Last updated: January 10, 2025
This Privacy Policy explains how Radius Tech Fashion Services Ltd ("we", "us" or "our") collects, uses, stores, and discloses personal data in connection with our website (www.placemaking.ai) and our suite of services, which include our Placemaking AI platform, consultancy, and data integration services.
We are committed to protecting the privacy and rights of all users and clients in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (DPA) and the The California Consumer Privacy Act of 2018 (CCPA) . We commit to updating this Privacy Policy to specifically reference and comply with any additional data protection laws that become applicable to our operations.
By accepting this Policy, you are accepting the practices described in this Privacy Policy (including new versions of this Privacy Policy when and as they go into effect), and the Terms, which govern this Policy and contain all disclaimers of warranties and limitations of liabilities.
Full Company Name: Radius Tech Fashion Services Ltd
Registered Address: Radius, Kemp House, 152 City Road, London, United Kingdom, EC1V 2NX
Contact Details:
Email: info@placemaking.ai
Website: www.placemaking.ai
Brief Description of Services:
Radius Tech Fashion Services Ltd offers a Placemaking AI platform as a service, providing clients with innovative tools to analyse publicly available, GDPR-compliant data (such as census and social media data) for insights into demographics and movement patterns within defined catchment areas. Our service portfolio also includes consultancy and bespoke data integration services, which enable clients to access detailed project-specific reports, monitor platform usage (through both Credit-Based and Project-Based billing options), and securely manage their account and engagement data.
Transparency and Accountability:
This policy sets out the methods and legal bases on which we collect, process, store, and share personal data in connection with our website and the Placemaking AI platform services. We are committed to being transparent about our data processing activities and ensuring that all data is handled in a secure and lawful manner.
Compliance Commitment:
We expressly affirm our commitment to complying with:
The UK General Data Protection Regulation (UK GDPR)
The Data Protection Act 2018 (DPA)
The California Consumer Privacy Act of 2018 (CCPA)
We commit to updating this Privacy Policy to specifically reference and comply with any additional data protection laws that become applicable to our operations.
User Rights and Data Security:
Our policy informs you of your rights regarding your personal data and explains how we implement appropriate security measures to safeguard your information. This includes details of data collection methods (e.g., account registration, usage tracking via cookies and third-party tools such as Google Analytics) and the specific purposes for which such data is processed.
Applicability:
This Privacy Policy applies to:
All visitors to our website (www.placemaking.ai)
Registered users and clients of our Placemaking AI platform
Any other individuals whose personal data is processed by us in connection with our services, including data collected during platform interactions, account creation, and service utilisation.
Service Offerings Covered:
Our services are provided via the Placemaking AI platform, where clients can opt for either platform access or consultancy services. In both cases, data integration plays a key role in enhancing service outcomes. This policy covers data collected directly from users (such as login credentials and usage metrics) as well as data incorporated from external, publicly available sources, ensuring that even when aggregating or anonymising data, we maintain robust privacy safeguards.
Data Processing for Service Delivery:
Whether data is collected to manage account access and user activity (e.g., login details, usage statistics) or to facilitate the generation of geofenced, project-specific reports, our practices ensure that:
Only necessary and relevant personal data is processed.
Personal data is used solely for the purposes for which it was collected.
Data retention and deletion practices are consistent with both our operational needs and legal obligations (e.g., deletion of login and usage data within 180 days following account closure, or sooner upon client request).
Data Controller:
Radius Tech Fashion Services Ltd is the data controller responsible for determining the purposes and means of processing personal data collected via our website (www.placemaking.ai) and associated services.
If you have any questions regarding this Privacy Policy or our data processing practices, please contact our Data Protection Officer.
Contact Information:
For any inquiries related to data protection, including requests to exercise your rights under applicable data protection laws, please contact us using the information provided above.
This section details the categories of data we collect through our Placemaking AI platform and website, the methods by which the data is obtained, and the specific purposes for processing such data. We collect data directly from users as well as from external sources and through technical tracking tools.
We collect two primary categories of data:
(1) User Data—the personal data you provide directly to us when you interact with our services, and
(2) Service Data—data obtained from external sources that is used solely to generate aggregated insights and analytical reports. This distinction ensures that you understand which information is directly linked to your account and which is used to enhance the overall value of our insights platform.
