Privacy Policies

Privacy Policies

Policy Statement


AiM Ltd, its subsidiaries and trading divisions respect your privacy.

We are registered as a company in England and Wales under company number 03997992.  We are the data controller of the data which we collect from you, and as such we control the ways your personal data is collected and the purposes for which your personal data is used.

We, AiM, use your personal data to provide our services to you. When we talk about data and personal data in this policy, we mean personal data which identifies you or which could be used to identify you, such as your name and contact details. It may also include information about how you use our website.

AiM is committed to being transparent about how it collects and uses the personal data of its clients, prospects and employees and to meeting its data protection obligations. This policy sets out our commitment to data protection, and individual rights and obligations in relation to personal data, and as a data controller, the steps we take to ensure that any personal data you provide to us is kept secure and confidential and is used only for the purposes for which it is provided. Employee personal data is managed according to the Employee Data Protection Policy available on our company intranet.

AiM has appointed a Data Protection Officer who has responsibility for data protection compliance within the organisation. The Data Protection Officer can be contacted at Questions about this policy, or requests for further information, should be directed there.

We process data in compliance with the General Data Protection Regulation (GDPR).


Policy Arrangements



AiM Ltd (“Our Site”)

“Personal data” is any information that relates to an individual who can be identified from that information. Processing is any use that is made of data, including collecting, storing, amending, disclosing or destroying it.

“Special categories of personal data” means information about an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation and biometric data.

 “Cookie” means a small text file placed on your computer or device by Our Site when you visit certain parts of Our Site and/or when you use certain features of Our Site. Details of the Cookies used by Our Site are set out in the Cookie Policy below.

“Cookie Law” means the relevant parts of the Privacy and Electronic Communications (EC Directive) Regulations 2003.

Data protection principles

AIM processes personal data in accordance with the following data protection principles:

  • We process personal data lawfully, fairly and in a transparent manner

  • We collect personal data only for specified, explicit and legitimate purposes

  • We process personal data only where it is adequate, relevant and limited to what is necessary for the purposes of processing

  • We keep accurate personal data and take all reasonable steps to ensure that inaccurate personal data is rectified or deleted without delay

  • We keep personal data only for the period necessary for processing

  • We adopt appropriate measures to make sure that personal data is secure, and protected against unauthorised or unlawful processing, and accidental loss, destruction or damage

We tell individuals the reasons for processing their personal data, how we use such data and the legal basis for processing in our privacy policies. We will not process personal data of individuals for other reasons.

Where the organisation processes special categories of personal data to perform obligations, as detailed in the Special Categories of Personal Data section below.

We will update personal data promptly if an individual advises that his/her information has changed or is inaccurate.

Personal data voluntarily provided to us, including communication via email or other channels, or received by us when providing a service is held in a client, prospect or employee file in hard copy or electronic format, or both.

In addition, we may collect information about you from other sources, including third parties that help us: update, expand, and analyse our records; identify new customers; or prevent or detect fraud.

The periods for which the organisation holds personal data are referenced below.

The organisation keeps a record of its processing activities in respect personal data in accordance with the requirements of GDPR.


Information We Collect From You

Depending on how you use our services and websites, we might collect the following kinds of information from you:


Information collected

When the information is collected

Your name and contact details
(email address, telephone number, address)

When you create an account with us
When you make an enquiry via our website or via email
When you submit a career opportunity query
When you provide us with your curriculum vitae

Information about your organisation
(your employer, or your business, your role title)

When you make an enquiry via our website or via email
When you engage our services

Information about your training preferences
(types of training, business sector to be addressed)

When you make an enquiry via our website or via email
When you book a training session us

Work history
(previous employers, dates of employment, education, interests)

When you submit a curriculum vitae
When you make an application for a role with us

Contact detail for next of kin
(name, telephone number, benefit beneficiaries)

When you join us as a new employee

Accident records
(details of accident, details of physical injuries, medications taken)

When you report a work-related accident

Online communication (name, email address)

When you interact with us via Google+, Google My Business, EventBrite or YouTube.


