Privacy Notice

ComplyAdvantage collects and processes personal data relating to Users in relation to the services we provide. The data we process differs depending on your interactions with us, as detailed more fully below.

The expression “User” (and “you”/”your”) in this privacy notice shall mean any person accessing the ComplyAdvantage website, using ComplyAdvantage products and services, or about whom we collect and use any information in the course of providing our products and services.

Where we act as a controller of personal data, the following items apply:

Details of the controller and data protection officer: the controller of the personal data we process is IVXS UK Limited (trading as ComplyAdvantage) (referred to as “ComplyAdvantage”/“we”/“us”), located at Labs House, 15-19 Bloomsbury Way, London WC1A 2TH, United Kingdom and which is registered with the UK Information Commissioner’s Office under number ZA054290. Our data protection officer can be contacted by email at dpo@complyadvantage.com.

Our representative in the EU is IVXS Technology Romania SRL, with its registered office at Cluj- Napoca, 34-36th Somesului St. Romania. 

Transfers outside of the EEA: As part of our group operations and to help us manage the personal data that We process, we transfer personal data of Users outside of the EEA subject to appropriate safeguards including European Commission adequacy decisions and model clauses approved by the European Commission on the basis of Art. 26(4) of Directive 95/46/EC.

Your rights

You can request that we correct, erase, or grant you access to the personal data we hold relating to you, or (where processing is based on your consent) withdraw your consent to our processing of your personal data. In many cases, the most effective way to exercise these rights will be to mail our dedicated inbox at subjectaccess@complyadvantage.com.

If you are concerned that we are handling your personal data improperly, you also have the right to make a complaint to our data protection regulator, the UK Information Commissioner’s Office.

Information collection and use

The information we collect, and the ways in which we use it, varies in line with the use cases below (click the headings to view the relevant portions of the policy):

  • Visitors to ComplyAdvantage.com
  • When you provide us with information by completing forms
  • Candidates for jobs with ComplyAdvantage
  • Our anti-money laundering, sanctions and adverse media data
  • Business contacts
  • Information we collect from publicly available sources

Visitors to ComplyAdvantage.com

When you browse this website

What we collectData on how you use the site

The pages you visit, the means you use to visit (browser version, time zone, operating system, etc.), how long your visit and pageviews last, the frequency of your visits, and information on how you navigate the site.

Data that identifies you

Your IP address, unique identifiers tied to cookies.

 

What we do with your dataSite optimisation

Analysing aggregated data to update our site’s content and layout to improve relevance for visitors.

 

Our basis for processing this dataLegitimate interests

Using insights from visitor behaviour to improve the way we market our services.

 

How long we hold this dataData holding periods are determined by cookie expiry times.

 

Recipients of dataWithin ComplyAdvantage group companies

  • Personal information will be available for our global marketing teams, and other ComplyAdvantage personnel who have a need to access this data for the purposes set out above.

Outside of ComplyAdvantage

  • CRM and marketing automation providers
  • Website analytics vendors

 

When you provide us with information by completing forms (including on third party platforms), subscribing for email updates, registering for events hosted by us or when requesting demos.

What we do with your dataWe use this information to contact you for the purpose specified in the form and in accordance with any marketing preferences you submit to us..

This information is added to, and managed through, our contact database. A member of our sales team may contact you if we determine through your submission that you may be interested in our services. We analyse our contact database data to understand, track, and improve how we market and sell our services.

Our basis for processing this dataTaking steps at your request prior to entering into a contract

If you request that we contact you to provide more information on our services to you, we’ll process your data and contact you on this basis.

Legitimate interests

We will send you our email newsletters being necessary for our legitimate interests to give you information about our products and services (unless you have opted-out). We’ll also retain and analyse information gained from our interactions with you as part of understanding, tracking and improving how we market and sell our service.

We retain a record of your marketing preference choices in order to demonstrate our historic compliance with data protection law.

How long we hold the dataEmail newsletters

We’ll keep your details on this list until you unsubscribe, at which point we’ll move your details to an opted-out list to ensure that we don’t send you marketing emails from other sources in future.

Sales process

We retain information relating to our sales interactions with you for up to five years following our determination that we’re not an appropriate sales fit. We use this period as service contracts in our industry often last for 3-5 years, so a new opportunity may arise during the retention period.

General

We retain historic information relating to any marketing preference choices that you provided, or other bases for processing that have since lapsed, for six years from the date that the basis for processing lapsed.

 

Recipients of dataWithin ComplyAdvantage

Personal information will be available for our marketing and sales personnel, as well as customer success and other teams as necessary to fulfil the purposes set out above.

Outside of ComplyAdvantage

Our cloud storage providers, customer database, and marketing providers.

 

Job candidates

Recruitment information you provide to us

What we do with your dataWe use your data to:

  • contact you in relation to your candidacy
  • assess suitability for future vacancies
  • assess your suitability for the vacancy you applied for

 

Our basis for processing this dataTaking steps at your request prior to entering into a contract:

If you send us your personal information in response to a vacancy advertised by us, we need to process it in order to consider your application.

Legitimate interests:

We want to build the best team we can, and we carry out this processing as part of the hiring process that enables this.

Compliance with a legal obligation

For roles where we conduct a resident labour market test to enable us to apply for visas, and subsequently hire someone who needs a visa on this basis, we retain unsuccessful applicant information as part of the related record-keeping requirements.

 

How long we hold the dataGeneral

Your information is stored in our applicant tracking system 12 months after we disqualify your candidacy for the role applied for. Successful candidates’ information becomes subject to our employee privacy policy.

Legal record-keeping

If we hire someone subject to a resident labour market test for a role you applied for, we’ll retain your personal data until the expiry of the applicable record-keeping requirement (currently one year following the end of our sponsorship of the visa in question).

 

Recipients of dataWithin ComplyAdvantage

Personal information will be available for the hiring and recruitment teams.

Outside of ComplyAdvantage

  • Our applicant tracking system
  • Providers of any aptitude testing systems used as part of the hiring process
  • Third party background check providers

 

Recruitment-related data we collect

The data we process
  • Publicly available information relevant to your potential suitability to work with ComplyAdvantage
  • Any information provided by someone else about you to us.
  • Feedback from interviews and assessments.

 

What we do with your dataWe use your data to:

  • contact you in relation to current vacancies
  • assess your suitability for vacancies

 

Our basis for processing this dataLegitimate interests

  • Assessing the current labour market and your suitability for available roles.
  • To hold as a reference point should you make any further applications within the retention period.

Compliance with a legal obligation

If you are actively involved in our recruitment process for roles where we conduct a resident labour market test and subsequently hire someone who requires a sponsored visa, we retain unsuccessful applicant information as part of the related record-keeping requirements.

 

How long we hold the dataYour information is stored in our applicant tracking system 1 year after final interview if unsuccessful, or subject to our legal record-keeping requirements if needed for our compliance with immigration law.

 

Recipients of dataWithin ComplyAdvantage

  • Personal information will be available for the hiring team and our recruitment personnel.

Outside of ComplyAdvantage

  • Our applicant tracking system
  • Providers of any aptitude testing systems used as part of the hiring process
  • Our cloud file storage systems
  • External recruiters with whom you dealt as part of the recruitment process
  • Government and legal service providers involved in the visa application process
  • Third party background check providers

 

Our anti-money laundering, sanctions and adverse media data
The data we processSanctions, warnings, fitness & probity

Information related to and available on publicly available government lists covering sanctions, the prevention and detection of unlawful acts, and other protective functions. This will generally include a full name, a year or date of birth, nationality, reasons for appearing on the list, and the period covered by the data subject’s appearance on the list, but depends on the information contained in the list.

Politically exposed persons

We collect publicly available information relating to individuals in prominent public positions, and their family members, close associates, and business interests. Names, dates or years of birth, position(s) held or connection(s) that we think may give rise to a PEP designation, country of nationality, residence and service, photographs (if available) and the period for which that designation would have been active (e.g. active service dates).

Adverse media

We collect links to publicly available news articles that our systems determine to name individuals in connection with financial crime, terrorist financing, other relevant unlawful acts, improper conduct, dishonesty, etc. We will also extract information relating to age from these articles to determine approximate years of birth.

Corporate registry information

We collect data from publicly available corporate registries or from third parties, relating to individual’s shareholdings and directorships (or such analogous positions).

 

What we do with this dataConsolidated profiles:

We structure the data collected into profiles consolidating the information outlined above.

Sharing with clients:

Where one of our clients searches for a name on our database, we share with that customer any profiles that match the given search parameters.

 

Our basis for processing this dataLegitimate interests

Our existing and prospective clients have legitimate interests in gaining access to high-quality and easily manageable data of the type we process in order to optimize compliance with obligations concerning sanctions, anti-money laundering, know-your-client and counter-terrorist financing. We also pursue our own legitimate interests in developing and improving products and services to serve this market.

 

How long we hold the dataAML Database:

We retain the information in our AML databases indefinitely.

Backups

Where we remove personal data from this database (for example, where we become aware that the information is not, or is no longer, relevant), it will remain in our backups for 30 days.

 

Recipients of data
  • Other data controllers on whose behalf we act as processors, who search for information matching given profiles
  • ComplyAdvantage group employees
  • Our hosting and cloud storage providers
  • Vendors we use to monitor the accuracy and performance of the data

 

Business contacts

Information we receive from you (e.g. business cards, correspondence during the sales process)

What we do with your dataA member of our sales team may contact you if we determine through your submission that you may be interested in our products and services.

This information – along with details of our interactions including phone calls and correspondence – is added to, and managed through, our CRM. We analyse our CRM data to understand, track, and improve how we market and sell our services. We save some correspondence to provide precedents and examples to other members of the team, and add your personal information to our e-signing and billing systems if appropriate.

We may make recordings of telephone calls with clients and prospective clients.

 

Our basis for processing this dataTaking steps at your request prior to entering into a contract:

If you request that we contact you to provide more information on our services to you, we’ll process your data and contact you on this basis.

Legitimate interests

We’ll retain and analyse information gained from our interactions with you as part of understanding, tracking and improving how we market and sell our services.

We process data in relation to billing and contracting in order to operate the legal and financial elements of our business.

We retain records of consent-based and other processing in order to demonstrate our historic compliance with data protection law.

 

How long we hold the dataEmail newsletters:

We’ll keep your details on this list until you unsubscribe, at which point we’ll move your details to an opted-out list to ensure that we don’t send you marketing emails from other sources in future.

Sales process

We retain information relating to our sales interactions with you for up to five years following our determination that we’re not an appropriate sales fit. We use this period as service contracts in our industry often last for 3-5 years, so a new opportunity may arise during the retention period.

General

We retain historic information relating to any consent you provided, or other bases for processing that have since lapsed, for six years from the date that the basis for processing lapsed.

 

Recipients of dataWithin ComplyAdvantage

Personal information will be available for our marketing and sales personnel, as well as customer success and other teams as necessary to fulfil the purposes set out above.

Outside of ComplyAdvantage

Our cloud storage providers, CRM, sales and marketing automation tools, customer support/servicing tools, debt collection service providers.

 

Information we collect from publicly available sources

The data we process
  • Name, contact details, professional activity
  • Publicly available information relevant to your position in your organisation, and industry events you’re attending.

 

What we do with your dataA member of our sales team may contact you to understand more information about your organisation’s anti-money laundering and sanctions compliance operations, and gauge your organisation’s potential interest in our services.

This information – along with details of our interactions including phone calls and correspondence – is added to, and managed through, our contact database. We analyse our contact database data to understand, track, and improve how we market and sell our services.

 

Our basis for processing this dataTaking steps at your request prior to entering into a contract:

If you subsequently request that we contact you to provide more information on our services to you, we’ll process your data and contact you on this basis.

Legitimate interests:

  • Identifying stakeholders in organisations with requirements for software similar to that provided by ComplyAdvantage
  • To hold as a reference point should you make any further applications within the retention period.
  • We’ll retain and analyse information gained from our interactions with you as part of understanding, tracking and improving how we market and sell our services.

 

How long we hold the dataSales process

We retain information relating to our sales interactions with you for up to five years following our determination that we’re not an appropriate sales fit. We use this period as service contracts in our industry often last for 3-5 years, so a new opportunity may arise during the retention period.

General

We retain historic information relating to any consent you provided, or other bases for processing that have since lapsed, for six years from the date that the basis for processing lapsed.

 

Recipients of dataWithin ComplyAdvantage:

Personal information will be available for our marketing and sales personnel, as well as customer success and other teams as necessary to fulfil the purposes set out above.

Outside of ComplyAdvantage:

Our cloud storage providers, CRM, sales and marketing automation tools, and customer support/servicing tools.