This Privacy Policy explains how Awantis ("AWANTIS", "we", "us", "our") collects, uses, stores, shares, and protects your personal data when you use our website at

www.awantis.com

 (the "Website") and interact with us. AWANTIS specialises in custom AI agents, intelligent automation, compliance automation, and related consulting and implementation services for businesses.​

Questions or concerns? Contact us at

hello@awantis.com

.

Summary of Key Points

We collect personal data that you provide directly (such as your name, email, company details, and business needs), data collected automatically (such as IP address, browser data, and usage data), and data arising from AI-powered features on the Website (your inputs and corresponding outputs).​

We do not intentionally collect or process sensitive personal data, such as health data, biometric data, or information revealing racial or ethnic origin.

We process your data in order to respond to enquiries, provide and manage services, send marketing communications (where you have given consent or where permitted by law), operate and secure the Website, and comply with legal obligations.​

Depending on the specific purpose, we rely on different legal bases under the GDPR: performance of a contract, your consent, our legitimate interests, or compliance with legal obligations.​

We may use AI-powered features (such as chatbots or assistants) on the Website, and whenever you interact with such an AI system we will clearly inform you that you are communicating with AI rather than a human, in line with Article 50 of the EU AI Act.

We only share your data with service providers and partners who work with us under contract, and we do not sell your personal data.

Some of our providers process data outside the EEA; in those cases we use Standard Contractual Clauses and other safeguards recognised under EU law to protect your data.​

You have rights to access, correct, delete, restrict, port, or object to the processing of your data, and to withdraw consent at any time.​

To exercise your rights, contact us at

hello@awantis.com

. We will generally respond within one month as required by the GDPR.​

1. Who We Are

AWANTIS is the data controller for personal data collected through the Website and through our direct business relationships.

When we process personal data on behalf of our business clients (for example, when operating a custom AI agent that processes the client’s end-user data), we act as a data processor. In those scenarios, processing is governed by a separate Data Processing Agreement ("DPA") between AWANTIS and the client, rather than by this Privacy Policy.

Contact details:
Email:

hello@awantis.com

Website:

www.awantis.com

The competent supervisory authority for data protection matters depends on your location within the EEA. Information about local supervisory authorities is available via the European Data Protection Board at edpb.europa.eu.​

2. What This Policy Covers

This Privacy Policy applies when you:

●      visit or browse the Website;

●      fill in contact forms, book consultations, request strategic assessments, or download resources;

●      subscribe to newsletters or other marketing communications;

●      communicate with us by email, phone, chat, or social media;

●      interact with AI-powered features (such as chatbots or AI assistants) on the Website; or

●      attend events or webinars organised by us.

This Privacy Policy does not apply to personal data that we process strictly as a processor on behalf of our business clients. In those cases, the client’s privacy policy or other applicable documentation governs.

3. What Personal Data We Collect

3.1. Data You Provide Directly

We may collect the following categories of data you choose to provide:

●      Contact and identity data, such as your name, work email address, and phone number.

●      Professional data, such as your company name, job title or role, industry, and company size.

●      Business requirements, such as project timelines, goals (for example, lead generation, process automation, or compliance), operational challenges, monthly lead volume, and details of your current technology stack.

●      Communication data, including the content of messages and questions you send us and any additional information you provide via forms, email, chat, or calls.

●      Referral data, including information on how you found us.

●      Payment data related to billing for service engagements; payment card details are handled by our third-party payment processors and are not stored by AWANTIS.

We do not request or intentionally collect sensitive personal data. You should not include sensitive information (such as health data, political opinions, or religious beliefs) when you interact with us.​

3.2. Data We Collect Automatically

When you visit the Website, we may automatically collect:

●      Device and browser data, such as your IP address, browser type and version, operating system, device type, and screen resolution.

●      Usage data, such as the pages you visit, the time spent on pages, click paths, referring URLs, and the date and time of access.

●      Approximate location information, such as country or region, derived from your IP address.

●      Cookie and tracking data collected via cookies, pixels, and similar technologies, as explained in Section 8.​

3.3. Data From AI-Powered Features

If the Website includes chatbots, AI assistants, or other AI-driven features, we may process:

●      Inputs, including text, prompts, questions, or other content you submit to the AI feature.

●      Outputs, including AI-generated responses that may reflect or incorporate your inputs.

●      Session metadata, such as session identifiers, timestamps, and language preferences.

We clearly indicate when you are interacting with an AI system rather than a human, as required by the transparency provisions of the EU AI Act.

3.4. Data From Third-Party Sources

We may receive personal data about you from third parties, including:

●      Professional platforms, such as LinkedIn or other business networks, when you interact with our content or profiles.

