Be AI Assist Logo Be AI Assist

Data Processing Addendum

Data Processing Addendum for Be AI Assist

This Data Processing Addendum (“DPA”) explains how Be AI Assist Ltd processes personal data on behalf of business clients when delivering call handling, lead capture, booking, messaging, and related services.

Last updated: March 2026

Jurisdiction: England & Wales

1. Parties, scope and definitions

1.1 Parties

This DPA is between:

  • Be AI Assist Ltd, company number 16691950, registered in England and Wales, with registered office at 24 Holborn Viaduct, London, EC1A 2BN, United Kingdom (“Be AI Assist”, “Processor”, “we”, “us”); and
  • the business customer identified in the relevant order form, proposal, agreement, or service arrangement (“Client”, “Controller”, “you”).

1.2 Scope

This DPA applies where Be AI Assist processes personal data on behalf of the Client in connection with the services we provide.

It is intended to supplement the main commercial agreement between the parties. If there is a conflict between this DPA and the main agreement on a data protection issue, this DPA will apply to that issue.

1.3 Definitions

Terms such as “personal data”, “processing”, “controller”, “processor”, “data subject”, and “personal data breach” have the meanings given to them in applicable UK data protection law, including the UK GDPR and the Data Protection Act 2018.

2. Subject matter, nature and purpose of processing

2.1 Subject matter

Be AI Assist processes personal data as part of delivering services such as:

  • missed-call recovery,
  • SMS and messaging follow-up,
  • lead capture and callback handling,
  • appointment and booking workflows,
  • AI receptionist or call-handling flows,
  • call summaries, logging, reporting, and escalation.

2.2 Purpose

The purpose of the processing is to deliver the agreed services to the Client and support the Client’s communication, booking, lead handling, customer response, and operational workflows.

2.3 Duration

Processing will continue for as long as required to provide the services and for any agreed retention period, unless earlier deleted or returned in accordance with this DPA or the main agreement.

2.4 Types of personal data

Depending on the Client’s setup, the personal data processed may include:

  • names, phone numbers, email addresses, and contact details,
  • call metadata such as date, time, duration, status, and routing outcome,
  • message content exchanged through SMS, WhatsApp, email, or similar channels,
  • call recordings, transcripts, notes, and summaries,
  • booking details, appointment times, callback slots, addresses, job details, and other service-related information,
  • Client staff contact details used for notifications, escalation, or routing.

2.5 Categories of data subjects

Depending on the Client’s business, categories of data subjects may include:

  • customers and prospective customers,
  • callers and leads,
  • tenants, landlords, buyers, sellers, guests, or contractors,
  • Client employees, team members, or authorised users.

2.6 Special category data

The services are not intended to collect special category personal data unless there is a clear need and lawful basis. If such data is disclosed through normal communications, Be AI Assist will process it only to the extent reasonably necessary to deliver the services and in line with the Client’s instructions.

3. Processor obligations

3.1 Processing on instructions

Be AI Assist will process personal data only on the documented instructions of the Client, except where required to do otherwise by law.

The Client’s instructions are set out in the commercial agreement, service configuration, support requests, implementation documents, and other written directions reasonably provided by the Client.

3.2 Confidentiality

Be AI Assist will ensure that people authorised to process personal data are subject to appropriate confidentiality obligations.

3.3 Assistance

Taking into account the nature of processing and the information available to us, Be AI Assist will provide reasonable assistance to the Client with:

  • data subject rights requests,
  • security obligations,
  • breach response,
  • data protection impact assessments where reasonably required.

3.4 No unauthorised use

Be AI Assist will not sell personal data processed on behalf of the Client and will not use it for unrelated advertising or unrelated commercial profiling.

4. Sub-processors

4.1 Authorised use of sub-processors

The Client authorises Be AI Assist to use sub-processors where reasonably necessary to deliver the services.

These may include providers of:

  • telephony and messaging infrastructure,
  • hosting, storage, and databases,
  • automation tools and workflow software,
  • transcription, AI, or voice services,
  • monitoring, support, and analytics systems.

4.2 Sub-processor obligations

Be AI Assist will ensure that sub-processors are subject to written obligations appropriate to the nature of the processing.

4.3 Responsibility

Be AI Assist remains responsible for the acts and omissions of its sub-processors to the extent required by applicable law and the main agreement.

5. Security measures

5.1 Appropriate measures

Be AI Assist will implement and maintain reasonable technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or unauthorised access.

These measures may include, where appropriate:

  • access controls and permission limits,
  • secure credentials and authentication practices,
  • encryption in transit and, where supported, at rest,
  • logging and monitoring,
  • vendor due diligence and platform reviews,
  • staff confidentiality and access controls.

5.2 Client responsibilities

The Client is responsible for the security of its own systems, users, devices, downstream tools, and internal processes, including how Client staff handle escalations, notifications, exports, and access to connected systems.

6. International data transfers

Where personal data is transferred outside the UK, Be AI Assist will take reasonable steps to ensure appropriate safeguards are in place in accordance with applicable data protection law.

Such safeguards may include recognised contractual mechanisms, reliance on approved frameworks where available, and additional technical or organisational protections where appropriate.

7. Data subject rights

If Be AI Assist receives a request directly from a data subject relating to personal data processed on behalf of the Client, Be AI Assist will:

  • notify the Client where reasonably possible, and
  • not respond except on the Client’s documented instructions or where legally required.

The Client is responsible for determining how to respond to data subject requests as the controller, except where the parties have agreed otherwise in writing.

8. Personal data breaches and audits

8.1 Breach notification

If Be AI Assist becomes aware of a personal data breach affecting personal data processed on behalf of the Client, Be AI Assist will notify the Client without undue delay and provide reasonably available information needed to understand the issue and support the Client’s response.

8.2 Assistance

Be AI Assist will provide reasonable co-operation in connection with investigating, containing, and addressing the breach, taking into account the nature of the services and the information available.

8.3 Audit information

On reasonable written request, Be AI Assist will provide information reasonably necessary to demonstrate compliance with this DPA, subject to confidentiality, proportionality, and the protection of other clients’ information and systems.

This may be satisfied through written responses, policy summaries, vendor security information, or other suitable material rather than open-ended inspection rights.

9. Return, retention and deletion of data

At the end of the service relationship, and subject to the main agreement, the Client may request the return or deletion of personal data processed on its behalf.

Be AI Assist will delete or return such personal data within a commercially reasonable period, except where continued retention is required by law, for legitimate record-keeping, or as part of standard secure backup cycles.

Where immediate deletion is not technically practical due to backup or system architecture constraints, Be AI Assist will ensure the data remains protected and is removed in line with normal retention and deletion processes.

10. Miscellaneous

10.1 Order of precedence

In relation to data protection matters, this DPA supplements the commercial agreement between the parties. If there is a direct conflict between this DPA and the commercial agreement on a data protection issue, this DPA will take precedence for that issue.

10.2 Liability

Liability under this DPA will be subject to the limitations and exclusions set out in the main agreement, except where such limitation is not permitted by law.

10.3 Changes

Be AI Assist may update this DPA from time to time to reflect changes in law, service delivery, or operational structure. Where changes are material, we will take reasonable steps to notify affected clients.

10.4 Governing law

This DPA is governed by the laws of England and Wales, unless the main commercial agreement expressly states otherwise.

10.5 Website version and signed version

This page is intended as the standard website version of our DPA. Where the parties sign a separate negotiated or client-specific DPA, that signed version will take priority over this website version to the extent of any inconsistency.