PRIVACY POLICY (UK GDPR) – www.sicksally.com

Effective date: 7th January 2026
⠀

Operation Profits Ltd (“we”, “us”, “our”) values the privacy of individuals who use our websites, applications, and related services (collectively, our “Services”). This Privacy Policy explains how we collect, use, and disclose information from users of our Services (“Users”). By using our Services, you agree to the collection, use, disclosure, and procedures this Privacy Policy describes. It also informs you about your rights and choices with respect to your personal information, and how you can contact us if you have any questions or concerns.
⠀

Beyond this Privacy Policy, your use of our Services is also subject to our Terms of Service and any other terms made available on our Website.
⠀

In this Privacy Policy, “personal information” means any information related to an identified or identifiable individual, and does not include aggregated data or data whereby personally identifiable information has been removed (such as anonymous, de-identified, or anonymized data).
⠀

Please read this Privacy Policy carefully so that you understand your rights in relation to your personal information, and how we will collect, use, and process your personal information. If you do not agree with this Privacy Policy, our Terms of Service, or any part thereof, you should not access or use any part of our Services, or otherwise provide us with your personal information. If you change your mind in the future, you must stop using our Services and you may exercise your rights in relation to your personal information as set out in this Privacy Policy.
⠀

1) WHO IS RESPONSIBLE FOR YOUR PERSONAL INFORMATION (DATA CONTROLLER)
⠀

Operation Profits Ltd is the data controller for personal data collected via the Website and Services (except where we act as a processor as described below).
⠀

Contact details:
Email: [email protected]
Address: 6 Woolston Avenue, Letchworth Garden City, Hertfordshire, England. SG6 2ED
Company number: 15311132
⠀

Data Protection Officer (DPO): Alex Smale (contact via [email protected])
⠀

2) DATA ROLES (CONTROLLER VS PROCESSOR) AND B2B SERVICES
⠀

Data protection laws distinguish between a “controller” (who decides how and why personal data is processed) and a “processor” (who processes personal data on behalf of a controller).
⠀

Controller role (most Users): For most personal information collected through our Website and Services, Operation Profits Ltd acts as the controller.
⠀

Processor role (B2B customers): In some circumstances—particularly where we provide services to business customers (“B2B Services”) and process personal data on their behalf (for example, where a business customer provides us with personal data relating to their employees, contractors, leads, or customers)—the business customer is the controller and Operation Profits Ltd is the processor. In those cases, we process personal data only on documented instructions from the business customer, as needed to provide the B2B Services, comply with applicable law, and protect the security and integrity of our systems.
⠀

Where we act as a processor, the business customer is responsible for ensuring they have a lawful basis to share personal data with us and for providing appropriate privacy information to the relevant individuals.
⠀

3) INFORMATION WE COLLECT
⠀

We may collect a variety of information from or about you or your devices from various sources, as described below.
⠀

A. Personal information you provide to us
⠀

Account and profile information: If you create an account or register for our Services, we may collect information such as your name, email address, username, and other profile details you choose to provide.
⠀

Communications: If you contact us directly, we may receive personal information such as your name, email address, the contents of your message, attachments, and any other information you choose to provide.
⠀

Marketing preferences: If you sign up for newsletters, updates, events, or offers, we collect the information needed to send those communications (usually your email address and, where provided, your name). You can opt out at any time using the “unsubscribe” link in our emails.
⠀

Customer or billing information (if applicable): If you purchase a product or service from us, we may collect information needed to administer the purchase (such as billing details and transaction records). Payment card details are typically processed by our third-party payment processors and are not stored by us, except where you choose to save payment details with the payment provider.
⠀

B. Personal information we collect automatically when you use our Services
⠀

Device information: We receive information about the device and software you use to access our Services, including IP address, browser type, operating system, device identifiers, and approximate location (derived from IP).
⠀

Usage information: We automatically receive information about your interactions with our Services, such as pages or content you view, features you use, links you click, referral URLs, and dates/times of visits.
⠀

Cookies and similar technologies: We use cookies, pixels, and similar technologies to collect information about your online activities. You can control cookies through your browser settings and, where applicable, our cookie preference tools. Note that disabling certain cookies may affect site functionality.
⠀

