PRIVACY POLICY
Privacy Policy
This Privacy Policy is effective as of February 1, 2025.
Introduction
AXIA Compliance Ltd, (hereinafter “AXIA”, “we”, “us”, or “our”) is a privately held company consisting of multi-talented cyber security and data protection consultants who provide regulatory guidance and compliance services. We are registered with the Information Commissioner’s Office under registration number ZB868589.
Scope of this Privacy Notice
This Privacy Notice applies to the AXIA website and when you interact with AXIA anywhere in the world. It describes how AXIA and our Providers collect, use, share, and keep information that we acquire about you online and offline.
For example, this Privacy Notice applies when you:
· Use AXIA’s services, either directly or through our agents or websites;
· Interact with AXIA on social media or reply to electronic communications from us; or
· Contact or interact with AXIA.
We do not knowingly attempt to solicit or receive information from children or minors per local law. In addition, we are not responsible for other company’s privacy policies and practices. We don’t endorse other company’s policies and practices when we provide a link to a website.
From time to time, we will change this Privacy Notice. Depending on the nature of these changes, we will inform you through our written communications or through our website. Otherwise, we recommend that you check the current version available here. If we make changes to this statement, we will update the “Effective Date” at the top of this page.
Data Controller responsible for processing your data and other information
AXIA is the entity responsible for the management of the jointly- used personal data and other information. AXIA incorporates the following legal entity:
AXIA Compliance Limited
71-75 Shelton Street, London, WC2H 9JQ, United Kingdom
If you have any questions about the lawful bases upon which we collect and how we use your personal data, please contact:
Group Data Protection Officer
Our commitment to privacy compliance
At AXIA we are committed to protecting and respecting your privacy and therefore, all processing operations carried out involving your personal data comply strictly with all the requirements established within the highest global standards of compliance including the General Data Protection Regulation (GDPR).
This Privacy Policy applies to the following individuals:
- Visitors of the Site with whom we do not have a contractual relationship;
- Clients who use our Services;
- Independent Contractors who use our Services;
- Suppliers who provide products or services to us;
- Candidates;
- Prospects;
- Participants of webinars, conferences, trade events, surveys, etc.
Below, we outline how we collect, store, use, process, and safeguard your data when you use our Services, such as when you visit our Website or engage with us in other related ways, including any sales, marketing, or events.
By using our Website and/or our Services, as well as engaging with us in any way, you agree to the collection and use of your information in accordance with this Privacy Policy.
Summary
This summary provides key points from our privacy notice, but you can find out more details about any of these topics by using our table of contents below to find the section you are looking for.
What personal information do we process?
When you visit, use, or navigate our services, we may process personal information depending on how you interact with us and our Services, the choices you make, and the products and features you use.
Do we process any sensitive personal information?
We may process sensitive personal information, when necessary, with your consent or as otherwise permitted by applicable law.
Do we receive any information from third parties?
We may receive information from public databases, marketing partners, social media platforms, and other outside sources.
How do we process your information?
We process your information to provide, improve, and administer our services, communicate with you, for security and fraud prevention, and to comply with applicable laws. We may also process your information for other purposes with your consent. We process your information only when we have a valid legal reason to do so.
In what situations and with which parties do we share personal information?
We may share information in specific situations and with specific third parties.
How do we keep your information safe?
We have organisational and technical processes and procedures in place to protect your personal information. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that any unauthorised third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information.
What are your rights?
Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information.
How do you exercise your rights?
The easiest way to exercise your rights is by submitting a data subject access request, or by contacting us. We will consider and act upon any request in accordance with applicable data protection laws.
Want to learn more about what we do with any information we collect? Review the privacy notice in full.
Table of contents
1. What information do we collect?
2. Do we collect information from other sources?
3. How do we process your information?
4. When and with whom do we share your personal information?
5. Do we use cookies and other tracking technologies?
6. Is your information transferred internationally?
7. How long do we keep your information?
8. How do we keep your information safe?
9. Do we collect information from minors?
10. What are your privacy rights?
11. Do we make updates to this notice?
12. How can you contact us about this notice?
1. What information do we collect?
In short: We collect certain information about you.
