Privacy notice
Last updated: 1st June 2025
The protection of your personal information is of paramount importance to us. We want to ensure that You, our Customer, potential Customer or member of the public, understand what we do with your personal information once you have provided it to us or provide it to us through receiving services from our Customers, and why, once we hold it, we handle it in that way.
This notice provides you information concerning the data we collect, we process and the rights you have under applicable law.
We are a group of companies known as the Dahts Group, made up of Dahts Financial Ltd and Dahts Compliance and Technology SRL, which are the companies with whom you contract or interact when you become our customer, become our Customer’s customer or you make enquiries and we are responsible for looking after the personal information that you provide to us.
These companies are referred to under data protection laws as the “Data Controller” or “Data Processor” – depending on the scenario in which we receive your data. For more information about each Data Controller or Data Processors please see further information in the sections below.
As a compliance services provider we offer a variety of compliance solutions through our platform, which you can access through our website (www.dahts.com). We work for companies with regulatory licences that are required to adhere to high standards of data protection, regulations in the EU and UK governing the processing of personal data and guidance from data protection authorities such as the European Banking Association (amongst others).
Our experience enables us to provide our services to customers like you, while giving you assurances that we operate with utmost integrity. We are registered with the data protection regulators of the UK (the Information Commissioner’s Office (ICO)).
We have to adhere to many rules and regulations, to ensure that your rights are protected and that we’re doing the right thing by you and the right thing by clients of our Customers.
Regardless of whether you are a direct client, prospective client, employee or another (i.e. a client of our Customers), we protect your personal information in the same way and in the same sense of fairness and having been provided consent to do so.
2. Personal Information Collection
We collect your personal information to provide you with our services or as part of services we provide to others. There are certain pieces of information that we need from you to allow us to carry out those services or where we provide services to others. More specifically, to give effect to the above, we also collect, use and store your information for the following purposes:
To provide you with our Services, verify your identity, improve, personalise and facilitate your use of our Services;
To measure, customise, and enhance our Services, including the design, content, and functionality of the Website of our Services;
To improve our customer services, track and analyse trends and service usage of our Services;
To send periodic emails, news, and information, or to conduct surveys and collect feedback about our Services;
To communicate with you about products, services, contests, promotions, discounts and incentives about our Services;
To administer our internal information processing and other IT systems, protect our rights or property, or the security or integrity of our Services;
To operate our Website and Services, including to ensure its security;
To maintain back-ups of our databases and to keep the records in accordance with our internal policies and procedures and the applicable law;
To communicate with you, including to deliver the information and support you request, including technical notices, security alerts, and support and administrative messages, to resolve disputes, collect fees, and provide assistance with any issues you may have;
To comply with applicable laws and regulations, and to establish or defend against legal claims;
To obtain or maintain insurance coverage, to manage risks, or obtain professional advice;
To comply with our obligations either required by law or by written agreements with third parties;
To enforce the provisions of our Terms of Service or other applicable agreements or policies;
To investigate, detect, and prevent fraud, security breaches, and other potentially prohibited or illegal activities;
To process your transactions on behalf of our Customers;
To verify your identity, for example, when we request government - issued identification numbers on behalf of our Customers; and
To improve, personalise and facilitate your use of services provided by our Customers - for example, when you sign up for an account with one of our Customers, we may associate certain information with your new account, such as information about prior transactions you made.
We collect your personal information either directly from you when you register with us or from our Customers or third party verification services when providing services to our Customers.
4. Personal Information Collected
Your personal information that we collect, store and use may be any of the following:
Identification information, such as your name, email address, home address, phone number, and date of birth, along with identification details of documents confirming your ID and home address;
Financial information, including bank account, payment card numbers and bank statements;
As part of services provided to you by our Customers, information about when and where your transactions occur, the names of the transacting parties, a description of the transactions, the payment or transfer amounts, billing and shipping information, and the devices and payment methods used to complete the transactions;
Information about the location and specifics of your device, including your hardware model, operating system and version, unique device identifier, mobile network information, and information about the device’s interaction with our services. We may also identify other software running on the device for anti-fraud and malware-prevention purposes (but will not collect any content from such software);
Information about how you use our services, including your access time, browser type and language and Internet Protocol (IP) address;
Information about you from third parties, including third-party verification services, credit bureaus, mailing list providers, and publicly available sources (where lawful, this information may include your government-issued identification number);
Information collected by cookies and web beacons (defined below), including using web beacons and sending cookies to your device (for more information on this please see our Cookies Policy)
Pictures of your ID, utility bills, and other documents as may be requested by us;
Your employment information;
Information contained in or relating to any communication that you send to us with or without our request, including the communication content and metadata (meaning records) associated with the communication;
Other information you provide when you participate in contests or promotions offered by us or our partners, respond to our surveys or communicate with us.
