Sunday, October 26, 2025
Latest:

Privacy Policy

Introduction

ABM Logic Ltd (“ABM Logic”, “we”, “us” or “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, share, and protect personal data when you interact with us, visit our websites, or use our services. It also explains your privacy rights and how the law protects you.

We gather and process data in accordance with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the EU GDPR (where relevant), the California Consumer Privacy Act (CCPA/CPRA), and India’s Digital Personal Data Protection Act, 2023 (DPDP).

This Policy applies to ABM Logic Ltd, registered in England under company number 15607754, with its registered office at 124 City Road, London, EC1V 2NX, United Kingdom.

GDPR Certification: Art 27 representation by Prighter
powered by Prighter

Scope of this Policy

This Privacy Policy applies to the following websites operated by ABM Logic (collectively, the “Websites”):

This Privacy Policy will be updated each time ABM Logic launches a new website, and the definitive list of covered domains will always be maintained here.

This Privacy Policy should be read together with any other privacy or fair processing notices we may provide on specific occasions when we are collecting or processing personal data. It supplements other notices and is not intended to override them.

Governance Roles

We do not currently have a formally appointed Data Protection Officer (DPO), as one is not required under applicable data protection laws.

We have appointed Prighter Ltd as our authorised representative in the European Union under Article 27 of the EU GDPR. Prighter Ltd can be contacted regarding all EU data protection matters at:

Prighter Ltd

Individuals in the EU may contact Prighter directly for all issues related to the processing of their personal data and the exercise of their rights under the GDPR.

We have also designated Rohit Zadoo as our Grievance Officer in India to handle data protection complaints and requests under the Digital Personal Data Protection Act, 2023. He can be contacted at privacy.india@abmlogic.com

Data Collected

We collect and process personal data only to the extent necessary to operate our business, deliver services to clients, and comply with legal requirements. The categories of data we may collect include:

  • Leads and Prospects: name, job title, email address, phone number, and publicly available LinkedIn or social profile information.
  • Clients: name, job title, email address, and billing or invoicing details required for contract and account management.
  • Website Visitors: IP address, browser and device information, and data collected through cookies and analytics tools.
  • Employees and Contractors: HR records, contractual agreements, and payroll or payment information.
  • Payments: invoicing and bank transfer details. We do not collect or store credit card information at this time.

How We Collect Personal Data

We collect personal data from a variety of sources to support our sales, marketing, and client campaign activities. These include:

  • Direct Input: information you provide directly through our website contact forms, gated content downloads, or event and webinar registrations.
  • Automated Collection: information gathered automatically through cookies, analytics tools (such as web analytics and advertising platforms), and tracking technologies like email pixels or web beacons.
  • Third-Party Sources: information received from trusted data vendors, content syndication partners, and publicly available sources such as LinkedIn or company websites.

How We Use Personal Data

We use personal data for the following purposes:

  • Service Delivery: executing client campaigns, providing reporting, and delivering qualified leads.
  • Content Syndication: hosting and promoting content on behalf of clients.
  • Lead Generation and Enrichment: identifying, validating, and enriching business contacts.
  • Multi-Channel Prospecting: engaging prospects through email, LinkedIn, and phone outreach.
  • Analytics and Website Improvement: monitoring website usage to improve performance and user experience.
  • Billing and Administration: handling invoicing, payments, and contract management.
  • HR and Contractor Management: managing employment and contractor relationships.
  • Marketing and Outreach: promoting our own services to relevant business contacts.
  • AI-Driven Enrichment and Profiling: using automated tools to enrich, score, or profile business contacts, always subject to human oversight and never producing legal or similarly significant effects for individuals.

You can opt out of receiving marketing communications at any time by following the unsubscribe instructions in our emails or by contacting us directly. We will honour all opt-out requests promptly and ensure that individuals are removed from marketing lists across all channels.

Legal Basis for Processing (UK/EU)

Where we process personal data relating to individuals in the United Kingdom or the European Economic Area, we rely on one or more of the following legal bases under the UK and EU General Data Protection Regulation (GDPR):

  • Contract: to deliver services purchased by our clients, including campaign execution, reporting, and lead delivery.
  • Consent: where individuals have provided consent, such as for receiving marketing emails or accepting non-essential cookies.
  • Legitimate Interests: for certain business-to-business activities such as prospecting, analytics to improve our website, and maintaining fraud prevention and security. We balance these interests against the rights of individuals.

