0113 537 4042
Contact us
Sign in
Get a demo
0113 537 4042
Contact us
Sign in
Get a demo

SmartSearch Privacy Notice

Last updated 7th March 2025

This Privacy Notice provides information about how as a data controller we collect, use, store, process and share any personal data we collect from you directly or via a third party, it also describes how we in limited circumstances handle data from a data processor perspective. Please read this Privacy Notice carefully to understand how we treat your personal data, when you are using our website or our online services.

Corporate information of the SmartSearch Group

We are the SmartSearch Group (referred to as “we, “us”, “our” or “SmartSearch”):

  • SmartCredit Limited (company number 05534508), a company registered in England at Mayfield House Lower Railway Road Ilkley LS29 8FL; or
  • SmartSearch US, Inc (company number 803373572) a company registered in Delaware, United States.

What does the SmartSearch Group do?

SmartSearch provides anti-money laundering and identity verification solutions to companies who are SmartSearch’s customers (“Company”). Our services are intended for business users. They allow our customers via our web based platform to do business with their clients who may be individuals (“you” or “End User”) or companies and assist them in facilitating identity verification and anti money laundering documentation checks (“Verification Checks”).

In performing the Verification Checks, the Company will ask you for certain information in order for us to carry out the Verification Checks. This information will be shared with third party data providers (“Data Providers”) who will use it to prevent fraud and anti money laundering and verify your identity or documentation. We will then send a report detailing the results of the Verification Checks to the Company who will make a decision on how to proceed with you. For more information on how that Company will use and store your personal data please refer to the Company’s privacy notice.

SmartSearch’s commitment to data privacy

SmartSearch has implemented appropriate technical and organisational security measures in order to meet our commitment to protecting and respecting the personal data and privacy of individuals (referred to as “you”, “your” or “End User”). We are committed to our privacy obligations under the EU General Data Protection Regulation (“EU GDPR”), UK GDPR, US Privacy laws, the California Consumer Privacy Act (“CCPA”) as amended by the California Privacy Act (“CPRA”) and related privacy rules (“Data Protection Laws”). We are the data controller and/or processor as defined by UK GDPR.

Contents:

  • Who are we and how can you contact us?
  • What kinds of personal data do we collect, and how?
  • What do we use personal data for
  • What are our legal grounds for handling your personal data?
  • Who do we share your personal data with?
  • Where in the world is the personal data sent and stored?
  • For how long is my personal data retained?
  • Do we make automatic decisions about you or profile you using your personal data?
  • What rights do you have in relation to the personal data we hold about you?
  • Security
  • How do we process your biometric information?
  • Who can you complain to if you are unhappy about the use of your personal data?
  • Additional information for California residents
  • Changes to this Privacy Notice

Our website and online services are not intended for children and we do not knowingly collect data relating to children. In the limited circumstances where we collect and use personal information about children (for example because they are the children of a PEP) we will comply with industry guidelines and applicable laws.

1.HOW CAN YOU CONTACT US?


You can contact us about issues relating to your personal data, including the contents of this notice, by any of the following methods:

Post: F.A.O Data Protection Officer at either;

SmartCredit Limited, Mayfield House, Lower Railway Road, Ilkley, LS29 8FL; OR SmartSearch US Inc, 3300 North Triumph Boulevard, 1st Floor, Lehi, UT 84043.USA

Email: dpo@smartsearch.com

Telephone: 0113 238 7660 or +1 855 933 6265

2.WHAT KINDS OF PERSONAL DATA DO WE COLLECT, AND HOW?


We collect personal data about you for different purposes from your interactions with us, e.g. filling forms on the site or by corresponding with us (for example by email or chat) and from certain third parties and other sources (such as from publicly available sources where permissible). We have set out below the types of personal data we will collect:

If you are a website user:

  • Name and contact details; such as first and last name, email address, postal address, phone number and other similar contact data
  • IP address
  • Information about the device you are using to access our websites; such as the type of device, its operating system type, device ID, browser, and what cookies are on it
  • Information about your use of our websites; such as what pages you have visited and what content you have downloaded

If you are an End User:

  • Name and contact details; such as first and last name, email address, postal address, phone number
  • Personal identification numbers; such as your social security number or national insurance number.
  • Family circumstances information; your marital status and dependants if you are a PEP or a close associate of a PEP.
  • Employment or role details; for example the organisation you work for, public roles (including political, diplomatic, religious, judicial, military and trade union roles), your job title and education history.
  • Professional and personal affiliations; organisations and individuals that you may be associated with in your professional or personal capacity.
  • Financial information relevant to understanding your income or wealth; for example bank accounts, bankruptcy or insolvency fillings.
  • Your inclusion (if any) on sanctions lists or on public lists of disqualified directors or other positions of responsibility.
  • Public domain data about actual or alleged money laundering or terrorist financing crime.
  • Information about our dealings with you; such as what information we have sent you, who in our organisation knows you, and what meetings, events or webinars you have attended. It also includes your behaviour in response to our interactions with you, such as whether you have opened our emails, clicked on a link or watched a video.
  • Information including digital content uploaded via secure link that has been sent to you by the Company, photos (selfies and liveness checks for ID verification), documents (for document verification such as passports, driving licence, national ID card or residence permits).
  • Biometric data (special category data and sensitive personal information) comprising an electronic comparison of selfie and ID document photo, as further described in Section 11 below.

We may also receive information about you from third party service providers such as credit reference agencies, fraud detection agencies and registration or stockbroking industry exchanges. We may also receive personal data from third party social media services such as Google, LinkedIn and Facebook, or other commercially available sources. We do not control the information on you that such networks obtain, or the technology they use to do so. We may also record calls with you for quality and training purposes.

Some of the personal data we may collect about you may be classified as “special category data” or “sensitive personal information”, as defined in the Data Protection Laws. We will only collect and use this information if the Verification Check requires it and the Data Protection Laws allow us to do so and will take extra care with this data. We generally process special category data for reasons of substantial public interest on the basis of applicable law. Special categories of data reveal information about:

  • Physical and mental health;
  • Sexual orientation;
  • Racial or ethnic origin;
  • Political opinions;
  • Religious and/or philosophical beliefs;
  • Trade union memberships;
  • Criminal convictions and offences;
  • Genetic and biometric data (please see Section 11 below for further details);
  • Health data including gender.

The Company may request us to carry out the following Verification Checks, therefore the data that will be requested from you will depend upon the Verification Check we are asked to perform:

  • ID verification
  • Documentation verification (which may include NFC)
  • Mortality check
  • International PEP check
  • International sanctions check
  • Ultimate beneficial owner check

Collecting personal data as a data processor

We process personal data of our customers as a data processor without reviewing the content or origin of such personal data. We may collect, store and process such personal data on our customers’ behalf and at their direction. Our customers who use the services in this way are the data controllers and are responsible for obtaining consents and the privacy notice required for collection and use of such information.

Cookies and “Do Not Track” Signals

We use cookies and other/or tracking technologies to distinguish from other users of our sites and to remember your preferences. This help us to provide you with an optimum user experience when you browse our site and allows us to improve our site on an ongoing basis. For detailed information on the cookies we use, the purposes for which we use them and how you can exercise your choice regarding our use of your cookies, see our cookie policy.

Your browser may offer a “Do Not Track” (DNT) option, which generally signals to operators of websites that you do not wish your online activities to be tracked over time and across different websites. Since not all browsers offer DNT and currently there is no industry consensus as to what constitutes a DNT signal, we do not respond to DNT requests at this time.

3.WHAT DO WE USE YOUR PERSONAL DATA FOR?


This section explains the purposes for which we use your personal data.

Marketing

We use your personal data for marketing purposes. This includes informing you about products and services that we think may be of interest to you and providing you with related materials such as news items, whitepapers, case studies and blog posts, or in administering any prize draws that you are offered and elect to enter. We may contact you to ask you to confirm or update your choices, such as when there is a change in the law or the structure of our business. We might contact you for marketing purposes through various channels such as by email, telephone or post.

You can withdraw from marketing at any time by either using the relevant unsubscribe button in our emails, or by contacting us using the details above.

If you are an End User we will not send you any marketing communications of any kind.

Provision of services and customer support,

If you are a Company or a representative of a Company we use personal data for relationship management purposes. in accordance with the contract we have with you. This could include activities such as letting you know about product changes, changes to our products or terms, planned maintenance activity, contacting you with billing enquiries, inviting you to events and webinars, dealing with your enquiries, retaining records of your instructions and telephone calls, responding to any data rights you invoke, or asking you about what sorts of products you want us to develop.

End users

We may also share your personal information with third party service providers such as external open banking aggregators, credit reference and reporting providers to enable us to provide our services to the Companies (including but not necessarily limited to identity verification checks).

Monitoring and improving our websites

We use information such as how you navigate around our websites, how long you spend on particular pages, whether you download any of our content (including product brochures, white papers and so on), in order to help improve the user experience of our websites. We may also use this information to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you, which can be based on your activity on our websites. We can do this ourselves or appoint an agency to do this on our behalf.

