Legal

Privacy Notice

How we collect, use and share personal information in the course of our business activities.

RegAware takes its data protection and privacy responsibilities seriously. This privacy notice explains how we collect, use and share personal information in the course of our business activities, including:

  • What personal information we collect and when and why we use it
  • How we share personal information within RegAware and other third parties
  • Carrying out direct marketing
  • Processing personal information
  • How we protect and store personal information
  • Legal rights available to help manage your privacy
  • How you can contact us for more support

We may amend this notice from time to time to keep it up to date with legal requirements and the way we operate our business. Please regularly check these pages for the latest version of this notice. If we make significant changes to this privacy notice, we will seek to inform you by notice on our website or email (“Notice of Change”).

Important information about RegAware: You can find out more about RegAware at www.regaware.ai or by contacting us using the information in the contact us section.

1. What Personal Information We Collect & When & Why We Use It

In this section you can find out more about: the types of personal information we collect, how we use personal information, when we collect personal information, and the legal basis for using personal information.
RegAware Data Subjects

RegAware collects information about you if you:

  • register with or use one of our Website(s) or online services;
  • are a client;
  • are an employee;
  • are an associate;
  • work with us as a service provider; and/or
  • are a vendor with whom we might work
  • are a potential future RegAware customer
Personal Information We Collect

Personal Information we collect will fall within one of the below categories:

Your name and how to contact you
Basic contact information about you, including your signature
Identification data including unique descriptors
Government issued identifiers, other unique identifiers such as date of birth, and personal descriptors that might identify you
Contractual details
Information collected as part of the products and services we provide to you
Socio-Demographic
Includes details about your work or profession, nationality, education
Communications
Includes details about your work or profession, nationality, education
Publicly available data
Details about you that are in public records and information about you that is openly available on the internet
Sensitive categories of data
The law and other regulations treat some types of personal information, including personal information relating to health or criminal convictions and offences as special and affords them additional protections. We will only collect and use these types of data if the law allows us to do so
Personal Information we collect will be used for one or more of the following purposes:

To manage your relationship with RegAware

What we use your information for:
  • To manage our relationship with you or your business, for example by finding out how best to contact you
  • To develop new ways to meet our clients' needs and to grow our business, for example by seeking client feedback or sharing our market research
  • To develop and carry out marketing activities in order to keep our clients informed about our products and services
  • To develop and manage our brand
Lawful Basis:
  • Legitimate interests
  • Consent (where required by law)
Our legitimate interests:
  • Working out which of our products and services might interest you and telling you about them
  • Communicating with you about RegAware and our industry insight and providing thought leadership
  • Seeking your consent when we need it to contact you
  • Keeping our records up to date and honouring your communication preferences

To develop, deliver and support our products and services

What we use your information for:
  • To deliver our products and services to our clients
  • To provide advice or guidance, for example to support your use of our products and services
  • To develop, test and manage new and existing products and services
  • To understand how our clients use products and services from us and other organisations
  • To manage how we work with other companies that provide services to us and our clients, for example our relationships with vendors and suppliers
Lawful Basis:
  • Contractual obligation
  • Legal obligation
  • Legitimate interests
  • Consent (where required by law)
Our legitimate interests:
  • Enabling the development of our products and services, and what we charge for them
  • Defining relevant clients for new products and services
  • Ensuring that we are able to effectively and efficiently meet our legal and contractual obligations
  • Complying with regulatory requirements

To administer the products and services we deliver

What we use your information for:
  • To make and manage client payments
  • To collect and recover money that is owed to us
  • To exercise our rights set out in agreements or contracts
Lawful Basis:
  • Consent (where required by law)
  • Contractual Obligation
  • Legitimate interest
Our legitimate interests:
  • Ensuring that we are able to effectively and efficiently meet our contractual obligations
  • Complying with regulatory requirements

Crime Prevention and Detection

What we use your information for:
  • To detect, investigate, report, and seek to prevent fraud, financial crime and anti-money laundering, for example through know-your-customer checks, AML screening and other identity checks
  • To comply with other laws and regulations that apply to us
Lawful Basis:
  • Contractual obligation
  • Legal obligation
  • Public Interests
  • Legitimate interests
Our legitimate interests:
  • Ensuring that we are able to effectively and efficiently meet our contractual obligations
  • Complying with regulatory requirements

