Privacy Policy

Last updated: 7 July 2026

This policy explains how Active Clients Ltd collects, uses and protects personal data. We take your privacy — and the privacy of your clients — seriously, and we handle all personal data in line with the UK GDPR, the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations (PECR).

If you have any questions about this policy or about how we handle personal data, please contact us at benjamin.harvey@activeclients.co.uk.

1. Who we are

Active Clients Ltd is a company registered in England and Wales under company number 17311564, with its registered office at Suite A, 82 James Carter Road, Mildenhall, IP28 7DE. We provide an AI receptionist service to aesthetics clinics and similar businesses. For the purposes of UK data protection law, we act as a data controller in respect of the personal data of our clinic clients and website visitors, and as a data processor in respect of the personal data of the callers and clients whose calls we handle on our clinic clients' behalf.

Contact for data protection matters:
Active Clients Ltd, Suite A, 82 James Carter Road, Mildenhall, IP28 7DE  ·  benjamin.harvey@activeclients.co.uk

2. The personal data we collect

a. Clinic owners and enquirers (we are the controller)

b. Callers and clinic clients (we are the processor)

When we answer calls on behalf of a clinic, we process personal data about the people who call, on that clinic's instructions and on its behalf. This may include their name, phone number, the nature of their enquiry, appointment details and any information they choose to share during the call. Calls may be recorded and transcribed so that the AI can handle the enquiry, produce a call summary and improve accuracy. The clinic remains the controller of this data and is responsible for informing its own clients about call handling and recording.

3. How and why we use personal data

PurposeData usedLawful basis
Providing and configuring the AI receptionist service Account, clinic and caller data Performance of a contract; legitimate interests
Running your 2-week free trial and taking payment when it converts to your chosen plan Account and billing data Performance of a contract
Sending you service, account and setup communications Name, email, account data Performance of a contract; legitimate interests
Responding to enquiries and providing support Contact and correspondence data Legitimate interests
Sending marketing about our services Name, email Consent, or legitimate interests where permitted (see section 5)
Meeting legal, accounting and tax obligations Account and billing data Legal obligation

4. Messaging sent on a clinic's behalf

On the Growth and Complete plans, we send messages to a clinic's clients on that clinic's instructions — for example, appointment reminders by SMS and email, post-treatment review requests, and (on Complete) reactivation messages to lapsed clients. When we do this, we act as the clinic's processor. Each clinic is the sender and controller for these communications and is responsible for having a valid lawful basis and, where PECR requires it, appropriate consent from its own clients, and for honouring any opt-outs. Every marketing message we send on a clinic's behalf includes a simple way to opt out.

5. Marketing and PECR

We will only send you electronic marketing where we are permitted to do so. Where required, we rely on your consent, which you can withdraw at any time. Where we rely on the "soft opt-in" for existing or prospective business customers, we will always give you a clear and easy way to opt out — in every message and at any time by emailing us. We do not sell your personal data, and we do not share it with third parties for their own marketing.

6. Who we share data with

We share personal data only with trusted service providers who help us deliver the service, and only to the extent needed. These include:

All such providers are bound by contract to protect personal data and to use it only on our instructions. Where any provider processes data outside the UK, we ensure an appropriate safeguard is in place, such as the UK International Data Transfer Agreement or Addendum, or an adequacy decision.

7. How long we keep data

We keep personal data only for as long as necessary. Account and billing records are retained for the life of the relationship and for up to six years afterwards to meet legal and accounting requirements. Call recordings, transcripts and summaries are retained for the period agreed with each clinic and no longer than needed for the purpose. Marketing contact data is kept until you opt out or ask us to erase it.

8. Your rights

Under UK data protection law you have the right to:

To exercise any of these rights, email benjamin.harvey@activeclients.co.uk. If a request relates to a caller's data that we hold on a clinic's behalf, we will pass it to the relevant clinic, as controller, to handle. We will respond within one month.

9. Cookies and analytics

Our website uses only the cookies needed to run the site and, where you agree, basic analytics to understand how the site is used. We do not use advertising cookies. You can control cookies through your browser settings.

10. Security

We use appropriate technical and organisational measures to protect personal data against loss, misuse and unauthorised access, including access controls, encryption in transit and vetted providers. No system is completely secure, but we work to keep the risk as low as reasonably possible.

11. Complaints

If you have a concern about how we handle your data, please contact us first so we can put it right. You also have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk or on 0303 123 1113.

12. Changes to this policy

We may update this policy from time to time. Where changes are significant, we will let you know. The date at the top shows when it was last updated.