Special Categories of Personal Data

Certain kinds of personal data, such as data about your racial or ethnic origin, your physical or mental health, your religious beliefs or alleged commission or conviction of criminal offences, are special categories of personal data which by law require additional protection. We try to limit the circumstances in which we collect sensitive personal data of this kind, but we do collect and process it when for example:

  • You have a work-related accident;

  • To assess your needs in relation to the workplace environment; and

  • To provide suitable food and drink at corporate events.

By providing any sensitive personal data, you explicitly agree that we may collect it and use it to provide services to you.


Information We Collect From Other Sources

We may receive information about you from other sources, including third parties that help us: update, expand, and analyse our records; identify new customers; or prevent or detect fraud.  Information collected in this way will include:


Information collected

When the information is collected

Commercial marketing lists
(name, email address, telephone number, organisation, role)

When we target a market sector
(All email addresses are corporate and telephone numbers are checked against the TPS and CTPS)

Client project team details
(name, email address, telephone number, role)

When we are engaged by your organisation to implement a new service or product

Client team contact details (name, role, email address, access rights)

To ensure we are communicating with an employee of the client
To ensure we share data only with the correct client contacts


Information We May Collect Automatically

We may receive information about you from social media platforms including but not limited to when you interact with us on those platforms or access our social media content.


Information collected

When the information is collected

Social media platforms
(Facebook, Twitter, LinkedIn, YouTube)

When you interact with us on these platforms
When you access our social media content

AiM website
(Google Analytics)

When you access our site
When you navigate pages on our site

Email marketing
(VerticalResponse, ACT)

When you receive, open, or respond to marketing emails
When you unsubscribe from receiving marketing emails


We analyse customer statistics, sales, traffic patterns and related site information. However, we will not pass any personal information on to third parties without your consent.

The information we may receive is governed by the privacy settings, policies, and/or procedures of the applicable social media platform, and we encourage you to review them.

We may use the information we collect.

We can only use your personal data if we have a legal reason for doing so. According to the law, we can only use your data for one or more of these reasons:

  • When you consent to it, or

  • To fulfil a contract we have with you, or

  • If we have a legal duty to use your data for a particular reason, or

  • When it is in our legitimate interests.

Legitimate interests are our business or commercial reasons for using your data.  When we use legitimate interests, we conduct a three-step test to determine if it is reasonable and does not put our interests above what is best for you.  The test considers i) the purpose of processing; ii) the necessity of the processing; and iii) the balance between AiM’s interest and your rights and freedoms.

In the table below, we have set out the different ways in which we use your personal data and the reasons we rely on for using that data.

If we rely on our legitimate interests for using your personal data, we will explain that to you.


What we use personal data for

Legal grounds for using it

Our legitimate interest

To respond to your enquiries

Fulfilling contracts


To provide you with services you request

Fulfilling contracts


To improve the services we provide

Legitimate interests

To provide relevant services using the latest knowledge, innovations and technology

To operate, troubleshoot and improve the Digital Services

Legitimate interests

To guarantee systems are available at all times
To ensure that the latest security updates are in place

To maintain our list of contacts

Legitimate interests

Keeping our records up to date, working out which of our products and services may interest you
Identifying or defining types of customers for new products of services


For AiM business purposes, including data analysis; submitting invoices; detecting, preventing, and responding to actual or potential fraud; illegal activities, or intellectual property infringement


Legitimate interests

Being efficient about how we fulfil our contracts, provide our services and fulfil our legal duties
Identifying ways to improve the way we deliver services to our customers

To evaluate, recruit and hire personnel

Fulfilling contracts


As we believe reasonably necessary or appropriate to: comply with our legal obligations; respond to legal process or requests for information issued by government authorities or other third parties; or to protect your, our or others’ rights

Legitimate interests

Being efficient about how we fulfil our contracts, provide our services and fulfil our legal duties


How Long Do We Keep Your Data? 

