GDPR Privacy Policy

We know that you care how information about you is used and shared and we appreciate your trust in us to do that carefully and sensibly. This notice describes our privacy policy and forms part of our compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This Privacy Policy is brought to you by Fraud Defence First. Fraud Defence First believes it is important to protect your personal data and we are committed to giving you a personalised service that meets your needs in a way that also protects your privacy. This policy explains how we may collect personal data about you. It also explains some of the security measures we take to protect your personal data, and tells you certain things we will do and not do. When we first obtain personal data from you, or when you take a new service or product from us, we will give you the opportunity to tell us if you do or do not want to receive information from us about other services or products. You can normally do this by ticking a box on an application form, contract or by telling your account manager at the point of proceeding to do business with us. You may change your mind at any time by emailing or contacting us at the address below. Fraud Defence First (registered number 12744763), whose Head Office is at Abacus House, 129 North Hill, Plymouth, Devon, England, PL4 8JY. Email: [email protected]

We collect personal data: - Directly from you, e.g. via paper/electronic forms or telephone conversations - Through transaction and usage trends of our services - Via our website and social media where you've opted to share your information - Through CRM systems for service delivery and support - From third-party sources like credit reference agencies, fraud prevention partners, introducers, and business associates - With your consent, from external service providers you engage through us

Data protection law allows us to use personal data under the following bases: fulfilling a contract, legal obligation, legitimate interest, or your explicit consent. We process data to: - Provide and manage services - Fulfil contracts and maintain communication - Respond to queries and support requests - Meet legal obligations, including anti-money laundering checks - Conduct business assessments - Improve services and develop new ones - Carry out market research - Prevent fraud and manage risk - Manage debt recovery

We retain personal data as long as legally necessary or required for operational purposes, typically no longer than seven years unless needed for legal claims or statistical research (anonymised).

We may use approved third-party processors and service providers, including some outside the UK and EEA. In such cases, we ensure secure transfers using International Data Transfer Agreements (IDTAs) or equivalent safeguards.

You have the right to access, correct, delete, or restrict your data. You can also object to processing or request portability. To exercise these rights: - Email: [email protected] - Post: Data Rights Team, Fraud Defence First, Abacus House, 129 North Hill, Plymouth, Devon, England, PL4 8JY - Phone: 0333 305 2270 You may also contact the ICO: https://ico.org.uk or call 0303 123 1113.

We may use automated tools for account management and service recommendations. These do not produce legally significant decisions. You can request human review where applicable.

We use credit reference agencies and compliance checks to verify your identity, assess risk, and meet regulatory requirements. This may include soft credit searches. More info is available in Credit Reference Agency Information Notices (CRAINs).

We only send marketing communications where you've given consent or there's a legitimate interest. You can opt out at any time via [email protected] or the unsubscribe link in communications.

We use cookies to improve website experience. See www.allaboutcookies.org and www.youronlinechoices.eu. Contact us for a cookie breakdown.

Our website may link to third-party sites. We are not responsible for their content or privacy policies. Please check their terms before submitting personal data.

For questions or a copy of this policy, email [email protected]. We may update this policy from time to time. It applies to personal data, not business or organisational data.

- Advanced security and anti-fraud infrastructure - Support available 24/7, 365 days a year - Fast onboarding and compliance guidance - AI-driven insights and accurate forecasting - Network of trusted payment partners - Bespoke PCI & fraud mitigation services