Privacy Notice


Protecting your privacy is a fundamental component of our service. We have been committed to maintaining the confidentiality, integrity and security of personal information entrusted to us by you.

Article 5 of the GDPR states that Personal Data must be processed lawfully fairly and in a transparent manner. This Privacy Notice explains why and how we collect, process and destroy your data. Please read the following carefully to understand our views and practices and do not hesitate to reach out if you have any questions. After Brexit Leo is subject to two regulatory regimes: the UK and the EEA ones. The UK GDPR one applies when we process Personal Data of individuals in the UK and GDPR applies when we process Personal Data of individuals in Europe. This document refers to both pieces of regulation to reassure our UK and EEA users. To clarify, the UK GDPR means the GDPR is form which was applicable in the EEA on 31 December 2020- the last day of the Brexit transition period.

For purposes of this Privacy Notice, the following terms will be defined as follows:

  • “Personal Data” or “Personal Information” means any information about an individual from which that person can be identified. Personal Data and/or Personal Information does not include data where the identity has been removed (i.e., anonymous data).
  • “Special Categories” means more sensitive personal data which require a higher level of protection, such as information about a person’s health, sexual orientation, political views etc. For the full list please refer to Article 9 of the GDPR&UK GDPR.
  • “Data Subject” refers to any individual person who can be identified, directly or indirectly, via an identifier such as name, ID number or location data.

Identity of the Firm

Leo RegTech Limited is registered at 11 Old Jewry, EC2R 8DU with company number 04829021 (“Leo”).

If you are Leo’s employee, vendor or client, for the purposes of the regulations we are data controller what means that we determine the means and purposes of processing your Personal Data. 

If you are user of Leo app, we are data processor processing your Personal Information on written instruction of a data controller i.e. Leo’s direct client.

What types of Personal Data do we collect 

Leo collects Personal Information which include name, date of birth, e-mail address, postal address, telephone number, and bank transfer details but also information volunteered by Leo’s users. If you are a user of Leo app, some of the data about you may come from sources like AML and credit checkers managed by data controller. We also may use “cookies” to collect information about how the site is used. 

Lawful basis for Processing 

Where we act as data controller, we rely on the following legal basis for Processing your Personal Data:

  • legitimate interests-  we  rely on legitimate interest  when we have balanced our legitimate interest against your fundamental rights; even when we contact you for marketing purposes without your prior consent, we would do it based on our in-depth research and understanding that your firm would find Leo helpful;
  • performance of contract-  we rely on performance of contract as a legal basis when we process your data to perform a contract we have entered into with you; and
  • legal obligation-  we strictly comply with all applicable laws and regulations as it relates to processing, including requirements imposed by HMRC 

Data inquires and updates

If you want to review, change or update the Personal Information that you have provided to us; request that you be removed from a mailing list; or address any other privacy concerns you may have, please contact us at [email protected]

Purpose of data collected

The Personal Information we collect is for the following reasons 

  • promotion of ideas and events relating to services we provide; 
  • accuracy of client records;
  • performance a contract that you entered into with Leo;
  • maintenance of records of communications and management of your relationship with us; 
  • responding to you enquires;
  • complying with any present or future law, rule, regulation, guidance, decision or directive.

Who we share our information with

We will not share Personal Information about you with third parties unless we are required to do so by law or if we use well established and trusted cloud services providers. 

International transfer outside the EEA 

Leo does not transfer your Personal Information outside of the European Economic Area (EEA) or the UK. If a need for international transfer arises, we will ensure that it is a permitted transfer, including: the performance of a contract between Leo and the Data Subject, reasons of public interest, to establish, exercise or defend legal claims or to protect the vital interests of the Data Subject where the Data Subject is physically or legally incapable of giving consent and, in some limited cases, for our legitimate interest in case of not repetitive transfers.

We will always ensure that appropriate safeguards accompany all transfers.


We will keep your Personal Data for no longer than reasonably necessary, for reasons of legal obligation or legitimate business interest. 

Your rights and your Personal Data

 You have a right:

  • to request a copy of your Personal Data which we or related data Controller hold about you;
  • to request Leo or any related data Controller to correct any Personal Data if it is found to be inaccurate or out of date;
  • to request your Personal Data is erased where it is no longer necessary for Leo or related data Controller to retain such data;
  • to withdraw your consent to the Processing at any time if consent constitutes the lawful basis for processing;
  • to object to Processing based on grounds relating to the Data Subject situation if the processing is necessary for the performance of a task carried out in the public interest or the processing is necessary for the purposes of the legitimate interest by us or a third party, unless such interest is overridden by your fundamental rights and interests;
  • to request a restriction is placed on further Processing;
  • not to be subject to a decision based on automated Processing; although Leo does not apply any automated decision making or profiling the Firm does not practice such decision making; and
  • to lodge a complaint with the Information Commissioners Office (the UK Supervisory Authority) or your local data protection regulator if you are in the EEA. 

You can contact the Information Commissioners Office on 0303 123 1113 or via email or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF;

Further Processing 

Where we may seek to further process your data other than for the original purpose for which it was collected, Leo will only further process such data where the new Processing is compatible with the original purpose.

Safeguarding measures

Maintaining data security means guaranteeing the confidentiality, integrity and availability (for authorized purposes) of the Personal Data.

Leo has put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties on a ‘need to know’ basis. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.

Leo will only transfer Personal Data to a third party if they agree to comply with those procedures and policies, or put in place adequate measures prior to receiving it. 

We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Special Categories of Data 

We may, in certain cases and only as permitted by law, control and process Personal Data which are more sensitive in nature – for example, when making available to you Leo’s modules providing for: a Know Your Client / Anti-Money Laundering check or client/vendor onboarding.  These modules may also store information on  past criminal convictions.

Legitimate Interests

When we process your Personal Data on legal basis of legitimate interest, we have carried out a Legitimate Interests’ Assessment (LIA) to ensure that we have weighed your interests and any risk posed to you against our own and that such interests are proportionate and appropriate, such as for the purposes of HR, marketing and day-to-day operations.


When sending marketing materials to customers, we may have the option to rely on your consent or legitimate interest.

We only use legitimate interests for marketing if we have assessed that the information being sent is beneficial to the customer, and have weighed our interests against your own and there is little to no risk posed, the method and content is non-intrusive, and the material being sent is something you would usually expect to receive.

Cookies, analytics and traffic data

Cookies are small text files which are transferred from this website and stored on your device. We use cookies to help us provide you with a personalised service, and to help make our website, applications and services better for you.

The tables below will provide the following information with some explanations to ensure transparency to our users:

  • what types of cookies are set;
  • how long they persist on your user’s browser;
  • what data they track;
  • for what purpose (functionality, performance, statistics, marketing, etc.;
  • where the data is sent and with whom it is shared;
  • how to reject cookies, and how to subsequently change the status regarding the cookies.

Changes to our Privacy Policy

Any changes we may make to our Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by email.