At JBA Compliance Consultancy Limited we value your privacy and are committed to protecting your personal data.
This privacy policy explains how we collect, use and store your personal data when you visit our website or use our services.
Last updated: 02 October 2025
This privacy notice (“Privacy Notice”) describes how JBA Compliance Consultancy Limited collects and processes personal data relating to Users in relation to the services we provide. The data we process differs depending on your interactions with us, as detailed more fully below. It also describes certain legal rights you may have, subject to applicable law, and how you can exercise them.
For purposes of this Privacy Notice, “personal data” means information about an identified or identifiable person, such as their name or email address and includes any equivalent term under applicable data protection law. The personal data we process differs depending on your interactions with us, as detailed more fully below.
The expression “User” (and “you”/” your”) in this Privacy Notice shall mean any person accessing the JBA Compliance Consultancy Limited website, using JBA Compliance Compliance Consultancy Limited services, or about whom we collect and use any information while providing our products and services. Collectively, we describe our services, including the JBA Compliance Limited website as our “Services.”
Where we act as a controller of personal data, the following items apply:
Details of the controller and data protection officer: the controller of the personal data we process is JBA Compliance Consultancy Limited (referred to as “JBA Compliance Consultancy Limited”/“we”/“us”), having its registered office at 72 Knights Manor way Dartford DA1 5SP
By using JBA Compliance Consultancy Limited Services, you confirm that you have agreed to the relevant Terms of Service applicable to your use, to the extent permitted by law, and have read and understood this Privacy Notice.
You have various rights and choices related to our use of your personal data.
You can opt out of receiving our promotional emails at any time by following the instructions included in those emails. Please be aware that it may take up to 10 days for us to process your request, and you may continue receiving promotional communications from us during that period.
If you opt out of receiving such communications, please be aware that we may continue to send you non-promotional communications (such as emails related to our business relationship or emails about changes to our legal terms).
As a data subject, whose personal data we process, you have 7 potential rights under the privacy laws in which we operate. These rights are not absolute and may be limited, for example, if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping. We may, if necessary, apply any available exemptions to these requirements.
In many cases, the most effective way to exercise these rights will be to mail our dedicated inbox at ….TBC …….. We may ask you for two valid forms of identification to ensure your rights are protected.
If you are concerned that we are handling your personal data improperly, you also have the right to make a complaint to our data protection regulator, the UK Information Commissioner’s Office: https://ico.org.uk/global/contact-us/. However, we invite you to contact us with any concerns, as we would be happy to try to resolve it directly.
Information collection and use
The information we collect, and the ways in which we use it, varies in line with the use cases below (click the headings to view the relevant portions of the policy):
Visitors to JBA Compliance Consultancy Limited
When you provide us with information by completing forms
Our anti-money laundering, sanctions and adverse media data
Business contacts
Information we collect from publicly available sources
Visitors to JBA Compliance Consultancy Limited
When you browse this website
What we collect | Data on how you use the site The pages you visit, the means you use to visit (browser version, time zone, operating system, etc.), how long your visit and pageviews last, the frequency of your visits, and information on how you navigate the site. Data that identifies you Your IP address, unique identifiers tied to cookies. |
What do we do with your data | Site optimisation Analysing aggregated data to update our site’s content and layout to improve relevance for visitors. |
Our basis for data processing | Legitimate interests Using insights from visitor behaviour to improve the way we market our services. |
How long do we hold this data for | Data holding periods are determined by cookie expiry times. |
Recipients of data | Within JBA Compliance Consultancy Limited companies Personal data will be available for our global marketing teams, and other JBA Compliance Consultancy Limited personnel who have a need to access this data for the purposes set out above. Outside of JBA Compliance Consultancy Limited CRM and marketing automation providers Website analytics vendors |
When you provide us with information by completing forms (including on third party platforms), subscribing for email updates, registering for events hosted by us or when requesting demos.
