Prescient Labs is partnering with 848 Group to deliver on retail process mining projects.Find out more
Prescient Labs

GDPR Policy Statement

Last updated 31/03/26

1. Why we process your data

We process limited personal data (such as business contact details including name, company email address, telephone number and company address) in order to:

  • provide and manage our services;
  • communicate with you regarding support, updates and contracted services;
  • manage our business relationship with you;
  • comply with legal and regulatory obligations.

We rely on one or more of the following lawful bases under UK GDPR:

  • performance of a contract (to deliver our services);
  • legitimate interests (to manage and improve our business relationships and services);
  • legal obligations (such as accounting and tax requirements).

We only collect and process personal data that is necessary for these purposes.

Where Prescient Labs processes personal data on behalf of customers, we act as a data processor, and processing is carried out in accordance with the relevant Data Processing Agreement (DPA).

2. What we do with your data

Access to personal data is primarily by authorised staff based in the UK, with any third-party or remote access subject to contractual, technical and organisational controls.

We use trusted third-party service providers (sub-processors) to support our operations, including:

  • cloud hosting and infrastructure (Microsoft Azure);
  • IT systems and development tooling;
  • accounting and business operations services.

These providers are contractually bound to process personal data securely and only in accordance with our instructions.

A current list of sub-processors, including their roles and locations, is available on request and will be maintained as part of our compliance documentation.

Personal data is stored and processed within the UK and/or European Economic Area (EEA).

3. How long we keep your data

We retain personal data only for as long as necessary for the purposes outlined above.

  • Customer and contractual data is retained for the duration of the relationship and a reasonable period thereafter.
  • We are required under UK tax law to retain certain personal data (such as name, address and contact details) for a minimum of 6 years.
  • Marketing data is retained until you opt out or request deletion.

Further detail on retention periods is maintained internally in our data retention schedule.

4. Data breaches

Prescient Labs maintains procedures to detect, investigate and respond to personal data breaches. Our privacy lead can be contacted at: privacy@prescientlabs.ai

In the event of a personal data breach:

  • we will assess the risk to individuals' rights and freedoms;
  • where required, we will notify the Information Commissioner's Office (ICO) without undue delay and, where feasible, within 72 hours;
  • where a breach is likely to result in a high risk to individuals, we will notify affected individuals in accordance with UK GDPR requirements;
  • where we act as a data processor, we will notify the relevant data controller without undue delay in line with contractual obligations.

5. Your rights

Under UK GDPR, you have the right to:

  • access the personal data we hold about you;
  • request correction of inaccurate or incomplete data;
  • request deletion of your data;
  • request restriction of processing;
  • object to processing;
  • request data portability;
  • withdraw consent where processing is based on consent.

To exercise your rights, please contact: privacy@prescientlabs.ai

We will respond without undue delay and within one month where applicable.

If you wish to raise a complaint, you can contact us and we will investigate the matter.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO): https://ico.org.uk/