Service: Segretar-IA — AI-powered virtual telephone assistant
Website: www.segretar-ia.net
Last updated: May 2026
This Privacy Notice is provided in accordance with the UK General Data Protection Regulation ("UK GDPR"), the Data Protection Act 2018 ("DPA 2018"), and the Privacy and Electronic Communications Regulations 2003 ("PECR"). It explains how we collect, use, store and protect personal data when you use our service or interact with our AI telephone assistant.
The data controller responsible for your personal data is:
[Company name / Sole trader name — TO BE FILLED]
Address: [Full registered address — TO BE FILLED]
Company number: [Companies House number — TO BE FILLED]
ICO registration number: [TO BE FILLED]
Email: privacy@segretar-ia.net
We are registered with the Information Commissioner's Office (ICO) and pay the annual data protection fee as required by the Data Protection (Charges and Information) Regulations 2018.
We have not appointed a statutory DPO. For all privacy-related enquiries, please contact: privacy@segretar-ia.net.
In providing the Segretar-IA service we may process the following categories of personal data:
We ask callers not to share special category personal data under Article 9 UK GDPR (health, political opinions, religious beliefs, sexual orientation, biometric or genetic data) unless strictly necessary.
| Purpose | Lawful basis (Article 6 UK GDPR) |
|---|---|
| Operating the virtual receptionist service (answering calls, taking appointments, relaying messages) | Performance of a contract (Art. 6(1)(b)); legitimate interests (Art. 6(1)(f)) |
| Recording and automated AI transcription of the call | Legitimate interests of the Controller (Art. 6(1)(f)) — the caller is informed at the start of each call before recording begins |
| Storing transcriptions so the client can review messages received | Performance of contract and legitimate interests (Art. 6(1)(f)) |
| Legal and regulatory compliance (e.g. responding to lawful requests) | Legal obligation (Art. 6(1)(c)) |
| Service improvement on anonymised aggregate data | Legitimate interests (Art. 6(1)(f)) |
The caller is informed at the start of each call that the conversation is being recorded. If the caller does not wish to be recorded, they may end the call at any time.
During the call, the caller is not speaking to a human operator but to a conversational artificial intelligence system capable of understanding natural language, answering questions, booking appointments and taking messages.
The system uses large language models (LLMs), speech synthesis and automatic speech recognition. Responses are generated automatically and do not replace the professional judgement of a qualified human. The caller may at any time ask to be called back by a human or end the call.
Transparency about automated processing is a requirement of the UK GDPR transparency principle (Article 5(1)(a)) and reflects ICO guidance on AI and data protection.
Personal data is processed using electronic tools with appropriate technical and organisational measures as required by Article 32 UK GDPR. Audio recordings are encrypted in transit (TLS) and at rest (AES-256). Access is restricted to authorised personnel and processors appointed under written contracts.
| Category | Retention period |
|---|---|
| Call audio recording | 30 days from the date of the call |
| Text transcription | 12 months from the date of the call |
| Call metadata (date, time, duration, numbers) | 24 months for administrative purposes |
| Contact data voluntarily provided | For as long as needed to deal with the request |
| Registered account data | Duration of contract + 30 days after account deletion |
| Financial and billing data | 6 years (HMRC requirements) |
To deliver the service, data may be shared with the following parties appointed as processors under Article 28 UK GDPR:
An up-to-date list of processors is available on request from privacy@segretar-ia.net.
Some service providers are located in the United States. Where personal data is transferred outside the UK, we rely on one of the following safeguards: UK adequacy regulations (including the UK–US Data Bridge, where applicable to certified US providers); or the International Data Transfer Agreement (IDTA) issued by the ICO, or the UK Addendum to the EU Standard Contractual Clauses, supported by supplementary technical measures (encryption, pseudonymisation). Copies of the safeguards applied are available on request.
Under the UK GDPR you have the right to: be informed about how your data is used; access your personal data and obtain a copy; have inaccurate data corrected; have your data erased ("right to be forgotten"); restrict processing; receive your data in a portable format; object to processing; withdraw consent at any time; and not be subject to solely automated decisions producing legal or similarly significant effects (Article 22 UK GDPR).
To exercise any of these rights, contact privacy@segretar-ia.net. We will respond within one calendar month.
If you are concerned about how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Website: www.ico.org.uk
Helpline: 0303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
We would appreciate the opportunity to address your concerns first — please contact us before approaching the ICO.
We may update this Privacy Notice from time to time. The current version will always be published on www.segretar-ia.net with the date of last update shown.
Last updated: May 2026
This Cookie Policy explains how we use cookies and similar technologies on our website, in accordance with the Privacy and Electronic Communications Regulations 2003 ("PECR"), the UK GDPR, and ICO guidance on cookies and similar technologies.
Cookies are small text files placed on your device when you visit a website. They are used to make websites work, to improve efficiency, and to provide information to site owners.
This site uses strictly necessary cookies only. We do not use analytics, profiling or advertising cookies. Under PECR and ICO guidance, strictly necessary cookies do not require prior consent.
| Cookie name | Purpose | Duration | Provider |
|---|---|---|---|
| sb-* | Supabase authentication (user session) | 1 week | segretar-ia.net |
| cookie_ok | Record that the cookie banner has been acknowledged | 12 months | segretar-ia.net |
| visitor_country | Detect visitor country for language and currency display | 24 hours | segretar-ia.net |
You can set your browser to accept or reject cookies. Disabling strictly necessary cookies may prevent the site from working correctly (e.g. you may not be able to log in).
To exercise your rights in relation to cookie data, contact privacy@segretar-ia.net. You also have the right to complain to the ICO at ico.org.uk.