This information can be used on its own or in combination with other information to identify you (“Personal Information”). Below is a list of types of Personal Information that we may collect and use about you.
- Contact: Information we use to contact you, including physical addresses, email addresses, and phone numbers.
- Identification: Information we use to identify you, including full name, government ID, and DoB.
- Financial: Information about an individual's financial account including bank account details, payment card details.
- Transactional: Information about the transactions you carry out and the payments to and from your accounts with us including amounts and dates.
- Contractual: Information about the products or services we provide to you.
- Locational: Information we get about where you are, including country and IP (Internet Protocol) address. This may come from your mobile phone or the place where you connect a computer to the internet. It may also include locations where you used your card.
- Usage: Information about the usage of our Services and Website including metadata.
- Technical: Information on the devices and technology you use, including IP address, browser type and version, time zone, operating system, browser type.
- Communications: Information from communications between us, including any personal data you may share with us in your messages, communication metadata.
- Professional: Information about professional career and educational background, including current and old job positions, degrees, qualifications.
- Public and third-party records: Information about you that is in public records and information about you that is publicly available on the internet. We also collect information about you which we receive from other companies, such as (without limitation) credit reference or fraud protection agencies (see below for more information).
- Consents: Any permissions, consents, or preferences that you give us.
- Other Information: Any other information you choose to provide to us through all available channels, participating in user/customer surveys, or otherwise visiting and interacting with our Website and/or Services.
2. Do we collect information from other sources?
In Short: We may collect limited data from public databases, marketing partners, social media platforms, and other outside sources.
We may collect Personal Information about you or your businesses from any of these sources:
· Directly for you when you use our Services, complete a contact form, request marketing communications, participate in surveys or contact us
· We collect profile and usage data when you interact with our Website and/or Services, including, without limitation, your security details, app or web browser settings, marketing choices, and data from the devices you use to connect to our platform so we can provide you with our products or services
· We also collect information through the use of cookies and other internet tracking software while you are using our website or mobile apps, as described in detail in our Cookie Policy.
- From third parties:
- Companies, business partners, or individuals that introduce you to us.
- Business partners, service providers, sub-contractors, advertising networks, analytics providers, search information providers, fraud protection services, and Payment Service Providers (PSPs) who help us authenticate your identity, improve the quality of our Services, promote our Services, and protect our business. We may also receive Personal Information about you from providers that help prevent, detect, and prosecute unlawful acts, money laundering, and fraudulent behaviour.
- Social networks and other technology providers
- Public information sources such as (without limitation) national company registries.
- Market researchers.
- Government, law enforcement agencies, authorities, and regulatory bodies.
3. How do we process your information?
In Short: We process your information to provide, improve, and administer our services, communicate with you, for security and fraud prevention, and to comply with applicable laws. We may also process your information for other purposes with your consent.
In cases where we need to process personal data for the performance of the contract with you or as required by law, and you refuse to provide your information, we may not be able to perform the contract with you, and consequently, we may not be able to provide certain services to you.
4. When and with whom do we share your personal information?
In Short: We may share information in specific situations described in this section and/or with the following third parties.
We will only share your information with the third parties listed below for the purposes described above in Section 3 “How do we process your information” unless otherwise noted at the point of collection:
- Trusted third-party agents, partners, suppliers, and service providers who assist us in providing the Services to you and are only permitted to use your information according to the purposes specified in their agreement with us. These third parties include website hosts, data hosts, cloud software providers, IT providers, identification verification providers, customer support providers, payment processors, financial institutions, financial advisors, legal advisors, auditors, and insurance companies. These partners are required under law and contract to keep your Personal Information confidential.
- Government or public agencies, law enforcement authorities, regulators, or any other entity having appropriate legal authority for receipt of your Personal Information, if required or permitted by law or legal process or if we believe that such action is necessary to comply with the law, to protect the security or integrity of our business, our Site and/or Services and to protect the safety of the users of our Services or the public.
