Privacy Policy

Introduction

Welcome to Azar Finance ("Company," "we," "us," or "our"). We are committed to protecting your privacy and handling your personal information with the highest standards of transparency, security, and care. This Privacy Policy ("Policy") explains in detail how we collect, use, disclose, and safeguard your information when you visit our website (azarfinance.co.uk), use our applications, interact with our services, or otherwise engage with us (collectively, the "Services").

By accessing or using our Services, you acknowledge that you have read, understood, and agree to the practices described in this Policy. If you do not agree with these practices, please do not use our Services.

We reserve the right to modify this Policy at any time. Any updates will be posted on this page with a revised "Last Updated" date. We will notify you of any material changes that significantly affect your rights, where required by law. Your continued use of our Services after such changes constitutes your acceptance of the updated Policy.

Definitions

To ensure clarity, we have defined key terms used throughout this Policy:

"Personal Data" or "Personal Information": Any information that relates to an identified or identifiable individual. This includes direct identifiers like your name and email, and indirect identifiers like an IP address or device ID.
"User," "you," "your": Any individual who accesses or uses our Services or engages with our financial products.
"Cookies": Small text files placed on your device by a website to store information about your preferences and activity.
"Third-Party Services": External companies or individuals we engage to facilitate our Services, perform service-related functions, or assist us in analyzing how our Services are used (e.g., analytics providers, payment processors, cloud hosting services, credit reference agencies).
"Processing": Any operation performed on Personal Data, whether automated or not, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, alignment, combination, restriction, erasure, or destruction.

Information We Collect

We collect information to provide, secure, and improve our financial Services. The types of information we collect fall into the following categories:

Information You Provide Directly to Us

Account and Contact Information: When you create an account, request information, or contact us, we collect:

Full name
Email address
Phone number(s)
Residential address
Date of birth (if required for our services)
Company name and job title (for business users)

Communications: Contents of your communications with us, including:

Meeting notes and consultation records
Support tickets and correspondence
Chat logs and feedback
Complaints and inquiries

User Content: Information you submit through our Services, such as:

Documents and files you upload
Project details or inquiries
Form submissions
Comments and feedback

Payment Information: When you pay for our services, our third-party payment processors (e.g., Stripe, PayPal) collect your payment details. We retain transaction records but do not store or have access to full credit card numbers.

Information Collected Automatically

Usage Data: We automatically collect information about your interaction with our Services, including:

IP address
Browser type and version
Device type and operating system
Pages you visit on our website
Time and date of your visits
Time spent on pages
Referring website addresses
Clickstream data
Other diagnostic data

Location Data: We may derive approximate location (e.g., city/country) from your IP address. With your explicit permission (via device settings), we may collect precise geolocation data from your mobile device.

Cookies and Tracking Technologies: We and our partners use cookies, web beacons, pixels, and similar technologies to track activity, hold information, and enhance your experience. For a comprehensive breakdown, please see our dedicated Cookie Policy.

Information from Third Parties and Public Sources

Service Providers: Our analytics and technology partners provide us with aggregated reports and insights about our services.

Publicly Available Sources: We may collect information from publicly available professional networks or websites for business purposes, where permissible by law.

Our Legal Basis for Processing (For UK, EEA, and Swiss Users)

Under the UK General Data Protection Regulation (UK GDPR) and the General Data Protection Regulation (GDPR), we process your Personal Data based on one or more of the following legal grounds:

Your Consent: Where you have given clear consent for us to process your data for a specific purpose (e.g., marketing communications). You can withdraw consent at any time.

Performance of a Contract: Processing necessary to fulfill a contract with you or to take steps at your request before entering into a contract (e.g., providing financial advice, arranging financial products).

Legal Obligation: Processing necessary for compliance with legal obligations to which we are subject, including:

Tax reporting obligations
Data protection compliance
Record-keeping requirements
Response to legal processes

Legitimate Interests: Processing necessary for our legitimate business interests, such as:

Fraud prevention and detection
Network and information security
Improving our Services
Business development and marketing
Internal administration
Provided these interests are not overridden by your fundamental rights and freedoms

Vital Interests: In rare circumstances, processing necessary to protect someone's life.

Public Interest: Processing necessary for the performance of tasks carried out in the public interest or in the exercise of official authority.

