Authentic OS

    Privacy Policy

    Last updated: Last updated: 17/06/26

    This Privacy Policy explains how Authentic Ventures Ltd ("Authentic", "we", "us" or "our") collects, uses and protects personal data when you use our website, contact us, submit a form, book a call, download a resource, join our mailing list, become a customer, join or enquire about our Growth Partner Programme, or otherwise interact with us.

    We are committed to protecting your privacy and handling your personal data lawfully, fairly and transparently.

    1. Who we are and our data protection role

    Authentic Ventures Ltd
    Company number: 16833527
    Registered in: England and Wales
    Registered office / business address: Glen Road, Stourbridge, West Midlands, DY8 2BB
    Email: hello@theauthentic.uk
    Website: www.authenticos.co.uk

    For personal data collected through our own website, marketing, sales activity, customer relationships, billing, partner programme and business operations, Authentic Ventures Ltd acts as a data controller.

    In some situations, we may process personal data on behalf of our clients. For example, this may happen when we configure CRM systems, automation workflows, customer journeys, lead capture processes, sales pipelines, email campaigns, SMS campaigns, AI tools, reporting dashboards or related systems using personal data provided by a client.

    Where we process personal data solely on a client's documented instructions, the client is usually the controller and Authentic may act as a processor.

    However, our role may vary depending on the circumstances. Where Authentic determines the purposes or means of processing personal data, we may act as an independent controller or, in some cases, a joint controller with the client. This may include situations where we design or operate customer journeys, determine campaign logic, define lead handling processes, analyse customer behaviour, make decisions about segmentation or follow-up, or otherwise decide how personal data is used.

    Where required, the relevant role and responsibilities should be set out in separate customer terms, data processing terms, controller-to-controller terms or joint controller arrangements.

    2. What personal data we collect

    We may collect and use the following types of personal data.

    Information you provide to us

    This may include:

    • your name;
    • job title;
    • company name;
    • email address;
    • phone number;
    • website address;
    • business address;
    • information you submit through contact forms, assessments, surveys or booking forms;
    • information you provide when downloading resources or joining our mailing list;
    • information you provide during sales calls, discovery calls or onboarding;
    • billing and payment-related information;
    • communications you send to us.

    Business and customer journey information

    Where relevant to our services, we may collect information about your business, including:

    • your sales and marketing activity;
    • customer acquisition processes;
    • CRM or automation requirements;
    • business goals and growth challenges;
    • lead generation and follow-up processes;
    • systems, tools and platforms you currently use;
    • information needed to complete a VIBES Journey Assessment or similar diagnostic process.

    Website and technical information

    When you use our website, we may collect:

    • IP address;
    • device type;
    • browser type;
    • pages visited;
    • time spent on pages;
    • referral source;
    • approximate location;
    • interaction data;
    • cookie and tracking preferences;
    • analytics and performance data.

    For more information, please see our Cookie Policy.

    3. Client customer data

    As part of our services, clients may provide us with personal data relating to their own customers, prospects, leads, contacts, users, subscribers or other individuals.

    This may include:

    • names;
    • email addresses;
    • phone numbers;
    • company names;
    • job titles;
    • enquiry details;
    • communication history;
    • CRM records;
    • sales pipeline data;
    • appointment data;
    • marketing preferences;
    • customer journey activity;
    • form submissions;
    • call notes;
    • transaction or subscription information;
    • lead source information;
    • segmentation or qualification data.

    Clients are responsible for ensuring that they have a lawful basis for collecting and sharing this personal data with us, and that their own privacy notices explain how personal data may be shared with service providers, CRM providers, automation providers, AI providers, marketing providers and growth support partners such as Authentic.

    Clients are also responsible for ensuring that any imported, uploaded or connected data is accurate, lawful, relevant, appropriately permissioned and not excessive.

    4. How we collect personal data

    We collect personal data when you:

    • visit our website;
    • complete a contact form;
    • book a call;
    • complete an assessment or survey;
    • download a guide, template or resource;
    • subscribe to emails or newsletters;
    • enquire about our services;
    • become a customer;
    • join or enquire about our Growth Partner Programme;
    • communicate with us by email, phone, social media or messaging platforms;
    • interact with our advertising, content or campaigns.

    We may also collect personal data from third-party sources, such as referral partners, networking contacts, publicly available business information, social media platforms, CRM systems, analytics tools and advertising platforms.