- We may disclose your Personal Information to a third party who acquires any part of our business, whether such acquisition is by way of merger, consolidation, divestiture, spin-off, or purchase of all or a substantial portion of our assets.
- We may share de-identified Personal Information with academic institutions to perform research, under controls that are designed to protect your privacy—including requiring such institutions to operate under confidentiality agreements and mandating that published findings contain only de-identified and aggregated data.
- From time to time, we may share reports with the public that contain anonymised, aggregate, de-identified information and statistics.
- We may share Personal Information with our current and future affiliates. Our affiliates may use your Personal Information in a manner consistent with this Privacy Policy.
- When you provide your consent to us to share your information.
5. Do we use cookies and other tracking technologies?
In Short: We may use cookies and other tracking technologies to collect and store your information.
We may use cookies and similar tracking technologies (like web beacons and pixels) to access or store information. Specific information about how we use such technologies and how you can refuse certain cookies is set out in our Cookie Policy:
https://axiacompliance.com/cookie-policy.
6. Is your information transferred internationally?
In Short: We may transfer, store, and process your information in countries other than your own.
Information collected while you use our Website and/or Services, including your Personal Information, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.
If you are located outside the European Economic Area (EEA) and choose to provide information to us, please note that we will transfer the information, including your Personal Information, to our office located in European Economic Area and process it there.
To provide adequate protection for the data transfer, we have in place contractual arrangements with our subsidiaries, affiliates and business partners regarding such transfers. By utilising our Website and/or Services, you authorise the international transfer of your data to the European Economic Area (EEA), where we are based, and to other locations where we and/or our service providers operate.
7. How long do we keep your information?
In Short: We keep your information for as long as necessary to fulfil the purposes outlined in this privacy notice unless otherwise required by law.
We will retain your personal data only for as long as necessary to fulfil the purposes for which it was collected (which is typically 7 years), consistent with applicable law. This retention period allows us to comply with our legal obligations, resolve disputes, enforce our agreements, and study customer data as part of our own research. We will not retain your data for longer than is necessary to fulfil the purpose for which it is being processed.
To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the personal data, as well as the purposes for which we process it. We also assess whether we can achieve those purposes through other means.
8. How do we keep your information safe?
In Short: We aim to protect your personal information through a system of organisational and technical security measures.
The security of your Personal Information is important to us. We implement suitable measures to safeguard the information you entrust to us, preventing its loss, misuse, unauthorised access or disclosure, alteration, and destruction, addressing threats from both external and internal sources. Furthermore, we restrict access to your personal data to individuals such as employees, agents, contractors, and other third parties, but only those who require such access for legitimate business purposes. These authorised individuals will process your personal data solely based on our explicit instructions and are bound by a confidentiality obligation.
Please be aware that no method of transmission over the internet or method of electronic storage is 100% secure, and we cannot guarantee the absolute security of the Personal Information we have collected from you. Therefore, you are also a key stakeholder in ensuring that your Personal Information is protected. If you become aware of any breach of security or privacy, please contact us immediately at dpo@axiacompliance.co.uk
9. Do we collect information from minors?
In Short: We do not knowingly collect data from or market to children under 18 years of age.
Our Website and Services are not addressed to minors. If you are a parent or guardian and you learn that your children have provided us with Personal Information, please contact us. If we become aware that we have collected Personal Information from a child under the age of 18 without verifiable parental consent, we will take steps to remove that information from our servers.
10. What are your privacy rights?
In Short: In some regions you have rights that allow you greater access to and control over your personal information. You may review, change, or terminate your account at any time.
Under applicable privacy regulation, you may have some or all of the following rights in respect of your Personal Information:
- to obtain a copy of your Personal Information together with information about how your Personal Information is processed;
- to rectify inaccurate Personal Information;
- to erase your Personal Information in limited circumstances where it is no longer necessary in relation to the purposes for which it was collected or processed;
- to restrict processing of your Personal Information;
- to object to the processing of your Personal Information where we're relying on a legitimate interest
- to object to decisions that are based solely on automated processing or profiling;
- to obtain a portable copy of your Personal Information, or to have a copy transferred to a third-party controller;
- to withdraw your consent, at any time, where you may have provided it for the collection, processing and transfer of your Personal Information for a specific purpose.
