Legal

Privacy Policy

This policy explains how Operisys collects, uses, shares and protects your personal data, and the rights you have over it. We are committed to handling your data lawfully, fairly and transparently under the UK GDPR, the EU GDPR and the Data Protection Act 2018.

Last updated: 8 June 2026

1. Who we are

Operisys is a business modernization and AI systems consultancy. For the purposes of data protection law, the data controller is:

  • Operisys Ltd (“Operisys”, “we”, “us”, “our”), a company registered in England & Wales
  • Registered company number: 17272866
  • Registered office: 66 Paul Street, London EC2A 4NA
  • Privacy contact: hello@operisys.com

This policy covers the Operisys website and related forms, assessments and communications. Where we determine the purposes and means of processing, we are the controller. Where we process personal data on a client’s behalf as part of a delivered project, we act as a processor under a separate data processing agreement, and the client’s own privacy notice governs that data.

2. The personal data we collect

Information you give us

  • Contact & enquiry data — name, email address, phone number, company/organisation, and the content of your message when you use our contact form, book a consultation, or email us.
  • Assessment data — the answers you provide to the Operisys Modernization Framework (OMF) assessment, and the email address you give to receive your report.
  • Intake & project data — information you submit through intake forms about your business, workflows and requirements.
  • Lead-magnet / download data — name and email when you request a guide, blueprint or other resource.
  • Booking data — details needed to schedule and prepare for a consultation.
  • Payment data — where you make a payment, billing details are processed by our payment provider (Stripe). We do not store full card numbers on our systems.
  • Chatbot messages — anything you type into our website assistant.

Information we collect automatically

  • Technical & usage data — IP address, device and browser type, pages viewed, referring page, and interactions, collected via cookies and similar technologies (see section 4). Analytics data is only collected if you opt in.

Information from third parties

  • Where you reach us through a referral, partner, or a connected service, we may receive your contact details from that source on the basis that they have a lawful right to share them.

We do not ask for, and request that you do not submit, special category data (such as health, ethnicity, political or religious information) through our forms or chatbot.

3. How and why we use your data

We only use your personal data where the law allows us to. The table below sets out our purposes and the corresponding lawful basis under Article 6 of the UK/EU GDPR.

PurposeLawful basis
Respond to enquiries and provide information you requestLegitimate interests (responding to you); or steps prior to a contract
Arrange and deliver consultations and projectsPerformance of a contract (or steps prior to entering one)
Generate and send your OMF assessment reportConsent, and/or steps prior to a contract
Process payments and keep accounting recordsPerformance of a contract; legal obligation (tax/accounting)
Send marketing emails about our servicesConsent (you can withdraw at any time)
Measure and improve the website (analytics)Consent (opt-in only)
Operate our chatbot and AI featuresLegitimate interests; consent where applicable
Maintain security, prevent fraud and abuseLegitimate interests
Comply with legal and regulatory obligationsLegal obligation

Where we rely on legitimate interests, we have balanced those interests against your rights and freedoms. You can ask us about this assessment or object to such processing at any time (see section 9).

4. Cookies and analytics

We use strictly necessary cookies and local storage to run the site and remember your cookie choice. These do not require consent.

With your consent, we use Microsoft Clarity analytics to understand how visitors use the site (anonymised usage, heatmaps and session insights) so we can improve it. No analytics cookies are set, and no Clarity script is loaded, until you opt in. You can accept, reject, or change your choice at any time using the cookie banner or the “Cookie settings” link in the footer. Withdrawing consent stops further analytics collection.

5. AI features and automated processing

Our website assistant and certain features use third-party AI services (including OpenAI) to generate responses. Please do not enter confidential or special category information into the chatbot. AI outputs can be inaccurate and are provided for general guidance only.

The OMF assessment uses a deterministic, rules-based scoring method to produce an indicative maturity score and report. This is advisory and is reviewed by a human before any recommendation or engagement. We do not make decisions producing legal or similarly significant effects about you by solely automated means.

6. Who we share your data with

We do not sell your personal data. We share it only with trusted service providers (processors) who act on our instructions under a data processing agreement, and where required by law. Our key sub-processors are:

ProviderPurpose
NetlifyWebsite hosting and delivery
SupabaseDatabase and secure storage of form/assessment data
StripePayment processing
ResendTransactional and report emails
OpenAIChatbot and AI-generated content
HubSpot / GoHighLevelCustomer relationship management (CRM)
Microsoft ClarityWebsite analytics (only with consent)
Slack & TelegramInternal notifications to our team (e.g. a new booking)

We may also disclose data to professional advisers, regulators or law enforcement where legally required, and to a buyer in connection with a sale or reorganisation of our business.

7. International data transfers

Some of our providers are based outside the UK/EEA (for example in the United States). Where personal data is transferred internationally, we ensure an appropriate safeguard is in place, such as UK “adequacy” regulations, the UK International Data Transfer Agreement / Addendum, the EU Standard Contractual Clauses, or the EU–US / UK–US Data Privacy Framework where the provider is certified. You can request more information about these safeguards using the contact details below.

8. How long we keep your data

  • Enquiries that do not lead to an engagement — up to 24 months, then deleted or anonymised.
  • Client and project records — for the duration of our relationship and up to 6 years afterwards, to meet legal, tax and contractual obligations.
  • Marketing data — until you unsubscribe or withdraw consent.
  • Analytics data — retained by Microsoft Clarity for up to 13 months.

We keep data no longer than necessary for the purposes set out in this policy.

9. Your rights

Under the UK GDPR and EU GDPR you have the right to:

  • be informed about how we use your data;
  • access a copy of the personal data we hold about you;
  • have inaccurate or incomplete data corrected;
  • have your data erased (the “right to be forgotten”) where applicable;
  • restrict our processing of your data;
  • data portability — receive your data in a portable format;
  • object to processing based on legitimate interests or direct marketing;
  • withdraw consent at any time, without affecting prior processing;
  • not be subject to solely automated decisions with legal or similarly significant effects.

To exercise any of these rights, email hello@operisys.com. We will respond within one month. We will not charge a fee unless your request is manifestly unfounded or excessive, and we may need to verify your identity first.

10. Complaints

We hope to resolve any concern directly. You also have the right to complain to a supervisory authority. In the UK this is the Information Commissioner’s Office (ICO) ico.org.uk, helpline 0303 123 1113. In the EU/EEA, you may contact your local data protection authority.

11. Children

Our website and services are intended for businesses and professionals and are not directed at children. We do not knowingly collect personal data from anyone under 16.

12. Security

We use appropriate technical and organisational measures to protect your data, including encryption in transit (HTTPS), access controls, and working only with reputable providers bound by data processing agreements. No method of transmission over the internet is completely secure, but we work to protect your data and to notify you and the relevant authority of any qualifying breach as required by law.

13. Third-party links

Our site may link to third-party websites. We are not responsible for their privacy practices and encourage you to read their privacy notices.

14. Changes to this policy

We may update this policy from time to time. We will revise the “Last updated” date above and, where changes are material, take reasonable steps to inform you.

15. Contact us

For any privacy question or to exercise your rights, contact hello@operisys.com or write to us at our registered office: 66 Paul Street, London EC2A 4NA.