When you register for and use our Placemaking AI platform, you supply certain personal data essential for account management, secure access, and delivering a tailored user experience. This information includes:
Data Collected:
Email Address: Used as your unique identifier for account registration and communication.
Password: Stored securely using industry-standard encryption techniques to protect your account.
We do not collect any other personal information during sign-up.
Purpose:
To verify your identity and authenticate your access to the platform.
To facilitate secure management and recovery of your account.
To send important notifications regarding your account or changes to our services.
Data Collected:
Interaction Details: Information on how you interact with our platform, including the pages and features you access, click events, navigation paths, and session durations.
Engagement Metrics: Data on the frequency and duration of your visits, and specific actions taken within the platform (e.g., report generation, analyses performed).
Credit Usage Information: For clients on our Credit-Based billing model, records of the number of credits consumed by each action, as well as for those on the Project-Based billing model.
Purpose:
To monitor and analyse usage patterns for service improvement and performance optimisation.
To ensure accurate billing and usage reporting.
To identify and resolve technical issues and enhance the overall user experience.
Data Collected:
Anonymized IP Address: We don’t log or store your full IP address. Instead, GA4 automatically anonymizes IP data by removing the last octetHelps identify the origin of traffic and secure access.
Browser and Device Type: Information such as browser version, device model, and operating system details.
Session Data: Automatically collected data including session duration, pages visited, and the time spent on each page.
Purpose:
To maintain and secure our platform by detecting unusual or suspicious activity.
To optimise website performance and tailor the user experience to your device.
To generate technical analytics for improving system reliability and service delivery.
To provide our clients with comprehensive analytical insights, we also process data from external and third-party sources. This Service Data is aggregated and anonymised so that it is not linked to any individual user’s personal data.
Data Collected:
Aggregated Demographic Information: Such as census data, which is processed in an aggregated and anonymised manner.
Publicly Available Social Media Data: Data that is publicly shared and accessed in compliance with GDPR standards.
Method of Collection:
Purpose:
To generate insights about specific geographic areas (e.g., demographics of residents and visitors) for clients who define catchment areas for their projects.
To inform the geofencing process that underpins our project-specific analysis and reporting.
Data Collected:
Assurance:
Purpose:
To enrich the analytical capabilities of our platform by combining external commercial data with our proprietary analyses.
To support detailed reporting and predictive insights that are delivered to our clients.
Our website employs cookies and similar tracking technologies to collect data about how you interact with our online services. These technologies are essential for both security and service optimisation.
We use Google Analytics 4 (“GA4”) to help analyze how our visitors use this site. GA4 provides reports on website activity and usage patterns, which we use to improve our services and enhance user experience.
The _ga Cookie:
Data Collected: A randomly generated customer identifier that distinguishes unique users.
Usage:
Collected with every page request to compute visitor statistics, session information, and campaign performance.
Supports the delivery of aggregated, non-identifiable insights that improve website functionality and user experience.
Duration: Retained for up to 2 years, as set by Google Analytics’ third-party cookie policies.
Other Cookies:
Purpose:
To ensure optimal website performance and deliver a customised user experience.
To support analytics activities that help improve our services.
Data Collected:
IP Address (Anonymized):
GA4 does not log or store your full IP address. Instead, GA4 automatically anonymizes IP data by removing the last octet (for example, “192.168.1.0” instead of “192.168.1.100”).
GA4 may derive coarse geographic information (e.g., city, country, region) from the anonymized IP address to help us understand where our users are located.
Additionally, GA4 can be configured to mask city-level data to further protect user privacy.
Browser and Device Information:
GA4 collects information about the browser version, device model, and operating system used to access our site.
We use this information to ensure our website is optimized for different devices and to improve performance across platforms.
Session Data:
GA4 automatically collects session-related information, such as pages visited, session duration, and time spent on each page.
This data helps us analyze overall engagement and improve site navigation.
Server-Side Tagging
We employ server-side tagging in our GA4 implementation to prevent full IP addresses from reaching Google’s servers.
This measure adds an additional layer of protection for user privacy.
Purpose:
Website Improvements: We analyze anonymized metrics to enhance website functionality and user experience.