What do we do with your data | We use this information to contact you for the purpose specified in the form and in accordance with any marketing preferences you submit to us. This information is added to and managed through our contact database. A member of our sales team may contact you if we determine through your submission that you may be interested in our services. We analyse our contact database data to understand, track, and improve how we market and sell our services. |
Our basis for data processing | Taking steps at your request prior to entering into a contract If you request that we contact you to provide more information on our services to you, we’ll process your data and contact you on this basis. Legitimate interests We will send you our email newsletters being necessary for our legitimate interests to give you information about our services (unless you have opted out). We’ll also retain and analyse information gained from our interactions with you as part of understanding, tracking and improving how we market and sell our service. We retain a record of your marketing preference choices in order to demonstrate our historic compliance with data protection law. Consent: We may ask you for your consent to process your personal data, for example to send you marketing communications when you sign up to receive one of our industry reports. You are able to revoke this consent at any time by unsubscribing using the automated unsubscribe button in our emails, or by emailing TBC |
How long do we hold the data for | Email newsletters We’ll keep your details on this list until you unsubscribe, at which point we’ll move your details to an opted-out list to ensure that we don’t send you marketing emails from other sources in future. Sales process We retain information relating to our sales interactions with you for up to five years following our determination that we’re not an appropriate sales fit. We use this period as service contracts in our industry often last for 5 years, so a new opportunity may arise during the retention period. General We retain historic information relating to any marketing preference choices that you provided, or other bases for processing that have since lapsed, for six years from the date that the basis for processing lapsed. |
Recipients of data | Within JBA Compliance Consultancy Limited Personal data will be available for our marketing and sales personnel, as well as customer success and other teams as necessary to fulfil the purposes set out above. Outside of JBA Compliance Consultancy Limited JBA Our cloud storage providers, customer database, and marketing providers. |
Job candidates
Recruitment information you provide to us
What do we do with your data | We use your data to: contact you in relation to your candidacy assess suitability for future vacancies assess your suitability for the vacancy you applied for monitor the impact of our diversity and inclusion programme and to make improvements |
Our basis for data processing | Taking steps at your request prior to entering a contract: If you send us your personal data in response to a vacancy advertised by us, we need to process it to consider your application. Legitimate interests: We want to build the best team we can, and we carry out this processing as part of the hiring process that enables this. Compliance with a legal obligation For roles where we conduct a resident labour market test to enable us to apply for visas and subsequently hire someone who needs a visa on this basis, we retain unsuccessful applicant information as part of the related record-keeping requirements. Consent: Where you have voluntarily provided information, this is on a consent basis and may be revoked (e.g. information relating to your race or ethnicity). |
How long do we hold the data for | General Your information is stored in our applicant tracking system for up to 24 months after you have been notified your application has been unsuccessful. Successful candidates’ information becomes subject to our employee privacy policy. Legal record-keeping If we hire someone subject to a resident labour market test for a role you applied for, we’ll retain your personal data until the expiry of the applicable record-keeping requirement (currently one year following the end of our sponsorship of the visa in question). |
Recipients of data | JBA Compliance Consultancy Limited Personal data will be available for the hiring and recruitment teams. Outside of JBA Compliance Consultancy Limited Our applicant tracking system Providers of any aptitude testing systems used as part of the hiring process Third party background check providers Recruitment agencies |
Recruitment-related data we collect
The data we process | Publicly available information relevant to your potential suitability to work with JBA Compliance Consultancy Limited Any information provided by someone else about you to us. Feedback from interviews and assessments. |
What do we do with your data | We use your data to: contact you in relation to current vacancies assess your suitability for vacancies |
Our basis for data processing | Legitimate interests Assessing the current labour market and your suitability for available roles. To hold as a reference point should you make any further applications within the retention period. Compliance with a legal obligation If you are actively involved in our recruitment process for roles where we conduct a resident labour market test and subsequently hire someone who requires a sponsored visa, we retain unsuccessful applicant information as part of the related record-keeping requirements. |
How long do we hold the data for | Your information is stored in our applicant tracking system for up to 24 months after you have been notified your application has been unsuccessful, or subject to our legal record-keeping requirements if needed for our compliance with immigration law. |
Recipients of data | Within JBA Compliance Consultancy Limited personal data will be available for the hiring team and our recruitment personnel. Outside of JBA Compliance Consultancy Limited Our applicant tracking system Providers of any aptitude testing systems used as part of the hiring process Our cloud file storage systems External recruiters with whom you dealt as part of the recruitment process Government and legal service providers involved in the visa application process Third party background check providers. |
