Defaqto Logo

Privacy policy

Please read this Privacy Policy carefully. If you use our Website then you will be regarded as having read and accepted this Privacy Policy. You must not use the Website if you do not accept this Privacy Policy.

About us

We are Defaqto Limited (Company No 2870220 registered in England with our registered office at Financial Research Centre, Pegasus Way, Haddenham, Aylesbury, Buckinghamshire, HP17 8LJ, United Kingdom) and we refer to ourselves as "Defaqto", “we” or “us” or “our” in this document. We own and operate this “Website” on our own behalf, including as a portal to the certain Contracted Services offered by us.

In this Privacy Policy, references to "you" means any person submitting any data to us or to this Website about himself or herself or about any other living individual in respect of any use of the Website or the Contracted Services.

When you use different aspects of the Website or the Contracted Services, we may ask you to supply us with various information about you or anyone who you represent. This Privacy Policy explains how we will use information about you and the steps we take to ensure your information is kept secure and confidential. It should be read together with our Terms and Conditions.

Defaqto Limited is the data controller under the General Data Protection Regulation (‘GDPR’) and specific UK legislation incorporating the requirements of GDPR in relation to the processing of your personal data in connection with the Website and the Contracted Services. If you have any queries relating to our use of your personal data or any other related data protection questions, please contact our Compliance Officer via

Your privacy is very important to us. We shall therefore only use your name and other information which relates to you in the manner set out in this Privacy Policy. We will only use your personal information in a way that is fair to you. We will only collect information where it is necessary for us to do so and we will only collect information if it is relevant to our dealings with you.

Data retention

We will only keep your information for as long as we are either required to by law or as is relevant for the purposes for which it was collected. We maintain a data retention policy to meet our GDPR obligations in this respect.

Data that we collect

We may collect and use various information, including some or all of the following, relating to you or people you represent: the names; email addresses; postal codes; the Website or the Contracted Services usernames, passwords and preferences, use of our Website (for example, the pages viewed, the website from which you came to visit our Website), notes, thoughts, comments and opinions.

Use of the Website

Defaqto reserves the right to charge you for certain services or impose charges for use of aspects of the Website that were previously free. Please note that you will always be clearly informed of any applicable charges before any such services can be selected or before any charges are levied. It follows that we do not, unless you agree to take the chargeable element of the Website, request or retain or have access to any details of your credit cards and/or debit cards. However, this information will be collected should such payment be required at any time, and is information to which this Privacy Policy is applicable.

We will never collect sensitive information about you without your explicit consent or unless you instruct us to use it. For example, in uploading material onto the Website, you may make data available to us, which may include sensitive data, and in uploading such data you provide your deemed consent to our collection of that data, and use for the purposes for which it was uploaded. That purpose may include access by a third party that you envisage gaining access to that data.

We may also collect information from third parties in order to verify any data that you have supplied to us.

We need information about you so that you can use the Website or the Contracted Services, including using tools and functionality, uploading material onto the Website and entering into discussions and interaction with other users of the Website.

We need your email address and other contact details, in particular, for sending you essential information relating to the Website. This includes (without limitation) the following:

  • To allow you to go ahead and register for the Website or the Contracted Services. This includes sending an email to you to confirm your details, to give you initial information about the Website or the Contracted Services, and to enable you to commence using the Website or the Contracted Services.
  • To give you a link to enable you to reset a password if you tell us or the Website that you have forgotten it.
  • To send you information generally relevant to the Website or the Contracted Services. This may include informing you about developments or changes with the Website or the Contracted Services.
  • In case we have any queries concerning any aspect of your use of the Website or the Contracted Services.
  • To respond to you over any queries you raise with us.

We also need to use your contact details and other information for any aspect of the Website or the Contracted Services (including, but without limitation, providing customer support, preventing or investigating prohibited activity, enforcing the Terms and Conditions and verifying information). We also use your information to detect any fraud or Website or abuses and, where permitted by data protection and privacy law, we may also disclose information about you, or access your account:

  1. if required or permitted to do so by law; and/or
  2. if required to do so by any court, the Financial Conduct Authority, the Office of Fair Trading or any other applicable regulatory, compliance, Governmental or law enforcement agency; and/or
  3. if necessary in connection with legal proceedings or potential legal proceedings; and/or
  4. in connection with the sale or potential sale of all or part of our business or the company.

