Use your personal data
Clearfc Ltd takes your privacy very seriously and will never disclosure, share or sell your data without your consent, unless required to do so by law. We only retain your data for as long as is necessary and for the purposes specified in this notice. Where you have consented to us providing you with promotional offers and marketing, you are free to withdraw consent at any time. The purposes and reasons for processing your personal data are detailed below: –
We collect your personal data in the performance of a contract or to provide a service. As part of the FCA Application process, we must complete a DBS check. A DBS check is a record of a person’s criminal convictions and cautions – carried out by the Disclosure and Barring Service. It’s an essential requirement for those applying for approved person function with the FCA.
Your rights
You have the right to access any personal information that Clearfc Ltd processes about you and to request information about: –
- What personal data we hold about you
- The purposes of the processing
- The categories of personal data concerned
- The recipients to whom the personal data has/will be disclosed
- How long we intend to store your personal data for
- If we did not collect the data directly from you, information about the source
If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will strive to update/correct it as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified.
You also have the right to request erasure of your personal data or to restrict processing in accordance with data protection laws, as well as to object to any direct marketing from us and to be informed about any automated decision-making that we use.
If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the relevant request; this is to ensure that your data is protected and kept secure.
Sharing and disclosing your personal information
We do not share or disclosure any of your personal information without your consent, other than for the purposes specified in this notice or where there is a legal requirement.
Clearfc Ltd will only share your information with the Financial Conduct Authority.
Safeguarding measures
Clearfc Ltd takes your privacy seriously and we take every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place, including: –
- Clearfc Ltd enforces SSL connections all on publicly exposed endpoints. There is no publicly exposed non encrypted endpoints (HTTP).
- Clearfc Ltd uses Cloudflare to protect its publicly exposed services, offering DDoS mitigation and other common attack methods such as port scanning and exploit scanning.
- Clearfc Ltd encrypts all data in transit between applications and the database. Meaning in any network the traffic cannot be intercepted and readback.
- Clearfc Ltd hashes all customer data in rest. Only the users with a valid password can read the information.
- All of our public environments are hosted on a private cloud with no shared networking. This prevents anyone being able to intercept or sniff traffic inside the network.
- All corporate applications such as email require 2FA to gain access, we enforce a strict policy that prevents misuse and impersonation.
Consequences of not providing your data
You are not obligated to provide your personal information to Clearfc Ltd, however, as this information is required for the FCA Application, we will not be able to offer all of our products or services without it.
How long we keep your data
Clearfc Ltd only ever retains personal information for as long as is necessary and we have strict review and retention policies in place to meet these obligations. We are required under UK tax law to keep your basic personal data for a minimum of 6 years after which time it will be destroyed.