This Privacy Policy explains how AI Verify 360 Limited (“we”, “us”, “our”) collects, uses and protects personal data when operating the AI Verify 360 platform and related services, in accordance with UK GDPR, the Data Protection Act 2018 and, where applicable, the EU GDPR.
Who we are and how to contact us
The AI Verify 360 platform is operated by AI Verify 360 Limited [of Fifth Floor, 167-169 Great Portland Street, London, W1W 5PF].
We act primarily as an independent business data verification services provider. For most activities described in this Privacy Policy, we act as an independent data controller under the Data Protection Act 2018. Details of our registration, including our registration number and registered address, are available on the ICO’s public register of fee payers.
If you have any questions about this Privacy Policy or how we handle personal data, you may contact us at: support@verify360.ai
Scope and roles
This Privacy Policy applies to:
- Visitors to our website and online resources.
- Registered users and authorised representatives of our business clients.
- Other individuals who communicate with us e.g. by email or telephone.
In most cases our platform processes business and corporate information only; the service is not intended to be used to store or manage special category data or large-scale consumer datasets.
Where, in limited circumstances, personal data is included in business records (for example director, ultimate beneficial owner or persons with significant control details drawn from official registers), we process that personal data in accordance with this Privacy Policy and applicable data protection law.
What personal data we collect
Depending on how you interact with us, we may collect and process the following categories of personal data:
- Identification and contact details: name, job title, business email address, business telephone number, employer, and similar information.
- Account and usage data: login credentials, role/permissions, audit logs, activity records, and settings associated with your use of the platform.
- Technical data: IP address, device identifiers, browser type, operating system, access times, pages viewed and similar telemetry collected via our website or platform (including through cookies and similar technologies – see our Cookie Policy).
- Business registry data: information relating to directors, officers, beneficial owners or other individuals where this appears in official corporate or regulatory registers accessed via the platform.
- Communications data: records of enquiries, support tickets, feedback or complaints submitted to us, together with our responses.
We do not collect special category data (such as health, biometric or religious data) or largescale consumer profiling data through the platform and request that users do not submit such information.
How we collect personal data
We collect personal data in the following ways:
- Directly from you when you create an account, use the platform, subscribe to updates, or contact us.
- From your organization when it registers as a client and nominates you as an authorized user or contact.
- From official and reputable data sources (for example company registers and public regulatory datasets) where those sources include personal data relating to business roles.
- Automatically, via cookies and similar technologies when you visit our website or access the platform (see our Cookie Policy for further details).
Purposes and lawful bases for processing
We process personal data only where we have a lawful basis to do so. The main purposes and corresponding legal bases are:
- Providing and administering the platform and services (creating accounts, authenticating users, delivering search and verification functionality, maintaining audit trails). Legal basis: performance of a contract or taking steps at your request prior to entering into contract; and/or our legitimate interests in operating a secure business verification service.
- Managing our client relationships, including billing, service communications, training, and support. Legal basis: performance of a contract; legitimate interests in managing our business.
- Operating and securing our website and systems, including monitoring for misuse, security incidents and fraud. Legal basis: legitimate interests in maintaining network and information security and preventing abuse of our services.
- Complying with legal and regulatory obligations, such as record-keeping, responding to lawful requests from public authorities or exercising legal rights. Legal basis: compliance with legal obligations; establishment, exercise or defence of legal claims.
- Improving and developing our services, including analytics on aggregated or de-identified usage data. Legal basis: legitimate interests in improving and developing our products and services; where required, consent.
- Sending you service-related communications and, where permitted, relevant information about updates or improvements. Legal basis: performance of a contract and/or legitimate interests; for some forms of electronic marketing, consent or the “soft opt-in” under the Privacy and Electronic Communications (EC Directive) Regulations 2003 (“PECR”) as applicable.
Where we rely on consent, you may withdraw that consent at any time using the methods described in this Privacy Policy or in the relevant communication.
How we use third-party data sources and processors
The platform connects to various official and third-party data sources to retrieve business information (for example, corporate or VAT registers) and may engage reputable service providers for hosting, security, analytics and similar functions. Where those third parties process personal data on our behalf, they act as our data processors, are bound by written contracts, and may only process personal data in accordance with applicable law. Where we access personal data from public or official registers, those third-party controllers remain responsible for their underlying datasets. We do not accept responsibility for inaccuracies or incompleteness in third-party source data, but we take reasonable steps to ensure our integrations function as intended.
International transfers
Our primary hosting and processing locations are within the United Kingdom and/or European Economic Area (EEA). If we need to transfer personal data outside the UK or EEA, we will ensure that appropriate safeguards are in place, such as adequacy regulations or standard contractual clauses, in accordance with UK GDPR.
Data retention
We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, including to comply with legal, accounting or reporting obligations, and then delete or irreversibly anonymise it. Retention periods may vary depending on the type of data and the context in which it was collected (for example, client account records may be retained for a period after contract termination to address queries or legal claims).
Your data protection rights
Under UK GDPR (and, where applicable, EU GDPR), you have several rights in relation to your personal data, subject to certain conditions:
- Right of access – to obtain confirmation as to whether we process your personal data and to receive a copy.
- Right to rectification – to request correction of inaccurate or incomplete data.
- Right to erasure – to request deletion of your personal data in certain circumstances.
- Right to restriction – to request we restrict processing in certain circumstances.
- Right to object – to object to processing based on our legitimate interests and to object at any time to direct marketing.
- Right to data portability – to receive certain data in a structured, commonly used and machine-readable format and to have it transmitted to another controller where technically feasible.
- Right to withdraw consent – where we rely on consent, to withdraw it at any time, without affecting the lawfulness of processing before withdrawal.
You may exercise these rights by contacting us using the details above. We may need to verify your identity before responding to your request and will respond within the timeframes set by applicable law.
If your query relates to data for which we act only as a processor on behalf of a business client, we may direct you to contact that client as the relevant data controller.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) or, where applicable, another competent supervisory authority.
You can contact the ICO at: https://ico.org.uk/ using the contact form or LiveChat function, or via post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, disclosure or destruction, considering the nature of the data and the associated risks. However, no electronic transmission or storage is completely secure; if you believe your interaction with us is no longer secure, please notify us immediately using the contact details above.
Children
Our platform and services are designed for business users and are not intended for use by children. We do not knowingly collect personal data relating to individuals under 18 in the ordinary course of our business.
Changes to this Privacy Policy
Based on the nature of our activities, we assess our position against the ICO’s data protection fee and registration guidance on a regular basis and will update our registration or reliance on any available exemption where the law or our processing activities change.
We may update this Privacy Policy from time to time to reflect changes in law, regulation or our services. Any updated version will be published on our website with a revised “last updated” date and, where appropriate, notified to clients or users via the platform. You should review this page periodically to ensure you are aware of any changes.