C. Information we receive from third parties
⠀

We may receive personal information from third parties in connection with operating our Services, such as:
⠀

• account sign-in providers (where you choose to use them);
• service providers we use for analytics, communications, support, fraud prevention, and infrastructure; and
• marketing partners (where permitted by law and your settings/consents).
⠀

Personal information collected by third parties is subject to those parties’ own policies. See “Third Parties” below.
⠀

4) HOW WE USE THE INFORMATION WE COLLECT
⠀

We use the information we collect to:
⠀

• provide, maintain, improve, and enhance our Services;
• create and administer accounts and deliver requested functionality;
• communicate with you, including providing customer support and responding to enquiries;
• send you service-related messages (administrative, transactional, or security notices);
• send marketing communications (where permitted by law and based on your preferences);
• monitor and analyse usage trends, measure performance, and develop new products, services, features, and functionality;
• detect, prevent, and respond to fraud, abuse, security incidents and trust and safety issues;
• facilitate transactions and manage billing and accounting (if applicable);
• create de-identified, anonymized, or aggregated data for analytics and service improvement; and
• comply with legal obligations and enforce our Terms of Service and other legal rights.
⠀

If you are in the UK or EEA, we only process your personal information when we have a valid lawful basis, such as:
⠀

• Consent (for example, certain marketing communications or non-essential cookies);
• Contractual necessity (to provide the Services you request);
• Legal obligation (for example, tax/accounting compliance); and
• Legitimate interests (for example, securing and improving the Services), provided those interests are not overridden by your rights and interests.
⠀

5) HOW WE DISCLOSE THE INFORMATION WE COLLECT
⠀

We may disclose personal information as follows:
⠀

A. Vendors and service providers
⠀

We may disclose personal information to trusted vendors and service providers that help us operate, maintain, and deliver our Services (such as hosting, analytics, communications, customer support, security, and payment processing). They are authorised to process personal information only as necessary to provide services to us and are required to protect it.
⠀

B. Business customers (where applicable)
⠀

If you use our Services via an organisation (for example, your employer or another business customer), that organisation may have access to certain information associated with your use of the Services, subject to the organisation’s policies and any applicable agreement.
⠀

C. Integrations and third-party tools (where applicable)
⠀

If you choose to connect third-party tools or integrations to our Services, we may share information with those third parties as needed to enable the integration. The third party’s processing of your data is governed by their own privacy policy.
⠀

D. Legal and safety
⠀

We may access, preserve, and disclose personal information if we believe doing so is required or appropriate to: (a) comply with law enforcement requests and legal process; (b) respond to your requests; (c) detect and investigate security incidents and potentially illegal or prohibited activities; or (d) protect your, our, or others’ rights, property, or safety.
⠀

E. Corporate transactions
⠀

We may transfer personal information to advisors, potential transactional partners, or other third parties in connection with the consideration, negotiation, or completion of a corporate transaction (such as a merger, acquisition, financing, reorganisation, or sale of assets). The use of your personal information following such an event will be governed by the privacy policy in effect at the time the applicable information was collected, unless you are notified otherwise.
⠀

F. Consent
⠀

We may disclose personal information with your permission or at your direction.
⠀

We do not sell your personal information.
⠀

6) ANONYMIZED SALES PATTERN ANALYSIS (AI COACHING AND SCRIPT GENERATION)
⠀

To improve our AI coaching and script generation services, we may analyse successful sales interactions across our platform and extract generalised sales techniques, question patterns, and conversation strategies from call transcripts and related sales interaction data.
⠀

What we collect (when a deal is marked closed/won). When a deal is marked as closed/won, our system may extract pattern-level information from the transcript and interaction, such as:
⠀

• general sales techniques and conversation structures;
• question patterns (e.g., discovery, objection handling); and
• high-level strategy sequences (e.g., “problem → impact → urgency → next steps”).
⠀

How we anonymize data (removing identifying details). Before any pattern is stored, we automatically remove personally identifiable information (“PII”) and identifying business context, including (without limitation):
⠀

• names of individuals, companies, and prospects;
• email addresses and phone numbers;
• specific dollar amounts and pricing details;
• dates, deadlines, and scheduling information;
• URLs and web addresses; and
• any other identifying details.
⠀