We keep your data only for as long as we need it. How long we need data depends on what we are using it for, whether that is to provide services to you, for our own legitimate interests (described above) or so that we can comply with the law.

We will actively review the information we hold and when there is no longer a customer, legal or business need for us to hold it, we will either delete it securely or in some cases anonymise it.


How We May Share the Information We Collect

AiM is a provider of business consultancy and technology services. Our offices share information with each other for business purposes such as internal administration, billing, promoting our events and services, and providing you or your organisation with services.

We do not sell, rent, or otherwise share information that reasonably identifies you or your organisation with unaffiliated entities for their independent use except as expressly described in this Privacy Policy or with your prior permission. We may share information that does not reasonably identify you or your organisation as permitted by applicable law.

We may also disclose information we collect

To our third-party service providers that perform services on our behalf; and

To law enforcement, other government authorities, or third parties as required by the laws that may apply to us; as provided for under contract; or as we deem reasonably necessary to provide our services. In these circumstances, we take reasonable efforts to notify you before we disclose information that may reasonably identify you or your organisation, unless prior notice is prohibited by applicable law or is not possible or reasonable in the circumstances.


Individual Rights

As a data subject, individuals have a number of rights in relation to their personal data.


The right to be properly informed about AiM’s activities in relation to personal data, and for this information to be provided in a clear, concise, transparent, intelligible and easily accessible form.

Subject access requests

Individuals have the right to make a subject access request, i.e. a request for the data AiM holds

about that individual. If an individual makes a subject access request, the organisation will tell him/her:

  • whether or not his/her data is processed and if so why, plus the categories of personal data concerned, and the source of the data if it is not collected from the individual

  • to whom his/her data is or may be disclosed, including to recipients located outside the European Economic Area (EEA) and the safeguards that apply to such transfers

  • for how long his/her personal data is stored (or how that period is decided)

  • his/her rights to rectification or erasure of data, or to restrict or object to processing

  • his/her right to complain to the Information Commissioner if he/she thinks the organisation has failed to comply with his/her data protection rights

  • whether or not the organisation carries out automated decision-making and the logic involved in any such decision-making

We will also provide the individual with a copy of the personal data undergoing processing. This will normally be in electronic form if the individual has made a request electronically, unless he/she agrees otherwise.

If the individual wants additional copies, the organisation will charge a fee, which will be based on the administrative cost to the organisation of providing the additional copies.

To make a subject access request, the individual should send the request to. In some cases, the organisation may need to ask for proof of identification before the request can be processed. The organisation will inform the individual if it needs to verify his/her identity and the documents it requires.

We will normally respond to a request within a period of one month from the date it is received.

If a subject access request is manifestly unfounded or excessive, the organisation is not obliged to comply with it. Alternatively, we can agree to respond but will charge a fee, which will be based on the administrative cost of responding to the request. A subject access request is likely to be manifestly unfounded or excessive where it repeats a request to which the organisation has already responded. If an individual submits a request that is unfounded or excessive, the organisation will notify him/her that this is the case and whether or not it will respond to it.


Other rights

Individuals have a number of other rights in relation to their personal data. They can require us to:

  • rectify inaccurate data

  • stop processing or erase data that is no longer necessary for the purposes of processing

  • stop processing or erase data if the individual’s interests override the organisation’s legitimate grounds for processing data (where the organisation relies on its legitimate interests as a reason for processing data)

  • stop processing or erase data if processing is unlawful

  • stop processing data for a period if data is inaccurate or if there is a dispute about whether the individual’s interests override the organisation’s legitimate grounds for processing data

  • provide data to a data subject in a structured, commonly used, machine readable format, or to have that data transmitted to another controller where that data was provided to the data controller, and the lawful basis for processing is consent or the performance of a contract

  • the right to not be subject to automated decision making. In this case the individual has the right to request manual intervention in the decision-making process

To ask us to take any of these steps, the individual should send the request to

Data Security

We take the security of personal data seriously. AiM is ISO 27001:2013 accredited and has internal policies and controls in place to protect personal data against loss, accidental destruction, misuse or disclosure, and to ensure that data is not accessed, except by employees in the proper performance of their duties.

