Privacy Policy – Intelliwealth

^{Privacy Policy}

Effective date: Thursday, 12th March 2026
Last updated: Thursday, 12th March 2026

This Privacy Policy explains how Intelliwealth Ltd (“Intelliwealth”, “we”, “us”, or “our”) collects, uses, stores, shares, and protects personal data when you use our website, contact us, request information, access our services, or interact with any Intelliwealth-operated technology, dashboards, or related workflows.

This Privacy Policy applies to Intelliwealth.co.uk and any related Intelliwealth-operated pages, forms, portals, dashboards, and communications that link to it.

If you are redirected to, or complete onboarding, subscription, settlement, custody, or other regulated workflows on pages operated by our Regulated Exchange Partner or its authorised affiliates, those pages and services may be subject to separate privacy notices and terms. Where that is the case, those third parties will explain their own processing to you directly.

_{1. Who we are}

Intelliwealth Ltd
27 Old Gloucester Street
London WC1N 3AX
United Kingdom

Email: contact@intelliwealth.co.uk
Telephone: +44 (0) 207 824 0364

Intelliwealth Ltd is the data controller for the personal data described in this Privacy Policy, except where this Policy states that another organisation acts as a separate controller.

For privacy or data protection queries, please contact:
Compliance@intelliwealth.co.uk / contact@intelliwealth.co.uk / Compliance Team

_{2. Important role boundary}

Intelliwealth provides technology, structuring support, tokenisation/lifecycle tooling, dashboards, reporting, and related platform services.

Where regulated services are involved, including investor onboarding, KYC/KYB/AML, eligibility checks, order intake, subscription processing, settlement, custody, client money handling, or related regulatory disclosures, those activities may be carried out by our Regulated Exchange Partner or its authorised affiliates, acting within their own regulated perimeter. In those cases, that partner may act as a separate and independent controller for those regulated processing activities.

If you submit information through an Intelliwealth-branded page that feeds into a regulated workflow, we and our Regulated Exchange Partner may each process personal data for our respective roles, as explained in this Policy and, where relevant, the partner’s own privacy notice.

_{3. What personal data we collect}

We may collect and process the following categories of personal data.

A. Identity and contact data

full name;
title;
employer / organisation name;
job title / role;
email address;
telephone number;
postal address;
country / jurisdiction;
nationality, where relevant to onboarding or eligibility.

B. Professional and institutional profile data

investor category or client type;
professional / institutional status information;
business sector;
mandate, eligibility, or suitability-related information;
information about the organisation you represent;
details of beneficial owners, directors, controllers, or authorised signatories where relevant.

C. Account and portal data

username or account identifier;
login records;
permissions and access controls;
wallet address or other digital account identifiers where relevant;
configuration and dashboard preferences.

D. Correspondence and enquiry data

information you provide in contact forms;
emails, calls, meeting notes, messages, and other communications with us;
documents you choose to send us;
requests for information, demos, workshops, or commercial discussions.

E. Transactional, operational, and platform data

subscription or redemption request references;
settlement references;
reporting and lifecycle records;
whitelist / permissions status;
audit and monitoring logs;
support, incident, and ticketing records.

F. KYC/KYB / AML / due diligence data

Where onboarding, compliance, or eligibility checks are required, either we or our Regulated Exchange Partner / verification providers may collect:

date of birth;
proof of identity;
proof of address;
company incorporation and ownership information;
source of funds / source of wealth information;
sanctions, PEP, or adverse-media screening results;
corporate registry information;
tax or regulatory classification data;
wallet screening or blockchain analytics outputs, where relevant.

G. Technical and usage data

IP address;
browser type and version;
device identifiers;
operating system;
referral source;
pages viewed;
clicks, navigation paths, timestamps, and session data;
error logs and diagnostic data.

H. Marketing and preferences data

your communication preferences;
whether you opened or engaged with our emails;
event attendance or content interests;
opt-in / opt-out records;
suppression records where you object to or unsubscribe from marketing.

I. Cookie and tracking data

cookie identifiers;
consent preferences;
analytics identifiers;
similar online tracking information, subject to applicable consent requirements.

