GDPR Privacy Policy

First Mediator LTD (“we”, “us”, or “our”) respects your privacy and is committed to complying with the UK GDPR and Data Protection Act 2018. This policy explains how we collect, use, store, and protect your personal data when you use our AI mediation platform (“Service”).

1. Data Controller

First Mediator LTD is the data controller responsible for your personal information.

Contact:
86 – 90, Paul Street, London EC2A 4NE
Email: info@firstmediator.com

2. Personal Data We Collect

We may collect:

• Identity & Contact Info: Name, email address, phone number, account details.
• Dispute & Mediation Data: Messages, documents, and communications you provide during mediation.
• Technical Data: IP address, device type, browser, usage patterns, and cookies.

3. How We Use Your Data

We process your personal data for these purposes:

• Providing Mediation Services: Facilitate communication and assist in dispute resolution.
• Platform Operations: Improve functionality, performance, and security.
• Legal Compliance: Fulfil our obligations under UK law.
• Communication: Notify you about account activity, updates, or changes.

4. Legal Basis for Processing

We process your personal data based on the following GDPR legal grounds:

• Consent: When you agree to use our Service.
• Contractual Necessity: To provide mediation services.
• Legal Obligation: To comply with applicable laws.
• Legitimate Interests: To maintain and improve the platform while respecting your rights.

5. Data Sharing

We will not sell your data. Your information may be shared with:

• The other party involved in the mediation.
• Service providers necessary for platform operation.
• Legal authorities if required by law.

6. Data Retention

Your personal data is retained only as long as necessary for mediation and legal compliance. You may request deletion of your personal data at any time (see Section 12).

7. Your GDPR Rights

Under the GDPR, you have the right to:

• Access: Request a copy of your personal data.
• Rectification: Correct inaccurate or incomplete data.
• Erasure (“Right to be Forgotten”): Delete your data where lawful.
• Restrict Processing: Limit how we use your data.
• Data Portability: Receive your data in a structured, machine-readable format.
• Object: Object to processing based on legitimate interests.
• Withdraw Consent: Withdraw previously given consent.
• Complaint: Lodge a complaint with the Information Commissioner’s Office (ICO).

8. Data Security

We implement technical and organisational measures to protect your personal data. While we take security seriously, no system is completely secure.

9. Cookies and Tracking

We may use cookies to improve your experience. Cookies track usage patterns but do not personally identify you unless voluntarily provided.

10. Children

Our platform is not for individuals under 18 years old. We do not knowingly collect data from children.

11. Changes to this Policy

We may update this GDPR Policy occasionally. Updated policies will be posted on our website with the new effective date. Continued use of the Service indicates acceptance of the updated policy.