Performance Monitoring: Session data and aggregated analytics help us identify technical issues, measure user engagement, and optimize site features.
Security and Fraud Prevention: Anonymized IP data may be used to detect and prevent unauthorized access or potential threats to our systems.
This section outlines the methods by which we collect data and explains the purposes for processing both User Data (your personal data) and Service Data (aggregated, anonymised data used for insights). Our practices comply with the UK GDPR, the Data Protection Act 2018, the EU AI Act (where applicable), and all other relevant legal obligations.
We use multiple methods to collect data, clearly distinguishing between the data you provide directly and the data obtained from external sources.
Method: Data is collected directly when you register for an account or complete online forms on our website (www.placemaking.ai).
Data Collected: Account access information (e.g., email address, password) and any additional information you voluntarily provide.
Purpose: To manage your account, authenticate your access, and communicate important updates regarding your services.
Method: We automatically gather technical and usage data using cookies, server logs, and third-party analytics tools (such as Google Analytics and Firebase).
Data Collected: Technical details (e.g., anonymized IP addresses, browser type, device type, operating system) and usage data (e.g., pages visited, click events, navigation paths, session duration).
Purpose:
For User Data: To support secure access, monitor and optimise your personal experience, and ensure proper account functionality.
For Aggregated Data: To compile non-identifiable usage patterns that help improve overall system performance and support analytical reporting.
Method: We integrate data from public data repositories and trusted third-party APIs.
Data Collected: Aggregated and anonymised data (e.g., census information and publicly available social media data) used solely for generating insights.
Assurance: All data from external sources is processed to ensure no personally identifiable information is included.
Purpose: To generate comprehensive, aggregated insights and analytical reports that enhance the value of our Placemaking AI platform for our clients.
We process the collected data based on the following clearly defined purposes:
Service Provision (User Data)
Purpose: To authenticate users, manage accounts, and deliver the Placemaking AI platform services.
Details: Involves processing your account access and usage data to enable secure access, effective account management, and delivery of project-specific reports.
Performance and Analytics (Both User Data and Service Data)
Purpose: To analyse usage patterns, monitor platform performance, and optimise the user experience.
Details: Uses both directly collected data and aggregated, anonymised data to drive improvements and inform service enhancements.
Credit Management (User Data)
Purpose: To calculate, monitor, and manage credit usage for Credit-Based billing and administer Project-Based billing.
Details: Ensures accurate charges based on your consumption of platform services, supported by detailed usage reports.
Security and Maintenance (User Data)
Purpose: To secure our platform and protect against unauthorised access or technical disruptions.
Details: Processes technical and usage data to detect, resolve, and prevent security issues while maintaining system integrity.
Compliance with Legal Obligations (User Data)
Purpose: To fulfil our statutory and regulatory obligations.
Details: Involves processing required for compliance with the UK GDPR, the Data Protection Act 2018, the EU AI Act (where applicable), and any other legal requirements.
Insight Generation: To produce aggregated, anonymised reports on geographic and demographic trends.
Enhanced Analytics: To integrate external data with our proprietary analyses, thereby supporting detailed reporting and predictive insights.
Service Optimization: To improve overall platform functionality and inform strategic enhancements based on aggregated data trends.
We share your personal data with trusted third-party service providers strictly for the purposes of delivering, monitoring, and improving our services. The following categories of third-party providers are used by our organisation:
Purpose: To monitor and analyse how users interact with our website and platform. To collect and process usage data, including page views, click events, navigation patterns, session durations, and other engagement metrics.
Data Handling: Google Analytics does not collect identifiable or sensitive personal information on our behalf. It assigns a randomly generated identifier (via the _ga cookie) to distinguish unique users, supporting aggregated, non-identifiable insights.
Safeguards: Google Analytics is contractually bound to use the data solely for analytics and website performance purposes, in accordance with UK data protection laws.
Purpose: To support secure user authentication and monitor platform performance. To process account access information, such as login details (email and password) provided during registration, and to track technical issues, application errors, and user sessions.
Data Handling: Firebase processes only the data necessary for maintaining service reliability and is used to monitor system performance.
Safeguards: Firebase adheres to stringent security and privacy standards to protect personal data during processing.
