Customer Policy

Privacy Policy:

AML Assessment Limited ("we/us/our”) is committed to protecting and respecting your privacy.

This policy (together with our website terms of use and any other documents referred to in it) set out the basis on which any personal data we collect from you, or that you provide to us, will be controlled and/or processed by us once you have registered to use the AML Assessment app (our App) and/or the website (our Site) on your computer, mobile telephone or handheld device (Device). Please read the following carefully to understand our views and practices regarding personal data and how we will treat it. By signing up to use our App and/or our Site you are accepting and consenting to the practices described in this policy.

By using our App and/or our Site you also confirm that you understand that you must also comply with applicable data protection and privacy laws, including the Data Protection Act 1998, when controlling and processing personal data and sensitive personal data, which may be provided to us.

For the purpose of the Data Protection Act 1998 (the Act), the data controller and processor is AML Assessment Limited (we/our). We are a company registered in England and Wales and our registered office is at 20-22 Wenlock Road, London, N1 7GU. Our registered company number is 09949904.

  1. Policy Statement

    1. Everyone has rights with regard to the way in which their personal data is handled. During the course of our activities we will collect, store and process personal data, and we recognise that the correct and lawful treatment of this data will maintain confidence in the organisation and will provide for successful activities.
    2. Our officers, employees and agents and any other data users are obliged to comply with this policy when processing personal data on our behalf. Any breach of this policy may result in disciplinary action.
    3. References to "personal data” within this policy include "sensitive personal data”.
  2. About This Policy

    1. The types of personal data that AML Assessment Limited (we) may control and/or process includes (without limitation):
      1. information provided to us, by you, for the purpose of us conducting relevant anti-money laundering checks and due diligence, in respect of the individual to whom the information relates;
      2. other information you provide to us;
      3. information we collect about you and your Device; and
      4. location information.
    2. This policy and any other documents referred to in it set out the basis on which we will control and/or process any personal data we collect from data subjects, or that is provided to us by data subjects or other sources.
    3. This policy sets out rules on data protection and the legal conditions that must be satisfied when we obtain, handle, process, transfer and store personal data.
    4. This policy may be amended from time to time. We advise that you review this policy regularly.
    5. Any questions about the operation of this policy or any concerns that the policy has not been followed should be referred in the first instance to
  3. Definition of Data Protection Terms

    1. Data is information which is stored electronically, on a computer, or in certain paper-based filing systems.
    2. Data subjects for the purpose of this policy include all living individuals about whom we hold personal data. A data subject need not be a UK national or resident. All data subjects have legal rights in relation to their personal information.
    3. Personal data means data relating to a living individual who can be identified from that data (or from that data and other information in our possession). Personal data can be factual (for example, a name, address or date of birth) or it can be an opinion about that person, their actions and behaviour.
    4. Data controllers are the people who or organisations which determine the purposes for which, and the manner in which, any personal data is processed. They are responsible for establishing practices and policies in line with the Act. We may from time to time act as a data controller for our own purposes.
    5. Data users are employees of data controllers whose work involves processing personal data. Data users must protect the data they handle in accordance with this data protection policy and any applicable data security procedures at all times.
    6. Data processors include any person or organisation that is not a data user that processes personal data on behalf of and on the instructions of a data controller. We may from time to time act as a data processor on behalf of and on the instructions of a data controller.
    7. Processing is any activity that involves use of the data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transferring personal data to third parties.
    8. Sensitive personal data includes information about a person's racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health or condition or sexual life, or about the commission of, or proceedings for, any offence committed or alleged to have been committed by that person, the disposal of such proceedings or the sentence of any court in such proceedings.
  4. Data Protection Principles

    When processing personal data, we will comply with the eight enforceable principles of good practice. These provide that personal data must be:

