Privacy Policy

Last updated: [11 November 2025]

1. Who we are

This Privacy Policy explains how [WelQome Ltd] (“WelQome”, “we”, “us”, “our”) collects, uses and shares personal data in the course of operating:

  • our website: https://welqome.co.uk (the “Website”); and
  • our AI-powered receptionist and call-handling services, integrations, and associated support (the “Services”).

We are a data controller for personal data we process about:

  • visitors to our Website;
  • our prospective and existing customers and their personnel; and
  • other individuals who interact directly with us.

For some data about callers contacting our customers via WelQome agents, we primarily act as a data processor on behalf of our customer (see Section 3).

Legal entity

Name:
[WelQome Ltd]
Company number:
[●]
Registered office:
[●]
Contact email for privacy matters:
privacy@welqome.co.uk
Contact telephone (optional):
[+44 (0)●●● ●●● ●●●]

If required under UK law, our Data Protection Officer (DPO) can be contacted at:

Email:
dpo@welqome.co.uk
Postal:
[Data Protection Officer, WelQome Ltd, (Address as above)]

2. Scope of this Privacy Policy

This Privacy Policy applies to personal data we process:

  • when you browse, use or interact with our Website;
  • when you contact us by phone, email, webform, or other channels;
  • when our AI receptionists or other agents interact with you on calls, via messaging channels or similar interfaces;
  • when we provide Services to our customers, including CRM or telephony integrations; and
  • when you apply for a role with us or otherwise engage with WelQome in a professional context.

It does not govern the privacy practices of our customers. Where you interact with a WelQome agent representing a particular business, that business will typically be the primary controller of your data for that interaction and will have its own privacy notice.

3. Our role: controller vs processor

Depending on context, we may process personal data as:

Independent Controller

  • For Website usage and analytics.
  • For our own CRM, sales, marketing and account management.
  • For security monitoring, billing, and running our internal operations.

Processor (or sub-processor)

  • When we host, route, transcribe or analyse calls and messages on behalf of our customers.
  • When we integrate with customers’ systems (e.g. telephony, CRM, calendars, ticketing, messaging platforms) and process personal data solely under their instructions.

In processor scenarios, our customers are responsible for providing a compliant privacy notice to callers and other end-users, and we process data strictly in line with our contracts and their documented instructions.

4. Categories of personal data we collect

The precise data we process depends on how you interact with us and which Services are in use. Typically we may collect:

Identity and contact data

Name, title, role, employer, contact details (email address, telephone number, business address). Account identifiers and login details (if you use a WelQome account or portal).

Business and contract data

Organisation name, billing details, contract documents, commercial correspondence and transaction history.

Call and interaction data

Caller ID, phone number, call routing information and timestamps. Audio recordings of calls handled by WelQome agents (where enabled). Transcripts and conversation summaries generated by speech recognition and natural language processing tools. Interaction logs (e.g. which prompts were used, which actions were taken on your behalf, outcomes of calls).

Technical and usage data

IP address, device identifiers, browser type and version, time zone setting and approximate location, operating system, referrer URLs. Clickstream data, pages visited, time spent on pages, interaction with UI elements, and log files generated by our systems. Telemetry required for monitoring system performance and security (e.g. request metadata, error logs).

Marketing and communication preference data

Preferences regarding marketing communications, channels and content. Records of consents and opt-outs.

Recruitment data (if you apply for a role)

CV, cover letter, qualifications, work history, interview notes, assessment results and references.

Special category data (sensitive data)

In principle, we do not intentionally seek to collect health data, racial or ethnic origin information, religious beliefs, or other special category data via our Services.

However, our agents may incidentally process such data if you disclose it during a call, message or form submission. Where this occurs, we will process it only as necessary to fulfil the purpose of the interaction (e.g. scheduling a medical appointment) and in line with applicable legal bases and safeguards.

5. How we collect personal data

We collect personal data through:

Direct interactions

  • When you fill in forms on our Website.
  • When you correspond with us by email, phone or other channels.
  • When you participate in demos, pilots or usability research (where applicable).

Use of WelQome Services

  • When you are a customer user administering or using the Services.
  • When you speak with or otherwise interact with a WelQome agent deployed by one of our customers.

Automated technologies

  • Through cookies, SDKs, pixels, device identifiers and similar technologies on our Website and, where applicable, within our customer portals (see Section 7).

