🏆 Neotas Named Chartis FCC50 Market Disruptor Winner – Know Your Third Party & Supply Chain Excellence Award Read More →
🏆 Chartis Best-of-Breed Winner 2026 – Adverse Media Monitoring
FaSQUAL: The BSIA-led Vetting Passport for the UK Security Industry Powered by Neotas Read More →
Neotas Logo
SCHEDULE A CALL
Neotas Logo

Privacy Policy

We are committed to ensuring that your privacy is protected and we shall endeavour to use any information that you provide when using this website in accordance with this privacy policy. This privacy policy explains what information we collect, how we protect any information you submit to us, and how we use it. We may amend this policy from time to time by updating this page. Therefore, we suggest you check this page occasionally to ensure you are aware of and are happy with any amendments.

Version Control and Policy History

Version: 3.0 – Comprehensive integration of GDPR-compliant structure, inclusion of lawful bases, data subject rights, international transfer safeguards. Effective Date: 16th of March 2026 Last Updated: November 2025 Previous Versions:
  1. Version 1.0 – June 2020 – Initial release of Neotas Privacy Policy.
  1. Version 2.0 – March 2023 – Updated for internal data security measures and website data collection practices.
  It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Third-party links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

Controller

Neotas Limited is the data controller and is responsible for your personal data when it processes personal data for its own purposes (for example, operating this website, running marketing activities, managing client relationships, and administering HR and recruitment activities). Neotas Limited also acts as a data processor when it provides due-diligence and analytics services strictly on behalf of its clients and in accordance with their documented instructions. In that context, Neotas does not determine the purposes or means of the processing and processes personal data only as required to perform the contracted services. Where Neotas processes personal data on behalf of clients, those clients remain responsible for determining the purposes and lawful basis for the processing, and their own privacy notices will apply to that processing. Neotas Limited has appointed a Data Protection Officer (DPO) to oversee compliance with this Privacy Policy and data protection obligations. If you have any questions about this policy or how we handle your data, please contact the DPO at [email protected] or write to us at our registered address.

Definitions

For the purpose of this Privacy Policy, the following expressions shall have the meanings assigned below:
  1. Company” refers to Neotas Limited, its subsidiaries, and affiliates providing technology and analytics services.
  1. Data” or “Personal Data” means any information that identifies or can reasonably identify a natural person, as defined under the UK GDPR or other applicable data-protection laws.
  1. Processing” means any operation performed on personal data, such as collection, storage, use, disclosure, or deletion.
  1. Applicable Laws” includes the UK GDPR, the Data Protection Act 2018, and any other global data-protection or privacy regulations relevant to Neotas’

Applicability of this Privacy Policy This Privacy Policy applies to:

  1. Visitors accessing or browsing Neotas’ website or digital
  2. Customers and   prospective    clients engaging    with    Neotas    for    analytics, background-screening, or other technology-driven services.
  3. Business partners, service providers, and vendors working with or supporting Neotas’ operations.
  4. Collaborators, researchers, and third parties interacting with Neotas through any online or offline means.
  5. Employees, consultants, and applicants, where data is processed in connection with recruitment or employment administration.
This Privacy Policy does not apply to third-party websites, products, or services that may be linked to or integrated with Neotas’ website. Our website and services are not intended for children under the age of 16, and we do not knowingly collect personal data from anyone under this age. If you believe that a child has provided us with personal data, please contact us immediately, and we will take steps to delete such information.

What information do we collect?

Personal information may be collected from you in various ways, for example: –
  1. Information about your computer and about your visits to and use of this website (these are information about your browser, your IP address, your general location as determined from your IP address and provided by your browser, the site from which you come, and the links followed when leaving our site). This information is also collected through cookies. Please see our dedicated cookie policy for additional information.
  2. Via direct interactions, including but not limited to face to face meetings, telephone, and email or other digital means of contact.
  3. When you register and voluntarily provide information in response to questionnaires or download forms, or to register for newsletters or start or contribute to petitions. (this includes your name, email address, and any other details asked for and which you provide)
  4. When you conduct activities on our site (for example, when you purchase a product or service we record what you purchased ) we may collect your name and contact details, details of your subscription to our services, and other information gathered by Facebook and transferred to us, including your address.
  5. We also collect, use and share aggregated data such as statistical or demographic data for any aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
  6. We do not routinely collect special categories of personal data or information about criminal convictions and However, in the context of due-diligence and background-screening services, we may process limited amounts of such information where it appears in lawful sources (such as public court records or official registers) and only where this is necessary, proportionate, and permitted by applicable law and our contracts with clients.
  7. In addition to the above, we may also collect certain technical and transactional data, including:
    • Device information, browser type, operating system, and unique device
  • Interaction data relating to your communications with Neotas via email, phone, or digital channels.
  • Data obtained from publicly available sources, professional networks, or lawful third-party data providers in connection with our legitimate business interests.
  • Information collected through cookies, analytics, and similar technologies to monitor usage patterns and improve service performance.

