Privacy Policy - Digician Limited


Effective Date:15/6/2026
Last Updated: 11/6/2025

1. Introduction

Digician Limited ("we", "us", "our" or "Digician") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our software-as-a-service (SaaS) solutions designed for the consumer and commercial lending sector.

Who we are:
Company Name: Digician Limited
Commercial Office: Colony, Silk Street, Ancoats, Manchester, M4 6LZ
Company Registration Number:  04380821
ICO Registration Number: ZB910697

We are the data controller for the personal data we process about you, except where we act as a data processor on behalf of our business clients.

2. Data Protection Officer (DPO)

We have appointed a Data Protection Officer to oversee our data protection compliance and to act as your point of contact for any data protection matters.

Data Protection Officer Contact Details:

Name: Data Protection Manager
Email: dpo@digician.com
Postal Address: Colony, Silk Street, Ancoats, Manchester, M4 6LZ

You can contact our DPO directly if you have any questions about how we handle your personal data or if you wish to exercise your data protection rights.

3. What Personal Data We Collect

We collect and process different types of personal data depending on your relationship with us:

3.1 Customer Data (Business Clients)

  • Company and contact information
  • Financial and business details for service provision
  • Technical and usage data from our platform
  • Communication records and preferences

3.2 End User Data (Processed on behalf of our clients)

When we provide services to lending institutions, we may process personal data about their customers including:

  • Identity information (name, date of birth, address)
  • Financial information (income, credit history, loan applications)
  • Contact details (phone, email, address)
  • Identity verification documents
  • Credit scoring and risk assessment data
  • Transaction and payment history
  • Communication records

3.3 Website Visitors

  • IP address and device information
  • Browsing behavior and preferences
  • Marketing preferences and communication history
  • Cookies and similar tracking technologies
  • 3.4 Employee and Contractor Data
  • Employment and contract details
  • Performance and training records
  • Contact and emergency contact information
  • Bank details for payment purposes

4. How We Collect Personal Data

We collect personal data through:

  • Direct provision by you or your organisation
  • Our SaaS platform and software applications
  • Website interactions and forms
  • Third-party data providers (with appropriate consent/legal basis)
  • Credit reference agencies and identity verification services
  • Public records and regulatory filings
  • Business partners and referral sources

5. Legal Basis for Processing

We process personal data based on the following legal grounds under UK GDPR:

5.1 Legitimate Interests

  • Providing and improving our SaaS solutions
  • Business development and marketing to potential clients
  • Fraud prevention and security monitoring
  • Compliance with regulatory requirements in financial services

5.2 Contract Performance

  • Delivering our software services to business clients
  • Processing payments and managing accounts
  • Providing customer support and technical assistance

5.3 Legal Obligation

  • Compliance with financial services regulations
  • Anti-money laundering (AML) and Know Your Customer (KYC) requirements
  • Tax and accounting obligations
  • Regulatory reporting requirements

5.4 Consent

  • Direct marketing communications (where not based on legitimate interests)
  • Non-essential cookies and tracking technologies
  • Processing special category data where required

5.5 Vital Interests

Emergency situations requiring immediate action

6. How We Use Personal Data

We use personal data for the following purposes:

6.1 Service Provision

  • Operating and maintaining our SaaS lending platform
  • Processing loan applications and credit assessments
  • Facilitating financial transactions and payments
  • Providing customer support and technical assistance
  • Generating reports and analytics for clients

6.2 Business Operations

  • Managing customer relationships and accounts
  • Billing and payment processing
  • Product development and improvement
  • Quality assurance and testing
  • Staff management and administration

6.3 Compliance and Security

  • Fraud detection and prevention
  • AML and KYC compliance
  • Regulatory reporting and audit requirements
  • Data security and system monitoring
  • Legal dispute resolution

6.4 Marketing and Communications

  • Promoting our services to potential clients
  • Industry research and market analysis
  • Event management and networking
  • Customer satisfaction surveys

7. Data Sharing and Disclosure

We may share personal data with the following categories of recipients:

7.1 Service Providers

  • Cloud hosting and infrastructure providers
  • Payment processors and financial institutions
  • IT support and maintenance providers
  • Professional advisors (legal, accounting, audit)
  • Marketing and analytics service providers

7.2 Business Partners

  • Integration partners and third-party software providers
  • Referral partners and resellers
  • Joint venture partners

7.3 Regulatory Bodies

  • Financial Conduct Authority (FCA)
  • Information Commissioner's Office (ICO)
  • HM Revenue & Customs (HMRC)
  • Other regulatory and law enforcement agencies

7.4 Other Disclosures

  • In connection with business restructuring or sale
  • To protect our legal rights and interests
  • With your explicit consent
  • Where required by law or court order

Data Processor Arrangements: Where we share data with service providers, we ensure appropriate data processing agreements are in place that include adequate safeguards and require them to process data only on our instructions.

