Privacy Policy

Effective Date: 1st August 2024

Last Updated: 31st January 2025

1. Introduction

Desk 123 Limited (“we,” “our,” or “us”) is committed to protecting your privacy and ensuring compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and Anti-Money Laundering (AML) regulations. This Privacy Policy explains how we collect, use, disclose, and protect your personal data.

By using our website www.desk123.co.uk and services, you consent to the collection and use of your data as outlined in this policy. If you do not agree, please do not use our website or services.

2. Legal Basis for Processing Personal Data (GDPR Compliance)

Under GDPR, we process personal data based on the following legal grounds:

• Contractual necessity – When processing is required to provide our services.
• Legal obligations – When required to comply with AML regulations, tax laws, or other legal requirements.
• Legitimate interests – When processing is necessary for fraud prevention, security, or business analytics.
• Consent – When you provide explicit consent for specific data processing activities (e.g., marketing emails).

You have the right to withdraw consent at any time where processing is based on consent.

3. Information We Collect

We may collect the following types of data:

3.1 Personal Data

• Name
• Email address
• Phone number
• Address
• Payment information (processed securely via third-party payment processors)
• Government-issued identification (e.g., passport, driver’s license) for AML compliance
• Financial transaction history (where required by AML laws)

3.2 Non-Personal Data

• IP address
• Device type
• Browser type and version
• Website activity and usage data

3.3 Cookies and Tracking Technologies

We use cookies for analytics, security, and user experience improvement. You can manage cookie settings via your browser.

4. AML Compliance and Data Collection

As part of our Anti-Money Laundering (AML) compliance obligations, we may be required to collect and verify personal data, including:

• Identity verification documents (e.g., passport, national ID, or utility bills)
• Financial transaction history and payment details
• Information related to the source of funds (where applicable)

This data is processed in accordance with AML laws and may be shared with regulatory authorities if required.

5. How We Use Your Data

We process your data for the following purposes:

• Service Delivery: To provide, manage, and improve our services.
• AML Compliance: To verify your identity and comply with financial regulations.
• Fraud Prevention & Security: To detect and prevent fraudulent or illegal activities.
• Legal Obligations: To comply with laws, court orders, or regulatory requirements.
• Marketing & Communication: To send updates, promotions, or service notifications (with your consent).

6. Data Sharing and Disclosure

We do not sell or rent personal data. However, we may share your information with:

• Regulatory Authorities: If required under AML laws, tax regulations, or legal processes.
• Service Providers: Third-party partners for hosting, payment processing, analytics, and security.
• Business Transfers: In case of a merger, acquisition, or restructuring.

All third-party partners are contractually obligated to comply with data protection laws.

7. Data Retention Policy

We retain personal data only as long as necessary for the purposes outlined in this policy or as required by AML regulations.

• Transactional and AML-related data: Retained for [e.g., 5–10 years] as required by financial laws.
• General account data: Retained until you request deletion or close your account.

When data is no longer required, it is securely deleted or anonymised.

8. Your GDPR Rights

As a data subject under GDPR, you have the following rights:

• Right to Access – Request a copy of your personal data.
• Right to Rectification – Request correction of inaccurate or incomplete data.
• Right to Erasure (“Right to Be Forgotten”) – Request deletion of your data (subject to legal obligations).
• Right to Restrict Processing – Request limitation on data processing under certain conditions.
• Right to Data Portability – Receive your data in a structured format for transfer to another provider.
• Right to Object – Object to processing based on legitimate interests or for marketing purposes.
• Right to Lodge a Complaint – File a complaint with your local data protection authority.

To exercise your rights, contact us at [email protected].

9. Data Security

We implement technical and organisational security measures to protect your data, including:

• Encryption of sensitive information
• Secure access controls and authentication measures
• Regular security audits and risk assessments

Despite these measures, no system is 100% secure, and we cannot guarantee absolute protection.

10. International Data Transfers

If your data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards, such as:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data Protection Agreements (DPAs) with third-party service providers
• Adequacy Decisions if the destination country meets EU data protection standards

11. Third-Party Links

Our website may contain links to third-party sites. We are not responsible for their privacy policies. Please review their terms before sharing any personal data.

12. Children’s Privacy

Our services are not intended for children under 13 years old (or 16 years old under GDPR). We do not knowingly collect data from minors. If you believe a child has provided us with personal data, contact us to request its deletion.

13. Updates to This Policy

We may update this Privacy Policy periodically. Any changes will be posted with a revised “Last Updated” date. Continued use of our services after changes take effect constitutes acceptance of the revised policy.

14. Contact Us

If you have questions, contact us:

The Data Controller
[email protected]
Desk 123 Limited
Halifax House
93-101 Bridge Street
Manchester
M3 2GX