Free cookie consent management tool by TermsFeed

Validat Limited Privacy Policy: Protecting Your Data and Rights

Last updated: 18th June 2026

Applies to:  Website visitors, platform subscribers and End User data processed through the platform

This policy covers two distinct types of processing: (1) data Validat collects directly when you visit our website or manage a subscription account – where Validat is the data controller; and (2) personal data that subscribers submit through the platform about their own customers and applicants – where Validat acts as a data processor on the subscriber’s behalf. Validat’s platform covers compliance orchestration (KYC, sanctions, transaction monitoring), banking and reconciliation tooling (including a real-time ledger system) and subscription-based access to these services.

SECTION 1

Website Visitors

1.1 What We Collect
When you visit validat.co.uk we may collect:
  • Contact details you provide through forms (name, email, company, message);
  • Device and usage data collected automatically – IP address, browser type, pages visited, time on site;
  • Cookies and similar tracking data (see our Cookie Policy at validat.co.uk/cookie-policy).
1.2 How We Use It
  • To respond to enquiries and provide information about our services.
  • To send marketing communications where you have opted in.
  • To maintain website security and understand how the site is used.
1.3  Legal Bases
  • Contract or pre-contractual steps: where you have made an enquiry with a view to using our services.
  • Legitimate interests: website security, preventing fraud, improving website performance and user and other service improvement and measuring website usage and other analytics.
  • Consent: marketing communications; you may withdraw consent at any time by emailing marketing@validat.co.uk.
1.4  Retention
Enquiry and contact form data is retained for up to 2 years or until you withdraw consent to further contact. Website analytics data is retained in accordance with our cookie settings.

SECTION 2

Platform Subscribers – Account and Billing Data

2.1  What We Collect
When you create and manage a Validat subscription account, we process:
  • Name, business email, contact details and company information;
  • Account credentials, login history and access logs;
  • Billing records and payment method details (card numbers are not stored by Validat);
  • Subscription tier, usage history and credit balance;
  • Support communications and case history.
2.2  How We Use It
To administer your subscription, process payments, provide customer support, send service and security notices and comply with our legal obligations. We do not use account data for advertising and do not share it with third parties for their own marketing purposes.
2.3  Legal Bases
  • Contract - Processing necessary to provide and manage the subscription service.
  • Legitimate interests - Security monitoring, fraud prevention and service improvement.
  • Legal obligation - Financial records and tax compliance.
  • Establishment, exercise or defence of legal claims - Where processing is necessary in connection with actual or potential legal proceedings.
2.4  Retention
Account and billing data is retained for the duration of your subscription and for up to 6 years thereafter for legal and tax purposes. Support records are retained for up to 3 years. On cancellation, platform data is available for export for up to 30 days before deletion.
2.5  Data Sharing
Validat may share subscriber account and contact data with cloud infrastructure and hosting providers, payment processors (for billing only), support tooling providers and legal or regulatory authorities where required by law. In the event of a merger, acquisition, financing or sale of all or part of Validat’s business or assets, personal data held by Validat may be transferred to the relevant successor or acquirer, subject to appropriate confidentiality and data protection safeguards.

