Privacy Policy

Last Updated: 2025-05-17

ClearCompliance ("ClearCompliance", "we", "us", or "our"), a trading name of [Your Company Name], is committed to protecting and respecting your privacy and the privacy of individuals whose data is processed through our services. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our website, platform, and Anti-Money Laundering (AML) / Customer Due Diligence (CDD) services (collectively, the "Service").

This policy is written in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

Our contact details are:
ClearCompliance
[Your Company Address - Placeholder]
Email for data protection inquiries: dpo@clearcompliance.co.uk

For the purpose of the UK GDPR, ClearCompliance acts as a **Data Controller** for the personal data of our clients (users of our Service) and website visitors. When our clients use our Service to conduct Checks on individuals (e.g., tenants), ClearCompliance typically acts as a **Data Processor** on behalf of our clients, who are the Data Controllers for that specific processing activity. This policy primarily addresses our role as a Data Controller.

2. Information We Collect About You (Our Clients and Website Visitors)

We may collect and process the following data about you:

Identity and Contact Data: Including your name, business name, email address, postal address, telephone number, job title, and account login credentials.
Financial Data: If you subscribe to paid services, payment card details or bank account information (processed securely by our third-party payment processors).
Transaction Data: Details about payments to and from you and other details of services you have purchased from us.
Technical Data: Including internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our Service.
Usage Data: Information about how you use our website, platform, and services.
Marketing and Communications Data: Your preferences in receiving marketing from us and your communication preferences.

We collect this information directly from you when you register for an account, use our services, fill in forms on our website, or correspond with us by post, phone, email, or otherwise.

3. Information We Process on Behalf of Our Clients (Data We Process as a Data Processor)

When our clients use our Service to perform AML/CDD Checks on individuals (e.g., tenants, customers), they submit personal data about these individuals to our platform. This may include:

Full name, date of birth, current and previous addresses.
Identification documents (e.g., passport, driving licence).
Information related to source of funds or wealth.
Results of PEP and sanctions screenings.

Our clients are the Data Controllers for this data. ClearCompliance processes this data solely on their instructions and in accordance with our contractual agreements with them and applicable law. If you are an individual whose data has been processed through our Service by one of our clients, you should direct any queries or requests regarding your data to that client (the Data Controller).

4. How We Use Your Information (As Data Controller)

We use the information we collect about you (our clients and website visitors) for the following purposes and lawful bases:

To provide and manage your account and our Service: (Lawful basis: Performance of a contract with you).
To process transactions: (Lawful basis: Performance of a contract with you).
To manage our relationship with you: Including notifying you about changes to our terms or privacy policy (Lawful basis: Performance of a contract, Legal obligation, Legitimate interests).
To improve our Service, website, and customer relationships: (Lawful basis: Legitimate interests to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy).
To administer and protect our business and this website: Including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data (Lawful basis: Legitimate interests for running our business, provision of administration and IT services, network security, to prevent fraud; Legal obligation).
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you: (Lawful basis: Legitimate interests to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy).
To make suggestions and recommendations to you about goods or services that may be of interest to you: (Lawful basis: Legitimate interests to develop our products/services and grow our business; Consent where required).
To comply with legal or regulatory obligations: (Lawful basis: Legal obligation).

5. Data Security

We have implemented appropriate technical and organizational security measures designed to protect your personal data and the data we process from accidental loss and from unauthorized access, use, alteration, and disclosure. These measures include encryption, access controls, and secure data storage solutions.

The security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Service, you are responsible for keeping this password confidential.

6. Data Retention

We will only retain your personal data (as a Data Controller) for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

For data we process as a Data Processor, we retain it in accordance with the instructions of our client (the Data Controller) and our contractual agreements.

7. Disclosure of Your Information

We may share your personal data (as a Data Controller) with:

Service providers who provide IT, system administration, data storage, and other support services.
Third-party data providers as necessary to perform the Checks requested by you (e.g., identity verification services, PEP/sanctions list providers).
Professional advisers including lawyers, bankers, auditors, and insurers.
HM Revenue & Customs, regulators, and other authorities who require reporting of processing activities in certain circumstances.
Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

8. International Transfers

Some of our external third-party service providers may be based outside the UK or European Economic Area (EEA), so their processing of your personal data will involve a transfer of data outside the UK/EEA. Whenever we transfer your personal data out of the UK/EEA, we ensure a similar degree of protection is afforded to it by ensuring appropriate safeguards are in place, such as an adequacy decision or Standard Contractual Clauses approved for use in the UK.

9. Your Data Protection Rights

Under UK data protection law, you have rights including:

Your right of access - You have the right to ask us for copies of your personal information.
Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances (e.g., for direct marketing).
Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. Please contact us at dpo@clearcompliance.co.uk if you wish to make a request.

If you are an individual whose data has been processed by one of our clients using our Service, please direct your rights requests to that client (the Data Controller).

10. Cookies

Our website may use cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. For detailed information on the cookies we use and the purposes for which we use them, see our Cookie Policy [Link to Cookie Policy - You will need to create this page].

11. Changes to This Privacy Policy

We keep our privacy policy under regular review. Any changes we make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our privacy policy.

12. How to Complain

If you have any concerns about our use of your personal information, you can make a complaint to us at dpo@clearcompliance.co.uk.

You can also complain to the ICO if you are unhappy with how we have used your data. The ICO’s address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Helpline number: 0303 123 1113. ICO website: https://www.ico.org.uk

This Privacy Policy was last updated on 2025-05-17.