Policies · AI Disclosure
AI Voice Assistant — Disclosure Policy
When you call us, you might first talk to our AI assistant — it sounds human but it is NOT. We tell you it is AI in the first sentence of every call, give you a quick way to switch to a real person, and never let the AI commit us to a binding price or decision.
Why disclosure matters
UK ICO fairness and transparency principles under UK GDPR. EU AI Act Art. 50(1) — clear and distinguishable disclosure when interacting with AI — in force 2 August 2026 (UK businesses calling EU residents in scope). PECR 2003 — automated marketing calls require prior opt-in. Ofcom — CLI rules, silent / abandoned call regs. UK GDPR Art. 22 — solely automated decisions with legal effects require human review. Penalty (PECR / UK GDPR under Data (Use and Access) Act 2025): up to £17.5m or 4% global turnover.
The disclosure principle
We disclose the AI status of the assistant in the first sentence of every call (inbound and outbound). We do not use ambiguous or human-sounding language to imply you are speaking to a person. No exceptions. No scenario where the AI pretends to be human.
Where it's given
Voice call inbound: greeting sentence every call. Voice call outbound (service): greeting every call. Voice call outbound (marketing): greeting + marketing flag (PECR Reg 19 prior opt-in required). SMS / WhatsApp via AI: first message of every new thread. Live chat (web): avatar + opening line. Email (where AI drafts): footer line — 'This message was drafted with AI assistance. A human reviewed before sending.'
Inbound greeting (verbatim)
"Hi, you're speaking to Taurex's automated assistant — I'm an AI, and I can help with shipments, tracking, and indicative quotes, or transfer you to a person at any time. This call is recorded for service and quality. Say 'human' whenever you'd like a real person." Mandatory elements: AI disclosure + recording + opt-out path. The AI also re-discloses when asked, declines confidently when asked, adds 'indicative' before any price, identifies Taurex by name on outbound, presents valid UK CLI per Ofcom.
Where AI is NOT used
Complaints (routed straight to a human — /policies/complaints). Damage / loss claims (claims team — /policies/claims). Payment disputes (accounts). Sanctions / KYC refusals (MLRO — Director). Subject access requests (DPO). Whistleblowing reports (ethics@). Legal threats or pre-action correspondence (Director). High-value or complex bookings. Vulnerable callers. Calls where AI confidence falls below 0.7 sustained 10 seconds. Calls where caller asks for a human (regardless of trigger word). Routing in /policies/ai-escalation-rules.
Article 22 — no solely automated decisions
The AI does not make solely automated decisions with legal or similarly significant effects. It does not issue binding quotes (indicative only — human confirms in writing). Does not approve or refuse credit. Does not refuse service on KYC / sanctions grounds (escalated to MLRO). Does not commit Taurex to bookings without human confirmation for high-value or sensitive cargo. Does not make hire / fire / pricing decisions affecting individuals. Any extension to a decision engaging Art. 22 requires: lawful basis (Art. 22(2)(a) contract, (b) law, or (c) explicit consent), disclosure of meaningful logic, human review route, fresh DPIA, customer notification.
DPIA and vendor
A Data Protection Impact Assessment was completed before AI went live, covering data processed, lawful basis, risks, mitigation, residual risk, Director sign-off. Reviewed annually and on material change. AI delivered by Telnyx, our voice telephony and AI assistant provider, under written DPA covering purpose limitation, sub-processor approval, security, breach notification, audit rights, return / deletion at end of engagement, international transfer safeguards (UK IDTA or UK Addendum). If primary inference is outside UK / EEA, we maintain Transfer Impact Assessment per ICO January 2026 guidance. Only vendors with current SOC 2 Type II + GDPR readiness + UK DPA used.
Last reviewed 2026-06-06.