Privacy
It is North Star Compliance's policy to respect your privacy regarding any information we may collect from you across our website, https://www.northstarcompliance.net or in the conduct of our business.
Services
We ask for personal information when we need it to provide a service to you. We only retain collected information for as long as necessary. We will not share any personally identifying information publicly or with third-parties without your consent, except when required by law.
You are free to refuse our request for your personal information, with the understanding that we may be unable to provide you with some of your desired services. You can ask us to remove any of your data that we currently have by writing to info@nothstarcompliance.net and we will aim to comply with that request promptly.
Website
Our website may link to external sites that are not operated by us. Please be aware that we have no control over the content and practices of these sites, and cannot accept responsibility or liability for their respective privacy policies.
From time to time website providers collect basic, anonymised information regarding website traffic. This may include information such as how you reached the site, location and browser. Your continued use of our website will be regarded as acceptance of our practices around privacy and personal information.
Integrity due diligence
For the AIDD service, North Star Compliance acts as a Data Processor on behalf of our clients. Our clients are the Data Controllers and determine the purposes and means of processing personal data. Our clients are typically organisations with legal and regulatory obligations to conduct due diligence.
There is no direct relationship between North Star Compliance and the individuals who are the subject of the due diligence checks ("Data Subjects"). Data Subjects are individuals or entities being vetted by our clients in the course of senior appointments, mergers and acquisitions and risk-exposed or high-value transactions.
The purpose of the processing is to provide our clients with the necessary information to make informed decisions and mitigate legal, regulatory, and reputational risks. This supports the legitimate interests of our clients in preventing financial crime and ensuring the integrity of their business relationships.
The lawful basis for processing personal data, as relied upon by our clients (the Data Controllers), is Article 6(1)(f) UK GDPR: Legitimate Interest. This processing is necessary for the legitimate interests of clients in protecting their business and complying with legal duties, and these interests are not overridden by the rights and freedoms of the Data Subject.
The personal data processed is strictly limited to what is necessary for the due diligence purpose. We do not actively seek special category data. However, the processing may incidentally uncover data relating to publicly-referenced criminal offences (e.g., media reports of fraud) if it is publicly available and directly relevant to a significant integrity risk. The processing of such data is justified by reasons of substantial public interest (preventing or detecting unlawful acts). The processing is conducted on a case-by-case basis per client instruction and is not a large-scale, systematic monitoring of a population. Data Subjects may be located worldwide.
North Star Compliance has implemented robust technical and organisational security controls to protect personal data. These include end-to-end encryption, strict internal access policies, and secure data handling procedures.
Other
If you have any questions about how we handle user data and personal information, feel free to contact us at info@northstarcompliance.net. You have the right to contact the ICO at: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, Helpline number: 0303 123 1113, Website: www.ico.org.uk