5. Applicable Law and Regulations
Under applicable law (ie: the UK General Data Protection Regulation 2021 (“GDPR”), and the Data Protection Act 2018 (“DPAs”)), together with all other applicable legislation and guidance relating to privacy or data protection that we are required to abide by), we must be able to justify why we’re allowed to process your personal information, and we must inform you about the lawful bases (i.e. the reasons allowed under the legislation for us to be able to process your personal information). Accordingly, we rely on the following lawful bases for processing your information:
Your consent. We may process your personal information with your consent, and you’re able to remove your consent at any time by contacting us on: legal@dahts.com;
A legal obligation. Where we have a legal obligation to keep your personal information to comply with applicable law or regulation. For example, if we’re asked to keep your personal information we will have to do so, otherwise we would be in breach of the law;
A contractual obligation. As mentioned, sometimes we may have contracts with our Customer who provides you with services and requires us to process your personal information on their behalf. Those contracts ensure that we process and hold your personal information in a lawful way on behalf of our Customer. Our Customer’s contracts will make reference to us as a Data Processor of your personal data as part of the service provided to you when you enter into that contract. In addition we must also comply with our legal contract with direct customers under our Terms of Service including complying with your wishes in relation to your rights; and
We have a legitimate interest. Where we have a legitimate business interest in processing your personal information, we’ll not seek your consent, but only to the extent that it does not affect your interests and fundamental rights and freedoms. Legitimate interests include our fulfilment of contracts with our clients, our fulfilment of the services that you may ask us to undertake for you, for public interest purposes including detection and prevention of money laundering and terrorist financing, investigations or to defend against legal claims.
6. Sharing Personal Information
We may share your personal information with third party organisations that help us to provide our services to you. Any organisation that receives or has access to your personal information is required to protect it, and may use it only to carry out the services they are performing for you or for Dahts, unless otherwise required or permitted by law.
We may share your personal information with:
Our suppliers or subcontractors as reasonably necessary for providing our services to you. For a list of our subcontractors, please contact legal@dahts.com;
Our suppliers who verify your identity for us. This helps us protect your account and ensures we comply with various laws. To verify you, we may capture your facial scan images and process your biometric identifiers
Our payment services providers as necessary for processing and refunding your payments, dealing with complaints and queries relating to such payments;
Our partners, governmental bodies and regulatory authorities, judicial bodies, our associates, agents, attorneys or other representatives for compliance with our legal obligations, to establish or defend against legal claims;
Our group companies, including our affiliates, for rendering our services, compliance with applicable laws and improving the quality of our services;
Our business partners that run advertising campaigns, contests, special offers, or other events or activities in connection with our services;
Other users of our services with whom you interact through your own use of our services (for example, in instances where you make a transaction);
Other users of our Services, who have you in their phone contacts list, so they may see that you are using our services;
Credit reference agencies and fraud prevention agencies, including the TransUnion Group of Companies - please refer to the TransUnion Privacy Notice for further information
6. Sharing Personal Information
We may share your personal information with third party organisations that help us to provide our services to you or our Customer’s services to you. Any organisation, like us, that receives or has access to your personal information is required to protect it, and may use it only to carry out the services they are performing for you or for Dahts, unless otherwise required or permitted by law.
We may share your personal information with:
Our suppliers or subcontractors as reasonably necessary for providing our services to you. For a list of our subcontractors, please contact legal@dahts.com;
Our suppliers who verify your identity for us. This helps us protect your account and ensures we comply with various laws. To verify you, we may capture your facial scan images and process your biometric identifiers;
Our compliance services providers as necessary for providing services to you, dealing with complaints and queries relating to such services;
Our partners, governmental bodies and regulatory authorities, judicial bodies, our associates, agents, attorneys or other representatives for compliance with our legal obligations, to establish or defend against legal claims;
Our group companies, including our affiliates, for rendering our services, compliance with applicable laws and improving the quality of our services;
Our business partners that run advertising campaigns, contests, special offers, or other events or activities in connection with our services;
Other users of our services with whom you interact through your own use of our services;
Other users of our Services, who have you in their phone contacts list, so they may see that you are using our services;
Credit reference agencies and fraud prevention agencies.
As Dahts is an organisation with presence, clients and suppliers internationally. As such we will process, transfer and store your personal information outside the UK and EU/EEA. The EEA includes all the countries in the European Union plus Iceland, Norway and Liechtenstein.
