Protecting your privacy is a fundamental component of our service. We have been committed to maintaining the confidentiality, integrity and security of Personal Data entrusted to us by you.
Article 5 of the GDPR states that personal data must be processed lawfully, fairly, and in a transparent manner. This Privacy Notice explains why and how we collect, process, and destroy your data. Please read the following carefully to understand our views and practices, and do not hesitate to reach out if you have any questions.
After Brexit, Leo is subject to two regulatory regimes: the UK General Data Protection Regulation (GDPR) and the EEA GDPR. The UK GDPR applies when we process personal data of individuals in the UK, and the EEA GDPR applies when we process personal data of individuals in the EEA. This document refers to both pieces of regulation to reassure our UK and EEA users. To clarify, the UK GDPR refers to the version of the GDPR that was applicable in the EEA on 31 December 2020, the last day of the Brexit transition period.
For purposes of this Privacy Notice, the following terms will be defined as follows:
“Personal Data” or “Personal Information” means any information about an individual from which that person can be identified. Personal Data and/or Personal Information does not include data where the identity has been removed (i.e. anonymous data).
“Special Categories” means more sensitive personal data which require a higher level of protection, such as information about a person’s health, sexual orientation, political views etc. For the full list please refer to Article 9 of the EEA&UK GDPR.
“Data Subject” refers to any individual person who can be identified, directly or indirectly, via an identifier such as name, ID number or location data.
Leo RegTech Limited is registered at 11 Old Jewry, EC2R 8DU with company number 04829021 (“Leo”).
If you are a Leo employee, vendor, or client, we act as the data controller under GDPR. This means that we determine the means and purposes of processing your personal data. If you are a user of the Leo app and you provide us with Personal Data in the Leo App, we act as a data processor. This means we process such personal information based on the written instructions of a data controller, which is you- Leo’s direct client.
Please refer to the table in Schedule 1 below.
Links to external websites may be provided for your convenience but such websites and websites through which you may have gained access to our website are beyond the control of Leo RegTech Limited and its affiliates and we do not endorse or accept any responsibility for their contents or any services or items offered through such websites.
If you wish to review, change or update the Personal Data that you have provided to us; request removal from a mailing list; or address any other privacy concerns you may have, please contact us at [email protected]. Please note that you can review your directs marketing preferences by clicking unsubscribe button in any of Leo marketing emails.
We will not share Personal Data about you with third parties unless we are required to do so by law or if we use well established and trusted services providers.
The service providers that we share your personal data with are:
Leo does not transfer your personal information outside of the European Economic Area (EEA). If an international transfer becomes necessary, such as for a UK employee background check, we will ensure it is a permitted transfer. This includes scenarios such as the performance of a contract between Leo and the data subject, reasons of public interest, establishing, exercising, or defending legal claims, or protecting the vital interests of the data subject where they are physically or legally incapable of giving consent. In some limited cases and on non-repetitive basis, transfers may occur for our legitimate interests.
We will always ensure that appropriate safeguards accompany all transfers.
We will keep your personal data for no longer than is reasonably necessary, either due to legal obligations or legitimate business interests.
Your rights:
Additional Information:
How to Exercise Your Rights:
If we need to process your data for purposes other than the original reason it was collected, Leo will only do so if the new processing is compatible with the original purpose or if the personal data is anonymised and cannot be re-identified.
Maintaining data security means ensuring the confidentiality, integrity, and availability of personal data for authorised purposes.
Leo has implemented appropriate security measures to prevent your personal data from being accidentally lost, used, accessed in an unauthorised way, altered, or disclosed. We limit access to your personal data to employees, agents, contractors, and other third parties on a need-to-know basis. They will only process your personal data on our instructions and are bound by a duty of confidentiality.
Leo will only transfer personal data to a third party if they agree to comply with our procedures and policies or put in place adequate measures before receiving it.
We have established procedures to handle any suspected personal data breaches and will notify you and any applicable regulators of a breach where we are legally required to do so.
In certain cases, and only as permitted by law, we may control and process personal data that is more sensitive in nature. For example, this applies when we provide Leo’s modules for Know Your Client (KYC) / Anti-Money Laundering (AML) checks or client/vendor onboarding. These modules may also store information on past criminal convictions.