    5. How we use your personal data

    We may use your personal data to:

    • respond to enquiries;
    • provide information you have requested;
    • book and manage calls or meetings;
    • deliver assessments, audits, recommendations and services;
    • provide access to Authentic OS or related systems;
    • onboard customers;
    • manage customer relationships;
    • send service-related communications;
    • send newsletters, updates, offers and marketing communications;
    • personalise website content and communications;
    • analyse website performance;
    • improve our services, products, systems and customer experience;
    • manage billing, payments and accounting;
    • manage referrals, introductions and partner relationships;
    • comply with legal, regulatory and tax obligations;
    • protect our business, systems and legal rights.

    6. Our lawful bases for using personal data

    Under UK data protection law, we must have a lawful basis for using your personal data. Depending on the circumstances, we may rely on the following lawful bases.

    Contract

    We use personal data where necessary to provide services, manage customer relationships, process orders, deliver subscriptions or take steps before entering into a contract.

    Legitimate interests

    We may use personal data where it is necessary for our legitimate business interests and where those interests are not overridden by your rights. This may include responding to enquiries, improving our services, managing B2B relationships, developing our business, securing our systems and carrying out limited B2B marketing.

    Consent

    We may rely on consent for certain marketing activities, non-essential cookies, optional communications or where otherwise required by law. You can withdraw consent at any time.

    Legal obligation

    We may use personal data where necessary to comply with legal, tax, accounting, regulatory or reporting obligations.

    7. Marketing communications

    We may send you marketing communications where you have requested them, consented to receive them, or where we are otherwise permitted to do so under applicable law.

    You can unsubscribe from marketing emails at any time by clicking the unsubscribe link in the email or by contacting us at hello@theauthentic.uk.

    We may still send you important service-related communications where necessary, such as information about your account, subscription, service delivery, billing or legal updates.

    8. CRM, automation, AI and platform processing

    Authentic uses CRM, automation, AI, communication, analytics and customer journey systems to operate our business and deliver services.

    These systems may be used to:

    • capture leads;
    • qualify enquiries;
    • manage sales pipelines;
    • automate follow-up;
    • send emails, SMS messages or other communications;
    • book appointments;
    • analyse customer journeys;
    • report on campaign performance;
    • support onboarding;
    • improve customer success;
    • generate or assist with content, recommendations, workflows and operational processes.

    Some of these services may be provided by third-party platforms. Depending on the context, those platforms may act as processors, sub-processors, independent controllers or joint controllers.

    Where we use third-party processors or sub-processors, we take reasonable steps to use providers that offer appropriate data protection terms and security measures.

    Where AI tools are used, we take reasonable steps to avoid unnecessary use of sensitive or confidential personal data and to ensure outputs are reviewed where appropriate. You should not submit sensitive, confidential or unnecessary personal data through website forms, assessment tools, AI tools or automation systems unless specifically requested and appropriate.

    9. Platform account structure and data separation

    Some CRM and automation platforms operate through agency, reseller, sub-account or client-account structures.

    Where Authentic provides, configures or manages access to such platforms, personal data from multiple clients may be processed within a broader agency or platform environment, while being logically separated through accounts, sub-accounts, permissions or workspaces.

    We take reasonable steps to apply appropriate access controls, permissions, data separation, staff or contractor access restrictions, and supplier safeguards.

    However, clients should understand that using agency-based CRM or automation platforms may create additional data protection considerations, including controller and processor role allocation, sub-processor management, international transfers, access permissions, auditability, retention and customer rights handling.

    Clients are responsible for conducting their own assessment of whether such platforms are suitable for their business, customers, sector and compliance obligations.

    10. Client responsibilities

    Where you are a client and provide us with personal data relating to your customers, prospects, leads, contacts, staff or other individuals, you are responsible for ensuring that:

    • you have a lawful basis for the processing;
    • your privacy notices are accurate and up to date;
    • any required consents have been obtained;
    • marketing permissions and opt-outs are respected;
    • suppression lists are maintained where required;
    • the personal data is accurate and not excessive;
    • you are entitled to use the relevant CRM, automation, AI, communication and marketing tools;
    • any special category data or sensitive data is only shared where lawful and necessary;
    • you respond appropriately to data subject requests unless otherwise agreed;
    • you notify us promptly of any relevant objection, complaint, deletion request, access request, rectification request, opt-out or data breach concern.