How We Use Your Information

We use the information we collect for the following purposes:

To Provide Our Services

Creating and managing your account
Providing information and resources
Processing your requests and inquiries
Delivering the services you've requested
Providing customer support
Sending service updates and notifications

To Communicate With You

Sending service-related announcements and updates
Responding to your inquiries
Providing customer support
Notifying you of changes to terms or services
Sending important account information

For Marketing and Business Development

With your consent where required, sending promotional communications about our services, products, and offers
Conducting market research
Understanding customer needs and preferences
You can opt out of marketing communications at any time

To Personalize Your Experience

Tailoring content to your interests and preferences
Providing relevant information and recommendations
Customizing communications
Remembering your preferences and settings

For Analytics and Improvement

Analyzing trends and usage patterns
Understanding how our Services are used
Improving our website, applications, and services
Developing new products and features
Training our staff

To Ensure Security and Prevent Fraud

Monitoring and protecting our Services from abuse
Detecting and preventing fraud and unauthorized access
Investigating security incidents
Enforcing our terms and conditions
Protecting the rights and safety of our users

For Legal Purposes

Establishing, exercising, or defending legal claims
Resolving disputes
Complying with court orders and legal processes
Protecting our rights and interests

We do not sell your Personal Data. We may share your information in the following circumstances:

With Trusted Service Providers

We engage third-party companies to perform functions on our behalf ("Processors"), including:

Cloud storage providers (e.g., AWS, Microsoft Azure)
Payment processors
Email and communication services
Customer relationship management (CRM) systems
Analytics providers
IT support and cybersecurity services
Document storage and management
Professional advisers (solicitors, accountants, auditors)

These providers are contractually obligated to protect your data and only use it for the purposes we specify.

For Business Transfers

In connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred to the new entity. We will notify you of any such change and the choices you may have.

For Legal Reasons

We may disclose your information if we believe it is necessary to:

Comply with a valid legal process (e.g., subpoena, court order)
Comply with legal requirements
Protect our rights, property, or safety, or that of our users or the public
Investigate fraud or security issues
Enforce our Terms of Service
Respond to claims that content violates third-party rights

We may share your information for any other purpose with your explicit permission.

Cookies and Tracking Technologies

We use cookies and similar technologies for:

Essential operation of our website
Performance analytics
Functionality and preferences
Security and fraud prevention
Targeted advertising (with your consent)

You can control the use of cookies through your browser settings. To manage your preferences for our specific Services, please use the cookie consent banner provided on our website.

Types of Cookies We Use:

Essential Cookies: Necessary for the website to function properly
Performance Cookies: Help us understand how visitors interact with our website
Functionality Cookies: Remember your preferences and settings
Marketing Cookies: Track your activity to deliver targeted advertising (only with consent)

For a complete list of the cookies we use and their purposes, please visit our Cookie Policy.

Your Privacy Rights and Choices

Under UK GDPR and GDPR, you have the following rights regarding your Personal Data:

Right to Access & Data Portability

The right to request a copy of the Personal Data we hold about you and to receive it in a structured, machine-readable format. You can transfer this data to another service provider where technically feasible.

Right to Rectification

The right to correct inaccurate or incomplete Personal Data. Please note that we may need to verify the accuracy of new information you provide.

Right to Erasure ("Right to be Forgotten")

The right to request the deletion of your Personal Data under certain circumstances. This right is not absolute and may be limited by:

Our legal and regulatory obligations to retain records
The establishment, exercise, or defense of legal claims
Ongoing contractual relationships

Right to Restriction of Processing

The right to request that we temporarily or permanently stop processing all or some of your Personal Data in certain circumstances, such as:

While we verify the accuracy of your data
When processing is unlawful but you don't want erasure
When we no longer need the data but you need it for legal claims
While we verify our legitimate grounds for processing

Right to Object

The right to object to processing based on our legitimate interests, including:

Direct marketing (absolute right)
Processing for legitimate business interests (we must demonstrate compelling legitimate grounds)

Where we rely on your consent, you have the right to withdraw it at any time. This will not affect the lawfulness of processing before withdrawal.

Right to Lodge a Complaint

You have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have not handled your data properly:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113
Website: www.ico.org.uk

Right to Non-Discrimination

We will not discriminate against you for exercising any of your rights.

How to Exercise Your Rights

To exercise any of the rights above, please contact our Data Protection Officer at:

Email: info@azarfinance.co.uk
Post: Data Protection Officer, Azar Finance, [Address]
Phone: [Phone number]

For security purposes, we will need to verify your identity before processing your request, which may require you to provide:

Proof of identity (passport or driving license)
Proof of address
Additional security information

We will respond to all legitimate requests within one month of receipt. In complex cases, we may extend this by a further two months and will notify you of any such extension.

