Privacy policy

How we safeguard the data that moves through our work.

Optillium embeds governance and transparency into every automation and AI engagement. This policy explains how we collect, use, store, and protect information across the programmes we deliver.

Last updated: December 15, 2024

Information we collect

Business and contact details

  • Names, work emails, phone numbers, and company information supplied through forms or discovery workshops.
  • Role, team, and industry details used to tailor delivery squads and communications.
  • Engagement metadata such as project history, meeting notes, and support conversations.

Usage and telemetry

  • Website analytics such as pages viewed, device, and browser information used to improve the experience.
  • Telemetry from Optillium-hosted tools such as ROI calculator inputs or demo interactions.
  • Audit logs, error reports, and security records required to uphold compliance commitments.

How we use your information

Deliver services

  • Scope, design, and operate automation, copilot, finance, and computer vision engagements.
  • Provide proposals, statements of work, and project governance artefacts.
  • Send operational updates, support responses, and programme analytics.

Improve and secure

  • Improve our playbooks, benchmarks, and ROI models using aggregated insights.
  • Operate, maintain, and secure our infrastructure with monitoring and testing.
  • Share Optillium news, resources, or events when you opt in, with unsubscribe available at any time.

When we share data

No sale of personal data

  • We never sell or rent personal information. Sharing occurs only to deliver contracted services or meet legal obligations.

Limited sharing scenarios

  • Specialist subprocessors such as cloud hosting, analytics, or CRM providers under data processing agreements.
  • Professional advisors and auditors bound by confidentiality.
  • Legal or regulatory authorities when required to comply with applicable law.
  • Business transfers with advance notice if Optillium is involved in a merger or acquisition.

Security measures

Technical safeguards

  • Encryption in transit and at rest across core platforms.
  • Role-based access control, MFA, and least-privilege provisioning.
  • Continuous monitoring, penetration testing, and vulnerability management.

Organisational controls

  • SOC 2-aligned security policies and annual awareness training.
  • Vendor due diligence and contract clauses mirroring our own standards.
  • Incident response plan with escalation and customer notification procedures.

Your privacy rights

Data subject requests

  • Access a copy of the personal data we hold about you.
  • Request correction or deletion subject to legal retention requirements.
  • Export data in a machine-readable format.
  • Object to or restrict certain processing activities.

Communication choices

  • Update marketing preferences or unsubscribe at any time.
  • Work with your Optillium delivery lead to configure project telemetry and data retention where relevant.

International transfers

Global delivery with consistent safeguards

  • Standard Contractual Clauses cover transfers from the EEA and UK where applicable.
  • Subprocessors sign data processing agreements and undergo security review.
  • Audit logs, encryption, and access controls remain in force regardless of geography.
Highlights

What matters most

The short version is simple: we do not sell personal data, we minimise what we collect, and we design delivery work around security, access control, and defensible audit trails.

Exercise your rights

Email [email protected] with the right you wish to exercise and the jurisdiction that applies to your request.

Appeals

If you are unsatisfied with our response, you may escalate to your regional data protection authority or regulatory body.

Data retention

Engagement data is typically retained for the duration of the contract plus 24 months unless a different period is agreed in writing.

Third-party links

Resources we share may link to other sites with their own privacy policies. Review those policies before providing information.

Need help?

Questions about privacy or data handling?

Email [email protected] or contact your delivery lead and we’ll usually respond within one business day.

We can provide security questionnaires, DPIA templates, SCCs, and additional onboarding documentation where needed.

Contact Optillium