Privacy Policy
Aventra Consulting
Effective Date: December 3, 2025
Last Updated: December 3, 2025
1. Introduction
Aventra Consulting ("we," "us," or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services, including our AI-powered consulting solutions.
This policy applies to all users of our website at https://aventraconsulting.co.uk/ and our services.
Contact Information:
Aventra Consulting
70 Bond Street
Hull, HU1 3EY
United Kingdom
Email: [email protected]
2. Legal Basis and Scope
We operate in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. While we are based in the United Kingdom, we offer services internationally.
We are the data controller responsible for your personal data. This means we determine how and why your data is processed.
3. Information We Collect
3.1 Personal Data You Provide
We collect the following personal information directly from you through:
Contact forms on our website
Client onboarding meetings
Email and telephone communications
Service agreements
Types of data collected:
Full name
Email address
Phone number
Business name and information
Payment and billing information
Any information you provide during interactions with our AI-powered services
3.2 Automatically Collected Information
When you visit our website, we may automatically collect:
IP address
Browser type and version
Device information
Pages visited and time spent on our website
Referring website addresses
3.3 Cookies
We use essential cookies necessary for the functionality of our website. These cookies are required for the website to operate properly and cannot be disabled. We do not use advertising, marketing, or non-essential tracking cookies.
You can control cookies through your browser settings. Please note that disabling essential cookies may affect website functionality.
4. How We Use Your Information
We collect and process your personal data for the following purposes:
4.1 Legal Bases for Processing
Under UK GDPR, we process your data based on:
Contract Performance: To provide our consulting and AI services to you
Legitimate Interests: To improve our services, conduct analytics, and communicate with clients
Legal Obligation: To comply with accounting, tax, and other legal requirements
Consent: Where specifically obtained for certain processing activities
4.2 Specific Purposes
Service Delivery: To provide AI-powered consulting services and support
Communication: To respond to inquiries and provide customer service
Billing: To process payments and maintain financial records
Improvement: To analyze and improve our AI models, algorithms, and service quality
Performance Monitoring: To monitor and analyze the performance of our services
Legal Compliance: To comply with applicable laws, regulations, and legal processes
CRM Management: To manage client relationships through our customer relationship management system
5. Third-Party Service Providers
We work with trusted third-party service providers to deliver our services. Your personal data may be shared with:
5.1 AI Service Providers
OpenAI: We use OpenAI's API services to power certain AI functionalities
Anthropic (Claude): We use Claude's API services for AI-powered features
When you interact with our AI services, your inputs and conversation data are processed by these providers. These are US-based companies, and data is transferred internationally with appropriate safeguards in place (see Section 9).
Important Notice About AI Training:
Our AI service providers may process your data in accordance with their respective privacy policies and terms of service. While commercial API services generally provide enhanced privacy protections, we recommend reviewing:
OpenAI Privacy Policy: https://openai.com/privacy/
Anthropic Privacy Policy: https://www.anthropic.com/privacy
We use commercially reasonable efforts to work with AI providers that maintain strong privacy and security practices.
5.2 Other Service Providers
GoHighLevel (GHL): Customer relationship management, AI agent hosting, and client communications
Stripe: Payment processing services
5.3 Data Sharing Practices
We do NOT:
Sell your personal data to third parties
Share your data for marketing purposes by third parties
Disclose your information except as described in this policy
We may share data with service providers only to the extent necessary to provide our services, and these providers are contractually obligated to protect your data.
6. International Data Transfers
As we use service providers based in the United States and other jurisdictions outside the UK and European Economic Area (EEA), your personal data may be transferred internationally.
6.1 Safeguards for International Transfers
We ensure appropriate safeguards are in place for international data transfers, including:
Standard Contractual Clauses (SCCs): Approved by the UK Information Commissioner's Office (ICO)
Adequacy Decisions: Where the destination country has been deemed to provide adequate data protection
Provider Commitments: Contractual obligations requiring service providers to protect your data
6.2 Countries of Transfer
Your data may be transferred to and processed in:
United States (OpenAI, Anthropic, Stripe, GoHighLevel)
Other countries where our service providers maintain infrastructure
7. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy and to comply with our legal obligations.
7.1 Retention Periods
Active Client Data: Retained for the duration of our business relationship
Post-Relationship Data: Retained for 6 years after the end of our business relationship or last contact
Financial Records: Retained for 6 years in accordance with UK tax and accounting legal requirements
Marketing Communications: Retained until you unsubscribe or withdraw consent
7.2 Deletion Requests
If you request deletion of your data (see Section 8), we will delete or anonymize your personal data unless we have a legal obligation to retain it (e.g., financial records for tax purposes).