When we process your personal data based on legitimate interest, we have carried out a Legitimate Interests’ Assessment (LIA) to ensure that we have considered your interests, and any risks posed to you against our own interests. This ensures that such interests are proportionate and appropriate for purposes such as HR, marketing, and day-to-day operations. Please see Schedule 1 of this Privacy Notice for more details of which business processes use legitimate interest as legal basis for processing.
When sending marketing materials to customers, we may rely on either your consent or our legitimate interest.
We only use legitimate interest for marketing if we have assessed that the information being sent is beneficial to you, have weighed our interests against yours, and determined that there is minimal risk posed. The method and content must be non-intrusive and something you would typically expect to receive.
Our customer relations management system notifies us when you open an email from us and when you click a link inside, allowing us to build meaningful connections with you. If you do not want to share this information with us, please click ‘Unsubscribe’ at the bottom of any email communication from Leo.
Cookies are small text files which are transferred from this website and stored on your device. We use cookies to help us provide you with a personalised service, and to help make our website, applications and services better for you.
We provide the following information with some explanations to ensure transparency to our users:
Should you wish to change your preferences regarding cookies, please hit an icon in the bottom left corner of the website.
Any changes we may make to our Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by email.
SCHEDULE 1
What types of Personal Data do we collect, for what purpose and on what lawful basis?
| PURPOSE FOR WHICH PERSONAL DATA WAS COLLECTD | TYPES OF PERSONAL DATA COLLECTED | LEGAL BASIS FOR PROCESING OF PERSONAL DATA |
| Marketing | Name, email address, direct phone numbers, associated company name, IP addresses. | Legitimate interest: advancement of Leo’s business by targeting well researched audience who would benefit from the services offered. |
| Client relations | Name, email address, direct phone numbers, associated company names, IP addresses, marriage status, interests, and content of emails. | Legitimate interest: Communication with clients and client relationship management proportionate to the services provided. |
| Credit control | Name, email, company address, outcome of credit control. | Legitimate interest: Contracting with credit-worthy businesses not to expose Leo to credit risks |
| Recruitment | Name, residential address, contact details, interview notes, CV contents, salary expectations, D.O.B., nationality, and mother’s maiden name. | Legitimate interest: Talent acquisition and management of the recruitment process in relation to individuals interested in working with Leo. |
| Invoicing | Name and contact details at an associated company. | Legitimate interest: Charging fees, including final invoices after the contract termination |
| Provision of Leo’s services | Log in details, name, contact number, roles and names, email addresses. | Legitimate interest: Processing of personal data is necessary for the provision of services, including post-contract termination. The latter processing is done in accordance with contractual provisions. |
| Prospecting | Name, email address, direct phone numbers, associated company names , IP addresses, personal information such as hobbies, that may be revealed by the prospect and noted by Leo’s sales representative as relevant to the prospecting process. | Legitimate interest: advancement of Leo’s business by targeting well researched audience who would benefit from the services offered and entering into prospecting processes with individuals interested in Leo services. |
| Third party management | Name, contact details, and associated company. | Legitimate interest: Management of Leo’s business relationships with third parties like suppliers and strategic partners. |
| Meeting HMRC requirements | Name, contact details and associated accounting data. | Legal obligation. |
| ID Verification Service | Name, photograph of the face, nationality, passport number. | We act here as data processor and therefore we conduct the processing upon your instructions if you purchased the service. |
| AML Background Checks | Name and publicly available data associated with the search. | We act here as data processor and therefore we conduct the processing upon your instructions if you purchased the service. |
| Data entered into Leo by clients | Roles and names, phone numbers, addresses associated with the BCP; name, previous names, position within firm, other directorships, references, NIN, home address, history of residential addresses, certified copies of: passport, proof of address; CV; criminal proceedings information; civil proceedings information; other relevant matters; disciplinary matters; potential complaints against person; potential disqualification or reprimand by the FCA or other regulatory body; nationality, shareholding, country of residence; names, address, PEP status of PSCs and clients complaints; training records. | We act here as data processor and therefore we conduct the processing upon your instructions if you purchased the service. |
| Sharing data for marketing purposes | Names, roles, email addresses, and corporate phone numbers in the B2B environment. | Legitimate interest: advancement of Leo’s business by sharing Leo’s leads with carefully chosen partners. |
© 2025 LEO. ALL RIGHTS RESERVED
