Protecting your privacy is a fundamental component of our service. We have been committed to maintaining the confidentiality, integrity and security of Personal Data entrusted to us by you.
Article 5 of the GDPR states that personal data must be processed lawfully, fairly, and in a transparent manner. This Privacy Notice explains why and how we collect, process, and destroy your data. Please read the following carefully to understand our views and practices, and do not hesitate to reach out if you have any questions.
After Brexit, Leo is subject to two regulatory regimes: the UK General Data Protection Regulation (GDPR) and the EEA GDPR. The UK GDPR applies when we process personal data of individuals in the UK, and the EEA GDPR applies when we process personal data of individuals in the EEA. This document refers to both pieces of regulation to reassure our UK and EEA users. To clarify, the UK GDPR refers to the version of the GDPR that was applicable in the EEA on 31 December 2020, the last day of the Brexit transition period.
For purposes of this Privacy Notice, the following terms will be defined as follows:
“Personal Data” or “Personal Information” means any information about an individual from which that person can be identified. Personal Data and/or Personal Information does not include data where the identity has been removed (i.e. anonymous data).
“Special Categories” means more sensitive personal data which require a higher level of protection, such as information about a person’s health, sexual orientation, political views etc. For the full list please refer to Article 9 of the EEA&UK GDPR.
“Data Subject” refers to any individual person who can be identified, directly or indirectly, via an identifier such as name, ID number or location data.
Identity of the Firm
Leo RegTech Limited is registered at 11 Old Jewry, EC2R 8DU with company number 04829021 (“Leo”).
If you are a Leo employee, vendor, or client, we act as the data controller under GDPR. This means that we determine the means and purposes of processing your personal data. If you are a user of the Leo app and you provide us with Personal Data in the Leo App, we act as a data processor. This means we process such personal information based on the written instructions of a data controller, which is you- Leo’s direct client.
What types of Personal Data do we collect, for what purpose and on what lawful basis?
Please refer to the table in Schedule 1 below.
External websites
Links to external websites may be provided for your convenience but such websites and websites through which you may have gained access to our website are beyond the control of Leo RegTech Limited and its affiliates and we do not endorse or accept any responsibility for their contents or any services or items offered through such websites.
Data inquiries and updates
If you wish to review, change or update the Personal Data that you have provided to us; request removal from a mailing list; or address any other privacy concerns you may have, please contact us at [email protected]. Please note that you can review your directs marketing preferences by clicking unsubscribe button in any of Leo marketing emails.
Who we share our information with
We will not share Personal Data about you with third parties unless we are required to do so by law or if we use well established and trusted services providers.
The service providers that we share your personal data with are:
Cloud service: US provider with servers in the EEA
IT Infrastructure: US company with servers in the EEA
IT Support including backups: a UK company with servers in the UK
Analytics provider: US company which anonymises data in the UK, prior processing it in the UK
Client Relationship Management Software (CRM): US company with servers in the EEA
Accountancy Advisor: UK company
Telephone system provider: UK company
Project Management tool for client servicing: US company with servers in the EU
ID Verification: UK company with servers in the EEA
AML Background checks: Dutch company with servers in the EEA
UK Employee/Prospect background checks: UK Company with servers in the UK (may transfer data outside of the UK and EEA jurisdictions but does so with the appropriate safeguards as required by the regulation)
Online training provider: UK company with servers in the UK and the EEA
Carefully selected business partners who offer services relevant to you
International transfer outside the EEA
Leo does not transfer your personal information outside of the European Economic Area (EEA). If an international transfer becomes necessary, such as for a UK employee background check, we will ensure it is a permitted transfer. This includes scenarios such as the performance of a contract between Leo and the data subject, reasons of public interest, establishing, exercising, or defending legal claims, or protecting the vital interests of the data subject where they are physically or legally incapable of giving consent. In some limited cases and on non-repetitive basis, transfers may occur for our legitimate interests.
We will always ensure that appropriate safeguards accompany all transfers.
Retention
We will keep your personal data for no longer than is reasonably necessary, either due to legal obligations or legitimate business interests.
Personal Data in CRM System: This data is stored indefinitely due to Leo’s legitimate business interests. It is stored securely with limited employee access.