●      Analytics providers, which may supply aggregated or pseudonymised website analytics data.

●      Public business sources, such as company websites, professional directories, or business databases, which we may use for legitimate B2B outreach.

●      Referral partners or event organisers, when you are introduced to us or participate in shared events with your knowledge.

Where we obtain personal data from sources other than directly from you, we will provide the information required by Article 14 of the GDPR at the earliest appropriate opportunity.​

4. Why We Process Your Data and Our Legal Basis

Every processing activity must have a lawful basis under the GDPR. We process your data for the following purposes:​

●      To respond to enquiries and provide consultations and strategic assessments, where we rely on contract performance or the need to take steps at your request before entering into a contract.

●      To deliver services under a Service Agreement, where processing is necessary for the performance of that contract.

●      To send marketing communications such as newsletters, offers, and AI insights, where we rely on your consent, which you may withdraw at any time.

●      To operate, maintain, and improve the Website, where we rely on our legitimate interest in providing a functional, secure, and user-friendly website.

●      To perform website analytics and measure performance, where we rely on your consent for non-essential analytics cookies or, where data is anonymous and aggregated, on our legitimate interests.​

●      To operate AI-powered Website features such as chatbots and assistants, where we rely on legitimate interests in providing efficient support and demonstrating our capabilities, or on your consent when the features are optional.​

●      To carry out B2B prospecting and outreach, where we rely on our legitimate interest in developing business relationships with relevant professionals.

●      To prevent fraud and abuse and ensure security, where we rely on our legitimate interest in protecting our systems, users, and clients.

●      To comply with legal obligations (for example, in tax, accounting, or regulatory contexts), where we rely on our legal obligations as the lawful basis.

●      To establish, exercise, or defend legal claims, where we rely on our legitimate interests.​

Where we rely on legitimate interest, we have assessed that our interests are not overridden by your fundamental rights and freedoms. You have the right to object at any time to processing based on legitimate interest, as explained in Section 11.​

5. AI-Specific Transparency

AWANTIS is an AI agency, and this section provides additional transparency about how AI interacts with personal data, consistent with the GDPR and the EU AI Act.

5.1. AI Interaction Disclosure

When you interact with an AI-powered feature on the Website, such as a chatbot or AI assistant, the feature will be clearly labelled so that you understand you are communicating with an AI system and not a human. This aligns with the transparency obligations in Article 50(1) of the EU AI Act.

5.2. AI-Generated Content

Any text, recommendations, or other content generated by AI features on the Website is AI-generated. Such content is provided for informational purposes only, is not guaranteed to be accurate, may contain errors or inaccuracies, does not constitute legal, financial, medical, tax, or other regulated professional advice, and should be independently reviewed before you rely on it.

5.3. Training Data Policy

Unless you explicitly agree otherwise in a Service Agreement, we do not use your personal data, inputs, or outputs from Website AI features to train, retrain, or improve general-purpose AI models for the benefit of other customers or third parties.​

We may use aggregated and anonymised interaction data that does not identify you for internal analytics and service improvement. Where enterprise or business controls are available, we configure Third-Party AI Providers so that they do not use your data to train their own models.

5.4. Automated Decision-Making

The AI features on our Website do not make decisions that produce legal effects concerning you or similarly significantly affect you within the meaning of Article 22 of the GDPR. They provide informational responses and suggestions only.

If any of our paid services were to involve automated decision-making with such effects (for example, a custom AI system we develop for a client), the applicable Service Agreement and DPA would set out appropriate safeguards, including the right to obtain human intervention, express your point of view, and contest the decision.​

6. Who We Share Your Data With

We do not sell your personal data. We share it only with specific categories of recipients, and only where necessary for the purposes described in this Policy. These categories include:

●      Hosting and infrastructure providers, to provide website hosting, cloud storage, and content delivery.

●      Analytics and performance tools, to measure and understand Website usage and performance.​

●      CRM and communication tools, to manage client relationships and communications.

●      Marketing tools, to deliver and measure marketing campaigns where you have provided consent or where permitted by law.

●      Third-Party AI Providers, to power AI features available on the Website.​

●      Payment processors, to process payments for service engagements.

●      Professional advisers, such as lawyers, accountants, or compliance consultants, where necessary for professional advice.