Where your personal information is transferred to external countries or parties in external countries, we’ll always take reasonable steps to ensure that third party data privacy policies meet EU legislation and we have approved contractual provisions in place with those external parties to ensure as far as we can that your personal information is protected.
The infrastructure supporting our services is hosted within the UK and European Economic Area (EEA) using Microsoft. This ensures data residency and compliance with applicable regulations. The UK and EU laws provide strict requirements and strong protection of confidentiality of your personal information at the level no less beneficial for you than the level provided by the UK GDPR and GDPR. In addition, each transfer is protected by appropriate safeguards of the relevant legally binding obligations of the hosting facilities’ entity to protect and handle your information in accordance with this Notice, and the UK GDPR and GDPR.
Our primary operating subsidiary for service delivery is Dahts Compliance and Technology SRL, a company incorporated in the Republic of Moldova. We’ll transfer your information to our subsidiary solely for the purposes of providing our services to you and only on a “as need to know” basis. Each transfer will be protected by appropriate safeguards of the relevant legally binding obligations of that external party to protect and handle your personal information in accordance with this Notice, and the pertinent data protection laws we adhere to.
You should also be aware that certain third-party service providers, may also be located or have facilities that are located outside the UK/EEA. As such, when you are provided services it is very possible that we may obtain the assistance of a third party provider outside the UK/EEA, and in this case your personal information may become subject to the laws of the jurisdiction(s) in which that service provider’s facilities are located.
We will only transfer your personal information to countries with adequate data protection laws that have similar safeguarding provisions as those of the UK GDPR and GDPR, or in the alternative, we safeguard your data through contracts binding third party service providers outside the UK/EEA to the same or similar strict data protection safeguarding provisions as those we adhere to, including standardized contract clauses between entities as approved by the European Banking Authority.
We may allow third party service providers to deliver content and advertisements in connection with our services and to provide anonymous site metrics and other analytics services. These third parties may use cookies, web beacons, and other technologies to collect information, such as your IP address, identifiers associated with your device, other applications on your device, the browsers you use to access our services, webpages viewed, time spent on webpages, links clicked, and conversion information (such as transactions entered).
This information may be used by us and third-party service providers on our behalf to analyse and track usage of our services, determine the popularity of certain content, deliver advertising and content targeted to your interests, and better understand how you use our services. The third-party service providers we engage are bound by confidentiality obligations and applicable laws with respect to their use and collection of your personal information.
This Notice does not apply to third-party cookies, web beacons, or other tracking technologies, which are covered by such third parties’ privacy policies.
8. Opt-out and Deactivation Options
We may retain archived copies of the information and any services in which you may have participated for a period of time that is consistent with applicable law, or as we believe is reasonably necessary to comply with applicable law, regulation, or legal process, to prevent fraud, to collect fees owed, to resolve disputes, to address problems with our services, to assist with investigations, to enforce our Terms of Service, those of our Customers or other applicable agreements or policies, or to take any other actions consistent with applicable law.
If you do not consent to collection of the device location information, you may be unable to use some of our services or services provided by our Customers. You can stop collection of location information at any time by changing the preferences on your mobile device. If you do so, some of those mobile applications will no longer function.
Some of the cookies we use are stored on your device by us, while others may be stored on your device by third parties who we deliver services for or who deliver on our behalf. Most web and mobile device browsers are set to automatically accept cookies by default. However, you can change your browser settings to prevent automatic acceptance of cookies, or to notify you each time a cookie is stored on your device.
You may opt out of receiving promotional messages from us by following the instructions in those messages. If you decide to opt out, we may still send you non-promotional communications such as service messages, including digital receipts and updates about the services being provided.
9. Protection of Personal Information
We take reasonable measures, including administrative, technical, and physical safeguards (which are subject to periodic changes), to protect your information from loss, theft, misuse, and unauthorised access, disclosure, alteration, and destruction. We hold the information at our own premises with the assistance of third-party service providers, or outside our own premises in data hosting facilities where your personal information is encrypted for security. We restrict the access of your personal information to our employees, contractors, and agents who need to know that information to transmit, store, or process it, and these individuals are subject to contractual confidentiality obligations consistent with this Notice, and may be disciplined or terminated if they fail to meet these obligations.
Our third-party service providers store and transmit personal information in compliance with this Notice and other appropriate confidentiality and security measures.
