Our Privacy Notice

About Us

This is the privacy policy for www.fintechcompliance.co.uk , FinTech Compliance Limited (Fintech Compliance, we, us, and our). Our company’s registered address is Unit 6 Buckingham Court, Rectory Lane, Loughton, Essex, England, IG10 2QZ.

We are committed to protecting your privacy and the security of the personal data we hold and process on your behalf. This Privacy Policy explains how we collect information, what we use the information for, our legal basis for doing so, and what controls you have.

We reserve the right to change this privacy policy from time to time by changing it on our website. This privacy policy was last updated on 05/11/2018.


What information do we collect from you?

Information you give to us

We may collect and process the following personal information about you:

–    General personal details, which may include:

o    Your name

o    Your residential address

o    Your contact details (email address and/or your telephone number)

o    Your date of birth

–    Information you provide in order to us to deliver our services to you:

  • Personal data about such individuals at your firm, such as individual’s name, address, date and place of birth, and contact details;
  • Personal data which can be used to verify your identity, such as your passport
  • Information relating your business and your query;
  • Information to enable us to carry out a compliance audit, which may include information about your clients;
  • Your employment history and details, including disciplinary or regulatory sanctions, criminal convictions, and offences;
  • Information relating to your financial position/financial position of your firm;

–    Communications you send to us (by telephone, email or otherwise), for example, to report a problem or to submit queries, concerns or comments regarding the Website/Service, our service, or general comment


Information we collect about you

With regard to each of your visits to the Website we may automatically collect the following information:

  • Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system;
  • Information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from the Website (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.

We may receive information about you if you use any of the other websites we operate or the other services we provide.

The information detailed above will not constitute personal data.


Information we receive from others

We are also working closely with third parties (including, for example, credit check and criminal check providers) and may receive information about you from them.


What we do with your data?

We use your personal data for the following purposes:


Providing our services to you

We need to process certain personal information in order to provide our services to you, which includes:

  • FCA Applications;
  • Ongoing Compliance Support (Comply, Comply lite)
  • Comply Ad-Hoc;
  • Feasibility Assessment;
  • Comply Audit.

In order to deliver our services, your personal data may also be transferred to the following third parties:

  • PeopleCheck Ltd (to provide credit ad DBS checks services)
  • Continuity Partner Ltd (Our reg. technology provider TrackMyRisks to manage work flow and document sharing with you)
  • Our technology partners, including our cloud hosting provider Dropbox, to store your personal data securely.


Contacting you about our services

If you have given us your contact information, we may use these details to get in touch with you about the services we offer such as by following up on an incomplete registration process or to email you details of offers you may be interested in.

You may opt out of this at any time by telling us, or if we have contacted you via email, you will be given an option to opt out by clicking the relevant email link.


Improving our services

We may use your personal data to analyse how you are using our service and to gain insights into how we can improve our products and services.


Customer Support and account administration

We may use your personal data to provide you with customer support or to investigate complaints or concerns about your account.


Related products and services

We may use your personal data to provide you with information on related products and services that you may be interested in, such as AML/KYC check providers. This information will be provided electronically, either via our website, or email.

We will not transfer any of your personal data to third parties for this purpose unless you give us your explicit consent.


Our lawful basis for processing your personal data

Under Article 6 of the EU General Data Protection Regulation (GDPR) we are required to tell you about the legal basis under which we collect and process your data.

We will only collect and process your personal data in accordance with one of the below lawful bases:

  • Performance of a contract: This is where the processing is necessary for a contract we have with you, or you have asked us to take specific steps before entering into a contract, such as providing you with a quote. This lawful basis covers the following purposes:
    • Providing our services to you
  • Our legitimate interests: This is where we collect and process data in accordance with our “legitimate interests”. Our legitimate interests include:
    • Improving our service
    • Providing you with marketing information about our services
    • Providing you with customer support
    • Providing you with information about related products and services offered by us
    • Providing you with information about related products and services offered by our commercial partners
  • Compliance with our legal obligations: We may be required to process or share your personal data in compliance with a legal obligation, such as in response to a request by law enforcement or when investigating a civil claim.


Data storage and international transfers

We take the security of your data very seriously, and all of your personal data will be kept according to strict safeguards and in compliance with the GDPR. Your data will be stored on cloud servers within the EEA and we will only store your data outside the EEA in the event that the jurisdiction in question has been assessed as compliant with the GDPR.


Your rights

You have the right to be informed over what personal data we hold and how we are using it. This information is contained within this privacy notice.

If you have consented to particular uses of your personal data, you have the right to withdraw this consent at any time.

You have the right to “portability” of your personal data that we have collected with your consent or in performance of a contract that is used in automated decision-making. This means that you can request copies of all the personal data we hold for this purpose in a structured, commonly used, and machine readable form, and we will supply this to you free of charge on request. We will respond to these requests within one month, unless the request is particularly complex, in which case we will inform you of how long it will take as soon as possible.

You have the right to request a copy of the personal data we hold under the GDPR by making a “subject access request” to us in writing. We will comply with all valid subject access requests within 30 days, unless the request is particularly complex; in this case we will contact you within 30 days with further information. You will not be charged for making a subject access request unless we reasonably deem this to be a manifestly unfounded or excessive request, in which instance you will be charged a reasonable fee based on the administrative costs of providing the information.

If some of the personal data we hold is inaccurate or incomplete, you can request that we rectify our records by writing to us. We will comply with all requests within 30 days unless the request is particularly complex; in this case we will contact you within 30 days with further information.

Where we are using your personal data in accordance with our legitimate interests, you can object to further use of your data. This objection should be based on grounds relating to your particular situation. If you object, we will stop using your personal data in this way immediately, unless there are compelling legitimate grounds for processing your personal data which override your interests, rights and freedoms (such as requests by law enforcement) or we need to process your data for the establishment, exercise or defence of legal claims. You may always object to further use of your data for direct marketing purposes by clicking the “unsubscribe” button within marketing emails or by contacting us by writing to us at joseph.paice@fintechcompliance.co.uk.  

You have the right to request erasure of the personal data we hold by contacting us. Please note that it is not always possible for us to comply with a request for erasure; for example, if we have collected data from you in performance of a contract, we cannot normally comply with a request for erasure unless we no longer have an active contract with you and the data is more than six years old.

You have the right to restrict the processing of your personal data in certain circumstances, such as when you object to us using your data in accordance with our legitimate interests or when you contest the accuracy of the data we hold on you.

You can exercise any of your rights by contacting us via the details at the bottom of this page. Please note that we may need to verify your identity before complying with any of the above requests.


How long we will keep your data for

We will only keep your personal data for as long as is necessary. This means that we will retain your personal data for as long as we have an active contract or business relationship with you, and after this, we will only keep your data for as long as is necessary for the purposes which it is stored.


What happens if you don’t provide us with the information we need

As outlined above, some of the personal data you provide to us will be used in order to enter into a contract with you and to comply with our legal obligations.

Should you not provide us with the data we require to offer our service or request that we erase the personal data we hold, it is likely that we will not be able to deliver our services to you.



If you feel that we have not been complying with our obligations on data protection law or you wish to assert one of your rights, please contact us without delay using the contact details provided above.

Should you be dissatisfied with our response or wish to complain to the relevant supervisory authority, you can do so by contacting the Information Commissioner’s Office (ICO). Contact details for the ICO can be found on this webpage.