling your data lawfully, transparently, and in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who we are
Data Controller: AutomateX Ltd, registered in England and Wales, Company No. 16855291, VAT No. 514079209.
ICO Registration: ZC102894 (registered 7 March 2026). You can verify our registration on the ICO public register.
Contact: bill.guo@automatex.uk.
2. What personal data we collect
We only collect data that you actively give us. We do not purchase, scrape, or enrich data from third parties.
| When | What we collect |
|---|---|
| You take the PACED Readiness Assessment | Your name, work email, firm name, role, and the answers you provide to the assessment questions. |
| You join the PACE OS waitlist | Your name and work email. |
| You email or message us | Any content you choose to send us (your message, attachments, signature details). |
| You visit the site | Standard server-level request data from our hosting provider (IP address, user-agent, timestamp, page requested) used for security and service reliability. We also use Vercel Web Analytics to measure aggregate visitor numbers, top pages and referring sources. Vercel Web Analytics does not set cookies, does not store IP addresses, and does not use persistent identifiers — it produces anonymous, aggregated counts only. |
3. Why we collect it and our lawful basis
- To send you your assessment result and insight report — lawful basis: performing the service you requested (consent, UK GDPR Article 6(1)(a); and legitimate interest for B2B follow-up, Article 6(1)(f)).
- To add you to the waitlist and notify you when PACE OS launches — lawful basis: consent (Article 6(1)(a)). You can unsubscribe at any time.
- To qualify whether we can help your firm and to send relevant follow-up — lawful basis: legitimate interest in pursuing appropriate B2B opportunities (Article 6(1)(f)).
- To operate the website securely and prevent abuse — lawful basis: legitimate interest (Article 6(1)(f)).
- To comply with legal, tax, and accounting obligations — lawful basis: legal obligation (Article 6(1)(c)).
4. Who we share it with
We do not sell your data. We share it only with the service providers we use to operate the business, each bound by data-processing terms:
- Vercel Inc. — website hosting, delivery, and cookie-free Web Analytics (USA; transfers protected by appropriate safeguards including the UK Addendum to the EU Standard Contractual Clauses and Data Privacy Framework certification).
- n8n workflow platform — receives and routes your assessment or waitlist submission to our internal systems.
- Microsoft 365 — business email and document storage (where we reply to you or keep engagement records).
- Our professional advisers — accountants and legal advisers, only where necessary and under confidentiality.
- Authorities — if required by law (e.g. HMRC, court order, ICO investigation).
If you want the current list of processors, email us and we will share it.
5. How long we keep it
- Assessment submissions: up to 24 months from submission, after which the individual's name and contact details are deleted unless you have asked to remain on our list or become a client. Anonymised answer data may be retained for benchmarking.
- Waitlist sign-ups: until you unsubscribe, or until the waitlist closes and we contact you about the launch.
- Direct correspondence: retained for the length of any engagement discussion plus 6 years for legitimate business and legal record-keeping.
- Server logs: kept by our hosting provider for a short period (typically 30 days) for security and operational purposes.
6. Cookies and tracking
This website does not use advertising cookies, marketing pixels, session replay tools, or cross-site trackers.
We do use Vercel Web Analytics, a privacy-friendly, cookie-free analytics product provided by our hosting partner Vercel. It counts page views and reports aggregate statistics (most-visited pages, rough country of origin, referring sites) without setting any cookies, without storing IP addresses, and without creating a persistent identifier that can be used to recognise you across visits or sites. Because no cookies or personal identifiers are stored on your device, no consent banner is required under PECR.
If we add any non-essential technology in future that does use cookies or personal identifiers (for example, Google Analytics, marketing pixels, or session replay), we will update this notice and display a clear consent banner before any such tools load in your browser.
7. International transfers
Some of our service providers (notably Vercel and Microsoft) are based outside the UK. Where personal data leaves the UK, it is protected by legally recognised safeguards — the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or an adequacy decision. You can request a copy of the safeguards in place by emailing us.
8. Your rights
Under UK GDPR, you have the right to:
- Access the personal data we hold about you.
- Have inaccurate data corrected.
- Ask us to delete your data ("right to erasure").
- Restrict or object to how we process your data.
- Receive a copy of your data in a portable format.
- Withdraw consent at any time, where consent is the lawful basis.
- Lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk/make-a-complaint or on 0303 123 1113.
To exercise any of these rights, email bill.guo@automatex.uk. We will respond within one month.
9. Security
Data submitted through this site is transmitted over HTTPS. We limit access to your data to the people who need it to do their job, and our processors are contractually required to maintain appropriate technical and organisational security measures. No system is completely secure, but we take reasonable steps consistent with current good practice for a business of our size.
10. Changes to this notice
We may update this notice from time to time. The "Last updated" date at the top of the page reflects the most recent change. If we make material changes (for example, adding analytics tools or a new processor), we will make that change prominent and, where appropriate, ask for your consent before it takes effect.
11. Questions
If anything here is unclear, or you would like more information about how your data is handled, contact bill.guo@automatex.uk.