To protect our brand, our business and our clients' interests

What we use your information for:
  • To manage risk for us and our clients, for example through research and statistical analysis
  • To respond to complaints and seek to resolve them
  • To comply with foreign laws, law enforcement and regulatory requirements that may affect us as a global institution
  • To protect our IT systems, network and infrastructure
  • To run our business in an efficient and proper way, for example managing our financial position, building our business capability, or for planning, communications, corporate governance or audit
Lawful Basis:
  • Legitimate interests
Our legitimate interests:
  • Ensuring that we are able to effectively and efficiently meet our contractual obligations
  • Complying with regulatory requirements
Where we collect your personal information from

We will collect the personal information we use for the above purposes from one or more of the below sources:

  • Directly from you throughout our relationship, including when you use our products, services and websites
  • From publicly available sources of information
The legal basis for using your personal information

We will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis to do this. This is explained in more detail in other sections of this Privacy Notice where we indicate that we will have one or more of the following reasons for using your personal information:

  • our use of your personal information is necessary to fulfil a contract we have with you or to take steps to enter into a contract with you, for example when you ask us to provide you with a product or service.
  • our use of your personal information is necessary to comply with a legal obligation that we have, for example where we are required to report to tax authorities.
  • our use of your personal information is required for regulatory reasons that are in the public interest, for example to prevent and detect financial crime.
  • you have provided your consent to us using the personal information, for example if you have agreed to receive marketing communications.
  • our use of your personal information is in our legitimate interest as a commercial organisation to provide services to our clients, provided our use is proportionate and respects your privacy rights; where we rely on our legitimate interest, we will tell you what that interest is.

2. Sharing Personal Information Within RegAware, With Third Parties, With Our Regulators

In this section you can find out more about how we share personal information: within RegAware, with third parties that help us provide our products and services, and our regulators.

We share your information in the manner and for the purposes described below:

  • within RegAware, where such disclosure is necessary to provide you with our services or to manage our business.
  • with third parties who help manage our business and deliver services. These third parties have agreed to confidentiality restrictions and use any personal information we share with them or which they collect on our behalf solely for the purpose of providing the contracted service to us.
  • with agencies and organizations working to prevent fraud in financial services;
  • with our regulators,
  • to comply with all applicable laws, regulations and rules, and requests of law enforcement, regulatory and other governmental agencies.
  • we may share in aggregate, statistical form, non-personal information regarding the visitors to our website, traffic patterns, and website usage with our business partners, affiliates or advertisers.
  • RegAware may, in the future, sell or otherwise transfer some or all of its assets to a third party. Your personal information, technical information about your device or browser and/or other anonymous information we obtain from you via the websites may be disclosed to any potential or actual third party purchasers of such assets and/or may be among those assets transferred.

3. Using Cookies and Other Technologies

In this section you can find out more about: Types of cookies used on our websites, Third party advertisers, Third party sites, Control your cookie settings.
Types of cookies used on our websites

We do not currently use cookies our websites. However, it is possible that in the foreseeable future this may change. In the event that this is the case, we will make changes to this Privacy Notice and advise you.

Third Party Advertisers

We do not use third party advertising companies to serve ads on our behalf on other websites across the Internet.

Third Party websites

Our websites do not contain links to third party sites.

Future Changes in Cookie Policy

It is possible that in the foreseeable future RegAware’s policy on cookies, third party advertisers, and third party websites may change. In the event that this is the case we recommend you routinely review the privacy notices and preference settings that are available to you on social media platforms, as well as your preferences with RegAware.

4. Carrying Out Direct Marketing

In this section you can find out more about: How we use personal information to keep you up to date with our products and services, and how you can manage your marketing preferences.
How we use personal information to keep you up to date with our products and services

We may use personal information to let you know about RegAware products and services that we believe will be of interest to you. We may contact you by email, post, or telephone or through other communication channels that we think you may find helpful. In all cases, we will respect your preferences for how you would like us to manage marketing activity with you.

How you can manage your marketing preferences

To protect your privacy rights and ensure you have control over how we manage marketing with you can ask us to stop direct marketing at any time. You can ask us to stop sending email marketing by following the ‘unsubscribe’ link you will find on the email marketing messages we send you. Alternatively, you can contact us.

We recommend you routinely review the privacy notices and preference settings that are available to you on social media platforms, as well as your preferences with RegAware.

5. Transferring Personal Data Overseas

RegAware does not operate any of its data administration overseas. Accordingly, your personal information will not be transferred and stored in countries outside the UK.

Future Changes in Overseas Policy

It is possible that in the foreseeable future RegAware’s policy on overseas operations may change. In the event that this is the case we recommend you routinely review the privacy notices and preference settings that are available to you on social media platforms, as well as your preferences with RegAware.