Personal Data of Clients/Service Providers (Data Controller Role): This data is stored for seven years after the client’s contract termination to meet civil statute of limitations deadlines.
Personal Data provided by the controller- Leo’s Clients (Data Processor Role): This data is stored for six months from the date of the client’s departure.
Your rights and your Personal Data
Your rights:
Right of Access:
You have the right to know whether or not personal data concerning you is being processed.
Right to Rectification:
You have the right to ask us to correct information you believe is inaccurate.
You also have the right to ask us to complete information you believe is incomplete.
This right always applies.
Right to Erasure:
You have the right to ask us to erase your personal information if:
We no longer need your data for the original reason it was collected.
You are withdrawing your consent, if the processing relied on your consent as the legal basis.
We have processed your data unlawfully.
We have a legal obligation to erase the data.
The data was collected from you as a child.
Right to Restriction of Processing:
You have the right to ask us to restrict the processing of your information, temporarily limiting its use, when:
You have challenged the accuracy of your data, and we are verifying it.
You have objected to the use of your data, and we are considering your objection.
You may also ask us to limit the use of your data rather than delete it if:
We processed your data unlawfully but you do not want it deleted.
We no longer need your data, but you want us to keep it to establish, exercise, or defend legal claims.
Right to Object to Processing:
You have the right to object to our processing of your information if it is for:
A task carried out in the public interest.
The exercise of official authority.
Our legitimate interests.
Scientific or historical research, or statistical purposes.
Direct marketing purposes.
Note that we may not be required to stop processing if we can demonstrate compelling legitimate grounds to continue using your data that override your interests, rights, and freedoms.
Right to Data Portability:
This right only applies to information you have given us.
You have the right to ask that we transfer the information you gave us to another organisation, or give it to you.
The right only applies if we are processing information based on your consent, or if it’s necessary for a contract, and the processing is automated.
Right to Lodge a Complaint:
You have the right to lodge a complaint with the Information Commissioner’s Office (the UK Supervisory Authority) or your local data protection regulator if you are in the EEA.
Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Additional Information:
Automated Decision-Making:
Please note that Leo does not conduct automated individual decision-making about you.
Withdrawal of Consent:
If we rely on consent in processing your information, you can withdraw it at any time. Please note that Leo does not rely on consent to process personal data for marketing purposes. You can ask us to stop such processing by unsubscribing from our marketing channels. Just hit the ‘unsubscribe’ button in any of our emails.
How to Exercise Your Rights:
To exercise any of the above rights, please contact us at privacy[at]leo.tech.
Further Processing
If we need to process your data for purposes other than the original reason it was collected, Leo will only do so if the new processing is compatible with the original purpose or if the personal data is anonymised and cannot be re-identified.
Safeguarding measures
Maintaining data security means ensuring the confidentiality, integrity, and availability of personal data for authorised purposes.
Leo has implemented appropriate security measures to prevent your personal data from being accidentally lost, used, accessed in an unauthorised way, altered, or disclosed. We limit access to your personal data to employees, agents, contractors, and other third parties on a need-to-know basis. They will only process your personal data on our instructions and are bound by a duty of confidentiality.
Leo will only transfer personal data to a third party if they agree to comply with our procedures and policies or put in place adequate measures before receiving it.
We have established procedures to handle any suspected personal data breaches and will notify you and any applicable regulators of a breach where we are legally required to do so.
Special Categories of Data
In certain cases, and only as permitted by law, we may control and process personal data that is more sensitive in nature. For example, this applies when we provide Leo’s modules for Know Your Client (KYC) / Anti-Money Laundering (AML) checks or client/vendor onboarding. These modules may also store information on past criminal convictions.
Legitimate Interests
When we process your personal data based on legitimate interest, we have carried out a Legitimate Interests’ Assessment (LIA) to ensure that we have considered your interests, and any risks posed to you against our own interests. This ensures that such interests are proportionate and appropriate for purposes such as HR, marketing, and day-to-day operations. Please see Schedule 1 of this Privacy Notice for more details of which business processes use legitimate interest as legal basis for processing.
Marketing
When sending marketing materials to customers, we may rely on either your consent or our legitimate interest.
