Privacy Policy
Last updated: 7 May 2025
1. Who We Are
BankSearch Information Consultancy Ltd ("BankSearch", "we", "us").
Our “Services” include all software-as-a-service (SaaS) platforms, systems, tools, websites, and applications provided by us. These currently include, but are not limited to, the BankSearch CRM, BankSearch BI data platform, Transactional Reporting System, Data Capture System and Interactive Database.
We are an UK-registered limited company with the following details:
- Registered address: 1 Violet Close, Rugby, CV23 0UD, United Kingdom.
- Company Registration Number:3955592
- ICO Registration: Z9091834
- VAT Number: GB753753021
For any questions about this policy, or to exercise your personal data protection rights, you can contact our Data Protection Officer:
- Data Protection Contact: privacy@banksearch-consultancy.com
Please note: This Privacy Policy applies to all of our Services. Accessing or using our Services does not grant any rights to use other parts of our platform ecosystem. Each Service is subject to its own terms of service or subscription agreement, which govern usage, access rights, and account obligations. For more information, please refer to our {Customer Terms of Service}.
2. Our Roles
- Controller – when we process personal data for our own purposes (e.g. website analytics, marketing, CRM account administration, BankSearch BI enrichment).
- Processor – when we host or process Customer Data inside our Services such as BankSearch CRM on behalf of a customer (who remains the Controller). See our {Data Processing Agreement}.
3. What Personal Data We Collect
3.1 Personal Data you provide directly
Names, job titles, business contact details, support tickets, demo requests, survey responses.
3.2 Personal Data we collect automatically
IP address, device/browser metadata, usage logs across our Services, web pages that you have visited.
3.3 Public/open data enrichment
We supplement customer data with information derived from publicly accessible datasets and registries, including but not limited to government publications, public filings, open data platforms, and online content, including social media and other websites.
3.4 Advertising leads (client context)
When individuals respond to customer run ads (e.g. Facebook Lead Ads) their details may be routed into our Services such as BankSearch CRM. In that scenario BankSearch acts solely as Processor. This means that BankSearch does not collect or control this personal data—our customer is responsible for how it is obtained and used, and we simply process it on their behalf.
4. How & Why, We Use Personal Data
| Purpose | Lawful basis (UK GDPR) | Notes |
|---|---|---|
| Provide and support the Services, e.g. BankSearch CRM | Contract (Art 6 (1)(b)) | Account setup, user authentication, customer support. |
| Service improvement & analytics | Legitimate interests (Art 6 (1)(f)) | Aggregated usage metrics, feature usage. |
| Direct marketing to business contacts | Consent (PECR + Art 6 (1)(a)) OR Legitimate interests (soft opt-in) | We send product updates and event invites; unsubscribe anytime. |
| Legal & security obligations | Legal obligation (Art 6 (1)(c)) | Fraud prevention, statutory reporting. |
5. Cookies & Similar Tech
We use cookies for login, analytics and preference storage. See our separate {Cookie Policy} which complies with PECR (Privacy and Electronic Communications Regulation) and uses a consent management banner.
6. Personal Data Sharing
- Sub Processors – listed at {/legal/subprocessors} (15-day advance notice of changes).
- Service providers – email delivery, monitoring, penetration test partners.
- Public authorities or regulator – only where required by law or court order.
7. International Transfers
Personal data may be processed outside the UK by vetted Sub Processors under UK IDTA or SCCs + Addendum. Details appear in the Sub Processor list.
8. Retention & Deletion
- Personal data – retained for the duration of the Subscription Term. Upon termination, personal data is deleted or returned within 30 days in accordance with DPA §10 (Data Processing Agreement).
- Website analytics – retained only as long as necessary for reporting and optimisation. Where Google Analytics is used, personal data is retained for a maximum of 26 months, after which it is automatically deleted in line with Google’s default settings (source).
- Marketing contact lists – retained until you withdraw consent or object to processing, in accordance with applicable personal data protection laws.
9. Security
Encryption (TLS 1.2+/AES256), MFA, role-based access, periodic CREST pen tests. Full security controls are detailed in our Security Overview, which is available upon request.
10. Your Rights (UK GDPR & PDPL)
- Access
- Rectification
- Erasure
- Restriction
- Portability
- Objection
- Withdraw consent
Submit requests to privacy@banksearch-consultancy.com. If we are acting only as Processor, we will relay your request to the relevant Customer Controller.
11. Complaints
UK: ICO (ico.org.uk)
KSA: SDAIA (sdaia.gov.sa).
We would appreciate the chance to resolve any concerns first.
12. Changes to This Policy
We may revise this Privacy Policy from time to time. Material changes take effect 15 days after posting here and we may notify users by email or in-app message.