Privacy Policy
1. Who Processes My Data?
Inveztor Ltd (“Inveztor”, “we”, “us”, or “the Data Controller”) values and protects your
personal data.
We process personal data in line with:
- The UK General Data Protection Regulation (“UK GDPR”)
- The EU General Data Protection Regulation (EU) 2016/679 (“EU GDPR”)
- Applicable UK, EU, and international data protection laws
Data Controller: Inveztor Ltd, 25 Eccleston Place, London SW1W 9NF
Data Protection Officer (DPO): alastair@inveztor.io
2. What Personal Data We Collect
We may collect and process the following categories of personal data:
1. Identification Data – Name, surname, date of birth, nationality, ID/passport details.
2. Contact Details – Address, email, phone number.
3. Financial Data – Bank account details, payment card details, transaction history.
4. Regulatory Data – KYC/AML documentation, tax identification numbers.
5. Technical Data – IP address, browser type, login data, device identifiers.
6. Usage Data – How you use our platform and services, including transaction patterns.
7. Communications Data – Records of correspondence, customer service queries.
3. Why We Process Your Data & Legal Bases
We process your personal data for the purposes below:
4. How We Keep Your Data Secure
We implement industry-standard security measures to protect your data, including:
- Encryption in transit and at rest (AES-256 / TLS 1.3)
- Multi-factor authentication for access to systems
- Role-based access controls
- Continuous monitoring for suspicious or unauthorised access
- Independent security audits and penetration testing
Financial and regulatory data is stored in ISO 27001-certified data centres within the UK/EU,
unless otherwise agreed with you.
5. Data Retention
We retain your personal data only as long as necessary for the purposes for which it was
collected, or as required by law:
- Regulatory/Financial Data: Minimum 5 years from end of business relationship
(FCA/AML rules) - Contractual Data: For duration of contract + limitation period for legal claims
- Marketing Data: Until you withdraw consent or after 3 years of inactivity
- Aggregated/Anonymised Data: Indefinitely, as it is no longer personal data
6. Who We Share Your Data With
We may share your data with:
- Technology partners & payment processors (for secure transactions)
- Regulatory and law enforcement bodies (where legally required)
- Professional advisors (auditors, legal counsel)
- Intra-group companies for service provision and support
International transfers are carried out in compliance with GDPR requirements, using adequacy
decisions or Standard Contractual Clauses (SCCs).
7. Your Rights
You have the right to:
- Access your data
- Rectify inaccuracies
- Erase your data (in certain circumstances)
- Restrict processing
- Object to processing (including marketing)
- Withdraw consent at any time
- Data portability (where applicable)
- Complain to the UK ICO or relevant EU supervisory authority
You can exercise your rights by emailing info@inveztor.io or using your account settings.
8. Marketing & Preferences
We will only send you marketing communications if you have opted in. You can withdraw
consent at any time by:
- Clicking “unsubscribe” in any email
- Updating your account preferences
- Contacting us directly
We do not sell your personal data to third parties.
9. Children’s Data
Our services are not intended for individuals under 18. We do not knowingly collect their data.
10. Updates to This Policy
We may update this Privacy Policy from time to time. Significant changes will be communicated
via email or your account dashboard.