8. International Data Transfers

Some of our service providers may be located outside the UK and European Economic Area (EEA). When we transfer personal data internationally, we ensure appropriate safeguards are in place:

  • Adequacy Decisions: We may transfer data to countries that have been deemed adequate by the UK government
  • Standard Contractual Clauses: We use UK and EU standard contractual clauses where appropriate
  • Binding Corporate Rules: Some transfers may be covered by approved binding corporate rules
  • Explicit Consent: We may obtain your explicit consent for specific transfers

We can provide specific information about international transfers upon request.

9. Data Retention

We retain personal data for different periods depending on the purpose and legal requirements:

9.1 Customer Data

  • Active client data: Retained for the duration of the business relationship plus 7 years
  • Marketing data: Retained until withdrawal of consent or 3 years of inactivity

9.2 End User Lending Data

  • Loan application data: 7 years from application date (or as required by client policy)
  • Financial transaction records: 7 years from transaction date
  • Credit assessment data: 6 years from assessment date

9.3 Employee Data

  • Employment records: 6 years after termination of employment
  • Training records: 3 years after completion

9.4 Website and Marketing Data

  • Analytics data: 25 months from collection
  • Cookie data: As specified in our Cookie Policy
  • Email marketing data: Until unsubscribe or 3 years of inactivity

We regularly review our retention periods and will securely delete or anonymise data when it is no longer required.

10. Data Security

We implement comprehensive technical and organisational measures to protect personal data:

10.1 Technical Measures

  • Encryption of data in transit and at rest
  • Multi-factor authentication and access controls
  • Regular security testing and vulnerability assessments
  • Secure cloud infrastructure with industry-standard certifications
  • Automated backup and disaster recovery systems

10.2 Organisational Measures

  • Data protection policies and procedures
  • Regular staff training on data protection
  • Access controls based on role and necessity
  • Third-party security assessments
  • Incident response and breach notification procedures

10.3 Industry Standards

We maintain compliance with relevant security standards including:

  • UK GDPR security obligations

11. Your Data Protection Rights

Under UK GDPR and if we are deemed the Data Controller, you have the following rights regarding your personal data:

11.1 Right of Access

You can request a copy of the personal data we hold about you, along with information about how we process it.

11.2 Right to Rectification

You can ask us to correct any inaccurate or incomplete personal data.

11.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data in certain circumstances, such as when it's no longer necessary for the original purpose.

11.4 Right to Restrict Processing

You can ask us to limit how we process your personal data in certain situations.

11.5 Right to Data Portability

You can request a copy of certain personal data in a structured, machine-readable format.

11.6 Right to Object

You can object to processing based on legitimate interests, including direct marketing.

11.7 Rights Related to Automated Decision Making

You have rights regarding automated decision-making and profiling that significantly affects you.

Exercising Your Rights: To exercise any of these rights, please contact our DPO using the details provided in Section 2. We will respond to your request within one month (extendable by two months for complex requests).

Identity Verification: We may need to verify your identity before processing certain requests to protect your data from unauthorised access.

12. Cookies and Tracking Technologies

Our website and services use cookies and similar technologies for the proper performance of our applications. No cookie data is collected for marketing purposes.

13. Marketing Communications

We may send you marketing communications about our services if:

  • You have given us consent, or
  • You are an existing customer and we are marketing similar services (with an easy opt-out option)

You can unsubscribe from marketing emails at any time by:

  • Clicking the unsubscribe link in any marketing email
  • Contacting us at [contact email]
  • Updating your preferences in your account settings

14. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the ICO within 72 hours of becoming aware of the breach
  • Inform affected individuals without undue delay where there is a high risk to their rights
  • Take immediate steps to contain and remedy the breach
  • Conduct a thorough investigation and implement additional safeguards if necessary

15. Third-Party Links

Our website and services may contain links to third-party websites. This Privacy Policy does not apply to those external sites, and we are not responsible for their privacy practices. We encourage you to read the privacy policies of any third-party sites you visit.

16. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will:

  • Post the updated policy on our website
  • Notify you of significant changes via email or through our services
  • Update the "Last Updated" date at the top of this policy
  • Continued use of our services after changes constitute acceptance of the updated policy.

18. Complaints and Concerns

If you have any concerns about how we handle your personal data, please contact our DPO first. We are committed to resolving any issues promptly and fairly.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office

  • Website: www.ico.org.uk
  • Phone: 0303 123 1113
  • Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

19. Contact Information

For any questions about this Privacy Policy or our data protection practices, please contact:

General Inquiries:

  • Email: privacy@digician.com
  • Address: Digiican Ltd, Colony, Silk Street, Ancoats, Manchester, M4 6LZ

DataProtection Officer:

  • Email: dpo@digician.com

Data Subject Requests:

  • Email: data.requests@digician.com