SECTION 3

End User Data Processed on Behalf of

Subscribers
Validat acts as a data processor in this context. The subscriber – the company using the Validat platform – is the data controller. Subscribers determine why End User data is collected and are responsible for having a valid legal basis for processing.
3.1  What This Covers
When subscribers use the platform to run KYC checks, sanctions screening, transaction monitoring, or banking and reconciliation workflows, they submit personal data about their own customers, applicants and monitored individuals (“End Users”). Validat processes this data only to deliver the platform services on the subscriber’s behalf.
3.2  Categories of Data
Depending on the subscriber's configuration and the checks performed, the platform may process:
  • Names, dates of birth and nationality;
  • Identity document images and extracted data;
  • Facial images and liveness verification data;
  • Address and contact information;
  • Corporate, directorship and beneficial ownership data;
  • Sanctions, PEP and watchlist screening results;
  • Transaction data, risk scores and case notes;
  • Ledger and balance data – real-time account balances, transaction records, statements and reconciliation data maintained within the Validat ledger system.
3.3  Instructions and Restrictions
Validat processes End User data only on documented subscriber instructions and in accordance with the Data Processing Schedule incorporated into the subscription terms. Validat does not use End User data for any purpose other than delivering the platform services.
3.4  End User Rights
If you are an End User whose data has been submitted to the platform by one of our subscribers and you wish to exercise rights under UK GDPR – including access, correction, erasure or restriction – your request should be directed to the subscriber (the organisation that collected your data), not to Validat. Validat will assist subscribers in fulfilling such requests where required.
3.5  Security
Validat applies appropriate technical and organisational security measures including encryption in transit and at rest, role-based access controls, audit logging and incident response procedures.
3.6  Retention
End User data is retained in accordance with the subscriber's instructions. On termination of a subscription, data is available for export for up to 30 days before deletion, unless applicable law requires longer retention.

SECTION 4

Sub-Processors

Where Validat processes personal data on behalf of subscribers, it uses the following third-party sub-processors to deliver specific platform functions. Each sub-processor is bound by a data processing agreement and UK IDTA safeguards are in place where data is transferred outside the UK.
Sub-processor Purpose Location Transfer safeguard
KYC provider Identity verification and document verification (KYC checks) EU / US UK IDTA
Sanctions database provider Sanctions, PEP and watchlist screening EU / US UK IDTA
Cloud infrastructure provider Hosting, storage and backups UK / EEA N/A
Email provider Email notifications and service communications US UK IDTA

Subscribers are given reasonable advance notice of any material changes to this sub-processor list. If you require the specific identity of any provider listed above please contact us at info@validat.co.uk.

SECTION 5

International Transfers

Where personal data is transferred outside the UK Validat uses the UK International Data Transfer Agreement (UK IDTA) or applicable adequacy regulations as the transfer safeguard. This applies to transfers to our identity verification and screening providers in connection with platform services.

SECTION 6

Your Rights

Under UK GDPR you have the following rights in relation to your personal data: to access it; to request correction of inaccurate data; to request erasure; to restrict or object to processing; to withdraw consent at any time where processing is based on consent; to receive data you have provided in a portable format and not to be subject to solely automated decisions with significant legal effects.
Rights relating to your account and contact data (Validat as controller)
Send your request to jigar@validat.co.uk. We will respond within 30 days.
Rights relating to data processed through the platform (Validat as processor)
Contact the subscriber (the organisation that onboarded or is monitoring you) directly, as they are the data controller. Validat will assist the subscriber in fulfilling your request.

If you are unsatisfied with how we handle your data, first contact us. If you remain unsatisfied then you have the right to complain to the Information Commissioner's Office at ico.org.uk or by calling 0303 123 1113.

SECTION 7

Cookies

We use cookies and similar technologies on our website for essential functions, analytics and, where you have consented, marketing. For full details of the cookies we use and how to manage them see our Cookie Policy at validat.co.uk/cookie-policy.

SECTION 8

Children

The Validat platform and website are not directed at individuals under the age of 18. Validat does not knowingly collect or process personal data relating to children. If you believe that personal data relating to a child has been submitted to the platform or website without proper authorisation please contact us at jigar@validat.co.uk and we will take appropriate steps to remove it.

SECTION 9

Updates to This Policy

We may update this policy from time to time to reflect changes in our services, legal requirements or best practice. Material changes will be communicated by email or notice on the website before taking effect. The "last updated" date at the top of this page will always reflect the current version.

SECTION 10

Contact Us.

Validat Limited, 39 Worple Way, Harrow, London HA2 9SN.
Data protection enquiries: jigar@validat.co.uk
General enquiries: marketing@validat.co.uk
Registered with the UK Information Commissioner under number ZB762127  

Get In Touch.

Connect with us to schedule a personalised demo of Validat. See firsthand how our fintech platform can transform your business operations and accelerate your growth.