    1. Processed fairly and lawfully.
    2. Processed for limited purposes and in an appropriate way.
    3. Adequate, relevant and not excessive for the purpose.
    4. Accurate.
    5. Not kept longer than necessary for the purpose.
    6. Processed in line with data subjects' rights.
    7. Secure.
    8. Not transferred to people or organisations situated in countries without adequate protection.
  5. Fair and Lawful Processing

    1. The Act is not intended to prevent the processing of personal data, but to ensure that it is done fairly and without adversely affecting the rights of the data subject.
    2. For personal data to be processed lawfully, it must be processed on the basis of one of the legal grounds set out in the Act. These include, among other things, where the processing is necessary for the legitimate interest of the data controller or the party to whom the data is disclosed.
    3. For sensitive personal data to be processed lawfully, it must be processed on the basis of one of the legal grounds set out in the Act. These include, among other things, where the information contained in the personal data has been made public as a result of steps deliberately taken by the data subject.
    4. When processing personal data and sensitive personal data we will comply with the Act.
  6. Processing for Limited Purposes

    1. In the course of our activities, we may control and process personal data. This may include data we receive directly from you (for example, personal data belonging to your clients, data received by corresponding with us by mail, phone, email, social media or otherwise), data we collect about you and data we receive from other sources (including, for example, information made publicly available by the data subject on social media platforms).
    2. We will only control and/or process personal data for the following purposes:
      1. to carry out our obligations arising from any contracts entered into between you and us, and to supply the information and services that you have ordered through our App and/or our Site;
      2. to ensure that the content within our App and our Site is presented in the most effective manner for use by you;
      3. to inform you and/or update you as to the status of any order for services you place through our App and/or our Site, and other applicable information;
      4. to provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about, but you may choose to stop receiving this at any time by contacting us;
      5. to provide you, or permit carefully selected third parties to provide you, with information about goods or services we feel may interest you;
      6. to notify you of changes to our service;
      7. to ensure that content provided by us is presented in the most effective manner for you and for your Device;
      8. to administer our App and/or our Site for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
      9. to improve our App and/or our Site to ensure that content is presented in the most effective manner for you and for your Device;
      10. to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
      11. to make suggestions and recommendations to you and other users of our App and/or our Site about goods and services that interest you or them; and
      12. as part of our efforts to keep our App and our Site safe and secure
  7. Accurate Data

    We will ensure that personal data we hold is accurate and kept up to date. We will check the accuracy of any personal data at the point of collection and at regular intervals afterwards. We will take all reasonable steps to destroy or amend inaccurate or out-of-date data.

  8. Timely Processing

    We will not keep personal data longer than is necessary for the purpose or purposes for which they were collected. We will take all reasonable steps to destroy, or erase from our systems, all data which is no longer required.

  9. Processing In Line with Data Subject's Rights

    We will endeavour to process all personal data in line with data subjects' rights, in particular their right to request access to any data held about them (see also clause 14) and their right to ask to have inaccurate data amended (see also clause 8).

  10. Data Security

    1. We will take appropriate security measures against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data.
    2. We will put in place procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction. Personal data will only be transferred to a data processor if he agrees to comply with those procedures and policies, or if he puts in place adequate measures himself.
    3. We will maintain data security by protecting the confidentiality, integrity and availability of the personal data, defined as follows:
      1. Confidentiality means that only people who are authorised to use the data can access it.
      2. Integrity means that personal data should be accurate and suitable for the purpose for which it is processed.
      3. Availability means that authorised users only should be able to access the data if they need it for authorised purposes only.
    4. Security procedures include:
      1. Equipment. Data users must ensure that individual monitors do not show confidential information to passers-by and that they log off from their PC when it is left unattended.
      2. Passwords. Data users must ensure that individual passwords and other individual login credentials are changed on a regular basis.
      3. Methods of disposal. Paper documents should be shredded. Digital storage devices should be physically destroyed when they are no longer required.
      4. Secure lockable desks and cupboards. Desks and cupboards should be kept locked if they hold confidential information of any kind. (Personal information is always considered confidential.)
      5. Entry controls. Any stranger seen in entry-controlled areas should be reported.
  11. Storage and Transfer of Personal Data

