Privacy Policy
Last updated: 27 June 2026
AEO-REX Ltd ("we", "us", "our") is committed to protecting your personal data. This policy explains what we collect, why, how long we keep it, and the rights you have. It applies to aeo-rex.com and our related subdomains, and to the services we provide.
We are the data controller for the personal data described here. We are registered with the Information Commissioner's Office, registration number ZC099609.
Company: AEO-REX Ltd, registered in England and Wales, company number 17018571.
Registered address: Flat 4, Thames Tower, Cromwell Street, Birmingham B7 5BH.
Contact for data protection matters: shanazbegum@aeo-rex.com
What we collect
We collect only what we need to run our business and provide our services.
Information you give us directly. When you fill in a form, request an audit, join a waitlist, subscribe to updates, or contact us, we collect what you submit. This typically includes your name, email address, business name, website address, and anything you choose to write in a message.
Information collected automatically. When you use our website and have given consent, we collect standard analytics data such as the pages you view, your approximate location at country level, your device and browser type, and how you arrived at the site. This is described in the Cookie Policy. Without your consent, we do not collect this.
Client service data. When you become a client, we process information relating to your website, your business, and the work we carry out. Where that work involves personal data belonging to your own customers or contacts, we act as a data processor on your behalf, governed by a separate Data Processing Agreement.
We do not knowingly collect personal data from anyone under 18. Our services are intended for businesses.
Why we process your data, and our lawful basis
We rely on the following lawful bases under UK GDPR.
Consent. For analytics cookies and for sending you marketing or updates by email. You can withdraw consent at any time.
Contract. To deliver the services you have asked us to provide and to manage our relationship with you as a client.
Legitimate interests. To respond to enquiries you send us, to keep our business records, and to protect our website and systems. Where we rely on legitimate interests, we have considered your rights and do not process your data in ways you would not reasonably expect.
Legal obligation. To meet our accounting, tax, and other legal requirements.
Who we share it with
We do not sell, rent, or trade your personal data.
We use a small number of trusted service providers who process data on our behalf, only to deliver our services, and under contractual data protection terms. These currently include our email and marketing platform, our website hosting and forms infrastructure, our payment processor, our analytics provider, and our database provider. Each acts under its own data processing agreement with us.
We may disclose information where we are legally required to, for example in response to a lawful request from an authority.
Optional integrations: Google Search Console
The AEO-REX homepage offers an optional widget that lets you connect your own Google Search Console account to view your organic search data alongside our AI visibility analysis. If you choose to use this integration:
- We access your data in read-only mode only. We never modify, delete or create any data in your Google account.
- We do not retain your Google Search Console data after your browser session ends. The data is processed in real time and displayed to you only.
- We do not share your Search Console data with third parties and we do not use it to train AI models.
You can disconnect at any time from within the widget or from your Google Account permissions page. Under UK GDPR you can withdraw consent for this integration at any time without affecting the lawfulness of any processing carried out before withdrawal.
Where your data is processed
Some of our service providers process data outside the UK. Where that happens, we ensure appropriate safeguards are in place as required by UK GDPR, such as the International Data Transfer Agreement or equivalent approved mechanisms.
How long we keep it
We keep personal data only as long as we need it.
- Enquiry and contact form data: up to 24 months from your last contact, unless you become a client.
- Marketing subscribers: until you unsubscribe, after which we remove you from active lists.
- Client records: for the duration of our engagement and for up to 6 years afterwards, to meet legal and accounting obligations.
- Analytics data: retained according to our analytics provider's settings, in aggregate form.
When data is no longer needed, we delete or anonymise it.
How we protect it
We use appropriate technical and organisational measures to protect your data, including access controls, two-factor authentication on accounts holding personal data, and encrypted connections. No system can guarantee absolute security, but we take our responsibilities seriously and review our measures regularly.
Your rights
Under UK GDPR you have the right to:
- Access the personal data we hold about you
- Have inaccurate data corrected
- Have your data deleted in certain circumstances
- Restrict or object to how we process your data
- Receive your data in a portable format
- Withdraw consent at any time, where we rely on consent
- Complain to the Information Commissioner's Office
To exercise any of these, contact us at shanazbegum@aeo-rex.com. We will respond within one month. There is normally no charge.
If you are not satisfied with how we have handled your data, you can complain to the ICO at ico.org.uk, or by calling their helpline. We would ask that you contact us first so we can try to put things right.
Changes to this policy
We may update this policy from time to time. We will post any changes on this page and update the date above. Material changes will be communicated where appropriate.
Questions about how we handle your data?
Contact Us