Purpose: To host and maintain our cloud-based infrastructure, ensuring the availability, scalability, and security of our services.
Data Handling: AWS is used as our primary cloud service provider and adheres to rigorous data protection and security standards.
Safeguards: AWS implements industry-standard security measures and is subject to contractual obligations that ensure compliance with UK data protection requirements.
Purpose: To supply aggregated, anonymised, or commercially sourced data that enhances our analytical services and supports the generation of project-specific insights.
Data Handling: We ensure that all data obtained from these vendors is processed in a manner that prevents the compromise of Personally Identifiable Information (PII).
Safeguards: Partnerships with external data vendors are governed by contracts that require adherence to recognised data protection standards.
In all cases, data sharing with third-party service providers is governed by appropriate contractual clauses and technical safeguards to ensure that your personal data is handled securely and in compliance with the UK GDPR and the Data Protection Act 2018.
We currently use third party Subprocessors to provide infrastructure and other services, and to help us provide customer support and email notifications. Prior to engaging any third party Subprocessor, we perform diligence to evaluate their privacy, security and confidentiality practices, and execute an agreement implementing its applicable obligations.
| Subprocessor | Service Type | Country | Privacy Policy Link |
|---|---|---|---|
| AWS | SaaS hosting | UK | https://aws.amazon.com/privacy/ |
| OpenAI | LLM | EU | https://openai.com/policies/privacy-policy |
| Firebase | Application Development | EU | https://firebase.google.com/support/privacy |
| Google Analytics | Website Analytics | EU | https://policies.google.com/privacy |
To protect the confidentiality and integrity of your data, our platform is engineered to ensure strict isolation between client datasets. Measures include:
Each client is assigned unique authentication credentials, ensuring that you can access only your own project data. Role-based access control systems are implemented to prevent unauthorised access to data belonging to other clients.
Our multi-tenant platform architecture utilises both shared and single-tenant configurations. This design ensures that client data is either physically or logically segregated, maintaining strict data separation.
Regular security audits and continuous system monitoring are conducted to verify that our data isolation measures remain effective and compliant with applicable data protection standards.
We have defined retention periods to ensure that personal data is stored only for as long as necessary to fulfil its intended purpose or comply with legal obligations.
Account-Related Data:
Login Details, Usage Data, and Technical Data:
These data elements are retained for up to 180 days following the deletion of a client account. This period is provided to allow for account restoration, verification, and to address any issues that might arise post-deletion.
If you request the immediate deletion of your account data, we will act on your request as soon as possible, subject to any overriding legal or contractual obligations.
Retention and Updates: Aggregated and anonymised data used for generating insights is updated monthly to maintain accuracy and relevance.
Upon receiving a deletion request, we will verify your identity and process the request in accordance with applicable legal obligations.
We aim to action all valid deletion requests within one month, unless the request is complex or subject to any legal or contractual retention requirements.
If immediate deletion is not possible due to overriding legal reasons, we will notify you and provide an explanation along with an estimated timeframe for deletion.
If a client has not engaged with us for more than five years, we may classify the account as inactive. In such cases, we will contact the client to confirm whether they wish for their data to be retained or deleted.
If no affirmative response is received, we will proceed to delete or anonymise the data associated with the inactive account.
At Radius Tech Fashion Services Ltd, we are committed to safeguarding your personal data. Our robust security framework combines advanced technical measures, rigorous organisational controls, and strict third-party and contractor arrangements to ensure the confidentiality, integrity, and availability of the data processed via our Placemaking AI platform.
We enforce strict role-based access controls to limit access to personal data only to authorised personnel.
Multi-factor authentication and secure login protocols are employed to further prevent unauthorised access.
Data transmitted between your device and our servers is protected using secure protocols such as TLS (Transport Layer Security).
Sensitive data stored at rest is encrypted using industry-standard encryption algorithms to prevent unauthorised access.
Our platform is hosted on a secure cloud infrastructure (e.g., AWS) that meets or exceeds recognised industry security standards.
This infrastructure is regularly updated and maintained to ensure its security and resilience against emerging threats.