    We may refuse to process, import, upload, enrich or use personal data where we believe doing so may create legal, regulatory, security or reputational risk.

    11. Who we share personal data with

    We may share personal data with trusted third parties where necessary for the purposes described in this policy. These may include:

    • website hosting providers;
    • CRM and marketing automation platforms;
    • email marketing providers;
    • analytics providers;
    • payment processors;
    • bookkeeping, accounting and legal advisers;
    • technical support providers;
    • implementation partners and contractors;
    • scheduling and video call platforms;
    • advertising platforms;
    • cloud storage and productivity tools;
    • referral or Growth Partner Programme systems;
    • regulators, authorities or legal bodies where required.

    We only share personal data where we have a lawful basis to do so and, where appropriate, suitable contractual protections are in place.

    12. International transfers

    Some of the systems and service providers we use may process personal data outside the UK.

    Where personal data is transferred internationally, we will take appropriate steps to ensure it is protected in accordance with applicable data protection law. This may include using approved contractual safeguards or working with providers that have appropriate transfer mechanisms in place.

    13. How long we keep personal data

    We keep personal data only for as long as reasonably necessary for the purposes for which it was collected.

    Retention periods may depend on the type of data, the reason we collected it, legal requirements, accounting obligations, contractual obligations, and whether we need the data to protect our legal rights.

    As a general guide:

    • enquiry data may be kept for up to 24 months;
    • customer records may be kept for the duration of the relationship and for up to 6 years afterwards for legal, tax and accounting reasons;
    • marketing data may be kept until you unsubscribe or ask us to delete it;
    • website analytics data may be kept according to the retention settings of the relevant analytics platform;
    • assessment and diagnostic data may be kept for as long as needed to provide services, improve recommendations and maintain business records.

    14. How we protect personal data

    We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration or disclosure.

    These measures may include access controls, secure systems, password protection, limited permissions, staff and contractor confidentiality obligations, backups and appropriate supplier due diligence.

    No website, system or transmission method is completely secure, so we cannot guarantee absolute security.

    15. Your rights

    Under UK data protection law, you may have the right to:

    • access the personal data we hold about you;
    • ask us to correct inaccurate or incomplete data;
    • ask us to delete your personal data;
    • object to certain types of processing;
    • ask us to restrict how we use your data;
    • ask for your data to be transferred to another provider;
    • withdraw consent where processing is based on consent;
    • complain to the Information Commissioner's Office.

    To exercise your rights, contact us at:

    hello@theauthentic.uk

    We may need to verify your identity before responding.

    16. Data subject rights involving client customer data

    If we receive a request from an individual relating to personal data we process on behalf of a client, we may refer the request to the relevant client or assist the client in responding, depending on our role and the terms in place.

    If we act as a controller for the relevant processing, we will respond in accordance with applicable data protection law.

    If you are an individual whose data has been provided to us by one of our clients, you may need to contact that client directly for certain requests, because they may be the primary controller of your personal data.

    17. Complaints

    If you have concerns about how we handle your personal data, please contact us first so we can try to resolve the issue.

    You also have the right to complain to the Information Commissioner's Office, the UK data protection regulator.

    18. Third-party websites

    Our website may contain links to third-party websites, platforms or services.

    We are not responsible for the privacy practices, content or security of third-party websites. You should read their privacy policies before providing personal data to them.

    19. Important note about service agreements

    This Privacy Policy explains how this website and Authentic's general business activities operate.

    It does not replace any specific proposal, service agreement, subscription agreement, data processing agreement, controller-to-controller agreement, joint controller arrangement, platform agreement or other contract agreed between Authentic and a customer, partner or supplier.

    Where Authentic processes client customer data, additional data protection terms may be required.

    20. Changes to this Privacy Policy

    We may update this Privacy Policy from time to time.

    The latest version will be posted on this page with the updated date shown at the top.

    21. Contact us

    For questions about this Privacy Policy, please contact:

    Authentic Ventures Ltd
    Company number: 16833527
    Registered in: England and Wales
    Registered office / business address: Glen Road, Stourbridge, West Midlands, DY8 2BB
    Email: hello@theauthentic.uk

    Cookie Preferences

    We use cookies to improve your experience and analyze site traffic. For more information, please read our Privacy Policy.