We only use legitimate interest for marketing if we have assessed that the information being sent is beneficial to you, have weighed our interests against yours, and determined that there is minimal risk posed. The method and content must be non-intrusive and something you would typically expect to receive.
Our customer relations management system notifies us when you open an email from us and when you click a link inside, allowing us to build meaningful connections with you. If you do not want to share this information with us, please click ‘Unsubscribe’ at the bottom of any email communication from Leo.
Cookies, analytics and traffic data
Cookies are small text files which are transferred from this website and stored on your device. We use cookies to help us provide you with a personalised service, and to help make our website, applications and services better for you.
We provide the following information with some explanations to ensure transparency to our users:
what types of cookies are set;
how long they persist on your user’s browser;
what data they track;
for what purpose (functionality, performance, statistics, marketing, etc.;
where the data is sent and with whom it is shared;
how to reject cookies, and how to subsequently change the status regarding the cookies.
Should you wish to change your preferences regarding cookies, please hit an icon in the bottom left corner of the website.
Changes to our Privacy Policy
Any changes we may make to our Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by email.
SCHEDULE 1
What types of Personal Data do we collect, for what purpose and on what lawful basis?
PURPOSE FOR WHICH PERSONAL DATA WAS COLLECTD
TYPES OF PERSONAL DATA COLLECTED
LEGAL BASIS FOR PROCESING OF PERSONAL DATA
Marketing
Name, email address, direct phone numbers, associated company name, IP addresses.
Legitimate interest: advancement of Leo’s business by targeting well researched audience who would benefit from the services offered.
Client relations
Name, email address, direct phone numbers, associated company names, IP addresses, marriage status, interests, and content of emails.
Legitimate interest: Communication with clients and client relationship management proportionate to the services provided.
Credit control
Name, email, company address, outcome of credit control.
Legitimate interest: Contracting with credit-worthy businesses not to expose Leo to credit risks
Recruitment
Name, residential address, contact details, interview notes, CV contents, salary expectations, D.O.B., nationality, and mother’s maiden name.
Legitimate interest: Talent acquisition and management of the recruitment process in relation to individuals interested in working with Leo.
Invoicing
Name and contact details at an associated company.
Legitimate interest: Charging fees, including final invoices after the contract termination
Provision of Leo’s services
Log in details, name, contact number, roles and names, email addresses.
Legitimate interest: Processing of personal data is necessary for the provision of services, including post-contract termination. The latter processing is done in accordance with contractual provisions.
Prospecting
Name, email address, direct phone numbers, associated company names , IP addresses, personal information such as hobbies, that may be revealed by the prospect and noted by Leo’s sales representative as relevant to the prospecting process.
Legitimate interest: advancement of Leo’s business by targeting well researched audience who would benefit from the services offered and entering into prospecting processes with individuals interested in Leo services.
Third party management
Name, contact details, and associated company.
Legitimate interest: Management of Leo’s business relationships with third parties like suppliers and strategic partners.
Meeting HMRC requirements
Name, contact details and associated accounting data.
Legal obligation.
ID Verification Service
Name, photograph of the face, nationality, passport number.
We act here as data processor and therefore we conduct the processing upon your instructions if you purchased the service.
AML Background Checks
Name and publicly available data associated with the search.
We act here as data processor and therefore we conduct the processing upon your instructions if you purchased the service.
Data entered into Leo by clients
Roles and names, phone numbers, addresses associated with the BCP; name, previous names, position within firm, other directorships, references, NIN, home address, history of residential addresses, certified copies of: passport, proof of address; CV; criminal proceedings information; civil proceedings information; other relevant matters; disciplinary matters; potential complaints against person; potential disqualification or reprimand by the FCA or other regulatory body; nationality, shareholding, country of residence; names, address, PEP status of PSCs and clients complaints; training records.
We act here as data processor and therefore we conduct the processing upon your instructions if you purchased the service.
Sharing data for marketing purposes
Names, roles, email addresses, and corporate phone numbers in the B2B environment.
Legitimate interest: advancement of Leo’s business by sharing Leo’s leads with carefully chosen partners.
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Strictly Necessary Cookies
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.
3rd Party Cookies
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
Please enable Strictly Necessary Cookies first so that we can save your preferences!