How is the information used?

We use this information to understand your needs and provide you with a better service, and in particular for the following reasons:
  1. To supply to you services purchased via the website, and to process your
  2. For statistical purposes and analysis for management purposes in order to administer the website or improve our products and services.
  3. Internal record keeping, and administrative purposes, and to inform you about our events, services or products, or other related information that we think would be of interest to you, as explained above.
  4. To communicate marketing messages, newsletters and details of our business or the businesses of carefully-selected third parties which we think may be of interest to you by post or email or similar technology (you can inform us at any time if you no longer require marketing communications).
  5. From time to time, we may also use your information to contact you for market research purposes or to customise the website according to your interests.
In addition, Neotas may use your personal data for the following purposes:
  1. To perform contractual obligations and deliver technology and analytics
  2. To comply with legal, regulatory, or law enforcement requirements, including anti- fraud, security, and compliance obligations.
  3. To manage business relationships, partnerships, and service-delivery
  4. To maintain and enhance the security and integrity of our systems, networks, and
  5. To respond to enquiries, feedback, or complaints submitted through our communication channels.

How we use your personal data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
  1. Where we need to perform the contract, we are about to enter into or have entered into with you.
  2. Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  3. Where we need to comply with a legal or regulatory
Further information about the types of lawful basis that we will rely on to process your personal data is provided below: Legitimate interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us. Performance of contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract. Consent means you have given clear permission for us to process your personal data for a specific purpose. Where consent is required, you may withdraw it at any time by contacting us. Compliance with legal obligations means processing your data where it is necessary to comply with a legal requirement, court order, or law enforcement request. We will not disclose your personal data to any third party except as described in this Privacy Policy or where we are otherwise permitted or required to do so by law. You may at any time ask us to refrain from sending you marketing messages by sending us an email with the words UNSUBSCRIBE in the subject box or by telephoning us. If we contact you by email each time you receive a message you will also have the option to decline to receive further information of that type from us. If you would like us to destroy information we hold about you, please let us know. However, please note that if you use any of our services which require you to provide personal information, deleting our records may mean that you will need to resubmit it to continue using such services. We may disclose aggregate statistics about our site visitors, clients and sales in order to describe our services to prospective partners, advertisers and other reputable third parties and for other lawful purposes, but these statistics will include no personally identifying information. We may also share your personal data with trusted third-party service providers who perform services on our behalf, such as technology and analytics providers, cloud hosting providers, and professional advisers (including auditors and legal consultants). Where we engage third-party service providers (including group companies) to process personal data on our behalf, they act as processors or sub-processors under written contracts requiring them to follow our instructions, maintain confidentiality, and implement appropriate security measures. We may also disclose personal data if required to do so by law, regulation, court order, or governmental request, or where disclosure is necessary to protect our rights, property, or the safety of individuals.

Sale of business

If this business is sold or integrated with another business your details may be disclosed to our advisers and any prospective purchasers and their advisers and will be passed on to the new owners of the business. In such cases, we reasonably ensure that the acquiring entity continues to process your data in accordance with this Privacy Policy and applicable data protection laws.

Cookies and Log Files Cookies

Cookies are text files stored on your computer, and accessible only to the websites which create them. Our website may from time to time use cookies and log files for statistical analysis, to understand user behaviour, to administer the site, to tailor the information presented to a user based on their preferences, and to improve user experience. Any information gathered by our use of cookies is compiled on an aggregate, anonymous basis. Most web browsers automatically accept cookies, however you may delete, or disable cookies by following the instructions at http://www.allaboutcookies.org/manage- cookies/. Please note that you may not be able to take full advantage of a website if you disable cookies. Our website uses cookies to keep you logged in, so disabling cookies may impair your experience of the service. Further information about cookies can be found on the Interactive Advertising Bureau’s website www.allaboutcookies.org. Additionally, further information about our cookie policy can be found here: https://www.neotas.com/cookie-policy/ We use analytics tools (such as Google Analytics) only where this is lawful and, where required, based on your consent. These tools help us analyse website performance and user interactions using aggregated or anonymised information, without identifying individuals. Any personal data processed by such analytics providers, including any transfers outside the UK or EEA, is handled subject to appropriate safeguards and in accordance with applicable data protection laws. Further details are available in our cookie policy.

