GDPR Compliance
Last updated: 2026-07-02
On this page
Answertree Ltd, a company registered in England and Wales (company number 14567441) with its registered office at The Quadrant, 99 Parkway Avenue, Sheffield, England, S9 4WG ("Answertree", "we", "us", or "our"), is committed to complying with the EU General Data Protection Regulation and the UK GDPR (together, "GDPR") for personal data relating to individuals in the European Economic Area and the United Kingdom. This page summarizes how we approach that obligation. It should be read alongside our Privacy Policy and Cookie Policy.
Our Commitment
We aim to process personal data lawfully, fairly, and transparently; to collect only what we need for a specified purpose; to keep it accurate and secure; and to retain it no longer than necessary. Our security practices are informed by our ISO 27001 and ISO 9001:2015 certifications and our Cyber Essentials certification, and we are registered with the UK Information Commissioner's Office (ICO).
Controller and Processor Roles
For personal data collected through our website (such as newsletter sign-ups and contact form submissions), Answertree acts as the data controller.
For personal data that a customer submits to the Answertree platform as part of using the Service — for example, contact details within a quote, order, or other channel workflow document — Answertree acts as a data processor on the customer's behalf, and the customer acts as controller. Processor obligations, including the terms on which we process such data, are set out in the applicable data processing agreement or subscription agreement with the customer. If your organization needs a data processing agreement, contact us using the details below.
Legal Bases for Processing
Where we act as controller, we rely on consent, legitimate interests, or legal obligation as the legal basis for processing, as described in our Privacy Policy. Where we act as processor, the legal basis for processing is determined by the controller (our customer) and documented in the relevant agreement.
Your Rights Under GDPR
If you are located in the EEA or UK, you have the right to:
- Access the personal data we hold about you;
- Rectify inaccurate or incomplete data;
- Erasure ("right to be forgotten"), subject to legal retention requirements;
- Restrict processing in certain circumstances;
- Data portability, to receive your data in a structured, commonly used format;
- Object to processing based on legitimate interests, including profiling; and
- Not be subject to a decision based solely on automated processing, including profiling, that produces legal or similarly significant effects — Answertree does not use automated decision-making of this kind on website visitors.
To exercise these rights, contact us at the email below. If your personal data was submitted to the Service by an Answertree customer (i.e., we act as processor), we will direct your request to that customer unless the law requires otherwise, since they control that data.
International Data Transfers
Where personal data originating in the EEA or UK is transferred to a country without an adequacy decision, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses or the UK International Data Transfer Addendum, as described in our Privacy Policy.
Data Protection by Design and Default
We aim to build privacy considerations into the Service from the outset, including access controls, encryption in transit, and role-based permissions, and to limit data collection to what is necessary for the stated purpose.
Data Breach Notification
We maintain procedures to detect, investigate, and respond to personal data breaches. Where a breach is likely to result in a risk to individuals' rights and freedoms, we will notify the relevant supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach, as required by law, and will notify affected individuals or the relevant controller (where we act as processor) without undue delay where required.
Supervisory Authority
If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local supervisory authority. In the UK, this is the Information Commissioner's Office (ico.org.uk). We would appreciate the opportunity to address your concerns directly first — contact us using the details below.
Contact Us
For GDPR-related questions, data subject requests, or to request a data processing agreement, contact info@answertree.ai.