We’ll hold your personal information for the period in which your account is active. We also hold your information for seven years from the date of your last use of our services, unless otherwise required by applicable law. We do not retain or store your bank card or bank account information unless we’re legally required to do so. We may, however, have to retain your personal information where this is necessary to comply with our legal obligations, for anti-fraud protection purposes, to establish or defend against legal claims, and to protect your vital interests or the vital interests of another person.
It is your personal information and therefore you are in control of what happens to it. You have a number of rights (listed below), and to exercise them you only need to ask us to deal with your request (which we must and will do within 30 days).
Here are your rights and how we handle your request(s):
Right to information: You may ask us for details of the personal information we hold about you. You can request details of the purpose of the processing of your personal information, details of the types of personal information we hold about you, and details of precisely whom we have shared your information with. If we receive a request from you to provide you with this information, we’ll do so to the extent permitted by law;
Right of access: You may ask us for access to your personal information. If we receive a request from you for such access, we’ll provide you with the same to the extent permitted by law;
Right to rectification: You may ask us to rectify any inaccurate or incomplete personal information we may hold about you. If we receive a rectification request from you, we’ll update our records so that they reflect the new personal information you provide to us;
Right to erasure: You may ask us to delete your personal information, or to restrict or object to how your personal information is being used. Due to our operational systems and the manner in which we store your personal information, the way in which we observe your right to erasure is not to erase it but instead to anonymise it. This means that your personal information will not be identifiable as belonging to you or in any way link back to you, and it will not be accessible to anybody in our business save as to designated members of our information security team who are under strict confidentiality obligations. We also make the personal information redundant so that it cannot be revived. We want to reassure you that this mechanism means that effectively your personal information is as good as deleted. There may be instances where we’re not allowed to anonymise your personal information, and we must keep it in a ‘live’ state. These instances include the preservation of records for the purposes of internal and external fraud investigations, to observe laws that we must adhere to requiring us to preserve your personal information for purposes of safeguarding financial records, anti-money laundering and anti-bribery and corruption, to establish or defend against legal claims, and to meet our contractual obligations with our clients (in cases where they provide you their services). If we receive an erasure request from you, we’ll action your wishes as described above;
Right to restriction of processing: You have the right to ask us to restrict the processing of your personal information (for instance, to process your information only to provide our services to you and nothing else such as marketing activities). If we receive a restriction request from you, we’ll restrict the processing of your personal information to determined categories agreed by you;
Right to data portability: You have the right to receive your information in a structured machine- readable format (for instance in a pdf or excel document) (data portability in tech terms), which will enable you to for instance migrate your personal information elsewhere. If we receive a data portability request from you, we’ll send you all the personal information that we hold on you;
Right to object: You may object to us processing your personal information in certain circumstances. This includes your right to object to us processing your personal information for direct marketing purposes. If you let us know that you object to us processing your personal information, we’ll action your request insofar as we’re able to do so. To provide our core services to you, we may be unable to observe your request due to the way our systems operate, but where this is the case, you can exercise any of your other rights as you consider appropriate;
Right to avoid automated decision-making including profiling: You may request for your personal information to not be subject to automated decision-making (that is, processed without any human involvement), or for your personal information not to be subject to profiling (for instance, automated processing to digitally deduce your online choices and preferences) where such activity has significantly affects you. If we receive a request from you asking for your personal information to not be subject to profiling for example, we’ll adhere to this by ensuring that you’re removed from lists where such profiling occurs; and
Right to withdraw consent: We’ll only process your personal information where we have been given permission by you (by virtue of you directly registering with us and enabling you to make use of our services) or by consent of our Customers that provide services to you. You have the right to withdraw consent at any time. If we receive a communication from you withdrawing your consent, we’ll cease the processing of your personal information. The exception to this is in instances where we’re obliged to keep your information to comply with a legal obligation, or to establish or defend against legal claims.
You may exercise any of the rights listed above or ask any questions or ask us to address any concerns you might have by sending an email to us at the following email address: legal@dahts.com.
Please note that Dahts have a Data Protection Officer whose responsibility is to ensure the efficient and proper legal handling of your concern, and who is supported by a team handling data protection matters. You can reach our Data Protection Officer by sending an email to legal@dahts.com, marked for the attention of the ‘Data Protection Officer’.
If you wish to correspond by post please send your correspondence to: Dahts Financial Ltd 20 Wenlock Road, London, England, N1 7GU.
If we do not resolve your concern to your satisfaction, you have the right to complain to the data protection regulator (www.ico.org.uk).
The company that is responsible for looking after the personal information that you provide to us is Dahts Financial Ltd.
This Notice and future amendments of this Notice is effective from 01 June 2025. We may periodically update this Notice and encourage you to check here regularly for the most up-to-date version.