Introduction
CipherForest Ltd ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website and services. We are the data controller for the personal data we process about you.
Data We Collect
We collect various types of personal data to provide and improve our financial services. The data we collect includes:
Information You Provide Directly
- Contact Information: Name, email address, phone number, postal address
- Financial Information: Income details, tax residency, banking information, investment preferences
- Professional Information: Employment details, business information, nomadic lifestyle patterns
- Communication Records: Correspondence via email, phone, or our contact forms
- Service Preferences: Your preferences for our financial services and communication
Information Collected Automatically
- Website Usage Data: IP address, browser type, device information, pages visited
- Cookies and Tracking: Information collected through cookies and similar technologies
- Analytics Data: Website performance and user interaction data
How We Use Your Information
We process your personal data for various legitimate purposes related to providing financial services. How we use your information depends on the services you use and your relationship with us:
Service Provision
- Providing financial planning and advisory services
- Processing and responding to your enquiries
- Managing your account and client relationship
- Conducting financial assessments and recommendations
- Facilitating international banking and tax planning services
Legal and Regulatory Compliance
- Complying with financial services regulations
- Meeting anti-money laundering and know-your-customer requirements
- Maintaining records as required by law
- Reporting to regulatory authorities when necessary
Communication and Marketing
- Sending service-related communications
- Providing updates about our services (with your consent)
- Responding to your questions and support requests
- Sending newsletters and educational content (where you've opted in)
Cookies and Tracking Technologies
We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner or by visiting our cookie policy page.
Legal Basis for Processing
Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:
- Contractual Necessity: To perform our financial services contract with you
- Legitimate Interests: To improve our services and website functionality
- Legal Obligation: To comply with financial regulations and legal requirements
- Consent: For marketing communications and certain cookies (where required)
Data Sharing and Third Parties
We may share your personal data with trusted third parties in the following circumstances:
- Service Providers: Professional partners who assist in delivering our services
- Financial Institutions: Banks and investment platforms (with your consent)
- Regulatory Bodies: When required by law or regulation
- Legal Advisors: Professional advisors bound by confidentiality
We never sell your personal data to third parties for marketing purposes.
International Data Transfers
As we serve digital nomads globally, your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place, including:
- European Commission adequacy decisions
- Standard contractual clauses approved by the European Commission
- Other legally recognised transfer mechanisms
Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including:
- Client Records: 7 years after the end of our professional relationship (as required by financial regulations)
- Marketing Data: Until you withdraw consent or request deletion
- Website Analytics: Typically 26 months for Google Analytics data
- Communication Records: 3 years for general enquiries, longer for client communications
Your Rights
Under GDPR and UK data protection law, you have the following rights regarding your personal data:
- Right of Access: Request a copy of the personal data we hold about you
- Right to Rectification: Request correction of inaccurate or incomplete data
- Right to Erasure: Request deletion of your personal data in certain circumstances
- Right to Restrict Processing: Request limitation of how we process your data
- Right to Data Portability: Request transfer of your data to another service provider
- Right to Object: Object to processing based on legitimate interests or for marketing purposes
- Rights Related to Automated Decision-Making: Protection against purely automated decisions
To exercise any of these rights, please contact us using the contact information below.
Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Our security measures include:
- Encryption of data in transit and at rest
- Regular security assessments and updates
- Access controls and staff training
- Secure data centres and backup systems
- Regular monitoring for security breaches
Children's Privacy
Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children under 18. If we become aware that we have collected personal data from a child under 18, we will take steps to delete such information promptly.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date. For significant changes, we may also notify you via email.
Contact Information
If you have any questions about this Privacy Policy or our data processing practices, or if you wish to exercise your rights, please contact us:
Complaints
If you believe we have not handled your personal data in accordance with this policy or data protection law, you have the right to lodge a complaint with the relevant supervisory authority:
We encourage you to contact us first so we can address your concerns directly.