Log in
Demo
Log in
Demo

Product

Product

Product

Artificial Intelligence (AI) Transparency & Data Processing Statement

Purpose

This statement explains how Call Handling Services Ltd (‘CHS’) uses Artificial Intelligence (AI) technologies within its services and how personal data is processed when AI-enabled functionality is provided.

It supplements the CHS Privacy Notice and Artificial Intelligence Ethical Use Statement by providing operational transparency regarding AI-supported processing activities.

 

Scope of AI Use

CHS deploys Artificial Intelligence technologies solely to support contracted service delivery functions, which may include:

  • automated call transcription;
  • interaction summarisation;
  • assisted operational workflows;
  • AI-supported communication or analytics features requested by customers.

AI systems are used to assist service delivery and do not replace human operational control.

 

Role Under Data Protection Law

Where AI functionality is enabled:

  • CHS acts as a Data Processor on behalf of its customers (Data Controllers);
  • processing occurs only under documented customer instruction;
  • customers remain responsible for determining lawful basis and informing end users where required.

CHS does not independently determine purposes for customer data processed through AI-enabled services.

 

Transparency to End Users

AI functionality is enabled only where requested by CHS customers.

Customers acting as Data Controllers are responsible for informing callers or service users where AI-supported processing (such as transcription) forms part of service delivery.

CHS provides supporting documentation to enable customers to meet transparency obligations where required.

 

Nature of AI Processing

AI processing performed by CHS:

  • supports operational efficiency and accessibility;
  • does not involve profiling;
  • does not perform automated decision-making producing legal or similarly significant effects;
  • does not independently evaluate individuals;
  • operates only for defined service purposes.

AI outputs remain subject to organisational and human oversight.

 

Secure and Stateless Processing Architecture

CHS designs AI-enabled services using privacy-preserving architectural principles intended to minimise data exposure. Where technically applicable:

  • data is processed transiently in memory only for the duration required to complete the requested task;
  • AI processing environments operate using stateless execution;
  • no persistent datasets are retained within AI processing infrastructure;
  • processing environments do not store customer data following completion of processing activities.

This approach ensures that customer information cannot be retrospectively accessed, reused, or repurposed outside the intended service operation.

 

Use of Third-Party Infrastructure

CHS may utilise approved third-party infrastructure providers acting as authorised sub-processors to deliver AI processing capability.

CHS ensures that:

  • processing occurs within CHS-controlled accounts;
  • infrastructure access is restricted to authorised CHS personnel;
  • processing locations are limited to the United Kingdom and European Economic Area unless otherwise instructed;
  • contractual and technical safeguards are implemented in accordance with UK GDPR requirements;
  • risk-based supplier due diligence is performed prior to use.

 

Model Training and Data Use

CHS does not train Artificial Intelligence models using customer or end-user data. Pre-trained models may be used solely to perform contracted processing tasks. 

Customer data:

  • is not incorporated into model training datasets;
  • is not reused to improve external AI systems;
  • is not shared for research or development purposes.

 

Data Storage & Retention

Where AI-generated outputs are produced (such as call transcripts):

  • outputs are stored only within CHS service platforms;
  • retention periods mirror the associated service data (e.g., call recordings);
  • deletion follows established customer-configured housekeeping and retention policies.

Temporary processing artefacts are not retained following completion of processing tasks.

 

Security Controls

AI-enabled services operate within CHS’ established information security framework, including:

  • encryption in transit and at rest;
  • role-based access controls;
  • multi-factor authentication;
  • network segregation;
  • vulnerability management and monitoring;
  • audited change management procedures.

CHS security controls are independently assured through ISO 27001, ISO 9001, Cyber Essentials Plus certification, and annual CREST-accredited penetration testing.

 

Governance, Review & Approval

AI-enabled capabilities are subject to CHS governance processes including:

  • architectural and security review;
  • change management approval;
  • risk-based assessment;
  • Data Protection Impact Assessments where appropriate.

CHS maintains a risk-proportionate approach aligned with emerging international best practice for trustworthy Artificial Intelligence, including principles reflected within the UK Government AI regulatory framework and the EU Artificial Intelligence Act.

This statement is approved by the Board of Directors and will be reviewed at least annually, or sooner to reflect evolving technologies, regulatory requirements, or operational practices.