Please note that in some cases, we may not be able to fully comply with your request due to:

Legal and regulatory obligations (e.g., we must retain certain records for specified periods)
Ongoing legal proceedings
The rights and freedoms of others

Data Retention

We will retain your Personal Data only for as long as is necessary to fulfill the purposes outlined in this Policy, unless a longer retention period is required or permitted by law.

Retention Periods:

Account records: For the duration of your account plus 6 years
Transaction records: 6 years from the date of transaction
Communications: Up to 3 years or as required by law
Marketing data: Until you withdraw consent or 3 years of inactivity
Website analytics: Up to 26 months
Legal and compliance records: As required by applicable law

When we no longer need to process your Personal Data, we will securely delete or anonymize it in accordance with our data retention schedule and destruction procedures.

Factors determining retention periods:

Legal and regulatory requirements
Statute of limitations for legal claims
Ongoing business relationships
Legitimate business needs
Your specific requests (subject to legal requirements)

Data Security

We implement robust technical and organizational security measures designed to protect your Personal Data, including:

Technical Measures:

Encryption in transit (TLS/SSL) and at rest (AES-256)
Secure server infrastructure with firewalls
Multi-factor authentication for system access
Regular security patches and updates
Intrusion detection and prevention systems
Data backup and disaster recovery procedures
Secure data disposal methods

Organizational Measures:

Access controls based on role and necessity
Background checks for employees
Confidentiality agreements with staff and contractors
Regular security training for staff
Incident response procedures
Regular security audits and assessments
Compliance with Cyber Essentials standards
Data Protection Impact Assessments (DPIAs) for high-risk processing

Physical Measures:

Secure office premises with access controls
Locked filing cabinets for paper records
Clear desk and screen policies
Secure destruction of physical documents

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

What You Can Do:

Use strong, unique passwords
Enable two-factor authentication where available
Keep your login credentials confidential
Report any suspicious activity immediately
Keep your software and devices updated

International Data Transfers

Your information may be transferred to, stored, and processed in countries other than the United Kingdom. When we transfer your data internationally, we ensure adequate safeguards are in place:

Safeguards We Use:

Standard Contractual Clauses (SCCs): Approved by the UK Information Commissioner's Office and European Commission
Adequacy Decisions: Relying on adequacy decisions from UK and EU authorities for countries with equivalent data protection standards
Binding Corporate Rules: For intra-company transfers within multinational organizations
Certification Schemes: Such as Privacy Shield successors where applicable

We will only transfer your data to countries and organizations that provide an adequate level of protection as determined by UK and EU law.

Children's Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect Personal Data from minors without appropriate parental or guardian consent.

If you are a parent or guardian and become aware that your child has provided us with Personal Data without your consent, please contact us immediately. If we become aware that we have collected Personal Data from a child without appropriate consent, we will take steps to remove that information from our servers.

In limited circumstances, we may provide services to individuals aged 16-17 with appropriate parental or guardian consent and additional safeguards.

Third-Party Links

Our website may contain links to other websites, financial product providers, or services that are not operated by us. This Policy does not apply to such third-party sites.

We strongly advise you to review the privacy policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

Examples of third-party links:

Partner websites
Resource providers
Educational content
Social media platforms
Technology platforms

Marketing Communications

We may send you marketing communications about our services, products, and offers where:

You have given consent (for electronic marketing)
You are an existing client and we are marketing similar services (soft opt-in)
We have a legitimate interest and you have not opted out

You Can Opt Out:

Click "unsubscribe" in any marketing email
Contact us at info@azarfinance.co.uk
Update your preferences in your account settings
Call us on [phone number]

Please note that even if you opt out of marketing, we will still send you service-related communications necessary for your account and regulatory notifications.

Specific Regional Disclosures

For UK Residents

Under UK GDPR and the Data Protection Act 2018:

You have all the rights outlined in this Policy
You can lodge a complaint with the Information Commissioner's Office (ICO)
We comply with UK data protection laws and regulations

For EEA and Swiss Residents

Under GDPR:

You have all the rights outlined in this Policy
You can lodge a complaint with your local supervisory authority
We comply with GDPR requirements for data transfers and processing
We provide appropriate safeguards for international transfers

For Residents of Other Jurisdictions

We will comply with applicable privacy laws in your region. Please contact us for more specific information about how we protect your data in your jurisdiction.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

We Will Notify You Of Material Changes By:

Posting the new Policy on this page with a new "Last Updated" date
Sending you an email notification (where we have your email address)
Displaying a prominent notice on our website
Other appropriate means where required by law

We encourage you to review this Policy periodically. Your continued use of our Services after changes become effective constitutes your acceptance of the revised Policy.

Previous Versions: We maintain an archive of previous versions of this Policy. If you would like to review a previous version, please contact us.