Privacy Policy

Last updated: March 2026 | GDPR Compliant

1. Introduction

Ferravision Ltd. ("we," "us," "our," "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our compliance system services (the "Services").

We comply with the EU General Data Protection Regulation (GDPR) and UK data protection laws. Please read this policy carefully. If you do not agree with our policies and practices, please do not use our Services.

2. Information We Collect

2.1 Information You Provide:

  • • Account registration details (name, email, organisation)
  • • Communication preferences and contact information
  • • Information submitted through contact forms or surveys
  • • Documents and data uploaded to the compliance system
  • • Payment and billing information

2.2 Information Automatically Collected:

  • • Log data (IP address, browser type, pages visited)
  • • Device information (type, operating system, settings)
  • • Cookies and similar tracking technologies
  • • Usage analytics and interaction patterns

3. Legal Basis for Processing

We process personal data based on:

  • Contractual necessity: To provide the Services you've engaged us for
  • Legal obligation: To comply with applicable laws and regulations
  • Legitimate interests: To improve our Services, prevent fraud, and maintain security
  • Consent: When you explicitly consent to specific processing activities

4. How We Use Your Information

We use collected information to:

  • • Provide, maintain, and improve the Services
  • • Process transactions and send related information
  • • Send transactional emails and service updates
  • • Respond to your inquiries and provide support
  • • Analyze usage patterns to improve user experience
  • • Comply with legal obligations and enforce agreements
  • • Prevent fraud and maintain system security

5. Data Sharing & Third Parties

We do not sell your personal data. We may share information with:

  • Service providers: Cloud infrastructure, payment processors, analytics providers
  • Legal requirements: When required by law enforcement or court order
  • Your organisation: As necessary to provide the Services

All service providers are contractually bound to protect your data and use it only as necessary to provide services.

6. Data Security

We implement comprehensive security measures including:

  • • Industry-standard encryption (TLS/SSL in transit, AES-256 at rest)
  • • Multi-factor authentication for user accounts
  • • Regular security audits and penetration testing
  • • Role-based access controls and audit logging
  • • Data backup and disaster recovery procedures

While we strive to protect your data, no method of transmission is completely secure. We cannot guarantee absolute security.

7. Your GDPR Rights

You have the right to:

  • Access: Request a copy of personal data we hold about you
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data (subject to legal retention requirements)
  • Restrict processing: Limit how we use your data
  • Data portability: Receive your data in a portable format
  • Object: Object to specific processing activities
  • Withdraw consent: Withdraw consent for data processing at any time

8. Data Retention

We retain personal data only as long as necessary to provide the Services or as required by law. Retention periods vary based on data type and purpose:

  • • Account data: Retained during active subscription and for 30 days after termination
  • • Transaction records: Retained for 7 years for accounting purposes
  • • Compliance documents: Retained per regulatory requirements for your industry
  • • Marketing data: Retained until you unsubscribe

9. Cookies & Tracking

We use cookies and similar technologies to:

  • • Remember login information and preferences
  • • Understand how you use our Services
  • • Improve user experience and performance
  • • Provide security and fraud prevention

You can manage cookie preferences through your browser settings. Note that disabling cookies may affect functionality.

10. International Data Transfers

Ferravision is based in the United Kingdom. If you are in the EU, data transfers are protected by Standard Contractual Clauses and our UK-EU adequacy status. We do not transfer data to countries without adequate protection unless you consent.

11. ICO Registration & Compliance

Ferravision Ltd. is registered with the UK Information Commissioner's Office (ICO) for data protection compliance.

ICO Reference Number: C1774369

A Data Protection Officer is appointed and available to handle data subject requests and queries.

View on ICO Register →

11. ICO Registration & Compliance

Ferravision Ltd. is registered with the UK Information Commissioner's Office (ICO) for data protection compliance.

ICO RegulatedC1774369

ICO Reference Number: C1774369

A Data Protection Officer is appointed and available to handle data subject requests relating to this Privacy Policy.

View on ICO Register →

12. Contact & Data Subject Requests

To exercise your rights or for privacy concerns, contact:

Privacy Officer
Ferravision Ltd.
86-90 Paul Street, 3rd Floor
London, England, EC2A 4NE
privacy@ferravision.co.uk

We aim to respond to all data subject requests within 14 days. You also have the right to lodge a complaint with your supervisory authority (ICO in the UK).

13. Changes to This Policy

We may update this Privacy Policy at any time. Significant changes will be notified via email. Continued use of the Services after updates constitutes acceptance.