_{4. How we collect personal data}

We collect personal data:

directly from you when you complete forms, contact us, request information, attend meetings, or use our website or portals;
from your organisation or colleagues where you are the relevant contact person;
from our Regulated Exchange Partner, compliance providers, onboarding providers, or other service providers where this is necessary for delivery, support, compliance, or reporting;
from publicly available sources such as company registries, professional websites, sanctions lists, or public records;
automatically through cookies, logs, analytics tools, and platform telemetry.

_{5. How we use your personal data}

We may use your personal data to:

operate, maintain, secure, and improve our website and services;
respond to enquiries and provide information about Intelliwealth and its services;
assess whether a relationship, meeting, or commercial engagement is appropriate;
manage demos, workshops, business development, and institutional onboarding preparation;
configure, deliver, and support dashboards, lifecycle tooling, and related platform services;
manage permissions, whitelists, access controls, incident handling, support requests, and audit logs;
coordinate with our Regulated Exchange Partner in relation to regulated workflows;
carry out legal, regulatory, compliance, AML, sanctions, fraud-prevention, and risk-management activities;
monitor performance, security, uptime, incidents, and service quality;
send relevant business communications and, where permitted, direct marketing;
maintain records, resolve disputes, enforce terms, and protect legal rights.

_{6. Lawful bases for processing}

Under UK GDPR, we rely on one or more of the following lawful bases, depending on the purpose.

Contract

We process personal data where it is necessary to take steps at your request before entering into a contract, or to perform a contract with you or your organisation.

Legitimate interests

We process personal data where necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. These interests may include:

operating and improving our website, dashboards, and services;
responding to business enquiries;
maintaining institutional business relationships;
securing our systems and preventing misuse;
maintaining auditability, access control, and incident response;
coordinating with counterparties, service providers, and regulated partners;
developing and protecting our business and technology.

Legal obligation

We process personal data where necessary to comply with applicable legal or regulatory obligations, including data protection, anti-money laundering, sanctions, fraud prevention, tax, financial crime, and record-keeping obligations.

Consent

Where we rely on consent, we will ask for it separately. This may apply, for example, to:

non-essential cookies and analytics technologies;
certain marketing communications;
any optional uses of data where consent is the most appropriate basis.

You can withdraw consent at any time, but this will not affect processing carried out before withdrawal.

_{7. Special category data and criminal offence data}

Where required for identity verification, AML/KYC/KYB, sanctions screening, fraud prevention, or regulatory compliance, we or our service providers / Regulated Exchange Partner may process:

special category data, including biometric data if facial matching or liveness checks are used to uniquely identify an individual; and/or
criminal offence data, where this arises through sanctions, fraud, AML, or compliance screening.

We will only process such data where permitted by applicable law, subject to appropriate safeguards, and only where necessary for the relevant compliance or verification purpose.

Important publishing note: if your verification stack uses biometric face matching or criminal-offence screening, the final live policy should be checked by counsel against the exact Article 9 / DPA 2018 condition and the exact provider workflow.

_{8. Marketing communications}

We may send business communications about Intelliwealth, its services, events, updates, or related institutional opportunities where permitted by law.

You can opt out of marketing communications at any time by:

using the unsubscribe link in an email;
emailing us at Compliance@Intelliwealth.co.uk

If you object to direct marketing, we will stop using your personal data for that purpose. We may keep limited suppression data so that we can honour your request in future.

_{9. Who we share personal data with}

We may share personal data with the following categories of recipients where necessary:

our Regulated Exchange Partner and its authorised affiliates;
onboarding, KYC/KYB, AML, sanctions, fraud-prevention, or identity-verification providers;
hosting, cloud, infrastructure, cybersecurity, analytics, CRM, email, ticketing, and support providers;
payment, banking, custody, settlement, or wallet-screening providers where applicable;
legal, compliance, accounting, insurance, and other professional advisers;
auditors, regulators, supervisory authorities, law enforcement, courts, or government bodies;
group companies, contractors, or consultants on a need-to-know basis;
actual or prospective buyers, investors, or acquirers in connection with a corporate transaction, subject to confidentiality protections.

We do not sell personal data.

