Compliance FAQs

A series of questions we've been answering

Andre Costa avatar
Written by Andre Costa
Updated over a week ago

Our solution is registered with the ICO as a Data Controller with the following

ICO Number: ZA228530

Our solution states that it acts as a Data Controller and a Data Processor, what activities does it undertake that fall under each category?

  • As per the definition, our solution aggregates/collects and stores the data from our customers and our customer's clients. We're joint Data Controllers with you (as Adviser) because you determine which information is stored on the platform.

  • We also process this data, in order to support Advisers and make them more efficient. We are therefore Data Processors.

Are Our servers based in the UK/EEA?

Yes, AWS are in Ireland

Do we pass our clients data to a 3rd party based outside of the EEA, a country recognized by the EU as having adequate protection or if in the USA outside of the Privacy Shield Framework?

  • Client information is only passed to MailChimp - to process and send emails (the notifications) and Google Analytics is anonymised, for a better understanding on how users use the platform.

  • Every other third party is controlled by you as Adviser (major brands such as GoCardless, Voyant, CashCalc), most of them in Europe and all of them fully compliant with GDPR or they would not be able to transact)

Do those third parties fully comply with the GDPR?

Mailchimp and Google are fully compliant with GDPR

Do We have a data security policy

Can I see a copy of the proposed contract? however, you can simply sign up with a monthly subscription

Did this answer your question?