Feb 24, 2026
Measuring Organisational AI Maturity: A Practical Scoring Model
Surabhi Consulting Limited
Effective Date: 30th Dec 2025
Last Updated: 24th Feb 2026
In this Privacy Policy:
“Company”, “we”, “us”, or “our” means Surabhi Consulting Limited.
“Personal Data” has the meaning given under UK GDPR.
“Processing” means any operation performed on Personal Data.
“Data Controller” means the entity that determines the purposes and means of processing.
“Data Processor” means the entity that processes Personal Data on behalf of a controller.
“UK GDPR” means the retained EU General Data Protection Regulation as incorporated into UK law.
“PECR” means the Privacy and Electronic Communications Regulations 2003 (as amended).
Surabhi Consulting Limited
Registered in England & Wales
Registered Office: 167-169 Great Portland Street, London W1W 5PF
Website: https://www.surabhi.uk
Email: info@surabhi.uk
For data protection matters, please contact: www.surabhi.uk
📧 info@surabhi.uk
Unless otherwise stated, Surabhi Consulting Limited acts as Data Controller for Personal Data collected via its website and business operations.
This Privacy Policy applies to:
Visitors to our website
Prospective clients submitting enquiries
Clients engaging our professional services
Suppliers and business partners
Individuals subscribing to marketing communications
Event participants and training delegates
This Policy does not apply to third-party websites linked from our site.
We may collect:
Full name
Company name
Job title
Email address
Telephone number
Business address
Project requirements
Budget or commercial information
Communications and correspondence
Contractual documentation
When you access our website, we may collect:
IP address
Device type and identifiers
Browser type and version
Operating system
Website usage data
Pages visited and session duration
Referring URLs
Subscription preferences
Event registrations
Marketing consent records
Interaction history
In delivering consulting services, we may process Personal Data under client instruction. In such cases:
The client remains the Data Controller
Surabhi Consulting acts as Data Processor
Processing is governed by contract and, where required, a Data Processing Agreement (DPA)
We do not process special category data unless contractually required and legally permitted.
We process Personal Data under the following lawful bases:
Responding to enquiries
Delivering consulting services
Managing contractual obligations
Invoicing and financial administration
Business development
Website optimisation
Fraud prevention
Cybersecurity monitoring
Internal governance and risk management
We ensure that our legitimate interests do not override your fundamental rights.
Compliance with tax and accounting regulations
Regulatory reporting
Law enforcement requests
Email marketing
Non-essential cookies
Newsletter subscriptions
You may withdraw consent at any time.
We process Personal Data for the following purposes:
Providing AI, IT, cloud, DevOps, governance and advisory services
Managing commercial relationships
Delivering proposals, Statements of Work, and contracts
Conducting technical due diligence
Supporting regulatory compliance projects
Improving website performance
Marketing and thought leadership communication
Protecting our systems from cyber threats
We do not use personal data for automated decision-making or profiling that produces legal or similarly significant effects.
As a specialist AI & IT consultancy:
We may analyse anonymised or pseudonymised datasets for advisory purposes.
We do not use client confidential information to train public AI models.
All AI-related engagements are governed by contractual safeguards.
Data is processed strictly under documented client instructions.
Where applicable, we support clients in complying with:
UK GDPR
EU AI Act (where relevant)
Industry regulatory requirements
We may share Personal Data with:
Professional advisers (legal, accounting)
Secure cloud hosting providers
CRM systems
Payment processors
IT infrastructure providers
Regulatory authorities where legally required
We do not sell Personal Data.
All third-party processors are contractually bound by confidentiality and data protection obligations.
Where Personal Data is transferred outside the UK:
We rely on UK Adequacy Regulations
UK International Data Transfer Agreement (IDTA)
Standard Contractual Clauses (SCCs)
We ensure appropriate technical and organisational safeguards are implemented.
We implement appropriate technical and organisational measures including:
Secure UK/EU cloud hosting
Role-based access controls
Encryption in transit (TLS/SSL)
Multi-Factor Authentication (MFA)
Firewall and endpoint protection
Secure DevOps practices
Regular vulnerability reviews
While we implement robust safeguards, no system is entirely secure.
We retain Personal Data only for as long as necessary:
| Data Type | Retention Period |
|---|---|
| Enquiries | 12–24 months |
| Client records | 6 years (accounting compliance) |
| Contracts | Duration of contract + statutory period |
| Marketing data | Until consent withdrawn |
| Website logs | Typically 6–12 months |
Data is securely deleted or anonymised when no longer required.
Under UK GDPR, you have the right to:
Access your Personal Data
Rectify inaccurate data
Erasure (“right to be forgotten”)
Restrict processing
Object to processing
Data portability
Withdraw consent
Lodge a complaint with the ICO
To exercise your rights, contact:
📧 info@surabhi.uk
We may require proof of identity before responding.
Our website may use:
Essential cookies
Performance and analytics cookies
Security monitoring tools
Non-essential cookies are deployed only after consent where required by PECR.
Users may manage cookie preferences via browser settings.
Our services are intended for business professionals. We do not knowingly collect data from individuals under 18 years of age.
Our website may contain links to external websites. We are not responsible for their content or privacy practices.
In the event of a personal data breach:
We will assess risk without undue delay
Notify the ICO within 72 hours where required
Notify affected individuals where legally required
We reserve the right to amend this Privacy Policy at any time. Updates will be published on our website with a revised “Last Updated” date.
Surabhi Consulting Limited
Email: info@surabhi.uk
Website: https://www.surabhi.uk
If you are dissatisfied with our response, you may contact:
Information Commissioner’s Office (ICO)
https://ico.org.uk
Tel: 0303 123 1113