Patterns are stored as generalised templates, for example: “What challenges are you facing with [PRODUCT CATEGORY]?” rather than including specific product, company, or individual references.
⠀

Purpose of collection (why we do this). Fully anonymized patterns are used to:
⠀

• improve AI coaching suggestions for all users;
• enhance automated sales script generation;
• identify effective sales techniques by industry vertical;
• generate aggregated performance insights; and
• create anonymized, aggregated reports and datasets that may be shared with or sold to third parties (see “Third-Party Data Sharing (Anonymized/Aggregated)” below).
⠀

No individual attribution.
⠀

• Patterns are designed so they cannot be traced back to any individual user, company, prospect, or single sales interaction.
• We do not sell or disclose data that identifies you or your business.
• Only fully anonymized, aggregated insights are shared externally.
⠀

Data minimization. We collect and retain only the minimum necessary to generate and store patterns. Identifying context is stripped prior to storage and prior to any third-party sharing.
⠀

Legal basis (UK GDPR Article 6). We process this pattern analysis based on our legitimate interests in improving our Services and generating anonymized market insights. Our irreversible anonymization is intended to ensure these interests do not override your rights and freedoms.
⠀

Right to object / opt-out. You may opt out of contributing to future anonymized pattern analysis by contacting us at [email protected]. Opting out will not affect your access to the platform. Please note: data already anonymized and aggregated prior to your opt-out cannot be removed, as it is no longer identifiable.
⠀

Right to information. You may request information about how your data is processed at any time by contacting [email protected].
⠀

7) THIRD-PARTY DATA SHARING (ANONYMIZED/AGGREGATED)
⠀

We may sell, license, or share anonymized, aggregated data with third parties, including (without limitation):
⠀

• industry benchmark reports (e.g., “Average close rates by methodology in SaaS”);
• aggregated sales technique effectiveness data;
• market research insights derived from platform-wide patterns; and
• training datasets for AI/ML applications.
⠀

This shared data:
⠀

• contains no personal information and no business identifiers;
• cannot reasonably be used to identify any individual user, company, prospect, or transaction;
• represents statistical aggregation across many interactions; and
• is derived from patterns intended to have been irreversibly anonymized.
⠀

We will never sell or share:
⠀

• your individual call recordings or transcripts;
• your company name, prospect names, or deal details;
• any data that could reasonably identify you or your business; or
• raw or non-anonymized sales data.
⠀

8) DATA PROCESSING ADDENDUM (DPA) FOR B2B CUSTOMERS
⠀

Where we process personal data as a processor on behalf of a business customer in connection with B2B Services, our processing will be governed by a Data Processing Addendum (“DPA”) that forms part of the relevant contract between us and the business customer. The DPA is intended to reflect applicable data protection requirements (including the UK GDPR), clarify each party’s responsibilities (including security measures, sub-processors, international transfers, breach notification, and assistance with data subject rights), and reduce misunderstandings or disputes regarding data protection obligations.
⠀

Business customers may request a copy of our DPA by contacting [email protected]. If there is any conflict between the DPA and this Privacy Policy regarding B2B processing where we act as a processor, the DPA will prevail to the extent of that conflict.
⠀

9) DATA RETENTION
⠀

We store personal information for as long as necessary to fulfil the purposes set out in this Privacy Policy, or for as long as we are required to do so by law or to comply with a regulatory obligation. When deleting personal information, we take reasonable measures to render such personal information irrecoverable or irreproducible, where practicable.
⠀

Retention periods depend on the nature of the data and why we collected it. For example:
⠀

• Communications and enquiries: retained for as long as needed to address the request and for a reasonable period thereafter.
• Account data: retained while your account is active and for a reasonable period after closure (unless longer retention is required by law).
• Transaction records (if applicable): retained as required for accounting and tax compliance.
⠀

Anonymized data retention. Anonymized patterns and aggregated datasets may be retained indefinitely because they are intended to contain no personal data. Original call transcripts (which may contain personal data) remain subject to the retention approach described in this section.
⠀