6. How We Protect and Store Your Information

Security

We have implemented and maintain a comprehensive information security program with written policies and procedures designed to protect the confidentiality and integrity of personal information. The information security program contains administrative, technical and physical safeguards, appropriate to the type of information concerned, designed to: (i) maintain the security and confidentiality of such information; (ii) protect against any anticipated threats or hazards to the security or integrity of such information; (iii) protect against unauthorized access to or use of such information that could result in substantial harm, and (iv) ensure appropriate disposal of such information. The security of your personal information also depends in part on the security of the devices you use to communicate with us, the security you use to protect user IDs and passwords, and the security provided by your internet service providers.

Storing your personal information

We will store your personal information for as long as is reasonably necessary for the purposes for which it was collected, as explained in this notice. In some circumstances we may store your personal information for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax, accounting, or necessary technical requirements.

In specific circumstances we may store your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or dealings.

7. Legal Rights Available to Help Manage Your Privacy

Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, you have certain rights in relation to your personal information. These include the rights:

  • To access personal information
  • To rectify / erase personal information
  • To restrict the processing of your personal information
  • To transfer your personal information
  • To object to the processing of personal information
  • To object to how we use your personal information for direct marketing purposes
  • To obtain a copy of personal information safeguards used for transfers outside your jurisdiction
  • To lodge a complaint with your local supervisory authority

We may ask you for additional information to confirm your identity and for security purposes, before disclosing the personal information requested to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.

You can exercise your rights by contacting us. Subject to legal and other permissible considerations, we will use reasonable efforts to honour your request promptly or inform you if we require further information in order to fulfil your request.

We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.

Right to access personal information

You have a right to request that we provide you with a copy of your personal information that we hold and you have the right to be informed of: (a) the source of your personal information; (b) the purposes, legal basis and methods of processing; (c) the data controller’s identity; and (d) the entities or categories of entities to whom your personal information may be transferred.

Right to rectify or erase personal information

You have a right to request that we rectify inaccurate personal information. We may seek to verify the accuracy of the personal information before rectifying it.

You can also request that we erase your personal information in limited circumstances where:

  • it is no longer needed for the purposes for which it was collected; or
  • you have withdrawn your consent (where the data processing was based on consent); or
  • following a successful right to object; or
  • it has been processed unlawfully; or
  • to comply with a legal obligation to which RegAware is subject.

We are not required to comply with your request to erase personal information if the processing of your personal information is necessary:

  • for compliance with a legal obligation; or
  • for the establishment, exercise or defence of legal claims.

Right to restrict the processing of your personal information

You can ask us to restrict your personal information, but only where:

  • its accuracy is contested, to allow us to verify its accuracy; or
  • the processing is unlawful, but you do not want it erased; or
  • it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
  • you have exercised the right to object and we are considering your request

We can continue to use your personal information following a request for restriction:

  • where we have your consent; or
  • to establish, exercise or defend legal claims; or
  • to protect the rights of another natural or legal person.

Right to transfer your personal information

You can ask us to provide your personal information to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller, but in each case only where:

  • the processing is based on your consent or on the performance of a contract with you; and
  • the processing is carried out by automated means.

Right to object to the processing of your personal information

You can object to any processing of your personal information which has our legitimate interests as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests.

If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.

Right to object to how we use your personal information for direct marketing purposes

You can request that we change the manner in which we contact you for marketing purposes.

You can request that we not transfer your personal information to unaffiliated third parties for the purposes of direct marketing or any other purposes.

Right to obtain a copy of personal information safeguards used for transfers outside your jurisdiction

You can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside of the European Union.

We may redact data agreements to protect commercial terms.

Right to lodge a complaint with your local supervisory authority

You have a right to lodge a complaint with your local supervisory authority if you have concerns about how we are processing your personal information. We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.

8. Contact Us

The primary point of contact for all issues arising from this privacy notice, is our Data Protection Officer. The Data Protection Officer can be contacted in the following ways:

Data Protection Officer

By email: info@regaware.ai

By post:
Data Protection Officer
RegAware
101-135 Kings Road
Brentwood
Essex
CM14 4DR

If you have any questions, concerns or complaints regarding our compliance with this notice and the data protection laws, or if you wish to exercise your rights, we encourage you to first contact our Data Protection Officer. We will investigate and attempt to resolve complaints and disputes and will make every reasonable effort to honour your wish to exercise your rights as quickly as possible and in any event, within the timescales provided by data protection laws.