●      Authorities and regulators, where we must comply with legal obligations or lawful requests from entities such as tax authorities, data protection authorities, or courts.​

All service providers and sub-processors operate under data processing agreements that comply with Article 28 of the GDPR. They may process personal data only on our instructions and for the purposes we specify.​

A current list of sub-processors is available upon request by contacting

hello@awantis.com

. We may also share data in connection with a business transfer (such as a merger, acquisition, or sale of assets), in which case we will inform you and ensure your data remains protected under equivalent terms. Additionally, we may disclose data where required by law, to respond to court orders, or to protect the safety, rights, or property of AWANTIS or others.

7. International Data Transfers

AWANTIS is based in the European Economic Area (EEA). Some of our service providers and Third-Party AI Providers may process personal data outside the EEA, for example in the United States.​

Where such transfers occur, we ensure appropriate safeguards are in place, including:

●      Transfers to countries covered by an adequacy decision from the European Commission, such as those participating in the EU-US Data Privacy Framework.​

●      Use of the European Commission’s Standard Contractual Clauses as the primary transfer mechanism where no adequacy decision exists.

●      Supplementary measures, such as encryption, pseudonymisation, and access restrictions, where required based on the specific circumstances.

●      Transfer Impact Assessments, where appropriate, to evaluate whether local laws in the recipient country could affect the level of protection afforded to your data.​

You may request further information about the specific safeguards applied to international transfers of your data by contacting us.

8. Cookies and Tracking Technologies

8.1. What Are Cookies

Cookies are small text files placed on your device when you visit a website. We use cookies and similar technologies, such as pixels and local storage, to operate the Website, analyse usage, and deliver relevant content.​

8.2. Cookie Categories

We use the following general categories of cookies:

●      Strictly necessary cookies, which are essential for the Website to function properly, including security, session management, and load balancing. These do not require your consent.​

●      Analytics and performance cookies, which help us measure how visitors use the Website, for example through tools such as Google Analytics, and which generally require your consent for non-essential tracking.​

●      Functional cookies, which remember your preferences such as language, region, or form data, and usually require consent.

●      Marketing and advertising cookies, which help deliver targeted content and measure advertising effectiveness, for example through tools such as the Meta Pixel or LinkedIn Insight Tag, and which also require consent.​

8.3. Specific Cookies We Use

We may use specific analytics cookies such as:

●      _ga, which distinguishes unique users for analytics and is typically stored for around two years.

●      ga* variants, which track user sessions for analytics reporting, usually with similar retention.

●      _gid, which distinguishes users within a session and is typically retained for about 24 hours.

●      _gat, which is used to throttle request rates and is retained for a very short period, often about one minute.​

Additional cookies may be used depending on the features and integrations active on the Website. A complete and up-to-date list is available via our cookie consent banner.

8.4. Managing Cookies

When you first visit the Website, you will see a cookie consent banner with clear options to accept or reject non-essential cookies, presented with equal prominence so that you can make a genuine choice. Non-essential cookies will not be activated until you provide your consent.

You can change your cookie preferences at any time using the cookie settings link in the Website footer, and you can also manage or delete cookies directly through your browser settings. To specifically opt out of Google Analytics tracking, you can use the browser add-on available at tools.google.com/dlpage/gaoptout.​

9. How Long We Keep Your Data

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy or as required by applicable law. The GDPR does not prescribe fixed retention periods, so we determine retention based on the type of data and the related processing purpose.​

In practice, this means for example that:

●      Contact form and enquiry data is typically retained for up to two years from your last interaction, to allow for relationship management and follow-up.

●      Client and contract data is retained for the duration of the engagement plus an additional period (for example, six years) to meet contractual and statutory limitation requirements.

●      Payment and billing data is kept for periods required by tax and accounting law, often between five and seven years.

●      Marketing consent records are stored for as long as your consent remains valid and for a reasonable period afterward, to demonstrate that consent was lawfully obtained.

●      Website analytics data is usually kept in aggregated form for up to about 26 months for service improvement and performance measurement.

●      Data from interactions with AI features (inputs and outputs) is generally kept for up to 12 months for troubleshooting and service improvement before being deleted or anonymised.

●      Cookie data is stored according to the lifetime of each individual cookie, as described in Section 8.3 and in the cookie banner.​

When a retention period expires, we either securely delete the data or irreversibly anonymise it. We do not keep personal data indefinitely without a clear purpose.

10. How We Keep Your Data Safe

We implement appropriate technical and organisational measures to protect personal data from unauthorised access, loss, destruction, or alteration. These measures include encryption of data in transit (using technologies such as TLS/SSL) and, where appropriate, encryption at rest; access controls based on roles, with access limited to authorised personnel who need the data for their work; continuous security monitoring through regular assessments, vulnerability scanning, and incident response procedures; staff training on data protection and security practices; and vendor due diligence to ensure that service providers and sub-processors meet security and compliance standards.