Legal Obligations: where processing is necessary to meet record-keeping, tax, or other statutory requirements.

Data Sharing

We share personal data only with trusted parties where necessary to operate our business, deliver services, or comply with legal requirements. These include:

  • Vendors: providers of customer relationship management (CRM) platforms, email and marketing automation tools, analytics services, and cloud hosting or storage solutions.
  • Partners: content syndication agencies and external consultants engaged to support client campaigns and business operations.
  • Regulators and Authorities: where required by law, we may disclose personal data to regulators, courts, law enforcement agencies, tax authorities, or other government bodies, or where necessary to protect our legal rights.

For more information about the use of cookies and similar technologies on our Websites, and to manage your preferences, please see our separate Cookie Policy, which explains the use of cookies and similar technologies in more detail and allows you to manage your preferences.

International Data Transfers

We may transfer personal data outside the United Kingdom and the European Economic Area. In particular:

  • India: personal data may be transferred to our operations in India, where our teams process data to support client campaigns and business activities.
  • United States: personal data may be transferred to service providers located in the United States.
  • Other Regions: at present, we do not transfer personal data to other regions (such as APAC), but this may change in the future if our operations expand.

Wherever such transfers occur, we ensure that appropriate safeguards are in place to protect personal data, as required by law. These may include the use of Standard Contractual Clauses (SCCs), the UK International Data Transfer Agreement (IDTA), or reliance on the EU–US Data Privacy Framework where applicable. Further details of these safeguards can be provided upon request.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or to meet legal, regulatory, or contractual requirements. In particular:

  • Leads and Prospects: retained for up to 24 months from the last interaction, unless otherwise required by law or contract.
  • Client Project Data: retained for up to 7 years after project completion, to comply with contractual and legal obligations.
  • Employee and Contractor Data: retained for the duration of the relationship and for up to 6 years afterwards, to meet employment and contractual obligations.
  • Financial and Tax Records: retained for up to 7 years in accordance with legal requirements.

Individuals may request earlier deletion of their personal data where applicable, and we will comply unless a legal obligation requires us to retain it.

Your Rights

Depending on where you are located, you may have certain rights under data protection laws such as the UK/EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act/California Privacy Rights Act (CCPA/CPRA), or India’s Digital Personal Data Protection Act (DPDP). These rights may include:

  • Access (GDPR, CCPA/CPRA): You may request a copy of the personal data we hold about you. We will typically provide this in a portable format (e.g., CSV or Excel).
  • Rectification (GDPR, CCPA/CPRA): You may ask us to correct inaccurate or outdated personal data.
  • Erasure (GDPR, CCPA/CPRA): You may request that we delete your personal data, unless we are legally required to retain it (for example, invoices kept for tax purposes).
  • Restriction of Processing (GDPR): You may request that we stop actively using your data, while allowing us to retain it where legally necessary.
  • Portability (GDPR, CCPA/CPRA): You may request that we provide your data in a portable, machine-readable format, or transfer it to another service provider.
  • Objection (GDPR): You may object to the processing of your data, including for direct marketing. If you object to marketing, we will stop immediately (unsubscribe across all channels).
  • Withdraw Consent (GDPR, DPDP): Where we rely on consent (for example, for newsletters or cookies), you may withdraw that consent at any time.
  • Opt-Out of Sale/Sharing (CCPA/CPRA): While we do not sell personal data, California residents may opt out of any sharing of data with third parties for advertising or marketing purposes.
  • Limit Use of Sensitive Data (CCPA/CPRA): We do not process sensitive personal data categories such as health, biometrics, or political opinions. If this changes, we will honour restriction requests.
  • Grievance Redressal (DPDP): Indian residents may contact our designated Grievance Officer to raise concerns, and we will respond within the statutory timeframe.

How to exercise your rights:

You can exercise your rights at any time by contacting us at privacy@abmlogic.com (or privacy.india@abmlogic.com for Indian residents). We may ask you to verify your identity before responding to your request.