Social Media

If you share our content through social media, for example by liking us on Facebook, following or tweeting about us on Twitter, or giving us a ‘+1’ via Google Plus, those social networks will record that you have done so and may set a cookie for this purpose. In some cases, where a page on our website includes content from a social network, such as a Twitter feed, or Facebook comments box, those services may set a cookie even where you do not click a button. As is the case for all cookies, we cannot access those set by social networks, just as those social networks cannot access cookies, we set ourselves. We encourage you to review the privacy policies of these social platforms to understand how they handle your personal data and your associated rights.

Log Files

Our systems automatically gather some anonymous information about visitors, including IP addresses, browser type, language, and the times and dates of webpage visits. The data collected does not include personally identifiable information and is used, as described above, for statistical analysis, to understand user behaviour, and to administer the site.

Google Analytics

Our website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). The information generated by the cookie about your use of our website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of our website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. Further information about Google’s privacy policy may be obtained from http://www.google.com/privacy.html.

Security

The internet is not a secure medium. However, we take reasonable technical and organizational precautions to prevent the loss, misuse or alteration of your personal information. We have put in place various security procedures as set out in this policy. For example, our security and privacy policies are periodically reviewed and enhanced as necessary and only authorised personnel have access to user information. We use secure server software (SSL) to encrypt financial information you input before it is sent to us, and our database is hosted in a secure data centre. Whilst we cannot ensure or guarantee that loss, misuse or alteration of data will not occur, we use our best efforts to prevent this. We implement reasonable measures consistent with recognised industry standards, including encryption, access controls, intrusion detection, and regular vulnerability assessments to protect personal data. All employees and contractors handling personal data are subject to confidentiality obligations.

Changes

We may make changes to this privacy policy from time to time. If we change our privacy policy we will post the changes on this page. If the change in our privacy policy affects the use of your personal information we will use our best endeavours to contact you by email to seek your consent to the use. Continued use of the service will signify that you agree to any such changes

Data retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. By law we have to keep basic information about our customers (including contact, identity, financial and transaction data) for six years after they cease being customers for tax purposes. In some circumstances you can ask us to delete your data: see Request erasure below for further information. In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

Your legal rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data.

You have the right to:

  1. Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  1. Request correction of the personal data that we hold about you to ensure it is accurate and up to date.
  1. Request erasure of your personal data where there is no lawful basis for us to continue processing it, where you withdraw consent, or where we are required to delete it under applicable laws.
  1. Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and you feel it impacts your fundamental rights and You also have the right to object to processing for direct marketing purposes.
  1. Request restriction of processing of your personal data in specific scenarios, for example, where the data’s accuracy is contested or where you need us to retain it to establish or defend legal claims.
  1. Request the transfer of your personal data to you or to a third party in a structured, commonly used, machine-readable This applies where processing is based on consent or contract and carried out by automated means.
  1. Withdraw consent at any time where we rely on consent to process your personal data. This will not affect the lawfulness of any processing carried out before you withdraw your consent.
No fee is required to exercise these rights. However, we may charge a reasonable fee or refuse to comply with your request if it is clearly unfounded, repetitive, or excessive. To exercise any of these rights, please contact us using the details provided in the “How to Contact Us” section below.

Limited Liability

Neotas takes all reasonable precautions to safeguard personal data, it shall not be liable for any unauthorized access, hacking, loss, or misuse of information beyond its reasonable control, including actions caused by third-party service providers or technical failures.

International Data Transfers

Neotas may store or process your data using servers and service providers located in the United Kingdom or in other jurisdictions, depending on operational and business requirements. Where personal data is transferred outside the UK, we will ensure that appropriate safeguards are in place, such as the use of approved standard contractual clauses or equivalent legal mechanisms, to ensure that your personal data receives an adequate level of protection consistent with the UK GDPR. You may contact us for further details about the safeguards used when transferring personal data internationally.

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Your acceptance of this privacy policy

If you do not agree to this privacy policy, please do not use our site. By using our site, you consent to the collection and use of information by us. Owing to the global nature of the internet infrastructure, the information you provide may be transferred in transit to countries outside the United Kingdom and European Economic Area that do not have similar protections in place regarding your data and its use as set out in this policy. However, we have taken the steps outlined above to try to improve the security of your information. By submitting your information, you consent to these transfers.

How to contact us

We welcome your views about our website and our privacy policy. If you would like to contact us with any queries or comments please send an e-mail to [email protected]. If you would like a copy of the information held on you or if you have any questions relating to this Privacy Policy or how we use the personal information we have about you, please write to: Neotas Limited, 3rd Floor 86-90 Paul Street, London, EC2A 4NE, United Kingdom You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance. To find out more about your rights under the GDPR, visit the Information Commissioner’s website (www.ico.org.uk)

Governing Law and Jurisdiction

This Privacy Policy, and any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with it or its subject matter or formation, shall be governed by and construed in accordance with the laws of England and Wales. You agree that the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim arising from or related to this Privacy Policy or your use of our services.