In addition to the above, you have the right to lodge a complaint with a supervisory authority for data protection.
To exercise these rights, you may contact us by emailing at dpo@axiacompliance.com addressing it to our Data Protection Officer (DPO).
We may ask you for additional data to confirm your identity and for security purposes before disclosing the information requested to you. If you would like to submit a request on behalf of another individual, you may provide proof of authorisation by the individual to submit such a request on their behalf. We reserve the right to charge a fee where permitted by law.
We may also decline to process requests that jeopardise the privacy of others, are excessive, or would cause us to take any action that is not permissible under applicable laws.
Additionally, as permitted by applicable laws, we may need to retain certain Personal Information for a limited period of time for record-keeping, accounting, and fraud prevention purposes. Please note also that you may be able to exercise some of these rights without our intervention. For example, if you are a registered service user, you can access and update your personal data.
Region-specific privacy terms
EEA/UK/Switzerland
This section applies to residents of the EEA, Switzerland, and the UK using our Site and/or Services and addresses the specific requirements under the General Data Protection Regulation (GDPR), the UK GDPR, and the Swiss Federal Data Protection Act (FADP).
Legal basis
If you are a resident in the EEA, UK and Switzerland, we collect and process information about you only where we have a legal basis for doing so under applicable laws. For information about the legal bases, we rely on when processing your Personal Information under GDPR, please refer to Section 3 "How do we process your information?" of our Privacy Policy.
Data transfers
When transferring data from the European Union, the European Economic Area, the UK, and Switzerland, AXIA relies upon the Standard Contractual Clauses as included in our Data Processing Addendum.
Your GDPR rights
If you are a resident of EEA, UK and Switzerland, you have the rights set forth in Section 10 “What are your Privacy Rights” section of our Privacy Policy.
Other regions
If you reside in a location outside of the EEA, the UK or Switzerland, please be aware that we prioritise your privacy. We are committed to staying compliant with applicable data protection laws and will update this Privacy Policy as necessary to incorporate any required provisions.
11. Do we make updates to this notice?
In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.
This Privacy Policy is effective as of the effective date specified at the top of this Privacy Policy and will remain in effect except with respect to any changes in its provisions in the future, which will be in effect immediately after being posted on this page.
We reserve the right to update or change our Privacy Policy at any time, and you should check this Privacy Policy periodically. Your continued use of the Service after we post any modifications to the Privacy Policy on this page will constitute your acknowledgment of the modifications and your consent to abide by and be bound by the modified Privacy Policy.
12. How can you contact us about this notice?
If you have questions or concerns regarding privacy using our Services or to exercise your rights, please contact:
Thank you for taking the time to review our Privacy Policy. We are committed to maintaining the highest standards of privacy and compliance, and we appreciate your trust in us. If you have any feedback or suggestions for how we can improve our privacy practices, please let us know. Your privacy is important to us, and we will continue to work hard to protect it.Whether you’re a small organisation, a fast-growing business or an international group of companies, it’s important to understand your level of compliance within both the UK and EU GDPR.
GDPR requires organisations to meet stringent data protection requirements affecting the personal data of UK and EU citizens and also impacts companies that are based outside of Europe. With severe penalties in play - fines of up to €20m or 4% of global annual revenues - corporations must implement actionable and efficient strategies to achieve compliance. AXIA Compliance works with global organisations in all manner of industries and jurisdictions designing compliance policies and workflows for GDPR compliance.
AXIA Compliance provides the required broad range of privacy experience with practical implications of applying data protection and information security, managing operational environments, implementing information governance practices and applying change management within the most complex regulatory environments. We specialise in working with financial services clients as our team are additionally qualified within regulatory compliance and also information security.
AXIA COMPLIANCE
Copyright © 2025 AXIA COMPLIANCE - All Rights Reserved.
Powered by AXIA ASSURANCE