We utilise containerised services managed via Kubernetes, providing a highly scalable, fault-tolerant environment that ensures efficient deployment and robust isolation between client data in our multi-tenant architecture.
This setup ensures that each client's data remains segregated and secure, even within shared infrastructure.
Physical access to our offices and technology development centres—including our facility in Turkey, which operates under the Teknokent framework—is strictly controlled.
Measures such as access cards, biometric systems, video surveillance, and on-site security personnel are in place to ensure that only authorised individuals can access areas where data is processed or stored.
Comprehensive logging and monitoring systems are implemented to track all access to and activities involving personal data.
Regular security audits and assessments are conducted to detect and respond promptly to any unauthorised access or security incidents, ensuring continuous compliance with legal and regulatory requirements.
Our internal policies on cybersecurity, AI usage, and data protection are regularly reviewed and updated to reflect evolving threats and regulatory changes.
These policies govern the secure handling of personal data and outline best practices for data protection across all our operations.
We engage trusted third-party service providers—including analytics (e.g., Google Analytics), performance monitoring (e.g., Firebase), and cloud infrastructure providers (e.g., AWS)—to support our operations.
All such providers are contractually obligated to implement security measures that are equivalent to or exceed our own standards and to comply with applicable UK data protection laws.
Contractors and external personnel, whether working on-site or remotely, must adhere to our strict security policies.
All external staff and contractors undergo regular security training and are required to sign confidentiality agreements.
Their access to personal data is strictly controlled, and they must follow our organisational protocols regarding secure data handling and remote access.
Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, you have a number of rights regarding your personal data. These rights are designed to ensure that you remain in control of your personal information and that we process your data fairly and transparently.
Right of Access: You have the right to request a copy of the personal data we hold about you. This includes information on how and why your data is processed, the source of your data, and with whom it is shared.
Right to Correction: You have the right to ask us to update or correct any inaccurate or incomplete personal data about you.
Right to Erasure (“Right to be Forgotten”): In certain circumstances, you may request that we delete your personal data when it is no longer necessary for the purposes for which it was collected or when you withdraw your consent (where applicable).
Right to Restrict Processing: You have the right to request that we limit the processing of your personal data in situations where you contest the accuracy of the data or when processing is unlawful but you oppose deletion.
Right to Object: You have the right to object to the processing of your personal data based on our legitimate interests. If you object, we will review your request and, unless there are compelling legitimate grounds for the processing, cease processing your data.
Right to Data Portability: You may request that we provide you with a copy of your personal data in a structured, commonly used, and machine-readable format, or request that we transfer this data directly to another organisation.
Automated Decision-Making and Profiling: Where automated processes (including the use of artificial intelligence or large language models) are used to generate insights or make decisions that affect you, you have the right to receive meaningful information about the logic involved, as well as the significance and potential consequences of such processing.
We ensure that any automated decision-making does not solely determine outcomes that significantly affect you without human intervention, and we have implemented safeguards to protect your interests.
To exercise any of your rights, please contact us in writing using the details provided in the "Data Controller and Contact Information" section of this Privacy Policy.
Please include sufficient information for us to verify your identity and locate your data.
We will acknowledge your request promptly and aim to respond without undue delay, and in any event within one month.
Please note that certain rights may be subject to limitations or exemptions under UK law (for example, where data is anonymised or where disclosure may adversely affect our legitimate interests). In such cases, we will inform you of any applicable exemptions.
If you believe that we have not complied with your data protection rights or that your personal data is being misused, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO).
ICO Contact Details:
Address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline: 0303 123 1113
Periodic Updates: This Privacy Policy may be updated periodically to reflect changes in applicable law, technological advancements, or modifications in our service practices.
Notification of Changes: Significant changes to this Privacy Policy will be communicated to you by a prominent notice on our website and, where appropriate, via direct communication (e.g., email). We encourage you to review this policy periodically to remain informed about how we protect your personal data.
Current Version: The current version of this Privacy Policy is effective as of February 10th, 2025.
Continued Use: Your continued use of our services following the posting of any updates constitutes your acceptance of the revised Privacy Policy.
If you have any questions or concerns regarding this Privacy Policy or our data protection practices, please contact us using the details below:
Company Name: Radius Tech Fashion Services Ltd
Email: info@placemakin.ai