Where the organisation engages third parties to process personal data on its behalf, such parties do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.


Cookie Policy

By using Our Site you may also receive certain third-party Cookies on your computer or device. Third party Cookies are those placed by websites, services, and/or parties other than Us. Third party Cookies are used on Our Site to better provide a targeted experience for the user. For more details, please refer to the section detailing how we use your data above, and to the table below. These Cookies are not integral to the functioning of Our Site and your use and experience of Our Site will not be impaired by refusing consent to them.

All Cookies used by and on Our Site are used in accordance with current Cookie Law.

The following first party Cookies may be placed on your computer or device:


Name of Cookie


Strictly Necessary


Google Analytics uses the Cookie to identify users. It has an expiration time of 2 years



Google Analytics uses the Cookie to identify users. It has an expiration time of 24 hours



Google Analytics uses the Cookie to throttle the request rate. It has an expiration of 1 minute



In addition to the controls that we provide, you can choose to enable or disable Cookies in your internet browser. Most internet browsers also enable you to choose whether you wish to disable all cookies or only third-party Cookies. By default, most internet browsers accept Cookies but this can be changed. For further details, please consult the help menu in your internet browser or the documentation that came with your device.

You can choose to delete Cookies on your computer or device at any time, however you may lose any information that enables you to access Our Site more quickly and efficiently including, but not limited to, login and personalisation settings.

It is recommended that you keep your internet browser and operating system up-to-date and that you consult the help and guidance provided by the developer of your internet browser and manufacturer of your computer or device if you are unsure about adjusting your privacy settings.


Data Breaches

If the organisation discovers that there has been a breach of personal data that poses a risk to the rights and freedoms of individuals, it will report it to the Information Commissioner within 72 hours of discovery. The organisation will record all data breaches regardless of their effect.

If the breach is likely to result in a high risk to the rights and freedoms of individuals, it will tell affected individuals that there has been a breach and provide them with information about its likely consequences and the mitigation measures it has taken.


Individual responsibilities

Individuals are responsible for helping us keep their personal data up to date. Individuals should let the organisation know if data provided changes, for example if an individual moves house or changes his/her bank details.

Individuals may have access to the personal data of other individuals and of our customers and clients in the course of their employment, contract, volunteer period, internship or apprenticeship. Where this is the case, AiM relies on individuals to help meet its data protection obligations to employees and to customers and clients.<

Individuals who have access to personal data are required:

  • to access only data that they have authority to access and only for authorised purposes

  • not to disclose data except to individuals (whether inside or outside the organisation) who have appropriate authorisation

  • to keep data secure (for example by complying with rules on access to premises, computer access, including password protection, and secure file storage and destruction)

  • not to remove personal data, or devices containing or that can be used to access personal data, from our premises without adopting appropriate security measures (such as encryption or password protection) to secure the data and the device

  • not to store personal data on local drives or on personal devices that are used for work purposes

Failing to observe these requirements may amount to a disciplinary offence, which will be dealt with under AiM’s disciplinary procedure. Significant or deliberate breaches of this policy, such as accessing employee or customer data without authorisation or a legitimate reason to do so, may constitute gross misconduct and could lead to dismissal without notice.


The organisation will provide training to all individuals about their data protection responsibilities as part of the induction process and at regular intervals thereafter.

Individuals whose roles require regular access to personal data, or who are responsible for implementing this policy or responding to subject access requests under this policy, will receive additional training to help them understand their duties and how to comply with them.


Changes to our Privacy Policy

Any changes we may make to our Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our Privacy Policy.



Please note that you have the right to lodge a complaint with the Information Commissioner’s Office by telephone on 0303 123 1113, or by using the live chat service which is available through the Information Commissioner’s website


Contact Us

You can email us at