a black and white photo of a clock tower

1. Purpose and Scope

This policy outlines Bitz ‘n’ PC’z Ltd’s approach to the use of Artificial Intelligence (AI) technologies, ensuring compliance with the General Data Protection Regulation (GDPR) and upholding the rights and freedoms of data subjects.

2. Definitions

  • AI: Refers to systems or software that can perform tasks that ordinarily require human intelligence.
  • Data Subject: An identified or identifiable natural person.
  • Processing: Any operation performed on personal data, whether or not by automated means.

3. Principles

  • Lawfulness: We only use AI systems where we have a clear and legitimate purpose.
  • Transparency: We communicate our use of AI, the purpose for its use, and the potential impact on data subjects.
  • Data Minimisation: We ensure that only necessary data is processed by our AI systems.
  • Accuracy: We implement measures to ensure data processed by AI remains accurate and up-to-date.
  • Storage Limitation: We retain data used in AI processing for only as long as necessary.
  • Integrity & Confidentiality: We secure data processed by AI systems using appropriate technical and organisational measures.

4. Data Subject Rights

In alignment with GDPR, data subjects have the right to:

  • Information: Understand the reasoning behind decisions made by our AI systems.
  • Access: Obtain a copy of their personal data processed by AI.
  • Rectification: Correct any inaccurate or incomplete personal data.
  • Erasure: Request deletion of their personal data, subject to legal limitations.
  • Restriction: Limit the processing of their personal data.
  • Portability: Receive their personal data in a structured, commonly used format.
  • Object: Challenge decisions made by our AI systems, especially in cases of automated decision-making without human intervention.

5. Human Intervention

Where AI systems are used for decision-making that significantly impacts data subjects, Bitz ‘n’ PC’z Ltd will:

  • Ensure that data subjects can request human intervention.
  • Provide a method for data subjects to express their views and contest the decision.

6. Impact Assessment

Before deploying AI technologies that process personal data, Bitz ‘n’ PC’z Ltd will conduct an impact assessment to:

  • Evaluate necessity and proportionality.
  • Address the risks to data subjects’ rights and freedoms.
  • Implement measures to mitigate those risks.

7. Training & Awareness

All employees involved in the processing of personal data within our AI systems will receive appropriate training on GDPR and its implications.

8. Review

This policy and the use of AI technologies will be regularly reviewed to ensure ongoing compliance with GDPR and to consider ethical implications and emerging best practices.