10) SECURITY
⠀

We use reasonable physical, technical, organisational, and administrative safeguards designed to protect the personal information we maintain. However, no electronic transmission or storage of information can be entirely secure, so we cannot guarantee absolute security.
⠀

11) CHILDREN’S PRIVACY
⠀

Our Services are not targeted to children, and we do not knowingly collect or maintain personal information from children. If you believe a child has provided us with personal information, please contact us at [email protected] so we can take appropriate steps to delete it.
⠀

12) COOKIES AND SIMILAR TECHNOLOGIES
⠀

We use cookies and similar technologies (such as pixels and local storage) to operate and improve our Services, remember preferences, understand usage, and (where applicable) support marketing. You can adjust your browser settings to refuse cookies or indicate when a cookie is being sent. If you delete or do not accept cookies, some features of the Services may not function properly.
⠀

13) THIRD PARTIES
⠀

Our Services may contain links to other websites, products, or services that we do not own or operate. We are not responsible for the privacy practices of these third parties. This Privacy Policy does not apply to your activities on third-party services or any information you disclose to these third parties. We encourage you to read their privacy policies before providing any information.
⠀

14) INTERNATIONAL VISITORS AND CROSS-BORDER TRANSFERS
⠀

We may process and store personal information in the UK and other countries where we or our service providers operate. If we transfer personal information outside the UK (and, where applicable, the EEA), we will use appropriate safeguards as required by law, such as adequacy decisions or approved contractual protections.
⠀

International users (EEA/UK and similar jurisdictions).
⠀

• Anonymized data is intended not to be “personal data” under GDPR/UK GDPR because it cannot reasonably identify an individual.
• Any third-party data sharing described in this Privacy Policy involves only anonymized, aggregated information.
⠀

15) YOUR RIGHTS AND CHOICES
⠀

A. Marketing communications
⠀

You can unsubscribe from promotional emails via the link in the emails. Even if you opt out of marketing, you may still receive administrative or service-related messages.
⠀

B. UK/EEA rights
⠀

If you are located in the UK or EEA, you may have rights in relation to your personal information, including:
⠀

• access (request a copy of your personal information);
• rectification (correct inaccurate or incomplete information);
• erasure (request deletion in certain circumstances);
• restriction (limit processing in certain circumstances);
• data portability (receive your data in a machine-readable format);
• objection (object to certain processing, including direct marketing); and
• withdrawal of consent (where we rely on consent).
⠀

Before responding to a request, we may need to verify your identity. We may have valid legal reasons to refuse your request and will inform you if applicable.
⠀

To exercise your rights, contact: [email protected].
⠀

C. Complaints
⠀

If you are in the UK, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO). We encourage you to contact us first so we can try to resolve your concern.
⠀

D. Opt-out from anonymized pattern analysis
⠀

You may opt out of contributing to future anonymized pattern analysis by contacting [email protected]. This will not affect your access to the platform. Data already anonymized and aggregated prior to your opt-out cannot be removed because it is no longer identifiable.
⠀

16) CALIFORNIA RESIDENTS (CCPA/CPRA) – ADDITIONAL INFORMATION
⠀

Under California law, the “sale” of personal information requires disclosure. The anonymized, aggregated data we share with third parties does not constitute “personal information” under CCPA/CPRA because it cannot reasonably be linked to a consumer or household. Therefore, this sharing is not a “sale” of personal information under California law.
⠀

You may opt out of contributing to future anonymized pattern analysis by contacting [email protected].
⠀

17) CHANGES TO THIS PRIVACY POLICY
⠀

We may update this Privacy Policy from time to time. We will post any changes on this page and update the effective date. If we materially change how we use or disclose personal information previously collected from you through the Services, we may provide notice through the Services, by email, or other communication where appropriate. Your continued use of the Services after changes are posted means you agree to the updated Privacy Policy.
⠀

18) CONTACT INFORMATION
⠀

If you have any questions, comments, or concerns about this Privacy Policy, our privacy practices, or if you would like to exercise your rights with respect to your personal information (including opting out of anonymized pattern analysis), please contact:
⠀

Data Protection Officer: Alex Smale
Email: [email protected]
Address: 6 Woolston Avenue, Letchworth Garden City, Hertfordshire, England. SG6 2ED
Company number: 15311132