Our anti-money laundering, sanctions and adverse media data
The data we process | Sanctions, warnings, fitness & probity Information related to and available on publicly available government lists covering sanctions, the prevention and detection of unlawful acts, and other protective functions. This will generally include a full name, a year or date of birth, nationality, reasons for appearing on the list, and the period covered by the data subject’s appearance on the list, but this depends on the information contained in the list. Politically exposed persons We collect publicly available information relating to individuals in prominent public positions, and their family members, close associates, and business interests. Names, dates or years of birth, position(s) held or connection(s) that we think may give rise to a PEP designation, country of nationality, residence and service, photographs (if available) and the period for which that designation would have been active (e.g. active service dates). Adverse media We collect links to publicly available news articles that our systems determine to name individuals in connection with financial crime, terrorist financing, other relevant unlawful acts, improper conduct, dishonesty, etc. We will also extract information relating to age from these articles to determine approximate years of birth. Corporate registry information We collect data from publicly available corporate registries or from third parties, relating to individuals’ shareholdings and directorships (or such analogous positions). |
What do we do with this data | Consolidated profiles: We structure the data collected into profiles consolidating the information outlined above. Sharing with clients: Where one of our clients searches for a name on our database, we share with that customer any profiles that match the given search parameters. Partners: We will also share this data with partners that resell the data to clients seeking AML and sanctions compliance tools. |
Our basis for data processing | Legitimate interests Our existing and prospective clients have legitimate interests in gaining access to high-quality and easily manageable data of the type we process to optimize compliance with obligations concerning sanctions, anti-money laundering, know-your-client and counter-terrorist financing. We also pursue our own legitimate interests in providing the products and |
How long do we hold the data for | AML Database: We hold this data for as long as it is necessary to fulfil the purposes for which it was collected. This includes any legal, accounting, or reporting requirements. To determine the appropriate retention period for the personal data, we consider the amount, nature, and sensitivity of that data, the potential risk of harm from Backups Where we remove personal data from this database (for example, where we become aware that the information is not, or is no longer, relevant), it will remain in our backups for 30 days. |
Recipients of data | Other data controllers on whose behalf we act as processors, who search for information matching given profiles Partners who are reselling our services to data controllers, on whose behalf we act as sub processors JBA Compliance Consultancy Limited group employees Our hosting and cloud storage providers Vendors we use to monitor the accuracy and performance of the data |
Business contacts
Information we receive from you (e.g. business cards, correspondence during the sales process)
What do we do with your data | A member of our sales team may contact you if we determine through your submission that you may be interested in our products and services. This information – along with details of our interactions including phone calls and correspondence – is added to, and managed through, our CRM. We analyse our CRM data to understand, track, and improve how we market and sell our services. We save some correspondence to provide precedents and examples to other members of the team and add your personal data to our e-signing and billing systems if appropriate. We may make recordings of telephone calls with clients and prospective clients. We may send you questionnaires or forms asking for feedback on our services, which are used to help improve the services we provide. |
Our basis for data processing | Taking steps at your request prior to entering a contract: If you request that we contact you to provide more information on our services to you, we’ll process your data and contact you on this basis. Legitimate interests We’ll retain and analyse information gained from our interactions with you as part of understanding, tracking and improving our services and how we market and sell our services. We process data in relation to billing and contracting in order to operate the legal and financial elements of our business. We retain records of consent-based and other processing in order to demonstrate our historic compliance with data protection law. |
How long do we hold the data for | Email newsletters: We’ll keep your details on this list until you unsubscribe, at which point we’ll move your details to an opted-out list to ensure that we don’t send you marketing emails from other sources in future. Sales process We retain information relating to our sales interactions with you for up to five years following our determination that we’re not an appropriate sales fit. We use this period as service contracts in our industry often last for 3-5 years, so a new opportunity may arise during the retention period. General We retain historic information relating to any consent you provided, or other bases for processing that have since lapsed, for six years from the date that the basis for processing lapsed. |
Recipients of data | Within JBA Compliance Consultancy Limited Personal data will be available for our marketing and sales personnel, as well as customer success and other teams as necessary to fulfil the purposes set out above. Outside of JBA Compliance Consultancy Limited Our cloud storage providers, CRM, sales and marketing automation tools, third party providers of online forms, customer support/servicing tools, debt collection service providers. |
Information we collect from publicly available sources
The data we process | Name, contact details, professional activity Publicly available information relevant to your position in your organisation, and industry events you’re attending Bought in data from third party providers (containing the above-mentioned data). |
