Prescient Labs is partnering with 848 Group to deliver on retail process mining projects.Find out more
Prescient Labs

Privacy Policy

Last updated 31/03/26

1. Who we are

Prescient Labs is a process intelligence company.

For personal data relating to website visitors, business contacts and prospective customers, Prescient Labs acts as a data controller.

Where we process personal data on behalf of our customers as part of providing our services, Prescient Labs acts as a data processor, and the customer remains the data controller.

We have appointed a privacy lead responsible for data protection matters, notably Sarah Aoudia - sarah@prescientlabs.ai.

Contact:

2. The personal data we collect

We may collect and process the following categories of personal data:

a. Information you provide directly

  • name
  • work email address
  • telephone number
  • job title and company information
  • information provided in correspondence, demo requests or meetings

b. Information collected through use of our services

  • account credentials and preferences (where applicable)
  • information required to deliver and support our services

c. Customer data (processed on behalf of clients)

When providing our services, we may process personal data contained within customer systems or datasets.

In these cases:

  • Prescient Labs acts as a data processor
  • the customer determines the purpose and lawful basis for processing
  • processing is governed by a Data Processing Agreement (DPA)

3. How we use personal data

We use personal data to:

  • provide and manage our services;
  • communicate with you regarding support, updates and contracted services;
  • manage our business relationships;
  • improve our services and operations;
  • comply with legal and regulatory obligations.

4. Lawful bases

Where we act as a data controller, we rely on one or more of the following lawful bases:

  • performance of a contract - to deliver our services;
  • legitimate interests - to manage and improve our business and relationships;
  • legal obligations - including accounting, tax and regulatory requirements.

Where we act as a data processor, the lawful basis is determined by the relevant data controller.

5. How we share personal data

We may share personal data with:

  • service providers (sub-processors) who support our operations, including hosting, infrastructure, IT systems and accounting services;
  • professional advisers such as legal, financial and insurance providers;
  • regulators, authorities or law enforcement, where required by law;
  • customers and authorised users, where necessary to deliver services.

All third-party providers are contractually required to process personal data securely and only in accordance with our instructions.

A list of sub-processors, including their roles and locations, is available on request.

We do not sell personal data.

6. International data transfers

Personal data is stored and processed within the UK and/or European Economic Area (EEA).

7. Data retention

We retain personal data only for as long as necessary for the purposes described in this policy.

  • Customer and contractual data is retained for the duration of the relationship and a defined period thereafter.
  • Personal data required for legal and financial compliance is retained for a minimum of 6 years in accordance with UK tax law.
  • Marketing and business contact data is retained until you opt out or request deletion.

Further detail is maintained in our internal data retention schedule, which defines specific retention periods by data category.

8. Data security

We implement appropriate technical and organisational measures to protect personal data, including:

  • access controls and role-based permissions;
  • multi-factor authentication;
  • encryption of data in transit and at rest;
  • secure cloud infrastructure;
  • logging and monitoring of system activity;
  • controlled access to systems and data.

9. Data breaches

We maintain procedures to detect, investigate and respond to personal data breaches.

Where required:

  • we will notify the Information Commissioner's Office (ICO) without undue delay and, where feasible, within 72 hours;
  • we will notify affected individuals where a breach poses a high risk to their rights and freedoms;
  • where we act as a processor, we will notify the relevant data controller without undue delay.

10. Your rights

Under UK GDPR, you have the right to:

  • access your personal data;
  • request correction of inaccurate or incomplete data;
  • request deletion of your data;
  • request restriction of processing;
  • object to processing;
  • request data portability;
  • withdraw consent where applicable.

To exercise your rights, contact: privacy@prescientlabs.ai

We will respond without undue delay and within one month where applicable.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO): https://ico.org.uk/

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services or legal obligations. The latest version will always be published on our website.