If we reasonably believe false or inaccurate information has been provided and fraud is suspected, details may be passed to fraud prevention agencies to prevent fraud and money laundering.

We may maintain your history (such as products viewed, guides read, and your general activity on the Website) for up to six years following that action.

You must only submit to us, or the Website, information which is accurate and not misleading, and you must keep it up-to-date and inform us of changes. By submitting data in respect of you and anyone else, you must ensure that you have full authority and consent to supply us with that data on their behalf and you warrant to us that you have that authority.

We will collect payment information from you (such as your payment card details) when you purchase particular services via the Website that require payment. We will collect such payments either through an online payment service provider, by telephone, webform or by email. Where payment is obtained using an online payment service provider, it is they rather than us who obtains your personal data regarding your payment details (such as your payment card). Where payment is obtained by telephone, webform or email, we will apply our “Card Not Present” processes and as such will retain documentary evidence of your approval for up to 18 months. (If you have any queries about the way your payment card or other payment data is stored, you should email us at

Other uses of your personal information

We may also use your personal information for other parts of the Website and services, for example to send you promotional or marketing information about us, promotions, events, our newsletters, anything relating to our business partners, or anything in which you show an interest.

Each email regarding such parts of Website will provide you with an opportunity to opt out of receiving further emails from us regarding these communications. Any changes to your communication preferences will be processed by us within two working days of our receipt of your instruction; however, you may still receive non-essential communications in the intervening time between your submission and when it is processed.

We may further anonymise data about users of the Website or the Contracted Services generally and use it for various purposes, including ascertaining the general location of our users and usage of publications (including feedback and annotations that users make about publications), and supplying that anonymised data to third parties such as publishers. However, that anonymised data will not be capable of identifying you personally.

Third parties and links

We may pass your details to our agents and subcontractors to help us with any of our uses of your data set out in this Privacy Policy. For example, we may use third parties to assist us with providing the administration for running the Website, to analyse data and to provide us with marketing or customer service assistance.

We may exchange information with third parties for the purposes of fraud protection and credit risk reduction.

We may transfer our databases containing your personal information if we sell our business or part of it.

We may also disclose your details as described elsewhere in this Privacy Policy.

Other than as set out in this Privacy Policy, we shall NOT sell or disclose your personal data to third parties without obtaining your prior consent unless this is necessary for the purposes set out in this Privacy Policy or unless we are required to do so by law.

The Website may contain advertising of third parties, dedicated pages operated by third parties and links to other websites or frames of other websites. Please be aware that we are not responsible for the privacy practices or content of those third parties or other websites, nor for any third party to whom we transfer your data in accordance with our Privacy Policy.


We have in place appropriate technical and security measures to prevent unauthorised or unlawful access to, or accidental loss of or destruction or damage to, your information.

We store your personal details on a secure server. We use firewalls on our servers. If you send your payment card details through to the online payment service provider, we would require them to use encryption. Whilst we are unable to guarantee 100% security, this makes it hard for a hacker to decrypt your details.

We maintain physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of your information. Our security procedures mean that we may occasionally request proof of identity before we disclose personal information to you.

You are responsible for protecting against unauthorised access to your password and to your computer.

Your rights

We operate under the General Data Protection Regulation (‘GDPR’), effective from 25 May 2018 (which replaces the Data Protection Act 1998 from that date).  In the UK, the requirements of GDPR have been incorporated into the Data Protection Act 2018.

The DPA and GDPR apply to ‘personal data’ we process and the data protection principles set out the main responsibilities we are responsible for.

We must ensure that personal data shall be:

a) processed lawfully, fairly and in a transparent manner;

b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;

c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;

d) accurate and where necessary kept up to date;

e) kept for no longer than is necessary for the purposes for which the personal data are processed. We operate a data retention policy that ensures we meet this obligation. 