Security Measures

We take the security of personal data seriously and apply a combination of technical, organisational, and procedural safeguards to protect it. These measures include:

  • Encryption in Transit: all data stored and shared through our cloud productivity and collaboration tools is protected using TLS encryption when transmitted over the internet.
  • Encryption at Rest: data held in our cloud storage and collaboration environment is encrypted at rest by default. Our future online transactional database will also use encryption at rest.
  • Role-Based Access Controls: access to stored files and campaign data is controlled based on job function, ensuring that only relevant staff have access to client deliverables.
  • Least-Privilege Access Model: Only business owners and directors hold administrator rights. All other staff and contractors are granted the minimum permissions required for their role.
  • Limited Staff Access: Personal data is made available only to staff or contractors directly involved in relevant client projects and is not accessible company-wide.
  • Vendor Due Diligence: e work only with established technology providers who maintain recognised international security certifications (such as ISO 27001 and SOC 2) and who provide contractual assurances of compliance with data protection law.
  • Regular Data Backups: Our cloud environment provides automated redundancy and backup to prevent data loss. Our future transactional database will also include enterprise-grade backup and recovery.
  • Monitoring and Breach Response: We maintain an incident response process, including identification and logging of incidents, containment and investigation, and notification of clients and regulators within statutory timeframes (e.g., 72 hours under GDPR) where required.
  • Staff Training and Awareness: All staff and contractors handling personal data receive training on data protection and information security.
  • Confidentiality Obligations: all employees and contractors are bound by confidentiality agreements when handling client and personal data.
  • Physical Security: We operate on a cloud-first basis. Where any physical records are held, they are securely stored with restricted access.
  • Audit and Review: We periodically review and update our security measures and vendor arrangements to ensure continued effectiveness.

Complaints Handling

For general privacy matters, please contact us at privacy@abmlogic.com. Indian residents may also contact our Grievance Officer at privacy.india@abmlogic.com.

  • Supervisory Authority (UK): If you are dissatisfied with how we handle your personal data, you have the right to lodge a complaint with a data protection authority. Our primary supervisory authority is the Information Commissioner’s Office (ICO) in the United Kingdom. Contact details for the ICO can be found at www.ico.org.uk.

European Union Representative

We have appointed Prighter GmbH as our authorised representative in the European Union for data protection matters, in accordance with Article 27 GDPR.

Prighter GmbH

  • Kampenringweg 45 D
  • 2803 PE Gouda
  • The Netherlands
  • eu-rep@prighter.com

Individuals in the EU may contact Prighter GmbH directly regarding all questions related to the processing of their personal data and the exercise of their rights under the GDPR.

India Grievance Officer:

Rohit Zadoo acts as our dedicated Grievance Officer in India for the purposes of the Digital Personal Data Protection Act, 2023. He is responsible for handling data protection complaints and rights requests. He can be contacted at privacy.india@abmlogic.com.

Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will update the “Effective Date” at the top of this page. We encourage you to review this Policy periodically to stay informed about how we protect and use personal data.

Children’s Data

We do not knowingly collect or process personal data from children. Our services are directed exclusively at business professionals and are not intended for use by individuals under the age of 16, or under 13 in the United States, in line with the Children’s Online Privacy Protection Act (COPPA).

Automated Decision-Making and Profiling

We do not use automated decision-making in a way that has legal or similarly significant effects on individuals. We may use profiling and enrichment tools to segment and score business contacts, both for our own sales and marketing activities and when delivering client campaigns. This helps us prioritise outreach and improve relevance. These activities are limited to business-to-business contexts, are always subject to human oversight, and do not produce legal or similarly significant effects for individuals. Individuals may object to profiling for direct marketing purposes at any time by contacting us.

Controller vs Processor Roles

ABM Logic acts as both a data controller and a data processor, depending on the context:

  • When we act as a Controller: We are a data controller when we collect and process personal data for our own business purposes, such as managing our websites, handling client billing, and conducting our own marketing and sales outreach.
  • When we act as a Processor: We are a data processor when we handle personal data on behalf of clients, for example by processing contact lists, running campaigns, or enriching lead data in line with client instructions. In these cases, the client remains the data controller, and we process data only under their direction.