To protect our rights

We may use your personal data as we believe to be necessary or appropriate in order to protect, enforce, or defend the legal rights, safety, or property of us, our employees, agents and contractors; protect against fraud and other unlawful activity; to comply with and enforce the law or legal process; or to respond to requests from public and government authorities, to the extent permitted by applicable law.

4. WHAT ARE OUR LEGAL GROUNDS FOR HANDLING YOUR PERSONAL DATA?


Under the Data Protection Laws, we must have a legal basis for using your personal data. The law allows the use of personal data where the processing is necessary for a legitimate interest pursued by us or a third party and this interest is not outweighed by the interests, fundamental rights or freedoms of data subjects.

 

This is commonly referred to as the ‘Legitimate Interests’ condition for personal data processing.

5.WHO DO WE SHARE THE INFORMATION WITH?


We may make your personal data available to third party services providers, who help us manage or provide our products and services. For example:

 

  • We might use a third party email transmission service in order to send you marketing emails;
  • Credit reference agencies; Fraud prevention agencies who will use your personal data to prevent fraud and money-laundering and to verify your identity; our data providers are Equifax, Experian, Trans Union, Dow Jones, TrustID, Ekata and LSEG. Please see their individual privacy polices that may apply to your data shared with them.
  • Companies who are carrying out Verification Checks on You may also have their own privacy notices providing information about how they process any personal data they hold about you. In such cases, please contact them for further information.
  • Our database of personal data may be held by third parties on our behalf;
  • Service providers acting as processors based in England & Wales to provide IT and system based administration services.
  • Hubspot, our current customer relationship management system. Please see their individual privacy polices that apply to your data shared with them.

These third party service providers are required to protect personal data entrusted to them and not use it for any other purpose than the specific service they are providing on our behalf.

In some circumstances, we may be legally required to share your personal data, for example if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.

We may also transfer your personal data to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation. At all times, we take steps to ensure your privacy rights continue to be protected as per this Privacy Notice.

6.WHERE IN THE WORLD IS THE INFORMATION SENT AND STORED?


Within Europe

We do business in in the United Kingdom and the United States and will normally access and use your information from the United Kingdom . We will store your personal data on secure servers in the United Kingdom , and will seek to protect your personal data by limiting access to your personal data to those employees, agents, contractors and other third parties with a legitimate need to know and ensure that they are subject to duties of confidentiality. We also have in place procedures for dealing with data breaches (the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, your personal data) including notifying you and/or the relevant data protection authority where we are legally required to do so.

If instances arise where we transfer your personal data to countries outside of the European Economic Area (“EEA”), we will take appropriate steps to ensure the personal data is afforded the same level of protection as described in this Privacy Notice. For example, we may rely on adequacy decisions or any adequate data transfer mechanisms adopted by the European Commission or a supervisory authority for transfers outside of the EEA.

7.FOR HOW LONG IS MY PERSONAL DATA RETAINED?


We store personal data only for as long as necessary to achieve the purposes described above and delete the data thereafter, but in any event upon expiration of the relevant statutory retention periods. For additional information about how we store your biometric information, please refer to Section 11 below.

8.DO WE MAKE AUTOMATIC DECISIONS ABOUT YOU OR PROFILE YOU USING YOUR PERSONAL DATA?


We use certain profiling techniques in order to help us to understand you and your needs. This in turn helps us to understand which products and services you might be interested in. We do not use automated decision-making or profiling to make any decisions about you.

  1. WHAT RIGHTS DO YOU HAVE IN RESPECT OF THE PERSONAL DATA THAT WE HOLD ABOUT YOU?

You may have different rights in relation to the personal data that we hold about you, depending on your location and jurisdiction of residence. Rights which may be available to you are briefly described below, please contact us for further information or if you’d like to exercise a right that applies to you .

 

Access

You have a right to find out what personal data we hold about you, and to a copy of any personal data processed about you.

Rectify

If you believe that the information that we hold about you is inaccurate, incomplete or out of date, you have a right to get it corrected.

Deletion

If you want us to delete your personal data, you can ask us to do so at any time. However, certain exclusions apply – where the processing is necessary for compliance with a legal obligation or to establish, exercise or defend legal claims.

Restriction

You can ask us to restrict our use of your personal data in some circumstances.

Object

You may request that we stop processing information about you. Sometimes we may be entitled to continue and/or to refuse your request.

Withdraw consent

In some circumstances you can withdraw your permission to our processing of your information. Sometimes we may continue to process your information if we have another legitimate reason for doing so. Where your consent is needed in connection with a Verification Check, then revocation of your consent could result in delays to the check being completed.

Portability

You have the right to ask us to provide your personal data to another data controller or third party service provider. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.

