GDPR Compliance Vendo AI
Last updated October 30, 2025
Commitment to Data Protection
At Vendo AI LTD (“Vendo AI”, “we”, “us”, or “our”), we are committed to maintaining the highest standards of privacy, transparency, and data protection in compliance with the UK General Data Protection Regulation (UK GDPR), the EU GDPR, and international data protection frameworks.
We design every feature of our AI platform — from sales script generation to interactive presentations and AI Skilled Workers — with privacy by design and security by default principles at its core.
Who We Are
Company Name: Vendo AI LTD
Company Number: 15081711
Address: Fourth Floor, 4–8 Ludgate Circus, London, United Kingdom, EC4M 7LF
Email: info@vendo-ai.com
Vendo AI operates globally, providing AI-powered solutions that help businesses automate sales, presentations, and communication while maintaining full control of their data.
How We Ensure GDPR Compliance
We implement strict technical and organizational measures to ensure lawful, fair, and transparent data processing. Our GDPR compliance is based on the following core principles:
Lawfulness, Fairness, and Transparency – We process personal data only when there is a legal basis (contract, legitimate interest, consent, or legal obligation).
Purpose Limitation – Data is collected only for specific, explicit, and legitimate purposes related to AI automation services.
Data Minimization – We collect only the minimum data required to deliver and improve our services.
Accuracy – We keep all personal data accurate and up to date.
Storage Limitation – Personal data is stored only for as long as necessary (see table below).
Integrity and Confidentiality – We apply strong encryption, secure cloud infrastructure (AWS/Google Cloud), and restricted access policies.
Accountability – Vendo AI maintains detailed documentation of processing activities and ensures compliance through regular audits.
What Data We Process
| Category of Data | Examples | Purpose of Processing | Retention Period |
|---|---|---|---|
| Identity Data | Name, username | Account creation, user identification | 6 years after account closure |
| Contact Data | Email, phone | Communication, support | 6 years after last contact |
| Company Data | Business name, website, product information, uploaded materials (documents, presentations, videos) | To generate AI sales scripts, visual presentations, and AI Skilled Workers | Retained for 12 months after last project activity |
| Technical Data | IP address, browser type, device ID, session data | Security, analytics, platform optimization | 24 months |
| Usage Data | Interactions with Vendo AI platform | Performance tracking and service improvement | 36 months |
| Financial Data | Payment info, transaction IDs | Billing, accounting, fraud prevention | 7 years (as required by law) |
| Marketing Data | Preferences, email opt-ins | Communication and promotional updates | Until user unsubscribes or withdraws consent |
Data Subject Rights
Under the UK GDPR and EU GDPR, you have the right to:
Access – Request a copy of your personal data.
Rectification – Correct inaccurate or incomplete data.
Erasure (“Right to be Forgotten”) – Request deletion of your data when legally permissible.
Restriction of Processing – Limit data processing under specific circumstances.
Data Portability – Obtain your data in a machine-readable format.
Objection – Object to processing for legitimate interest or marketing purposes.
Withdraw Consent – Revoke consent at any time without affecting prior processing.
To exercise any of these rights, contact info@vendo-ai.com.
We will respond to all legitimate requests within 30 days.
International Data Transfers
Your data may be processed and stored outside the United Kingdom and the European Economic Area.
We only transfer data to jurisdictions that ensure adequate protection, using Standard Contractual Clauses (SCCs) or equivalent safeguards approved by the UK ICO and European Commission.
Data hosting and processing are performed via trusted partners such as Amazon Web Services (AWS) and Google Cloud, ensuring full GDPR alignment.
Security of Processing
Vendo AI employs enterprise-grade data security measures, including:
End-to-end encryption (AES-256) for data in transit and at rest
Multi-factor authentication for admin access
Continuous monitoring and penetration testing
Regular staff training on GDPR and data ethics
Strict role-based access control (RBAC)
Automated Decision-Making and AI Transparency
Our platform uses artificial intelligence to analyze uploaded materials (e.g., documents, presentations, videos) and generate sales scripts, visual presentations, and AI Skilled Workers that can autonomously conduct meetings with voice support.
All AI operations are fully explainable and human-overseeable.
Users maintain full ownership of their input data and outputs generated by the system, subject to applicable terms of service.
Data Breach Notification
In the unlikely event of a personal data breach, Vendo AI will:
Notify the relevant supervisory authority within 72 hours (as required by Article 33 GDPR).
Inform affected users without undue delay if the breach poses a high risk to their rights or freedoms.
Business Outreach & Communication Services
Vendo AI provides automated business outreach services as part of our Autonomous AI Sales System. This section describes how we process data for outreach purposes in compliance with GDPR, CAN-SPAM, PECR, and other applicable regulations.
Data Sources for Business Outreach
Our outreach services utilize a proprietary database of 4M+ verified businesses worldwide. This database contains only:
- Publicly available business contact information (corporate email addresses, company phone numbers)
- Information voluntarily published on company websites, business directories, and professional networks
- Data obtained from legitimate third-party business data providers who comply with applicable data protection laws
We do not collect or use: personal email addresses, private phone numbers, or any data obtained through unlawful means.
Legal Basis for Business Outreach
Our outreach communications are sent under the legal basis of Legitimate Interest (Article 6(1)(f) GDPR) for B2B communications. We have conducted a Legitimate Interest Assessment (LIA) that demonstrates:
- Communications are relevant to the recipient's business activities
- Messages provide genuine business value and opportunities
- Recipients can easily opt out at any time
- The processing does not override the fundamental rights of data subjects
Nature of Outreach Communications
All communications sent through Vendo AI are:
- Personalized: Each message is uniquely generated based on the recipient's business context
- Relevant: Targeted to appropriate business contacts based on industry, role, and company type
- Identifiable: Clearly identifying the sender and purpose of communication
- Compliant: Including valid sender information and physical address
Outreach Channels
Vendo AI may conduct outreach through multiple channels, including:
- Email communications to corporate email addresses
- AI-powered voice calls to business phone numbers
- Messaging via business communication platforms (WhatsApp Business, Telegram, LinkedIn, etc.)
- SMS to business mobile numbers where permitted by local law
Opt-Out Rights
Every outreach communication includes a clear and functional unsubscribe mechanism. Recipients can:
- Click the unsubscribe link in any email
- Reply with "STOP" or "UNSUBSCRIBE" to any message
- Request removal by contacting unsubscribe@vendo-ai.com
Opt-out requests are processed within 24 hours, and the contact is permanently added to our suppression list.
For our complete outreach policies, please see our Email & Outreach Policy.
Contact and Complaints
If you have questions about data protection or GDPR compliance, contact:
Data Protection Officer (DPO)
Vendo AI LTD
Fourth Floor, 4–8 Ludgate Circus
London, United Kingdom, EC4M 7LF
📧 info@vendo-ai.com
You also have the right to lodge a complaint with your local data protection authority or the UK Information Commissioner’s Office (ICO): www.ico.org.uk