Legal
Data Processing Agreement
Data Processing Agreement
Data Processing Agreement
Last updated: 05/06/2026
This page explains how ROBINEXIS LTD handles personal data when we provide software, automation, AI, CRM, scheduling, messaging, call handling, consultancy, or related management services to business clients.
This page is intended for clients and prospective clients who need to understand how ROBINEXIS LTD processes personal data on their behalf.
1. When this Data Processing Agreement applies
Where ROBINEXIS LTD processes personal data on behalf of a client, the client will usually act as the data controller and ROBINEXIS LTD will act as the data processor.
This may apply where a client uses ROBINEXIS LTD services to process customer, lead, staff, booking, messaging, call, CRM, operational, or business contact data.
In those cases, ROBINEXIS LTD processes personal data only for the purpose of providing the agreed services and only in accordance with the client’s documented instructions, unless we are required by law to do otherwise.
2. Client responsibilities
The client is responsible for ensuring that:
- It has a lawful basis for collecting and using the personal data.
- It has provided any required privacy notices to individuals.
- It has the right to provide or connect personal data to ROBINEXIS LTD services.
- Its instructions to ROBINEXIS LTD are lawful.
- The personal data supplied to ROBINEXIS LTD is accurate, relevant, and limited to what is necessary.
3. ROBINEXIS LTD responsibilities
Where ROBINEXIS LTD acts as processor, we will:
- Process personal data only on the client’s documented instructions.
- Use personal data only to provide, maintain, secure, support, and improve the agreed services.
- Ensure that people authorised to process personal data are subject to confidentiality obligations.
- Apply appropriate technical and organisational security measures.
- Assist the client, where reasonably possible, with data subject requests.
- Assist the client with personal data breach obligations where required.
- Assist with data protection impact assessments where reasonably necessary.
- Use approved subprocessors only where appropriate safeguards are in place.
- Delete or return personal data at the end of the services, unless continued retention is required by law or legitimate business/legal necessity.
4. Types of personal data processed
Depending on the services used, ROBINEXIS LTD may process:
- Names
- Email addresses
- Phone numbers
- Business contact details
- Customer or lead information
- Booking and scheduling data
- CRM records
- Messages and communication logs
- Call metadata, transcripts, or summaries where enabled
- Support requests
- Account and usage data
- Technical data, including IP addresses, device data, browser data, and system logs
- Other personal data provided by the client or processed through connected systems
ROBINEXIS LTD does not intentionally require clients to provide special category data unless this is specifically agreed and appropriate safeguards are in place.
5. Nature and purpose of processing
The nature and purpose of processing may include:
- Providing management software and automation services
- Managing customer communications
- Supporting AI-assisted workflows
- Handling enquiries, bookings, scheduling, reminders, or follow-ups
- Integrating with client systems such as CRM, calendar, email, messaging, or communication platforms
- Providing analytics, support, troubleshooting, and service improvement
- Maintaining system security and preventing misuse
6. Subprocessors
ROBINEXIS LTD may use trusted third-party providers to help deliver its services.
These may include providers for:
- Website hosting
- Cloud infrastructure
- Email delivery
- CRM and automation
- AI processing
- Messaging, SMS, WhatsApp, or call handling
- Analytics
- Payment processing
- Support and operations
Where a subprocessor is used, ROBINEXIS LTD will take reasonable steps to ensure that appropriate contractual, confidentiality, and security safeguards are in place.
A current list of subprocessors may be provided to clients on request.
7. International transfers
Some service providers used by ROBINEXIS LTD may process or store personal data outside the United Kingdom.
Where international transfers occur, ROBINEXIS LTD will take steps designed to ensure that appropriate safeguards are in place, such as adequacy regulations, standard contractual clauses, the UK International Data Transfer Agreement, the UK Addendum, or another lawful transfer mechanism.
8. Security measures
ROBINEXIS LTD applies proportionate technical and organisational measures designed to protect personal data.
These may include:
- Access controls
- Password protection
- Two-factor authentication where appropriate
- Restricted access to client data
- Encryption where appropriate
- Secure cloud systems
- Backups
- Logging and monitoring where appropriate
- Supplier review
- Confidentiality controls
- Incident response procedures
9. Data subject requests
If ROBINEXIS LTD receives a request from an individual relating to personal data processed on behalf of a client, we will usually refer the request to the client unless we are legally required to respond directly.
Where reasonably possible, ROBINEXIS LTD will assist the client in responding to valid data subject requests.
10. Personal data breaches
If ROBINEXIS LTD becomes aware of a personal data breach affecting client personal data, we will notify the relevant client without undue delay after becoming aware of the breach.
We will provide reasonable information and assistance to help the client assess the breach and meet any legal reporting obligations.
11. Deletion or return of data
At the end of the relevant services, ROBINEXIS LTD will delete or return client personal data in accordance with the client’s reasonable instructions, unless we are required or permitted to retain certain data for legal, regulatory, accounting, security, dispute resolution, or legitimate business reasons.
12. Full Data Processing Agreement
This page provides a summary of ROBINEXIS LTD’s data processing approach.
Clients who require a formal signed Data Processing Agreement can request one by contacting:
privacy@robinexis.com
Where a separate signed agreement exists between ROBINEXIS LTD and a client, that agreement will take priority over this webpage.
