Privacy Policy
Last Updated: 1st April 2026
Contents
1. Introduction
Compass AGI (a trading name of Hilltop Advisors Ltd) ("we", "our", or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you visit our website or use our services.
Hilltop Advisors Ltd is registered in England and Wales (Company Number: 10504863) and complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Trading Name: Compass AGI
Legal Entity: Hilltop Advisors Ltd
Data Controller: Hilltop Advisors Ltd
Company Number: 10504863 (England & Wales)
VAT Number: GB 279416565
Registered Address: 128 City Road, London, United Kingdom, EC1V 2NX
Contact: Please use our contact form
2. Information We Collect
2.1 Information You Provide Directly
When you use our website or contact us, we may collect:
- Contact Information: Name, email address, phone number, company name, job title
- Business Information: Company size, industry sector, AI maturity level
- Communication Data: Messages, enquiries, feedback, and correspondence
- Service Preferences: Your interests in our services and how you heard about us
- Marketing Preferences: Your consent to receive newsletters and updates
2.2 Information Collected Automatically
When you visit our website, we automatically collect:
- Technical Data: IP address, browser type and version, device type, operating system
- Usage Data: Pages visited, time spent on pages, links clicked, referral sources
- Location Data: General geographic location based on IP address
- Cookie Data: Information collected through cookies and similar technologies (see section 9)
2.3 Information from Third Parties
We may receive information about you from:
- Professional networking sites (e.g., LinkedIn) when you interact with our content
- Analytics providers and service providers who support our website functionality
- Publicly available sources such as company websites and business directories
3. How We Use Your Information
We use your personal information for the following purposes:
3.1 Service Delivery
- Responding to your enquiries and consultation requests
- Providing AI consulting and implementation services
- Scheduling and conducting meetings and consultations
- Delivering reports, assessments, and recommendations
3.2 Communication
- Sending confirmation emails and service updates
- Providing customer support and technical assistance
- Sending newsletters and insights (with your consent)
- Notifying you of changes to our services or policies
3.3 Business Operations
- Improving our website, services, and customer experience
- Conducting research and analysis to enhance our offerings
- Maintaining security and preventing fraud
- Complying with legal obligations and regulatory requirements
3.4 Marketing (With Consent)
- Sending relevant content, insights, and case studies
- Inviting you to webinars, events, and workshops
- Sharing industry news and AI developments
4. Legal Basis for Processing
Under UK GDPR, we process your personal data based on the following legal grounds:
Consent
When you opt in to receive marketing communications or newsletters
Contract Performance
When processing is necessary to deliver services you've requested
Legitimate Interests
When processing is necessary for our legitimate business interests, such as improving our services, security, and fraud prevention
Legal Obligation
When we must process your data to comply with legal or regulatory requirements
5. Data Retention
We retain your personal information only for as long as necessary to fulfil the purposes outlined in this policy:
- Enquiry Data: 3 years from last contact (unless you become a client)
- Client Data: 7 years after contract completion (for legal and tax purposes)
- Newsletter Subscribers: Until you unsubscribe or request deletion
- Website Analytics: 26 months maximum
- Marketing Consent: Reviewed every 2 years; removed if inactive
After the retention period expires, we will securely delete or anonymise your personal data.
6. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction:
- SSL/TLS encryption for data transmission
- Secure database storage with access controls
- Regular security assessments and updates
- Staff training on data protection and privacy
- Incident response and breach notification procedures
- Limited access to personal data on a need-to-know basis
While we take all reasonable steps to protect your data, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but are committed to protecting your information.
7. Third-Party Services
We use carefully selected third-party service providers to support our business operations:
| Service Provider | Purpose | Data Shared |
|---|---|---|
| Resend | Email delivery service | Name, email address |
| Web Hosting Provider | Website hosting and storage | All data stored on website |
| Analytics Services | Website analytics | Usage data, IP address |
All third-party providers are carefully vetted and required to maintain appropriate data protection standards. We ensure they process your data only as instructed and in compliance with UK GDPR.
We do not sell, rent, or trade your personal information to third parties for their marketing purposes.
8. Your Rights
Under UK GDPR, you have the following rights regarding your personal data:
Right to Access
Request a copy of the personal data we hold about you
Right to Rectification
Request correction of inaccurate or incomplete data
Right to Erasure
Request deletion of your personal data (subject to legal obligations)
Right to Restrict Processing
Request limitation on how we use your data
Right to Data Portability
Receive your data in a structured, commonly used format
Right to Object
Object to processing based on legitimate interests or for direct marketing
Right to Withdraw Consent
Withdraw consent at any time where processing is based on consent
How to Exercise Your Rights
To exercise any of these rights, please contact us at:
Please use our contact form for privacy enquiries
We will respond to your request within one month.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection: www.ico.org.uk
10. International Data Transfers
Your personal data is primarily stored and processed within the United Kingdom and European Economic Area (EEA).
In some cases, we may transfer data to service providers located outside the UK/EEA. When we do so, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses approved by the UK authorities
- Adequacy decisions recognising equivalent data protection standards
- Other legally approved transfer mechanisms
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
When we make significant changes, we will:
- Update the "Last Updated" date at the top of this policy
- Notify you via email if you're a subscriber or active client
- Display a prominent notice on our website
We encourage you to review this policy periodically to stay informed about how we protect your data.
12. Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Compass AGI (Hilltop Advisors Ltd)
Privacy Enquiries: Please use our contact form
General Enquiries: Please use our contact form
Registered Office: 128 City Road, London, United Kingdom, EC1V 2NX
Company Number: 10504863 (England & Wales)
Data Protection Officer: For data protection matters, please email: [email protected]