Privacy Policy

Our Privacy Policy describes how Firmcheck collects, uses, and shares your personal information.

Last updated: 8 February 2024

This privacy policy applies to Firmcheck Limited (company number 11997004), a company registered in London, England, and any entities that it owns or controls (we, us, our and Firmcheck).

It describes how we collect, process, dispose of and protect information that relates to an identified or identifiable individual across our Website and Service (Personal Information).  If an individual can’t be identified (for example, when Personal Information is aggregated and anonymised) then the information is not Personal Information and this privacy policy doesn’t apply.

Unless a term has been defined in this privacy policy, it uses the same definitions as those used in our Terms of Service.

We take privacy seriously. When handling Personal Information, we will comply with Applicable Privacy Laws, including (as applicable) the UK Data Protection Act 2018 (DPA) and the United Kingdom General Data Protection Regulation (UK GDPR), and the General Data Protection Regulation (EU) 2016/679 (EU GDPR).


Firmcheck is a company headquartered in London, England, and has a New Zealand-based parent company: Connectworks Limited.

🇬🇧 UK Company Number: 11997004
🇳🇿 NZ Company Number: 3933219

The name and contact details of our Data Protection Officer (DPO) for the purposes of the GDPR, UK GDPR, and NZ Privacy Act are:

Matt Barnett


We collect your Personal Information in a number of ways when you use the Website or Service. These can broadly be categorised as follows:

Information that comes directly from you. This is the Personal Information about you that you enter into the Website or Service yourself, such as your date of birth, email address and other contact details, including any Personal Information you provide through the registration or subscription process, through any contact with us (e.g. Website enquiry form or email) or when you use the Service. If you don’t want to provide your Personal Information, you don’t have to, but it may restrict the function of some parts of the Website or Service.

Information we receive from third parties. As a service for managing multi-party clients, it is likely that at least some of the Personal Information about you that we have access to through the Website or the Service will have been entered by someone else. At a minimum, your personal profile (which requires your name, email address, and user role) will have been created by someone other than you, in order for you to be invited to use the Service. The majority of such Personal Information will be anything about you that is recorded by the professional advisor who manages the Subscription, but it might also be possible for other third parties to store information about you.  We may also collect Personal Information from publicly available sources.

Information we receive from your use of the Website and Service. Some Personal Information is automatically collected when you perform any action on, or interact with, any part of the Website or Service, including:

  • clickstream data, which is a record of how you navigate or click through our Website or Service; and
  • information obtained through the use of cookies, web beacons and similar storage technologies. Please refer to the section of this privacy policy entitled “Cookies and Tracking” for further information, including information on how you can disable these technologies.

Whenever you lodge a support query on the Website, we collect your name and email address, in order to be able to reply to you and provide the support or advice requested.


We will not process Personal Information, other than as outlined in this privacy policy, without having a lawful basis to do so.  We may process your Personal Information:

  • to create accounts within the Website and the Service;
  • to provide our Website and Service (including support services) and otherwise carry out our obligations under the Terms of Service;
  • to bill you (or the Subscriber or Client on whose behalf you are acting) and to collect money that is owed, including authorising and processing credit card transactions; and such processing is necessary for the performance of the contract between you (or the Subscriber or Client on whose behalf you are acting) and us.

We also process your Personal Information:

  • to verify your identity;
  • to communicate with you (including responding to feedback and information requests relating to the Website and the Service, to let you know when we are experiencing technical difficulties, and to alert you of new features or developments);
  • to communicate with, and comply with our obligations to, our third-party service providers, suppliers and other users of our Website and Service;
  • to send administrative messages, reminders, notices, updates, security alerts, and other information relevant to your (or an associated Subscriber’s or Client’s) use of the Website and/or the Service;
  • to track access to the Website and Service in order to help detect and prevent any fraudulent or malicious activity;
  • to analyse and report on usage of the Website and Service, so we can improve the Website and Service;
  • to send you (or the Subscriber or Client on whose behalf you are accessing the Service) marketing and promotional messages and other information that may be of interest to you where you (or the Subscriber or Client on whose behalf you are accessing the Service) have consented to receiving such material. You can opt out of receiving marketing materials from us by using the opt-out facility provided (e.g. an unsubscribe link) or by emailing us at;
  • to protect and/or enforce our legal rights and interests, including defending any claim; and
  • to comply with our legal obligations, including any notification and reporting obligations and any access directions imposed on us by an applicable Government agency, law enforcement agency or regulatory authority,

and such processing is necessary for the purposes of a legitimate interest pursued by us, and we have assessed that our interests are not overridden by your interests or fundamental rights and freedoms.

We may also process your Personal Information for such other purposes that are compatible with the original purposes described above, or that you otherwise consent to.

We may anonymise and aggregate information (in the manner specified in the Terms of Service) such that no person could be re-identified from the information. This aggregated and anonymised data is not Personal Information and this privacy policy does not apply to it.


We may disclose your Personal Information to:

  • service providers and suppliers who provide necessary goods and/or services to us, and any other partners who help us market and sell the Website and/or the Service - for instance to manage customer relations, send out newsletters and/or to process payments;
  • any business that supports us, including hosting or maintaining any underlying IT system or data centre that we use to provide our Website and/or Service;
  • other third parties to anonymise and aggregate statistical information;
  • a person who can require us to supply Personal Information (e.g. a Government agency, regulatory authority or law enforcement agency);
  • respond to due diligence requests and/or transfer Personal Information in the case of a sale, merger, consolidation, liquidation, reorganisation or acquisition of our business; and
  • any other person or client authorised by you.

The rights of disclosure in this section may, if applicable, be subject to further restrictions contained in data processing agreements with our Subscribers and/or third party service providers (as applicable).

Also, you should be aware that:

  • Anyone who has been granted access to the Firmcheck’s Website will be able to view elements of the Personal Information recorded in your Firmcheck profile. In most cases, this access will be granted by the administrator that manages the relevant Subscription, but there are occasionally instances when we are requested to facilitate this access on the Subscriber’s behalf.
  • Whenever you accept an invitation to access the Service information in your profile will also be visible, on an ongoing basis, to the party that created that invitation. We note that a “party” in this sense may consist of more than one actual person (for example, where an invitation to the Service is extended by a professional services firm, your profile may be visible to a number of staff members that belong to that firm). A list of all the parties that have such access to your data is contained in your personal profile. If you want to revoke access by any party, you can do so from your personal profile, though we recommend contacting the relevant party first.


We store Personal Information on services located in the United Kingdom. We may transfer Personal Information to our parent company Connectworks Limited (in New Zealand) and reputable third party organisations inside or outside the United Kingdom and EEA when we have a business to engage these organisations. Each organisation (including Connectworks Limited) is required to safeguard personal data in accordance with our contractual obligations and Applicable Privacy Laws.

We utilise the services of third party processors (or subprocessors, as applicable) in various countries who may access your Personal Information. An up-to-date list can be found below. Consequently, we may transfer Personal Information to persons or entities located in these countries.

Subprocessor Usage Data location Website
Amazon Web Services Infrastructure hosting United Kingdom
Sumo Logic Performance monitoring United States
BioVerify Identity verification New Zealand, Australia
Chargebee Subscription management United States
HubSpot Customer relationship management United States, Germany
Apollo Sales management United States
Thinkific Customer education United States
Intercom Customer service United States, Ireland, Australia
Mixpanel Product analytics United States, Netherlands
Smartlook Product analytics Europe
Segment Customer data platform United States
AdvanceTrack Customer onboarding data processing India (via International Data Transfer Agreement)

If we transfer Personal Information to a third party located in a country outside:

  • the European Economic Union that the European Commission has not recognised as providing adequate protection, if required by the EU GDPR we will enter into an agreement with that third party that containing the standard contractual clauses approved by the European Commission; or
  • the United Kingdom that the United Kingdom Government has not recognised as providing adequate protection, if required by the UK GDPR we will enter into an International Data Transfer Agreement or Addendum (as appropriate) issued under section 119A of the UK Data Protection Act 2018.


Where we process or hold Personal Information solely on behalf of another organisation (for example, a Subscriber), we do so as a “data processor” under the EU GDPR and/or UK GDPR. The data controller in this situation (for example, the Subscriber) will have its own privacy policy that will apply to its use of your Personal Information and we suggest you review any such privacy policy before you provide them with access to your Personal Information.

Where we process, use or disclose Personal Information for our own purposes, for purposes related to our business, or where professional standards regulations apply, we will be a “data controller” under the EU GDPR and/or the UK GDPR. 


While we take reasonable steps to maintain secure internet connections, the supply of Personal Information over the internet is at your own risk.

If you follow a link on our Website to another website, the owner of that website will have its own privacy policy that will apply to its use of your Personal Information processed on that website. We suggest you review that website’s privacy policy before you provide access to your personal information.


We will not keep your personal data for longer than it is required for the purposes set out in this Privacy Policy. In any event, we will remove your personal data from the Service within 60 days of the date on which your Subscription ends or at any time if you request us to stop using it.


Web analytics

We use web analytic tools, such as Segment, Mixpanel, and Smartlook to collect information about use of our Website and Service, with the goal of improving our Website and Service. These web analytic tools collect information such as how often users visit the Website and Service, what pages they visit when they do so, and what other sites they used prior to coming to the site.

We may use various technologies to collect and store information about you when you use the Website and/or the Service, and this may include using cookies and similar tracking technologies, such as pixels and web beacons, as described below.


A cookie is a piece of information that our web server may send to your machine when you visit our Website. The cookie is stored on your device, but does not identify you or give us any information about your device.

