Home / Privacy policy
Privacy policy
Client Privacy Policy (UK). Last updated: 25 September 2025. This policy is subject to review by our compliance team before publication.
This privacy policy aims to give you information on how DigiDoe Limited collects and processes your personal data through your use of this website and our services, including any data you provide when you process payments, take actions relating to your account, communicate with our Client Managers, or go through the onboarding process. Please read it together with any other privacy or fair-processing notice we give you on specific occasions.
Contents
- About us
- What information do we collect from you?
- How do we collect your data?
- What we do with your data
- Disclosures of your personal data
- International transfers
- Data security
- How long we will keep your data for
- Your legal rights
About us
Controller. DigiDoe Limited, registered in England and Wales with company number 11944257 and registered with the ICO under registration number ZB087262, is the controller responsible for your personal data (“DigiDoe”, “we”, “us”, “our”). We personally oversee all questions relating to this policy; if you have any questions, including requests to exercise your legal rights, please use the contact details below.
Our services are not directed to individuals under 18. We do not knowingly collect children’s data; if you believe a child has provided data to us, please contact us so we can delete it promptly.
You have the right to complain at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection (www.ico.org.uk). We would appreciate the opportunity to address your concerns first, so please contact us in the first instance.
Contact details. Full name of legal entity: DigiDoe Limited. Email: info@digidoe.com.
Changes to this policy. We keep this policy under regular review; this version was last updated on 25 September 2025. It is important that the personal data we hold about you is accurate and current , please keep us informed if your details change during your relationship with us.
What information do we collect from you?
We may collect, use, store and transfer different kinds of personal data about you, grouped as follows:
- Identity Data , first name, maiden name, last name, marital status, title, date of birth, language spoken, nationality and/or citizenship.
- Employment Data , name of employer or nature of your relationship with the client using our services (for example director or shareholder), and job title.
- Background Check Data , information about criminal convictions and offences, identification document contents, and other “know your customer” check information (such as financial information).
- Contact Data , work and residential address, email address and telephone numbers.
- Financial Data , bank account and payment card information.
- Transaction Data , details about incoming and outgoing payments, transactional counterparties and related information.
- Technical Data , IP address, login information, browser type and version, time zone, location, browser plug-in types, and operating system.
- Profile Data , username and password, preferences, feedback and survey responses.
- Usage Data , information about how you use our website and services.
- Marketing and Communications Data , your marketing preferences and communication preferences.
- Criminal offence data , where required for onboarding and AML/sanctions compliance, processed only under UK Data Protection Act 2018 Schedule 1 conditions with appropriate safeguards.
We may also receive information about you if you use other websites or services we operate, and we collect and share Aggregated Data (statistical or demographic data that does not directly or indirectly identify you) for any purpose; if combined with your personal data such that it identifies you, we treat it as personal data under this policy.
We do not collect Special Categories of Personal Data (race, ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, health, genetic or biometric data), though we do collect information about criminal convictions and offences as noted above.
If you fail to provide personal data. Where we need data by law, regulation (such as KYC checks) or contract and you do not provide it, we may be unable to perform or enter into the relevant contract, and may decline or cancel the service; we will notify you if this is the case.
How do we collect your data?
We use several methods, including:
- Direct interactions , data you give us by filling in forms, or corresponding by post, phone, email, when you register, subscribe, use our services, request marketing information, or give feedback.
- Automated technologies , Technical Data collected automatically via cookies, server logs and similar technologies as you interact with our website; see our cookie policy for detail. Where cookies are not strictly necessary, we obtain your consent first.
- Third parties or publicly available sources , service providers, business partners, sub-contractors, advertising networks, analytics providers, search information providers and credit reference agencies; we may also receive information from your employer or business, or from a client using our services who is paying you.
- Compliance and risk screening providers , identity verification, sanctions/PEP and adverse media screening, and fraud-prevention vendors, to help meet our legal and regulatory obligations.
What we do with your data
We only use your personal data when the law allows, most commonly where it is necessary for our legitimate interests (or a third party’s) and does not override your interests and fundamental rights; where we must comply with a legal or regulatory obligation; or, in limited circumstances, with your explicit consent, which you may withdraw at any time.
Lawful basis for sensitive processing. Where we process criminal offence data for onboarding, ongoing monitoring, fraud and sanctions controls, we do so under UK GDPR Article 6(1)(c) (legal obligation) and/or Article 6(1)(f) (legitimate interests), together with Data Protection Act 2018 Schedule 1 conditions (for example, paragraph 10, preventing or detecting unlawful acts, and/or paragraph 12, regulatory requirements).
We use your data to: register you as a new client; provide our services (issuing and holding electronic money, facilitating payments); contact you about our services (including following up on incomplete registrations or relevant offers, which you may opt out of at any time); improve our services by analysing usage; deliver customer support and account administration, including investigating complaints; and, only with your explicit consent, provide information about related third-party products and services, or share your data with identified third parties or DigiDoe Group companies for their own marketing purposes. We also use your data to administer and protect our business and website (troubleshooting, testing, system maintenance, reporting, hosting) and for data analytics to improve our website, products, marketing and customer relationships, relying on our legitimate interests and regulatory compliance obligations.
Automated decision-making and profiling. We use automated systems, including transaction and fraud-risk models, to detect unusual or potentially fraudulent activity and meet AML/sanctions obligations. We do not make decisions based solely on automated processing that produce legal or similarly significant effects without meaningful human involvement; if we ever do, you will be informed and have the right to human review, to express your view, and to contest the decision.
