10011110000101100001100001111110101000100111001001010011101110010111101000111000010000110101000101101001100000101101010010000101100001010111101010010000111000000001100100101101110111000100000011100100
EntityEngine

Privacy Policy

ENTITYENGINE – PRIVACY POLICY

Effective Date: 11 November 2025

Issued by: Lothrop Business Services Ltd (trading as EntityEngine)

Company No. 16840102

Registered Office: 85 Lothrop Street, London, W10 4JD

(“EntityEngine”, “we”, “us”, “our”) EntityEngine is committed to protecting your privacy and complying with the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our website or services.

1. Who We Are and How to Contact Us

EntityEngine operates a digital platform that connects users with independent third-party corporate-service providers (“CSPs”). For data-protection purposes, EntityEngine acts as the data controller in relation to personal data you provide directly to us. You can contact us at:

Email: legal@entityengine.com
Post: Data Protection Officer, Lothrop Business Services Ltd, 85 Lothrop Street, London W10 4JD.

2. Personal Data We Collect

We may collect and process the following categories of information:

CategoryExamples
Identification DataFull name, date of birth, nationality, photo ID (passport, driving licence), proof of address documents.
Contact DataEmail address, telephone number, postal address.
Account DataLogin credentials, user ID, preferences, communication history.
Transactional DataBilling details, payment records (processed via third-party processors), order history.
KYC / Due-Diligence DataInformation collected to verify identity or beneficial ownership under AML regulations.
Technical DataIP address, browser type, operating system, cookies and usage logs.
Marketing PreferencesYour consent choices for newsletters or updates.

We collect this data directly from you, from CSPs you engage through our platform, and—where required—via third-party identity-verification providers.

3. How We Use Your Data

We use your personal data to:

  • Provide and improve our platform – to register you, authenticate logins, and maintain account functionality.
  • Facilitate introductions to third-party CSPs – to transmit KYC data and contact details where required to deliver the requested service.
  • Comply with legal obligations – including anti-money-laundering, sanctions, and tax-reporting requirements.
  • Process payments and issue invoices.
  • Communicate with you – regarding enquiries, updates, security alerts, or policy changes.
  • Send marketing communications – only if you have opted in (you can opt out at any time).
  • Protect our platform – for fraud prevention, security monitoring, and dispute resolution.

We will not use your personal data for purposes incompatible with those listed above.

4. Legal Bases for Processing

We rely on the following lawful bases under the UK GDPR:

PurposeLegal Basis
Account creation, service provisionPerformance of a contract (Article 6 (1)(b))
KYC / AML complianceLegal obligation (Article 6 (1)(c))
Communications, marketing (optional)Consent (Article 6 (1)(a))
Platform security and analyticsLegitimate interests (Article 6 (1)(f))

5. Sharing Your Data

We may share your personal data with:

  • Licensed CSPs and agents – solely to deliver services you request.
  • Payment processors – to handle secure transactions (we never store your card data).
  • Identity-verification providers – to satisfy KYC / AML requirements.
  • Professional advisers – such as lawyers, accountants, or auditors bound by confidentiality.
  • Regulators and law enforcement – where required by law or court order.
  • IT and cloud-hosting suppliers – providing infrastructure under data-processing agreements.

We do not sell your personal data.

6. International Transfers

Your data may be processed or stored outside the UK (for example, by CSPs or cloud providers located overseas). Where such transfers occur, we ensure they are protected by:

  • UK Adequacy Regulations (for EEA countries etc.), or
  • The UK International Data Transfer Addendum to the EU Standard Contractual Clauses.

7. Data Retention

We retain personal data only for as long as necessary to deliver the contracted services, satisfy legal, accounting, and AML record-keeping obligations (normally 5 years from last transaction), and resolve disputes. When data is no longer required, it is securely deleted or anonymised.

8. Your Rights

Under the UK GDPR you have the following rights:

  • Access – to obtain a copy of your personal data.
  • Rectification – to correct inaccurate or incomplete data.
  • Erasure – to request deletion when data is no longer needed (subject to legal retention).
  • Restriction – to limit processing in certain circumstances.
  • Data Portability – to receive your data in a structured, machine-readable format.
  • Objection – to processing based on legitimate interests.
  • Withdraw Consent – where processing relies on consent (e.g. marketing).

To exercise these rights, contact legal@entityengine.com. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.

9. Cookies and Tracking Technologies

EntityEngine uses cookies and similar tools to operate core site functionality, improve user experience and analytics, and remember your preferences. You can adjust your browser settings to refuse some or all cookies. For more detail, see our Cookie Notice (if applicable).

10. Marketing Communications

Where you consent, we may send you news and updates about new jurisdictions, features, or products. You may opt-out at any time using the “unsubscribe” link in our emails or by contacting legal@entityengine.com.

11. Data Security

We use appropriate technical and organisational measures to protect your data against loss, misuse, unauthorised access, disclosure, alteration, or destruction. These include encryption in transit and at rest, access controls, regular security audits, and staff training.

12. Third-Party Links

Our website may contain links to third-party sites. We are not responsible for the content or privacy practices of those sites. You should review their privacy notices before submitting any personal data.

13. Children

Our Services are not directed to individuals under 18 years of age, and we do not knowingly collect personal data from minors.

14. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in law or our practices. The latest version will always be available at https://entityengine.com/privacy-policy. Material changes will be notified by email or site banner.

15. Contact Details

Data Controller: Lothrop Business Services Ltd (t/a EntityEngine)
Company No. 16840102
Registered Office: 85 Lothrop Street, London W10 4JD
Email: legal@entityengine.com