Skip to content

All topics

Regional News
Market Abuse
Conduct & Culture
Compliance
Regulatory
Risk Management
Operational Resilience
Financial Crime
ESG Compliance
Climate
Social
ESG Reporting
Digital Assets
Retail

Privacy Policy

Updated December 9, 2024

1. Scope of this Privacy Policy

At Corlytics Group, which covers Corlytics Limited, the Compliance Corylated website, and other related entities within our group (the “Group”), we are committed to protecting the privacy of our clients, users, website visitors, and anyone whose data we process. This Privacy Policy outlines how we collect, use, disclose, and protect your information across our group companies when you engage with our services or visit our websites.

This policy applies to all entities within the Group, which may have related but distinct activities, including data analytics, websites, technology services, and other operations. References to “we”, “our” or “us” include all companies in the Group.

2. Information we collect

We may collect the following types of information across the Group:

  • Information You Provide to Us
  • Contact and login details (e.g., name, email, password), including from applications or other forms of communication we receive from users.
  • Payment and billing information.
  • Details about your business and service needs.
  • Information Collected Automatically
  • Usage data about how you interact with our websites or services (e.g., IP address, browser type, pages visited, time spent on pages).
  • Through use of the Client Platform at https://app.corlytics.com/login
  • Via the website at www.corlytics.com

Some entities within the Group may collect and analyse publicly available data (e.g., websites, social media platforms, public databases) for their services. We do not collect sensitive personal data unless explicitly permitted by law.

  • Data Collected from Third Parties

From Client organisations, when they arrange user licences and access to our products and services.

Some entities within the Group may collect and analyse publicly available data (e.g., websites, social media platforms, public databases) for their services. We do not collect sensitive personal data unless explicitly permitted by law.

3. How We Use Your Information

Each entity in the Group may use your information for:

  • Delivering and improving its specific services.
  • Communicating alerts, updates, offers, or service changes.
  • Complying with legal obligations.

Data collected via scraping or public sources is used solely for analytics and insights, in compliance with applicable laws.

For examples, we may need to collect:

  • a user’s name, to provide support to the user and so we can distinguish between users a user’s email address, to uniquely identify users in our web applications
  • a password, to secure each user’s account. After a user’s first successful login, we have no knowledge of this password, and it is stored using non-reversible encryption.

4. Legal Basis for Processing

We process your data based on:

  • Consent: When you have explicitly agreed to specific uses.
  • Legitimate Interests: For operating our businesses, improving services, and maintaining security.
  • Legal Obligations: To comply with applicable laws and regulations.

5. Data Sharing Within the Group and Beyond

  • Within the Group

We may share your information between entities within the Group to provide integrated services, enhance customer experience, and streamline operations.

  • With Third Parties

We may share your data with:

  • Service Providers: Vendors who assist in delivering services (e.g., hosting, payment processing).
  • Legal Authorities: When required by law or to protect our legal rights.
  • Clients: Aggregated, anonymised  insights derived from data analysis.

6. Data Storage

We securely store all user personal data in an encrypted cloud-based data centre geographically located in Dublin, Ireland. The Compliance Corylated newsletter This Week Corylated uses MailChimp. Data collected in association with the newsletter is stored in the United States. MailChimp’s policy for European data transfers can be found here.

7. Data Retention

We retain your information only as long as necessary for the purposes described in this policy or to comply with legal obligations. Retention periods may vary across Group entities based on their services.

8. Cookies and Tracking

We retain your information only as long as necessary for the purposes described in this policy or to comply with legal obligations. Retention periods may vary across Group entities based on their services.

9. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your data.
  • Correction: Ask us to fix inaccuracies.
  • Deletion: Request data deletion.
  • Objection: Object to certain uses, such as marketing.
  • Data Portability: Request data in a portable format.

To exercise your rights, contact us at [email protected]. Requests may apply to individual Group entities or the Group as a whole.

10. Data Security

We maintain electronic and procedural safeguards designed to protect users’[1]  personal data from unauthorised access or intrusion. Measures include encryption, user access security measures and information security controls.

All our employees and contractors receive annual training on our privacy and information security policies and procedures.

We use industry-standard security measures to protect your information. However, no system is entirely secure, and we cannot guarantee absolute protection.

11. Third-Party Links

Some Group websites may link to third-party sites. We are not responsible for their privacy practices. Review their policies before sharing information.

12. International Data Transfers

We may need to process personal data in a non-EEA country where entities within the Corlytics Group have operations, e.g. storing and processing user personal data, or sending personal data to recipients in a country other than the country of collection.

If data is transferred across borders, we ensure it is protected under applicable data protection laws, such as GDPR.

13. Supplemental Corlytics Limited Privacy Statement for Content Distribution

This supplemental Privacy Statement governs external, third party content (informational content) republished and distributed via CORLYTICS Client Platform (https://app.corlytics.com/login), and RED App (https://corlytics.com/corlytics-red/).


WHY WE PUBLISH INFORMATIONAL CONTENT
Corlytics Limited republishes publicly available content sourced from external third parties such as Financial Regulators, Prudential Regulators, Central Banks, Fining Authorities, and Industry Bodies. For each notice republished Corlytics Limited acknowledges the original source, URL, and associated copyright of each notice and original source. Corlytics Limited also curates and produces summarised analysis of these notices.

These sources publish regulatory enforcement notices levied against firms and private individuals which may include personal information on private individuals. Corlytics Limited republishes and distributes these regulatory enforcement notices as informational content via the Corlytics Platform and RED App. This informational content provides the basis for Corlytics Regulatory Risk products and services.


HOW WE OBTAIN INFORMATIONAL CONTENT AND THE TYPES OF INFORMATIONAL CONTENT PUBLISHED
Corlytics Limited obtains informational content (i) under licence from the original source, (ii) with authorisation from the original source, or (iii) where the content is publicly available or in the public domain.
Where informational content is sourced from regulatory enforcement notices against private individuals the following personal information may be included in the original source publication: (i) name, (ii) occupation/qualifications, (iii) employer/employment history, (iv) job title/function (v) period of misconduct/disciplinary history, (vi) Jurisdiction/Regulator that brought the enforcement action against an individual, (vii) monetary penalty imposed, and (viii) non-monetary penalty imposed.

WHAT IF A PRIVATE INDIVIDUAL WISHES TO CORRECT OR REMOVE PERSONAL INFORMATION CONTAINED IN CORLYTICS INFORMATIONAL CONTENT?
Corlytics Limited is not the original publisher or source of the informational content. Corlytics Limited is not obliged to change or delete the substance of the original content, as it relates to personal information, unless requested to do so under a verified request from the original source or publisher of the regulatory enforcement action.
Should a private individual wish to correct or remove their personal information they should contact the original source or publisher of the regulatory enforcement action.

14. Updates to this Policy

This policy may be updated periodically. Changes will be posted on this page, and we encourage you to review it regularly.

15. Contact Us

If you have questions about this Privacy Policy or how your data is processed across the Group, contact us at:

address: Corlytics Ltd, Nexus Building, Belfield Office Park, Clonskeagh, Dublin D04 V2N9 Ireland

email: [email protected]