The types of cookies we use may include:

  • Strictly necessary cookies: These cookies are essential to the full functionality of our Website. They enable you to navigate around our Website and use its features. Without these cookies, you may not be able to access all the functions of our Website or the Service.
  • Performance cookies: These cookies collect information about how you use our Website and the Service. All information these cookies collect is anonymous and only used to improve our Website and Service.
  • Functionality cookies: These cookies allow our Website to remember the choices you make (for example, your user name, language or your region). Although these cookies are used to enhance the performance of our Website and Service, they are non-essential to their use.  However, without these cookies, certain functionality may become unavailable.

The length of time a cookie will stay on your browsing device depends on whether it is a persistent or session cookie. Session cookies will only stay on your device until you stop browsing. Persistent cookies will stay on your browsing device until they expire or are deleted.

With most internet browsers, you can erase cookies from your computer hard drive, block all cookies, or receive a warning before a cookie is stored. If you want to do this, refer to your browser instructions or help content to learn more. If you reject the use of cookies, you will still be able to access our Website but please note that some of its functions may not work as well as if cookies were enabled.  To learn more about how to enable, edit, or disable cookies on your computer, please visit the website.

Web beacons

Web beacons are tiny graphics with a unique identifier that may be included on the Website for several purposes. For example, we may use web beacons to deliver or communicate with cookies, to track and measure the performance of the Website and Service, to monitor how many visitors view our Website, and to monitor the effectiveness of our advertising. Unlike cookies, which are stored on an individual’s hard drive, web beacons are typically embedded invisibly on web pages (or in an email). We use these web beacons to customise content and advertising and to analyse traffic to our Website.


We take the protection of Personal Information seriously and we will take reasonable steps (using physical, electronic and procedural safeguards) to keep Personal Information in our possession safe from loss, unauthorised activity, or other misuse. Staff who handle your Personal Information are provided with training on how to do so appropriately.


You have a number of rights in respect of your Personal information, as follows:

  • Access: You can ask us to verify whether we are processing personal data about you, and if so, to provide more specific information.
  • Correction: You can ask us to correct our records if you believe they contain incorrect or incomplete information about you.
  • Erasure: You can ask us to erase (delete) your personal data after you withdraw your consent to processing or when we no longer need it for the purpose it was originally collected.
  • Processing restrictions: You can ask us to temporarily restrict our processing of your personal data if you contest the accuracy of your personal data, prefer to restrict its use rather than having us erase it, or need us to preserve it for you to establish, exercise, or defend a legal claim. A temporary restriction may apply while verifying whether we have overriding legitimate grounds to process it. You can ask us to inform you before we lift that temporary processing restriction.
  • Data portability: In some circumstances, where you have provided personal data to us, you can ask us to transmit that personal data (in a structured, commonly used, and machine-readable format) directly to another company if it is technically feasible.
  • Automated Individual Decision-making: You can ask us to review any decisions made about you which we made solely based on automated processing, including profiling, that produced legal effects concerning you or similarly significantly affected you.
  • Right to Object to Direct Marketing including Profiling: You can object to our use of your personal data for direct marketing purposes, including profiling. We may need to keep some minimal information to comply with your request to cease marketing to you.
  • Right to Withdraw Consent: You can withdraw your consent that you have previously given to one or more specified purposes to process your personal data. This will not affect the lawfulness of any processing carried out before you withdraw your consent. It may mean we are not able to provide certain products or services to you and we will advise you if this is the case.

If you would like to exercise your Data Subject Rights, you can email our Data Protection Officer at We may need to request specific information from you to help us confirm your identity and ensure your right to access the information or to exercise any of your other rights. This helps us to ensure that personal data is not disclosed to any person who has no right to receive it. No fee is required to make a request unless your request is clearly unfounded or excessive. Depending on the circumstances, we may be unable to comply with your request based on other lawful grounds.

Please note that in certain circumstances we may refuse to respond to a rights request where we have the right to do so under Applicable Privacy Law, for example, where a request is manifestly unfounded or excessive.


If you wish to exercise your rights under this privacy policy or any Applicable Privacy Laws, you can do this by emailing our Data Protection Officer at Your email should provide evidence of who you are and set out the details of your request (e.g. the Personal Information, or the correction, that you are requesting).

If you are not satisfied with the response you receive you may also contact the UK Information Commissioner’s Officer at to report any concerns you have about out handing of your personal information.

The address for the ICO is as follows:

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Helpline number: 0303 123 1113

ICO website:

If you have any queries about our data use, please contact the data controller (likely to be an accounting firm) who is the Subscriber.


From time to time we may make changes to this privacy policy (for example, to reflect any changes in our Service or any Applicable Privacy Laws). Where a change is significant, we’ll make sure we let you know – usually by displaying a notice on our Website or by sending you an email.