 

10.SECURITY


We use commercially reasonable and appropriate technical and organisational measure to protect your personal information against loss or unauthorized access, use, modification, or deletion. However, no security program is foolproof, and thus we cannot guarantee the absolute security of your personal information or other information.

11.HOW DO WE PROCESS YOUR BIOMETRIC INFORMATION?


This Section explains and describes when and how we collect, process and retain biometric or genetic information that is used to uniquely identify you (“Biometric Information”).

“Biometric Information” includes: (i) “Biometric Identifiers,” as defined under the Illinois Biometric Information Privacy Act, the Texas Capture or Use of Biometric Identifier Act, Wash. Rev. Code §19.375.010, or other applicable local, state, or federal laws (collectively, “U.S. Laws”); (ii) “biometric data” as defined in the CCPA, as amended by the CPRA; and (iii) “biometric data” as defined under EU GDPR and the UK GDPR.

Biometric Information includes data generated by measurements of your biological characteristics, such as your retina or iris scan, fingerprint, voiceprint, or a scan of the geometry of your hand or face, and information based on these that can be used to identify you.

We may process the following kinds of Biometric Information:

  • Photographic data from which in the form of a selfie or an ID document photo from which a geometrical comparison of your facial biometrics can be extracted
  • A numerical representation of your facial geometry

Depending on the Verification Check we have been asked to perform by a Company, we may engage select service providers to generate or otherwise process your Biometric Information on our behalf, including in order to generate an electronic comparison.

We process Biometric Information for the following specific purposes:

  • To verify your identity
  • To assist the Company in complying with its legal and regulatory obligations
  • To prevent fraud or identity theft
  • To assist with sanctions compliance
  • To meet anti-money laundering and anti-terrorist financing obligations

We do not sell, lease, or trade your Biometric Information.

We generally only retain Biometric Information that we collect or process for a maximum of 30 days, at which time it is permanently deleted. Our service providers do not store any Biometric Information beyond this period.

12.WHO CAN YOU COMPLAIN TO IF YOU ARE UNHAPPY ABOUT THE USE OF YOUR PERSONAL DATA?


We try to ensure that we deliver the best levels of customer service but if you are not happy you should make contact with us in the first instance so that we can investigate your concerns. Please contact us using these details:

  • Post: SmartCredit Limited, Mayfield House, Lower Railway Road, Ilkley, LS29 8FL; OR
  • SmartSearch US Inc, 3300 North Triumph Boulevard, 1st Floor, Lehi, UT 84043.USA
  • Email: dpo@smartsearch.com
  • Telephone: 0113 238 7660, +1 855 933 6265

You also have the right to lodge a complaint with the relevant data protection authority. In the UK you can do this online through the ICO’s website at www.ico.org.uk or by telephone on 0303 123 1113, or by writing to them at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF..

13.ADDITIONAL INFORMATION FOR CALIFORNIA STATE RESIDENTS


This section describes our collection, use, disclosure, sale, and sharing of the personal information of California residents. In this section, the terms “sell”, “share”, “business purpose” and “personal information” are defined by the California Consumer Privacy Act (the “CCPA”) and the California Privacy Rights Act (“CPRA”).

Section 9 above contains information on the rights you may have as a California resident. If you wish to exercise your rights, you may do so by getting in touch with us using the contact information made available in Section 12.

Your personal information is collected directly from interactions with end users and website visitors and from certain third parties and other sources (such as from publicly available sources where permissible). Third party sources include service providers such as credit reference agencies, fraud detection agencies and registration or stockbroking industry exchanges, as well as social media services such as Google, LinkedIn and Facebook, or other commercially available sources. A full list of the categories of personal information and sensitive information that we process can be found in Section 2 and Section 11 above.

The personal information of California residents is only processed for the following business purposes:

  • Helping to ensure security and integrity to the extent the use of the consumer’s personal information is reasonably necessary and proportionate for these purposes.
  • Debugging to identify and repair errors that impair existing intended functionality.
  • Short-term, transient use, including, but not limited to, non-personalized advertising shown as part of a consumer’s current interaction with the business, provided that the consumer’s personal information is not disclosed to another third party and is not used to build a profile about the consumer or otherwise alter the consumer’s experience outside the current interaction with the business.
  • Performing services on behalf of the business, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on behalf of the business.

We do not sell or share the personal information of any California resident.

14.CHANGES TO THIS PRIVACY NOTICE


We review our use of your personal data regularly. In doing so, we can change what personal data we collect, how we keep it and what we do with it. As a result, we may change this Privacy Notice from time to time to keep it relevant and up to date.

Any changes will be immediately posted on our websites and we recommend that you check this page regularly to keep up to date. This Privacy Notice was last updated on 7th March 2025.