    1. All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our App and/or our Site, or use our App and/or our Site in a particular way, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
    2. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our App and/or our Site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
    3. We may transfer any personal data we hold to a country outside the European Economic Area (EEA), provided that one of the following conditions applies:
      1. The country to which the personal data is transferred ensures an adequate level of protection for the data subjects' rights and freedoms.
      2. The data subject has given his consent.
      3. The transfer is necessary for one of the reasons set out in the Act, including the protection of the vital interests of the data subject.
      4. The transfer is legally required on important public interest grounds or for the establishment, exercise or defence of legal claims.
      5. The transfer is authorised by the relevant data protection authority where we have adduced adequate safeguards with respect to the protection of the data subjects' privacy, their fundamental rights and freedoms, and the exercise of their rights.
    4. Subject to the requirements in clause 11.3 above, personal data we hold may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. That staff may be engaged in, among other things, the provision of support services.
  12. Disclosure and Sharing of Personal Information

    1. We may share your personal information with any member of our group, which means (if applicable) our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
    2. We may also disclose personal data we hold to third parties:
      1. In the event that we sell or buy any business or assets, in which case we may disclose personal data we hold to the prospective seller or buyer of such business or assets.
      2. If we or substantially all of our assets are acquired by a third party, in which case personal data we hold will be one of the transferred assets.
      3. If we use analytics and search engine providers that assist us in the improvement and optimisation of our App and/or our Site.
    3. If we are under a duty to disclose or share a data subject's personal data in order to comply with any legal obligation, or in order to enforce or apply any contract with the data subject or other agreements; or to protect our rights, property, or safety of our employees, customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
  13. Your Rights

    1. Under the Act, you have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at
    2. Our App and/or our Site may, from time to time, contain links to and from the websites and/or apps of our partner networks, advertisers and affiliates. If you follow a link to any of these websites or apps, please note that these websites and apps have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites or apps.
  14. Dealing with Subject Access Requests

    Data subjects must make a formal request for information we hold about them. This must be made in writing.

  15. Cookies

    1. Our App and/or our Site may link to content which uses cookies to distinguish you from other users. This helps us to provide you with a good experience when using our App and our Site, and content linked through our App and/or our Site, and allows us to improve your user experience. By continuing to browse our App and/or our Site, and any content linked through our App and/or our Site, you are agreeing to the use of cookies.
    2. A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your Device, or other device, if you agree. Cookies contain information that is transferred to your Device’s hard drive.
    3. The following cookies may be used:
      1. Strictly necessary cookies. These are cookies that are required for the operation of content we may link through our App and/or our Site. They include, for example, cookies that enable you to log into secure areas of such content, use a shopping cart or make use of e-billing services.
      2. Analytical/performance cookies. These cookies recognise and count the number of visitors to content linked through our App and/or our Site, and to see how visitors move around and use that content. This helps to improve the way such content works, for example, by ensuring that users are finding what they are looking for easily.
      3. Functionality cookies. These are used to recognise you when you return to content linked through our App and/or our Site. This enables such content to be personalised for you, for you to be greeted by name and for your preferences to be remembered (for example, your choice of language or region).
      4. Targeting cookies. These cookies record your visit to content we link through our App and/or our Site the pages you have visited and the links you have followed. This information may be used to make the content linked through our App and/or our Site, and the advertising displayed on it, more relevant to your interests. This information may also be shared with third parties for this purpose.
    4. You can block cookies by activating the setting on your Device that allows you to refuse the setting of all or some cookies. However, if you use your Device settings to block all cookies (including essential cookies) you may not be able to access all or parts of our App, our Site and/or content linked through them.
  16. Changes to This Policy

    We reserve the right to change this policy at any time. Where appropriate, we will notify data subjects of those changes in writing.

  17. Contact Us

    To contact us, please email