No method of electronic transmission or storage is completely secure. While we use commercially reasonable measures to protect your data, we cannot guarantee absolute security.

11. Your Rights Under Data Protection Law

Under the GDPR, you have several rights in relation to your personal data. These include:

●      The right of access (Article 15), which allows you to request a copy of the personal data we hold about you and information about how we process it.

●      The right to rectification (Article 16), which allows you to request correction of inaccurate or incomplete data.

●      The right to erasure (Article 17), sometimes called the "right to be forgotten", which allows you to request deletion of your data in certain circumstances, such as when it is no longer necessary, when you withdraw consent, or when processing is unlawful.

●      The right to restriction of processing (Article 18), which allows you to request that we restrict processing in specific situations, for example while we verify the accuracy of data.

●      The right to data portability (Article 20), which allows you to receive your data in a structured, commonly used, machine-readable format and to transmit it to another controller.

●      The right to object (Article 21), which allows you to object to processing based on our legitimate interests or for direct marketing; in the case of marketing, we will stop processing for that purpose.

●      The right to withdraw consent (Article 7(3)), which allows you to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

●      Rights related to automated decision-making, including profiling (Article 22), which allow you not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects, and to request human intervention.

How to Exercise Your Rights

You can exercise any of these rights by contacting us at

hello@awantis.com

 with the subject line "Privacy Request". We will respond within one month of receiving your request, in line with GDPR timelines, and may extend this period by up to two further months in complex cases or where we receive many requests, in which case we will inform you and explain the reasons.​

We may need to verify your identity before acting on your request. Exercising your rights is free of charge unless your requests are manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse to act.​

Marketing Opt-Out

You can unsubscribe from marketing emails at any time by using the unsubscribe link included in every marketing message or by contacting us at

hello@awantis.com

. We will handle your request promptly, but please allow up to 48 hours for our systems to update.

Right to Lodge a Complaint

If you believe we have not handled your data in accordance with applicable data protection law, you have the right to lodge a complaint with your local data protection supervisory authority. A list of EEA supervisory authorities is available at edpb.europa.eu.​

12. Children's Data

The Website and our Services are intended for business professionals and are not directed at children. We do not knowingly collect personal data from children under 16 years of age (or a lower age where permitted under national law implementing the GDPR).​

If we become aware that we have collected personal data from a child without valid parental consent, we will promptly take steps to delete that data. If you believe we may have inadvertently collected such information, please contact us at

hello@awantis.com

.

13. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of natural persons, we will notify the competent supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach, as required by Article 33 of the GDPR.​

If the breach is likely to result in a high risk to your rights and freedoms, we will also inform you directly without undue delay, using clear and plain language, in line with Article 34 of the GDPR.​

14. SMS and Electronic Communications

14.1. SMS Messages

If you choose to opt in to receive SMS messages from AWANTIS, you consent to receive text messages related to service updates, marketing, and other business communications. You can opt out at any time by replying "STOP" to any message. Standard message and data rates may apply depending on your mobile plan.

14.2. Electronic Marketing

All electronic marketing communications, including email and SMS, are sent only with your prior consent or, in the case of existing clients, on the basis of a "soft opt-in" where permitted by applicable law. Every message includes a simple unsubscribe or opt-out mechanism.​

If you need assistance with SMS or email communications, you can contact us at

hello@awantis.com

.

15. Do-Not-Track Signals

Currently, there is no universally accepted standard for handling Do-Not-Track (DNT) browser signals. As a result, we do not respond to DNT signals at this time. If a binding standard is adopted in the future, we will update this Privacy Policy to reflect how we respond to such signals.​

16. Third-Party Links

The Website may include links to websites, platforms, or services operated by third parties. This Privacy Policy does not apply to those external sites. We recommend that you review the privacy policies of any third-party site you visit, since we are not responsible for their privacy practices, content, or security.​

17. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will update the "Last Updated" date at the top of this page.

For material changes, we may also notify you by email or by displaying a prominent notice on the Website. We encourage you to review this Privacy Policy from time to time. Your continued use of the Website after changes take effect constitutes your acknowledgement of the updated Policy, and where changes materially affect how we process your data, we will seek your renewed consent where legally required.​

18. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have any data protection concerns, you can contact us at:

Email:

hello@awantis.com

Subject line: Privacy Inquiry
Website:

www.awantis.com

This Privacy Policy is intended to comply with the General Data Protection Regulation (EU) 2016/679 (GDPR), the EU ePrivacy Directive (2002/58/EC as amended), and the EU AI Act (Regulation (EU) 2024/1689) as they apply as of March 2026.