8. Your Rights Under UK GDPR
You have the following rights regarding your personal data:
8.1 Right of Access
You have the right to request a copy of the personal data we hold about you.
8.2 Right to Rectification
You have the right to request correction of inaccurate or incomplete personal data.
8.3 Right to Erasure (Right to be Forgotten)
You have the right to request deletion of your personal data, subject to certain legal exceptions (such as financial record-keeping requirements).
8.4 Right to Restrict Processing
You have the right to request that we limit how we use your personal data.
8.5 Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.
8.6 Right to Object
You have the right to object to processing based on legitimate interests or for direct marketing purposes.
8.7 Right to Withdraw Consent
Where processing is based on consent, you have the right to withdraw consent at any time.
8.8 Right to Lodge a Complaint
You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):
Website: https://ico.org.uk/
Telephone: 0303 123 1113
8.9 Exercising Your Rights
To exercise any of these rights, please contact us at:
Email: [email protected]
Address: 70 Bond Street, Hull, HU1 3EY, United Kingdom
We will respond to your request within one month, though this may be extended by two additional months for complex requests.
9. Data Security
We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.
9.1 Security Measures
Our security measures include, but are not limited to:
Use of secure, industry-standard service providers
GoHighLevel (GHL) security infrastructure and protocols
Encryption of data in transit and at rest where applicable
Access controls limiting data access to authorized personnel only
Regular security assessments of our systems and providers
Contractual obligations requiring service providers to maintain security standards
9.2 Your Responsibility
While we take security seriously, please note that no method of transmission over the internet or electronic storage is 100% secure. You are responsible for maintaining the confidentiality of any passwords or account credentials.
10. Children's Privacy
Our services are intended for adults only. We do not knowingly collect personal data from individuals under the age of 18. If you are under 18, please do not provide any personal information to us.
If we become aware that we have collected personal data from someone under 18 without proper parental consent, we will take steps to delete that information promptly.
11. Do Not Track Signals
Some web browsers have a "Do Not Track" (DNT) feature that signals to websites you visit that you do not want to have your online activity tracked. Our website does not currently respond to DNT signals, as there is no universally accepted standard for how to respond to such signals.
We only use essential cookies necessary for website functionality and do not engage in behavioral tracking or advertising.
12. Marketing Communications
We may send you marketing communications about our services if:
You have provided consent, or
You are an existing client and we are marketing similar services (soft opt-in)
12.1 Opt-Out
You have the right to opt out of marketing communications at any time by:
Clicking the "unsubscribe" link in any marketing email
Contacting us at [email protected]
Requesting removal during any communication with us
Opting out of marketing will not affect service-related communications necessary for providing our services.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
13.1 Notification of Changes
When we make material changes to this Privacy Policy, we will:
Update the "Last Updated" date at the top of this policy
Notify you via email at the address you have provided
Post a notice on our website
13.2 Continued Use
Your continued use of our services after changes to this Privacy Policy constitutes your acceptance of the updated policy. We encourage you to review this policy periodically.
14. Links to Third-Party Websites
Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party websites you visit.
15. Business Transfers
In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your personal data may be transferred to the successor entity. We will notify you via email and/or a prominent notice on our website of any such change in ownership or control of your personal data.
16. Legal Disclosures
We may disclose your personal data if required to do so by law or in response to:
Valid legal processes (court orders, subpoenas)
Government or regulatory requests
Protection of our rights, property, or safety
Protection of the rights, property, or safety of our users or the public
17. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Aventra Consulting
70 Bond Street
Hull, HU1 3EY
United Kingdom
Email: [email protected]
Website: https://aventraconsulting.co.uk/
For data protection inquiries and to exercise your GDPR rights, please use the email address above with the subject line "Data Privacy Request."
18. Definitions
Personal Data: Any information relating to an identified or identifiable natural person
Processing: Any operation performed on personal data, including collection, storage, use, or disclosure
Data Controller: The entity that determines the purposes and means of processing personal data (Aventra Consulting)
Data Processor: An entity that processes personal data on behalf of the data controller (our service providers)
UK GDPR: The UK General Data Protection Regulation, as retained in UK law following Brexit
By using our services, you acknowledge that you have read, understood, and agree to this Privacy Policy.
This Privacy Policy was last updated on December 3, 2025.