We only retain personal data for the purposes for which it was collected and for a reasonable period thereafter where there is a legitimate business need or legal obligation to do so. For detail of our current retention policy contact our compliance officer at

f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or   organisational measures.

We ensure lawful processing of personal data by obtaining consent; or where there is a contractual obligation to do so in providing appropriate products and services; or where processing the data is necessary for the purposes of our legitimate interests in providing appropriate products and services. 

To meet our data protection obligations, we have established comprehensive and proportionate governance measures.

We ensure data protection compliance across the organisation through:

a) implementing appropriate technical and organisational measures including internal data protection policies, staff training, internal audits of processing activities, and reviews of internal HR policies.

b) maintaining relevant documentation on processing activities.

c) implementing measures that meet the principles of data protection by design and data protection by default including data minimisation,   pseudonymisation, transparency, deploying the most up-to-date data security protocols and using   data protection impact assessments across our organisation and in any third party arrangements.

Under GDPR you have the following specific rights in respect of the personal data we process:

1. The right to be informed about how we use personal data. 

This Privacy Policy explains who we are; the purposes for which we process personal data and our legitimate interests in so doing; the categories of data we process; third party disclosures; and details of any transfers of personal data outside the UK.

2. The right of access to the personal data we hold.  In most cases this will be free of charge and must be provided within one month of receipt. 

To obtain a copy of the personal information we hold on you, please write to us at the address in the About us section of this Privacy Policy and provide us with your details.

3. The right to rectification where data are inaccurate or incomplete.  In such cases we shall make any amendments or additions within one month of your request.

4. The right to erasure of personal data, but only in very specific circumstances, typically where the personal data are no longer necessary in relation to the purpose for which it was originally collected or processed; or, in certain cases where we have relied on consent to process the data, when that consent is withdrawn and there is no other legitimate reason for continuing to process that data; or when the individual objects to the processing and there is no overriding legitimate interest for continuing the processing. 

5. The right to restrict processing, for example while we are reviewing the accuracy or completeness of data, or deciding on whether any request for erasure is valid.  In such cases we shall continue to store the data, but not further process it until such time as we have resolved the issue.

6. The right to data portability which, subject to a number of qualifying conditions, allows individuals to obtain and reuse their personal data for their own purposes across different services. 

7. The right to object in cases where processing is based on legitimate interests, where our requirement to process the data is overridden by the rights of the individual concerned; or for the purposes of direct marketing (including profiling); or for processing for purposes of scientific / historical research and statistics, unless this is for necessary for the performance of a public interest task.

8. Rights in relation to automated decision making and profiling.

Please contact our compliance officer at for more information about the GDPR and your rights under data protection law or if you have a complaint about data protection at Defaqto.

Alternatively contact our supervisory authority for data protection compliance (

Information Commissioner's Office
Wycliffe House
Water Lane

Tel: 0303 123 1113 (local rate) or 01625 545 745 (national rate)


The Website uses cookies. Cookies are tiny text files which identify your computer to our server as a unique user when you visit certain pages on the Website and they are stored by your Internet browser on your computer's hard drive. Cookies can be used to recognise your Internet Protocol address, saving you time while you are on, or want to enter, the Website. We use cookies for your convenience in using the Website (for example to remember who you are without you having to re-enter your username and password) and to enable advertising to be targeted to you appropriately based on your browser history. Your browser can be set to not accept cookies, but this would restrict your use of the Website. If you want to find out more information about cookies, go to or to find out about removing them from your browser, go to


We may amend this Privacy Policy from time to time. Any amended Privacy Policy will be posted on the Website. The amended Privacy Policy will apply immediately for new users and 30 days (or such other timeframe as we say when posting) after first posting for all existing users. Each time you enter the Website, you agree that the Privacy Policy current at that time shall apply to all information which we hold about you.

Your agreement

By submitting data to us and using the Website, you agree to our use of your data and of anyone you represent in the manner set out in this Privacy Policy (as amended from time to time, as described above) and you are responsible for ensuring that you have authority to do this on behalf of anyone about whom you submit data to us.


This Privacy Policy was most recently updated on 24 May 2019.