What do we do with your data | We use this data to generate sales leads and to run marketing campaigns. A member of our sales team may contact you to understand more information about your organisation’s anti-money laundering and sanctions compliance operations and gauge your organisation’s potential interest in our services. This information – along with details of our interactions including phone calls and correspondence – is added to, and managed through, our contact database. We analyse our contact database data to understand, track, and improve how we market and sell our services. |
Our basis for data processing | Taking steps at your request prior to entering a contract: If you subsequently request that we contact you to provide more information on our services to you, we’ll process your data and contact you on this basis. Legitimate interests: Identifying stakeholders in organisations with requirements for software like that provided by JBA Compliance Consultancy Limited To hold as a reference point should you make any further applications within the retention period. We’ll retain and analyse information gained from our interactions with you as part of understanding, tracking and improving how we market and sell our services. |
How long do we hold the data for | Sales process We retain information relating to our sales interactions with you for up to five years following our determination that we’re not an appropriate sales fit. We use this period as service contracts in our industry often last for 3-5 years, so a new opportunity may arise during the retention period. General We retain historic information relating to any consent you provided, or other bases for processing that have since lapsed, for six years from the date that the basis for processing lapsed. |
Recipients of data | Within JBA Compliance Consultancy Limited: Personal data will be available for our marketing and sales personnel, as well as customer success and other teams as necessary to fulfil the purposes set out above. Outside of JBA Compliance Consultancy Limited: Our cloud storage providers, CRM, sales and marketing automation tools, and customer support/servicing tools. |
Supplier information
What do we do with your data | We will use publicly available contact information to approach you or your employer for services, or to respond to an approach. We may make recordings of telephone calls with suppliers and prospective suppliers. We may send you questionnaires or forms asking for further information on how you or your employer provide services, which are used to facilitate our supplier management and to comply with our governance obligations. As part of receiving services from you or your employer, we will process personal data concerning employees of the supplier, that are necessary for assessing the suitability of the supplier, or for the purposes of receiving the services. |
Our basis for data processing | Processing is necessary for the performance of a contract/taking steps prior to entering into a contract: We’ll process your data as part of considering if we wish to enter into a supplier relationship with you/your employer, and subsequently to facilitate the receipt of services from the supplier, to comply with our ongoing supplier governance processes and processing invoices. |
How long do we hold the data for | We retain information relating to the supply of services for six years from the date that the contract for the provision of the services is terminated. |
Recipients of data | Within JBA Compliance Consultancy Limited: Personal data will be available for personnel, as necessary to fulfil the purposes set out above. Outside of JBA Compliance Consultancy Limited • our cloud storage providers, |
In addition to the circumstances described above, we may also share personal data with another company in connection with or during negotiations of any merger, acquisition, financing, re-organization, bankruptcy, sale of all or a portion of our assets, or transition of services to another provider.
Your personal data may be processed outside of the UK. We will only transfer your data if there is a legal mechanism in place to ensure that your data is safeguarded.
Our Services are intended for adults, and we do not knowingly collect personal data from children below the age of 16. If you are a parent or legal guardian and think your child has given us personal data without your consent, please contact us at dpo JBA Compliance Consultancy Limited
We may provide links to third-party websites, services, and applications that are not operated or controlled by JBA Compliance Consultancy Limited. This Privacy Notice does not apply to the privacy practices of those third parties. The fact that we link to a website, service, or application is not an endorsement, authorisation, or representation of our affiliation with that third party. We encourage you to review the privacy policies of any third-party service before providing any personal data to or through them.
JBA Compliance Consultancy Limited uses generally accepted administrative, physical, and technical safeguards we believe are appropriate to protect the confidentiality, integrity and availability of your personal data. Although we make reasonable efforts to protect personal data from loss, misuse, or alteration by third parties, you should be aware that there is always some risk involved in transmitting information over the internet and storing information electronically Compliance Consultancy Limited cannot and does not guarantee absolute security.
We may change this Privacy Notice from time to time to reflect changes in our practices or in the law. If we make changes, we will post the updated Privacy Notice on our website and indicate when it was last revised. You are advised to review this Privacy Notice periodically, to stay informed of our practices. If we make material changes, we may provide you with additional notice, such as posting a statement on our homepage or sending you an email notification, if we have your email address on file. Your continued use of the Services after the revised Privacy Notice has become effective indicates that you have read, understood, and agreed to the current version of this Privacy Notice, to the extent permitted by law.
If you have any queries, complaints, or would like to request a data subject right please contact our DPO dpo @ TBC
EN
© 2025