Third-party sources

  • Our customers, where they provision users or upload contacts into the Service.
  • Telephony, messaging or communications providers and CRM platforms to which our Services are connected.
  • Publicly available sources (e.g., professional networking sites, company websites, registries) to support B2B sales and relationship management.

6. Why we use personal data and our legal bases

Under UK GDPR and the Data Protection Act 2018, we must identify a lawful basis for each processing purpose.

Purpose Example personal data Lawful basis (UK GDPR) Typical retention
To operate, provide and support the WelQome Services to our customers (including call routing, transcription, actions and logging) Identity/contact data, call and interaction data, technical data Performance of a contract with our customer (Article 6(1)(b)) and/or legitimate interests of our customer and WelQome in providing and improving communication and call-handling services (Article 6(1)(f)) For the duration of the contract plus [X] years, unless a shorter period is configured by the customer
To manage our commercial relationship with you (onboarding, billing, support, contract administration) Identity/contact data, business and contract data Performance of a contract; legitimate interests (efficient operation of our business) Contract term + [6] years (to align with limitation periods and accounting rules)
To secure and monitor our infrastructure, prevent fraud and abuse, and ensure Service integrity Technical and usage data, interaction logs Legitimate interests (security of our systems and users); legal obligation where we must maintain logs Logs retained for [X days/months] unless required longer for security investigations
To analyse Service usage and improve performance, features and user experience Technical and usage data, interaction data (pseudonymised/aggregated where possible) Legitimate interests in developing, improving and optimising our Services Aggregated and anonymised data retained indefinitely; identifiable analytics retained for [X] months
To provide marketing communications about WelQome products and features (B2B) Identity/contact data, marketing preference data Legitimate interests in promoting our Services to business contacts; consent where required under PECR for email/SMS channels Until you opt-out or after [X] years of inactivity
To comply with legal and regulatory obligations (e.g. tax, accounting, responding to lawful requests) Identity/contact data, business data, relevant logs Legal obligation (Article 6(1)(c)) As required by law (e.g. 6–7 years for tax records)
Recruitment and hiring Identity/contact data, recruitment data Legitimate interests (recruitment); performance of a contract (where we make an offer); consent where required for retaining your details for future roles For unsuccessful candidates, [6–12 months] after decision, unless you consent to a longer period

Where we rely on consent for any processing (for example, some marketing, optional cookies, or certain uses of call recordings), we will ensure it is freely given, specific, informed and unambiguous, and that individuals can withdraw consent at any time.

7. Cookies, analytics and similar technologies

We use cookies and similar technologies on our Website and in some parts of the Services to:

  • enable core functionality (e.g. security, load balancing, session management);
  • understand how visitors use our Website; and
  • support performance monitoring and, where enabled, marketing or conversion analytics.

Non-essential cookies and similar technologies that track individuals (for example, for marketing or advanced analytics) will only be set with your consent, as required under the UK Privacy and Electronic Communications Regulations (PECR).

For full details of the cookies we use and how to manage your preferences, please see our [Cookie Policy].

8. Sharing your personal data

We do not sell personal data. We may, however, share personal data with the following categories of recipients where necessary and proportionate:

Customers and end organisations

If you contact one of our customers via a WelQome agent, information about that interaction (e.g. caller details, call transcript, actions taken) will be shared with that customer, who will usually be the controller for that interaction.

Service providers (processors)

We use carefully selected third parties to support our operations, including:

  • Cloud hosting and infrastructure providers;
  • Telephony and communications providers;
  • CRM, ticketing, productivity or calendar platforms where we integrate on behalf of a customer;
  • Email delivery and notification platforms;
  • Analytics, error monitoring and security vendors;
  • Professional advisers (lawyers, accountants, auditors) under confidentiality obligations.

Corporate transactions

In connection with any merger, acquisition, sale of assets, restructuring or insolvency event, where permitted by law and subject to appropriate confidentiality and data protection safeguards.

Legal and regulatory disclosures

To courts, law enforcement, regulators (including the Information Commissioner’s Office) and other public authorities where required by law or necessary to establish, exercise or defend legal claims.

All processors acting on our behalf are bound by contractual obligations that meet UK GDPR requirements, including confidentiality, security, and limitations on their own use of the data.

9. International data transfers

Our core infrastructure is [located in the UK / UK and EEA] but some of our service providers may be based outside the UK or may process data in other jurisdictions.

Where personal data is transferred outside the UK (and, where relevant, the EEA), we will ensure that:

  • the destination country has been recognised as providing an adequate level of protection; or
  • appropriate safeguards are in place, such as the UK International Data Transfer Agreement (IDTA), the UK Addendum to the EU Standard Contractual Clauses, or other mechanisms approved by UK law.

You can request more information about our international transfer mechanisms by contacting us (see Section 14).

10. Data retention

We retain personal data only for as long as necessary to fulfil the purposes we collected it for, including:

  • the provision of Services and performance of contracts;
  • compliance with legal, accounting and reporting obligations; and
  • handling or defending legal claims.

We apply service-specific retention settings (for example, how long call recordings and transcripts are stored) and, where we act as processor, we follow our customers’ documented instructions. After the relevant retention period expires, we will securely delete or anonymise the data.

More detailed retention information can be obtained by contacting us.

11. Security of personal data

We implement appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. These measures include, as appropriate:

  • encryption in transit and at rest for key systems;
  • access controls and role-based permissions;
  • network and application-level security controls;
  • logging, monitoring and incident response processes; and
  • staff training and internal policies on data protection and information security.

No system can be completely secure, but we aim to maintain an appropriate level of security in line with the sensitivity of the data and current best practice.

12. Automated decision-making and profiling

WelQome’s Services involve automated processing (including AI and natural language processing) to understand and respond to callers, route calls, collect information and perform defined actions.

In typical use, these automated processes do not produce legal or similarly significant effects on individuals in the sense defined by UK GDPR.

Where any deployment could involve solely automated decision-making producing such effects, we will ensure that appropriate safeguards are in place and that affected individuals are informed of the logic involved, the significance and envisaged consequences, and their rights to obtain human intervention, express their point of view and contest the decision.

If you have concerns about automated processing in a specific deployment, please contact us using the details in Section 14.

13. Your data protection rights

Under UK data protection law, and subject to certain conditions and exemptions, you have the following rights in relation to your personal data:

Right of access
to obtain confirmation of whether we process your personal data and to receive a copy of that data, together with certain information about our processing.
Right to rectification
to have inaccurate or incomplete personal data corrected.
Right to erasure
to request deletion of your personal data in certain circumstances (for example, where it is no longer necessary for the purposes for which it was collected).
Right to restriction of processing
to request that we restrict processing of your personal data in certain circumstances (e.g. while we verify its accuracy or consider an objection).
Right to data portability
where processing is based on consent or contract and carried out by automated means, to receive your personal data in a structured, commonly used and machine-readable format and to transmit it to another controller where technically feasible.
Right to object
to object to processing based on our legitimate interests (including profiling) or to direct marketing at any time. We will then stop processing unless we have compelling legitimate grounds which override your interests, rights and freedoms, or we need to continue processing for legal claims.
Right to withdraw consent
where processing is based on your consent, you can withdraw that consent at any time. This will not affect the lawfulness of processing prior to withdrawal.
Right to complain
you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) or another competent supervisory authority if you are unhappy with how we handle your personal data (see Section 15). The Data (Use and Access) Act 2025 (DUAA) further emphasises this right to complain and transparency about routes to redress.

14. How to exercise your rights

To exercise any of your rights, please contact us at:

Email: privacy@welqome.co.uk
Postal: [Privacy Team, WelQome Ltd, (Address as above)]

To protect your data, we may need to request specific information from you to help us confirm your identity. We aim to respond to all legitimate requests within one month, although this period can be extended by a further two months if your request is particularly complex or you have made multiple requests.

If we act as a processor for a particular interaction (for example, a call handled on behalf of a specific customer), we may need to refer your request to that customer, who will usually be the primary controller responsible for responding.

15. Complaints and contact with the ICO

We would appreciate the opportunity to address your concerns in the first instance. You can contact us using the details in Section 14.

You also have the right to lodge a complaint with the UK supervisory authority for data protection:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 123 1113
Website: https://ico.org.uk

16. Third-party links

Our Website may contain links to third-party websites, plug-ins or services. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party sites and are not responsible for their privacy practices. We encourage you to read the privacy policy of every site you visit.

17. Changes to this Privacy Policy

We may update this Privacy Policy from time to time, for example to reflect:

  • changes in our Services or internal processes;
  • changes in applicable law or regulatory guidance (including developments under the Data (Use and Access) Act 2025 and related secondary legislation);
  • new technologies or operational needs.