Company Number: 11504698
Operating Address is located at:
25 Cabot Square, Canary Wharf London E14 4QZ
Registered address is located at:
36 Mondrian House, Cezanne Road - Acton, London W3 7DU
+44 (0) 7717 144711
Privacy Notice (web)
What type of information we have
We currently collect and process the following information:
- Personal identifiers, contacts and characteristics, for example name, address and contact details.
- Username and account information used by customers to access financial account, for example username, password or security token.
- Financial account information, for example:
- Financial institution name
- Account name
- Account type
- Account ownership
- Branch number
- Routing number
- Sort code
- Account balances
- Credit account information
- Investment account information
- Account owner information
- Account transaction information
- Professional information in a small range of situations
- Device information, for example:
- Electronic identifiers such as IP addresses
- Timezone settings
- Location information
- Hardware model
- Operating system
- Browser data
- Information on our directors and employees:
- Employee files and personal development records
- Accident and ill health records
- Payroll information
- Disciplinary and grievance records
- Annual leave information
- Paternity or maternity leave information
- Criminal records checks
- Credit reference checks
- Identification documentation, e.g. copies of passports or driving licences
- Employee tax related records
- Redundancy records
- Employment and service contracts
How we get the information and why we have it
Most of the personal information we process is provided to us directly by you for one of the following reasons:
- to operate, provide and maintain our services to you;
- to protect you, our partners and ourselves from fraud and other types of financial crime;
- to provide marketing communications (with your consent);
- to receive feedback to help improve our services;
- to meet our legal and regulatory obligations; and
- to manage our relationships with employees, contractors and directors.
We also receive personal information indirectly, from the following sources in the following scenarios:
- Financial and payment institutions: to help us operate and provide services to you, including as an agent to such entities.
- Marketing and data analytics providers: where their services are used to coordinate marketing (e.g. newsletter) mail outs or to analyse website traffic and how our devices are used.
- Identity verification service providers: where these assist in the verification and screening of customers and employees where required to meet our legal and regulatory obligations.
Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:
- Your consent. You are able to remove your consent at any time. You can do this by contacting the Compliance Officer using the details outlined in the section entitled “Your data protection rights”, below.
- We have a contractual obligation.
- We have a legal obligation.
- We have a legitimate interest.
What we do with the information we have
We use the information that you have given us in order to:
(a) If you are a customer:
- provide you with the latest information about our products and services;
- provide services to you and our partners (where we act as agent)
- perform our legal obligations, for example to prevent fraud and assist our partners in performing customer due diligence pursuant to applicable anti-financial crime legislation and regulations; and
- protect our infrastructure and identify possibilities to improve our services to you.
(b) If you are an director, contractor or employee of Gregfins:
- to perform our contract with you;
- to meet our legal obligations, for example to screen employees (where applicable) and comply with applicable employment and tax legislation and regulations;
- to ensure standards of professionalism are maintained in the workplace; and
- to prevent the inappropriate use of our business devices.
We may share this information with the following types of organisation:
- (a) Financial institutions and providers of payment services: to help us operate and provide services to you, including as an agent to such entities.
- (b) Law enforcement and/or regulatory agencies: to meet our legal obligations, for example to respond to requests for information.
- (c) Professional advisors: where these offer us assistance in designing our technology or meeting our legal and regulatory obligations.
- (d) Identity verification service providers: where these assist in the verification and screening of customers and employees where required to meet our legal and regulatory obligations.
- (e) Tax authorities: to meet our legal obligations, for example to complete tax returns.
How we store your information
Your information is stored in the AWS eu-west-2 region (London). The database is encrypted, and so is your information in transit to and from our servers.
We keep your personal information for the time periods outlined below:
- (a) your customer account information: ongoing until our relationship with you ceases, after which records will be kept for 5 years before being destroyed;
- (b) details of any data protection complaints received from you: ongoing until our relationship with you ceases, after which records will be kept for 7 years before being destroyed;
- (c) details of any non-data protection complaints received from you: 5 years after the complaint is closed;
- (d) details of any feedback and reviews received from you: 18 months after receipt;
- (e) details of any enquiries received from you, for example, if you did not become a customer: 2 years after the enquiry has been received; and
- (f) data from cookies: 1 year after the data has been collected.
- (g) marketing opt-out requests received from you: 10 years after the date we received the request.
If you are a director or employee many records will be kept for 7 years after our relationship with you ceases. However, there after a number of situations in which retain documents for a shorter period in line with applicable laws and regulations. Please speak to a director of the business if you require specific information about these retention periods.
We will then dispose of your information by deleting it from the database.
Your data protection rights
Under data protection law, you have rights including:
Your right of access -
You have the right to ask us for copies of your personal information.
Your right to rectification -
You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure -
You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing -
You have the right to ask us to restrict the processing of your information in certain circumstances.
Your right to object to processing -
You have the the right to object to the processing of your personal data in certain circumstances.
Your right to data portability -
You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
If you wish to make a request, please contact us at:
Telephone: +44 (0) 7717 144711
Postal address: Attn: Compliance Officer, Gregfins Ltd, 25 Cabot Square, Canary Wharf, London, E14 4QZ, UK.
How to complain
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Helpline number: 0303 123 1113
To enrich and perfect your online experience, Gregfins uses "Cookies", similar technologies and services provided by others to display personalized content, appropriate advertising and store your preferences on your computer.