Privacy Policy | Batra.ai — Level 1 Virtual Solutions Ltd

1. Who we are

The data controller responsible for your personal data is:

Level 1 Virtual Solutions Ltd (trading as Batra.ai)
Registered in England & Wales
Email: [email protected]
Website: batra.ai

Batra.ai provides professional networking, Wi-Fi, CCTV, smart home installation and AI solutions for homes and businesses.

2. Data we collect

When you visit our website or interact with us, we may collect and process the following categories of personal data:

2.1 Contact information

Name
Email address
Phone number
Company name (if applicable)

This information is collected when you submit our contact form, book a free consultation, or otherwise get in touch with us.

2.2 Website browsing data

Pages visited and time spent on the site
Referring website or search terms
Browser type and device information
IP address (collected by Cloudflare for security purposes)

2.3 Blog and content interaction

Blog posts viewed
Search queries within the site

3. How we use your data

We use your personal data for the following purposes:

Responding to enquiries — replying to contact form submissions, consultation requests, and general questions about our services
Communication — sending you information about our services, appointment confirmations, and service updates by email
Marketing — sending newsletters or promotional content (only with your explicit consent, and you can unsubscribe at any time)
Website improvement — understanding how visitors use our website so we can improve the content and user experience
Security — protecting the website from malicious activity and ensuring it remains available
Legal compliance — meeting our obligations under applicable laws and regulations

4. Legal basis for processing

Under Article 6 of the UK GDPR, we process your personal data on the following legal bases:

Legal basis	Purpose
Contract performance (Article 6(1)(b))	Responding to your enquiries and providing information about our services when you contact us
Legal obligation (Article 6(1)(c))	Meeting our obligations under applicable laws and regulations
Legitimate interests (Article 6(1)(f))	Website security, improving our website content and user experience, and protecting against malicious activity
Consent (Article 6(1)(a))	Marketing communications and non-essential cookies (where applicable)

Where we rely on legitimate interests, we have carried out a balancing test to ensure our interests do not override your fundamental rights and freedoms.

5. Data retention

We retain personal data only for as long as necessary for the purposes described in this policy, or as required by law:

Data type	Retention period	Reason
Contact form submissions	2 years	Responding to enquiries and providing services
Email marketing preferences	Until you unsubscribe	Sending marketing communications with your consent
Website browsing data	90 days	Website security and performance monitoring
Consultation booking data	2 years	Service delivery and follow-up

6. Your rights

Under the UK GDPR (Articles 15–22), you have the following rights regarding your personal data:

Right of access (Article 15) — you can request a copy of all personal data we hold about you (a Subject Access Request). We will respond within one calendar month.
Right to rectification (Article 16) — you can ask us to correct any inaccurate or incomplete personal data.
Right to erasure (Article 17) — you can ask us to delete your personal data. Please note that we cannot erase data that we are legally required to retain (such as financial records for HMRC compliance). In these cases, we will anonymise the data instead.
Right to restrict processing (Article 18) — you can ask us to limit how we use your data in certain circumstances.
Right to data portability (Article 20) — you can request your data in a structured, commonly used, machine-readable format.
Right to object (Article 21) — you can object to our processing of your data where we rely on legitimate interests as the legal basis.
Rights related to automated decision-making (Article 22) — we do not currently make any decisions based solely on automated processing that produce legal effects concerning you.

To exercise any of these rights, please contact us at [email protected]. We will respond to all legitimate requests within one month. In complex cases, we may extend this by up to two further months, and we will inform you if this is necessary.

7. Data security

We take the security of your personal data seriously and implement appropriate technical and organisational measures, including:

Encryption in transit — all data transmitted between your browser and our servers is encrypted using TLS (HTTPS)
DDoS protection — Cloudflare provides network-level protection against distributed denial-of-service attacks
Secure hosting — our website is hosted on infrastructure with appropriate security controls
Input sanitisation — all form submissions are sanitised to prevent malicious input
Email security — transactional and marketing emails are sent via Brevo, a trusted email service provider with appropriate security certifications

8. Third-party processors

We share your personal data with the following third-party service providers (data processors) who process data on our behalf:

Provider	Purpose	Data shared	Location
Hostinger	Website hosting	Website content and form submissions (stored on servers)	EU
Cloudflare	CDN, DDoS protection, DNS	IP addresses, request metadata	Global (edge nodes)
Brevo (formerly Sendinblue)	Email marketing and transactional emails	Email addresses, names, email content	EU

Each of these providers is bound by a Data Processing Agreement (DPA) and processes data only on our documented instructions.

9. International transfers

Your personal data is primarily processed within the United Kingdom and the European Economic Area (EEA). Where data is transferred outside the UK/EEA (for example, to Cloudflare edge servers), we ensure adequate safeguards are in place, including:

Standard Contractual Clauses (SCCs) approved by the Information Commissioner’s Office
The provider’s compliance with applicable data protection frameworks
Our own assessment that the transfer does not undermine the level of protection afforded by UK GDPR

10. Cookies

Our website uses a minimal number of cookies. We do not use tracking, advertising, or analytics cookies. For full details, please see our Cookie Policy.

The main cookie-related items on this website are:

Cloudflare __cf_bm — a bot management cookie set by Cloudflare to distinguish between humans and automated traffic (expires after 30 minutes of inactivity)
Theme preference — a local storage item that remembers your light/dark mode preference for this website

11. Children’s data

Our services are designed for business and residential customers. We do not knowingly collect personal data from children under the age of 16. If you believe we have inadvertently collected data from a child, please contact us at [email protected] and we will promptly delete it.

12. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make significant changes, we will update the “Last updated” date at the top of this page. We encourage you to review this policy periodically.

13. Contact and complaints

If you have any questions about this Privacy Policy, wish to exercise your data rights, or have a concern about how we handle your data, please contact us:

Data Protection Contact
Level 1 Virtual Solutions Ltd
Email: [email protected]

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

Website: ico.org.uk
Helpline: 0303 123 1113
Live chat: available on the ICO website

Cookie Policy → Terms of Service →