Privacy Policy
Introduction
Welcome to Idenfo Limited’s Privacy Policy.
We respect your privacy and are committed to protecting your personal data. This policy explains how we collect, use, and protect your data when you visit and use our website.
1. Important information and who we are
Purpose:
This privacy policy explains how we handle your personal data through your use of our website and services.
Controller:
Idenfo Limited is the data controller. It is based in the UK with subsidiaries in UAE (Idenfo Solutions Pvt Ltd) and Pakistan (Idenfo Pakistan Pvt Ltd).
Contact Details:
Data Protection Officer (DPO):
📧 [email protected]
📍 Bankside 300 Peachman Way, Broadland Business Park, Norwich, Norfolk, NR7 0LB, UK
You can also complain to the Information Commissioner’s Office (ICO), though we encourage contacting us first.
Policy Updates:
Last updated August 2025 — please keep your personal data up to date.
Third-party links:
Our website may contain links to external sites — we’re not responsible for their privacy practices.
2. The data we collect about you
We may collect the following categories of data:
Identity Data: Full name, date of birth, gender, nationality, country of residence, passport/ID details.
Contact Data: Billing and residential address, email, phone number.
Financial Data: Bank and payment card details.
Transaction Data: Payment details and services purchased.
Technical Data: IP address, browser type, time zone, device information, etc.
Profile Data: Username, password, purchase history, preferences, feedback.
Usage Data: How you use our website and services.
Marketing Data: Preferences regarding marketing and communication.
We may also collect Aggregated Data (statistical, anonymized data).
We do not collect sensitive personal data (e.g., race, religion, health, or biometric data).
Failure to provide necessary data may limit our ability to provide services.
3. How is your personal data collected?
Direct interactions: When you sign up, fill forms, contact us, or subscribe.
Automated technologies: Through cookies and analytics tools (like Google Analytics).
Third-party sources:
Analytics providers (e.g., Google).
Payment processors (e.g., Stripe).
Publicly available sanctions and regulatory lists (e.g., OFAC, UN, HM Treasury).
4. How we use your personal data
We process data only when legally allowed, including:
To perform a contract with you.
To pursue our legitimate business interests.
To comply with legal obligations.
Main purposes:
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Register you as a customer | Identity, Contact | Contract performance |
| Process orders/payments | Identity, Contact, Financial, Transaction | Contract performance & Legitimate interest |
| Perform KYC checks | Identity, Contact, Financial | Contract performance |
| Manage relationship (updates, surveys) | Identity, Contact, Profile | Contract & Legal obligation |
| Website maintenance/security | Technical, Identity, Contact | Legitimate interest & Legal obligation |
| Marketing and communications | Contact, Profile, Usage | Legitimate interest |
Marketing:
You may receive marketing communications unless you opt out. You can unsubscribe anytime.
Cookies:
You can disable cookies, but some features may not function properly.
Change of purpose:
We’ll notify you if your data is used for purposes other than originally stated.
5. Disclosures of your personal data
We may share your data with:
Internal parties: Idenfo group companies in the UK, UAE, and Pakistan.
External parties:
Cloud providers
Professional advisers (lawyers, accountants, etc.)
Regulators and legal authorities
Business partners in case of mergers or acquisitions
All third parties are required to treat your data lawfully and securely.
6. International transfers
Your data may be processed outside your home country.
We ensure adequate protection through:
Transfers only to countries with sufficient data protection laws, or
Standard Contractual Clauses approved by UK authorities.
7. Data security
We implement strict security controls to prevent unauthorized access, disclosure, or loss.
Access is restricted to employees or contractors who need it, under confidentiality obligations.
In case of a data breach, affected individuals and regulators will be notified as required by law.
8. Data retention
We retain your personal data only as long as necessary for service delivery or legal compliance.
Normally, data is deleted upon service termination, except where needed for:
Legal or tax purposes
Ongoing disputes or claims
Research or anonymized statistical purposes
9. Your legal rights
You have the right to:
Access your personal data
Correct inaccurate data
Erase your data (“right to be forgotten”)
Restrict or object to processing
Transfer your data to another service
Withdraw consent at any time
Requests are free of charge unless excessive or repetitive.
We may ask for proof of identity.
Responses are typically provided within one month.
10. Glossary
Lawful Bases:
Legitimate Interest: Necessary for business operations where rights aren’t overridden.
Performance of Contract: Required to fulfil our services.
Legal Obligation: Required by law.
Internal Third Parties:
Idenfo entities in the UK, UAE, and Pakistan handling IT, system admin, and marketing.
External Third Parties:
Cloud service providers, professional advisers, and regulators.
Your rights summary:
You may request access, correction, deletion, restriction, objection, or transfer of your personal data at any time.
To exercise these rights, contact:
[email protected]