Marketing. We use certain data to decide which of our products, services or offers may be relevant to you. You will receive marketing only if you requested information or purchased services and have not opted out; you may opt out at any time via the unsubscribe link or by contacting us. We comply with the Privacy and Electronic Communications Regulations (PECR): non-essential marketing by email or SMS is sent only with your consent (or soft opt-in where permitted), and you can withdraw consent at any time.
Cookies. You can set your browser to refuse cookies, though some parts of the website may then become inaccessible or malfunction; see our cookie policy for detail.
Change of purpose. We will only use your data for the purpose for which it was collected, unless a new purpose is compatible with the original one (in which case we will explain the legal basis on request), or unless required or permitted by law without your knowledge or consent.
Disclosures of your personal data
Your personal data may be transferred to: other companies in the DigiDoe Group, based in the United States, for communication, compliance, IT, system administration, analytics and reporting; service providers acting as processors or controllers in the UK or EU providing IT, system administration, identification and two-factor authentication services; professional advisers (lawyers, bankers, auditors, insurers) in the UK, EU and US; HM Revenue & Customs, regulators and authorities in the UK, EU and US; law enforcement, judicial and government bodies and tax authorities; credit reference agencies where we assess creditworthiness; our banking partners and FX brokers; payment systems and scheme operators, correspondent banks and fraud-prevention agencies; and FCA-approved EMD Agents distributing our services (DigiDoe remains the controller for regulated activities; Agents act on our instructions and must escalate suspected fraud or sanctions issues to us). Data may also be disclosed to third parties in connection with a sale, transfer, merger or acquisition of our business, or where otherwise permitted by law and consistent with the purposes above. We require all third parties to respect the security of your data, to use it only for the purposes and instructions we specify, and not for their own purposes.
International transfers
We keep your data according to strict safeguards, in compliance with the UK GDPR and EU GDPR as applicable, and share it within the DigiDoe Group. Your data is stored primarily in the UK/EEA. Where we transfer data outside the UK or EEA, we rely on one of the safeguards permitted by law: an adequacy assessment of the destination jurisdiction; a contract ensuring adequate protection; a UK adequacy regulation for the destination country; the ICO International Data Transfer Agreement or UK Addendum to the EU Standard Contractual Clauses; and/or, for certified US organisations, the UK-US Data Bridge (the UK extension to the EU-US Data Privacy Framework). We also carry out transfer risk assessments where appropriate. Contact us for further information on the specific mechanism used for a given transfer.
Data security
We have put in place appropriate security measures to prevent your personal data being accidentally lost, used, accessed, altered or disclosed without authorisation, and limit access to employees, agents, contractors and third parties with a genuine business need, who are subject to a duty of confidentiality and act only on our instructions. We have procedures to address any suspected personal data breach and will notify you and any applicable regulator where legally required. We routinely test and monitor the resilience of our security controls and vendor environments, and require EMD Agents and third-party processors to meet contractual security, confidentiality and breach-notification obligations consistent with the UK GDPR.
How long we will keep your data for
We retain personal data only as long as reasonably necessary for the purposes we collected it for, including satisfying legal, regulatory, tax, accounting or reporting requirements, and may retain it longer where there is a complaint or a reasonable prospect of litigation. We determine retention periods by considering the amount, nature and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure, the purposes of processing and whether they can be achieved by other means, and applicable legal or regulatory requirements.
We keep core customer records (Contact, Identity, Financial and Transaction Data) for the period required by law and regulation; for AML purposes this is five years from the end of the customer relationship, or longer only where permitted or required (for example ongoing investigations, tax, accounting or legal claims), with the reason documented and access limited where a longer period is justified. We keep basic customer information for ten years after the customer relationship ends, for tax and documentation purposes. In some circumstances you can ask us to delete your data (see “Your legal rights” below), and in some circumstances we anonymise data for research or statistical purposes, after which we may use it indefinitely without further notice to you.
Your legal rights
Under certain circumstances, you have the right to: be informed about what data we hold and how we use it (as set out in this notice); request access to your personal data (a “subject access request”); request correction of incomplete or inaccurate data; request erasure of your data where there is no good reason for us to continue processing it, where you have successfully objected to processing, where we may have processed it unlawfully, or where erasure is required by law (subject to legal exceptions we will explain to you); object to processing based on legitimate interests, including by unsubscribing from marketing emails or writing to Info@DigiDoe.com (we may demonstrate compelling legitimate grounds that override your objection); obtain human review, express your view and contest any decision based solely on automated processing with legal or similarly significant effects; request restriction of processing in specified circumstances (disputing accuracy, unlawful use where you do not want erasure, retention needed for legal claims, or pending verification of an objection); request transfer of your data in a structured, machine-readable format (where processing is based on consent or a contract with you); and withdraw consent at any time where we rely on it, without affecting the lawfulness of prior processing (we will tell you if withdrawal means we cannot continue to provide a product or service).
To exercise any of these rights, contact DigiDoe Limited by emailing info@DigiDoe.com. We may need to verify your identity before acting on a request, and aim to respond within one month, extending this where a request is complex (we will tell you if so). No fee is usually required, though we may charge a reasonable fee, or decline to act, if a request is clearly unfounded, repetitive or excessive. If you are dissatisfied with our response, you may complain to the Information Commissioner’s Office (ICO); if you are in the EEA, you may instead contact the relevant supervisory authority in your state of habitual residence, place of work, or place of the alleged infringement.
Contact
Questions about this policy can be sent to privacy@digidoe.com. DigiDoe Ltd, 80 Strand, London, England, WC2R 0RL. FCA-authorised EMI, FRN 901043.