_{10. Separate controllers and third-party notices}

Where a regulated workflow is operated by our Regulated Exchange Partner or another third party, that organisation may act as a separate controller for the personal data it processes in connection with:

onboarding;
KYC/KYB/AML;
eligibility or suitability determinations;
order intake;
subscription processing;
settlement;
custody or client money handling;
regulatory reporting.

Their processing will be governed by their own privacy notices, terms, and regulatory obligations.

_{11. International data transfers}

Some of our service providers or partners may process personal data outside the UK.

Where we transfer personal data internationally, we take steps to ensure an appropriate level of protection, including where relevant:

transfer to a country recognised as providing adequate protection;
the use of the UK International Data Transfer Agreement, the UK Addendum to Standard Contractual Clauses, or other approved safeguards;
contractual, technical, and organisational measures appropriate to the transfer risk.

_{12. How long we keep personal data}

We keep personal data only for as long as necessary for the purposes for which it was collected, unless a longer retention period is required or permitted by law.

Our indicative retention approach is as follows:

website logs and security logs: 12 months
contact form and general business enquiries: 24 months
business development and institutional relationship records: duration of relationship plus 6 years
support tickets and operational records: 24 months / 6 years depending on the record
cookie consent records: 6–24 months
KYC/KYB/AML / customer due diligence records: for the period required by applicable law, which may include 5 years from the end of the business relationship or relevant transaction where anti-money laundering record-keeping laws apply.

We may retain data for longer where necessary to:

establish, exercise, or defend legal claims;
comply with regulatory, tax, accounting, or reporting requirements;
maintain appropriate audit trails;
preserve suppression records for marketing objections.

_{13. Security}

We use technical and organisational security measures designed to protect personal data against unauthorised access, misuse, disclosure, alteration, or destruction. These measures may include:

access controls and role-based permissions;
encryption in transit and at rest where appropriate;
secure hosting and monitoring;
audit logs;
incident response procedures;
contractual confidentiality obligations for staff and service providers.

No online environment is entirely risk-free, and we cannot guarantee absolute security.

_{14. Automated decision-making}

We do not use solely automated decision-making that produces legal or similarly significant effects on individuals through this Site unless we tell you otherwise.

If a Regulated Exchange Partner or compliance provider uses automated screening, eligibility, or risk tools as part of onboarding or compliance workflows, that organisation will explain the relevant processing in its own notice where required.

_{15. Cookies and similar technologies}

We use cookies and similar technologies to operate our website, remember preferences, understand usage, improve performance, and support security.

Strictly necessary cookies

These are required for the website to function properly and do not require consent.

Analytics and performance cookies

These help us understand how visitors use the Site and improve performance. We only use these where required consent has been obtained.

Functional cookies

These remember settings and preferences.

Advertising / targeting cookies

We only use these if applicable and where the relevant consent has been obtained.

You can manage cookie preferences through our cookie banner or browser settings. Please note that disabling certain cookies may affect the functionality of the Site.

Publishing note: this section should be aligned to your actual cookie banner and cookie inventory before go-live.

_{16. Your rights}

Depending on the circumstances, you may have the right to:

Be informed about how your personal data is used;
Access the personal data we hold about you;
Request correction of inaccurate or incomplete data;
Request erasure of your personal data;
Request restriction of processing;
Object to processing based on legitimate interests;
Object to processing for direct marketing;
Request data portability;
Withdraw consent where processing is based on consent;
Lodge a complaint with the UK Information Commissioner’s Office.

These rights are not absolute and may be subject to legal or regulatory exemptions.

To exercise your rights, contact us using the details in Section 20.

_{17. Complaints}

If you have a concern about how we process personal data, please contact us first and we will try to resolve it.

You also have the right to complain to the UK Information Commissioner’s Office:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
United Kingdom

ICO website: https://ico.org.uk

_{18. Third-party websites and links}

Our website may contain links to third-party websites, platforms, or services. We are not responsible for the privacy practices of those third parties. You should read their privacy notices before providing personal data to them.

_{19. Changes to this Privacy Policy}

We may update this Privacy Policy from time to time to reflect changes in law, regulation, technology, our services, or our processing practices.

Where appropriate, we will post the updated version on this page and update the “Last updated” date. Where legally required, we will take additional steps to notify you.

_{20. Contact us}

If you have questions about this Privacy Policy or wish to exercise your rights, please contact: