Privacy Policy: directorverifications.com
1. Introduction and Data Controller
Finovium Limited, trading as directorverifications.com ("we", "our", or "the Company"), is committed to protecting the privacy of our users. This policy explains how we collect, use, and protect your personal data when you use our identity verification services.
Data Controller: Finovium Limited
Company Number: 09852857
Address: 7 Bell Yard, London, England, WC2A 2JR
Email: info@directorverifications.com
2. Legal Basis for Processing
We process personal data under the following legal bases as defined by the UK GDPR:
Legal Obligation: Processing is mandatory to fulfill our statutory duties as an Authorised Corporate Service Provider (ACSP) under the Economic Crime and Corporate Transparency Act 2023 (ECCTA).
Contract Performance: Necessary to deliver the verification services you have requested.
Legitimate Interests: Fraud prevention, system security, and maintaining the integrity of the Companies House register.
3. Personal Data We Collect
To meet the Companies House Identity Verification Standard, we collect:
- Identity Information: Full name (including former names), date of birth, and personal email address.
- Residency Data: Current residential address and a 12-month residential address history.
- Identity Evidence: High-resolution copies of government-issued photo ID (e.g., Biometric Passport, Driving License).
- Biometric Data: "Selfie" images and cryptographic data from ID chips, processed via Identity Document Validation Technology (IDVT).
- Technical Data: IP addresses, browser type, and audit logs of system actions.
4. How We Use Your Data
- Verification: To verify your identity via our third-party partner using IDVT.
- Submission: To upload a verification statement to the Companies House ACSP portal.
- Compliance: To trigger the issuance of your 11-digit Companies House personal code.
- Communication:
- Sending service updates and technical notices regarding your verification status.
5. Data Sharing
We share personal data only with:
- Third-Party Verification Partners: Specialized providers who perform biometric and document authenticity checks.
- Companies House: As an ACSP, we are legally required to transmit your verification data to trigger your unique 11-digit code.
- Infrastructure Providers: Secure services for payment processing (e.g., Stripe) and email delivery (e.g., SendGrid).
- Law Enforcement: Only where required by law to prevent economic crime.
6. Data Retention
Mandatory ACSP Retention: In accordance with the ECCTA 2023 and UK Anti-Money Laundering regulations, we are legally required to retain copies of your identity evidence and verification records for seven (7) years from the date the verification is completed. After this period, data will be securely destroyed.
7. Data Security
We implement robust technical and organisational measures, including:
- Encrypted Transmission: All data is protected via HTTPS/TLS encryption during transit.
- Access Control: We use Role-Based Access Control (RBAC) to ensure only authorised staff can access sensitive identity documents.
- Secure Storage: All personal data is stored in encrypted environments within the UK/EEA.
- Audit Trails: Comprehensive logging of all data access and modifications for accountability.
8. Your Rights
Under the UK GDPR, you have the right to access, rectify, or restrict the processing of your data. However, please note:
- Rights are not absolute: Because we process data to meet a statutory obligation, your "Right to Erasure" (to be forgotten) is limited by our legal duty to retain records for the 7-year mandatory period.
9. Cookies
We use cookies to improve navigation and site performance. You may remove cookies through your browser preferences; however, disabling them may limit your use of certain features on our Site.
10. Complaints
If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
- Website: ico.org.uk
- Helpline: 0303 123 1113
