Privacy Policy

1. Who we are

This Privacy Policy explains how Veridable Ltd (“Veridable”, “we”, “us”, “our”) collects, uses and protects personal data when you:

  • Visit our website;

  • Contact us; or

  • Use our products and services, including any pilot or beta programmes (the “Services”).

We act as a data controller for personal data we collect and determine how it is used, unless otherwise stated in a specific agreement with your organisation.

2. Data we collect

The types of personal data we collect depend on how you interact with us.

2.1. Information you provide to us

  • Contact information – name, email address, phone number, company name, role, and any other details you provide when you contact us or request a demo.

  • Account information – login credentials and profile details when you create an account to use the Services.

  • KYC-related information – if you or your organisation use the Services to manage KYC/KYB, we may process information about individuals associated with your organisation or your counterparties (e.g. directors, shareholders, UBOs, key contacts), such as:

    • Name, role and relationship to an entity

    • Contact details

    • Identification details (where applicable and lawful)

    • Documents and data submitted as part of KYC processes

  • Communications – messages, feedback and other information you send to us, including support queries.

2.2. Information we collect automatically

When you visit our website or use the Services, we may automatically collect:

  • Log data – IP address, browser type and settings, device information, date and time of access, and pages or features accessed.

  • Usage data – how you navigate and interact with the Services (for example, features used, clicks, time spent).

We may use cookies and similar technologies to collect some of this information. See the Cookies section below.

2.3. Information from third parties

We may receive personal data from:

  • Your employer or organisation, if they register you as a user of the Services.

  • Data providers and public sources (e.g. corporate registries, sanctions/PEP databases), where this is necessary for KYC-related Services.

  • Partners or referrers, where you have interacted with them in a way that indicates interest in our Services

3. How we use personal data

We use personal data for the following purposes and legal bases:

3.1. To provide and operate the Services

  • Creating and managing user accounts.

  • Enabling you and your organisation to use the KYC collaboration and reusable profile features.

  • Processing KYC-related information as part of the Services.

  • Providing support and responding to enquiries.

Legal bases:

  • Performance of a contract (or steps prior to entering into a contract).

  • Legitimate interests (to operate and improve the Services).

3.2. To improve and secure the Services

  • Monitoring usage patterns and performance.

  • Detecting, preventing and responding to security incidents and misuse.

  • Developing new features and improving existing ones.

Where possible, we use aggregated and/or anonymised data for analytics.

Legal bases:

  • Legitimate interests (to improve and secure our Services).

3.3. To communicate with you

  • Responding to contact requests and questions.

  • Sending important notices about the Services, such as changes to terms, policies or features.

  • Where permitted, sending updates about new features or opportunities (you can opt out at any time).

Legal bases:

  • Performance of a contract.

  • Legitimate interests (to communicate with users and prospective customers).

  • Consent (for certain types of marketing communications, where required by law).

3.4. To comply with legal obligations

  • Keeping records required by law.

  • Responding to lawful requests from authorities.

  • Complying with applicable financial crime, data protection and other regulations.

Legal basis:

  • Compliance with legal obligations.

4. Sharing of personal data

We may share personal data with:

  • Service providers (processors) – such as cloud hosting providers, email and communication tools, analytics providers, and security services. We require them to process personal data only on our instructions and to keep it secure.

  • Professional advisers – such as lawyers, accountants and auditors, where necessary for our business or legal obligations.

  • Counterparties and your organisation – if you use the Services as part of a KYC process, personal data may be shared with your organisation and with counterparties (e.g. financial institutions, suppliers, customers) in accordance with the configuration and permissions in the Services.

  • Authorities and regulators – where required by law or where we believe it is necessary to protect our rights, your safety or the safety of others.

We do not sell personal data.

If we are involved in a merger, acquisition, restructuring or sale of assets, personal data may be transferred as part of that transaction, subject to appropriate protections.

5. International transfers

We may process and store personal data in countries outside your country of residence, including outside the UK or European Economic Area (EEA).

Where we transfer personal data from the UK or EEA to a country that does not provide an equivalent level of data protection, we will use appropriate safeguards, such as:

  • Standard contractual clauses approved by the European Commission or UK authorities; or

  • Other mechanisms recognised by applicable data protection laws.

You can contact us for more information about the safeguards we use.

6. Data retention

We retain personal data for as long as reasonably necessary to:

  • Provide the Services and fulfil the purposes described in this policy;

  • Comply with legal, regulatory, accounting or reporting requirements;

  • Resolve disputes and enforce our agreements.

Retention periods may vary depending on the type of data and the context in which it was collected (for example, some KYC-related records may need to be kept for a minimum period under applicable law or as agreed with your organisation).

When personal data is no longer needed, we will delete it or anonymise it in a secure manner.

7. Security

We take appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access.

These measures include, where appropriate:

  • Encryption in transit and at rest;

  • Access controls and role-based permissions;

  • Logging and monitoring of access to systems;

  • Regular review of security practices.

However, no system can be completely secure. You are responsible for keeping your account credentials confidential and notifying us promptly of any suspected unauthorised access.

8. Your rights

Depending on your location and applicable law (including the UK GDPR and EU GDPR), you may have the following rights in relation to your personal data:

  • Right of access – to obtain confirmation whether we process your personal data and access to that data.

  • Right to rectification – to request correction of inaccurate or incomplete data.

  • Right to erasure – to request deletion of your data in certain circumstances.

  • Right to restriction – to request restriction of processing in certain circumstances.

  • Right to data portability – to receive your data in a structured, commonly used and machine-readable format, and to transmit it to another controller where technically feasible.

  • Right to object – to object to processing based on legitimate interests or to direct marketing.

  • Right to withdraw consent – where processing is based on consent, you can withdraw it at any time.

To exercise your rights, please contact us using the details above. We may need to verify your identity before responding.

You also have the right to lodge a complaint with your local data protection authority. In the UK, this is the Information Commissioner’s Office (ICO).

9. Cookies and similar technologies

We may use cookies and similar technologies on our website and in the Services to:

  • Enable core functionality (e.g. login, session management);

  • Remember your preferences;

  • Analyse how the website and Services are used.

You can control cookies through your browser settings and, where implemented, through a cookie banner or preference tool on our site. Disabling some cookies may affect the functionality of the Services.

If you use a third-party analytics or marketing tool (e.g. Google Analytics, HubSpot) later, you should update this section with more detail.

10. Children’s privacy

The Services are not intended for, and we do not knowingly collect personal data from, children under 18. If you believe a child has provided us with personal data, please contact us and we will take appropriate steps to delete it.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Services or applicable law.

When we make material changes, we will update the “Last updated” date at the top and, where appropriate, provide additional notice (for example on our website or by email).

We encourage you to review this Privacy Policy periodically.

12. Contact

If you have any questions about this Privacy Policy or how we process personal data, please contact us.