Skip to main content
Speak to us
  • Residential
  • Onboarding
  • Searches & Property Data
  • Land Registry
  • Title Insurance
  • Risk & Compliance
  • Digital Post-Completion

At tmGroup, our technical team delivers reliable, innovative solutions to complex problems.

Through consistent feedback from clients and integrators, we stay in tune with evolving needs, ensuring our tools are always advancing to meet their goals.

Residential >
Client Onboarding overview >
tmQuote

Create accurate, fully branded quotes for residential conveyancing in seconds with tmQuote, our easy-to-use digital platform. It makes pricing simple, keeps you in line with SRA and CLC rules, and helps you grow your business.
tmVerify365

Transform your AML and onboarding processes with fast, compliant ID checks that are simple and effective. With biometric identity verification and source-of-funds validation, everything you need is available in one seamless workflow.
tmForms

Official, Digital and always up-to-date Law Society TA forms bult right into your onboarding and conveyancing processes.
Searches & Property Data overview >
Conveyancing Searches

Get the right search for every case, every time. Streamlined features like quick case setup, advanced mapping, and search templates help you save time and stay organised, so you can keep cases on track.
Smarter Mapping & Data Services

From accessing aerial imagery and automatically outlining property boundaries, to viewing detailed title information and details on freehold and leasehold tenure.
New Build Services

Spare your team the hassle of ordering searches for New Build properties. Our experienced team handles everything—from mapping properties to ordering searches and coordinating with data providers.
Land Registry overview >
Digital AP1 Submissions

Our digital AP1 submission forms streamline the process with pre-populated case details, built-in validation, and automated error checking. Reduce double entry, cut down AP1 cancellations, and limit requisitions—all while keeping transactions on track. It’s the smarter way to work efficiently and avoid delays.
Land Registry Services

Say goodbye to manual reviews and delays. Our Land Registry Extract simplifies how you access essential Land Registry data—quickly and efficiently. Just provide a list of addresses or title numbers, and our Managed Services team delivers a comprehensive report with all the key details you need. It’s fast, seamless, and built to keep your transactions moving.
Smarter Mapping & Data Services

From accessing aerial imagery and automatically outlining property boundaries, to viewing detailed title information and details on freehold and leasehold tenure.
Title Insurance overview >
First Title Insurance plc

Simplify title insurance for residential transactions with First Title’s products. With a simple ordering process just order the coverage you need, quickly and easily, all in one place. As an A-Rated insurer, First Title delivers reliable and effective insurance solutions to overcome title risks and assist in efficient transaction completions.
CLS Title Insurance

Handling insurance distribution, such as defective title cover, comes with strict regulatory responsibilities. Compliance isn’t optional—breaches can lead to serious penalties. That’s why we’ve partnered with CLS to offer Legal Indemnity Insurance solutions tailored for residential transactions. Stay protected, stay compliant, and keep your transactions moving with confidence.
Risk & Compliance overview >
Residential Risk Management

Conveyancing comes with risks—we help you manage them with confidence. Our Residential Risk Management service makes it easy to protect your clients and your firm with powerful, time-saving features. Stay ahead with instant alerts when additional searches, like coal mining or flood risks, are needed. Make informed decisions and keep transactions secure, all in one streamlined workflow.
tmVerify365

Stay compliant with quick, secure AML and ID checks. Our AML and ID checks fully comply with the Solicitors Regulation Authority (SRA) framework and meet HM Land Registry’s Digital ID Standard.
Confirmly from LMS

Fraud is a real threat in conveyancing. Designed specifically for law firms, Confirmly is a fast, trusted, and secure identity-checking solution. Powered by LMS Panel Link and specialist third-party data, it verifies bank and law firm details in real time, before funds are released. With proactive monitoring and alerts that protect throughout the transaction, Confirmly helps you stay one step ahead of fraud.
tmForms

Official, Digital and always up-to-date Law Society TA forms bult right into your onboarding and conveyancing processes.
Digital Post-Completion overview >
SDLT

Submitting Stamp Duty Land Tax (SDLT) forms has never been easier. Our smart system pre-populates case details, validates entries, and checks for errors. Stay compliant with the latest SDLT rates. Our system keeps calculations accurate and reliable, so you can submit with confidence.
Digital AP1 Submissions

Our digital AP1 submission forms streamline the process with pre-populated case details, built-in validation, and automated error checking. Reduce double entry, cut down AP1 cancellations, and limit requisitions—all while keeping transactions on track. It’s the smarter way to work efficiently and avoid delays.
tmSign

The first dedicated conveyancing Qualified Electronic Signature solution built with security and ease in mind. Fully endorsed by HM Land Registry and compliant with eIDAS, Complete property transactions with the highest level of legal assurance using tmSign.
  • Commercial
  • Searches & Property Data
  • Portfolio Management
  • Land Registry
  • Title Insurance
  • Digital Post-Completion

A new approach 
to commercial property transactions.

Our expert support and innovative technology simplify even the most complex commercial cases.

Commercial >
Searches & Property Data overview >
Commercial, Land and Estate Searches

As the UK’s leading provider of property searches, tmGroup gives you access to the most extensive range of commercial search solutions. We work closely with you to deliver tailored search services that match your specific needs—ensuring efficiency, accuracy, and complete peace of mind.
Map Searches and Data Layers

Save time and simplify your commercial case management with our mapping and data services. Automatically outline properties, access detailed title information, and interact with data layers for seamless due diligence. With a clear, color-coded interface, law firms can quickly map cases and retrieve key insights before ordering searches—ensuring your commercial property transactions are faster and more efficient.
Portfolio Management overview >
Portfolio Manager

With Portfolio Manager, track progress in real-time and see the status of every project at a glance—even down to individual searches and queries. Just send your instructions, and we’ll take care of the rest. From preparing plans and managing queries to chasing final reports, our expert team keeps everything on track. Plus, with regular updates from our dedicated Portfolio team, you’ll always be up to date.
Managed Services

Commercial property transactions are demanding, so let us take the pressure off.  Our dedicated team will provide the expertise and technology to keep your projects running smoothly. We act as an extension of your team, saving you time and streamlining workflows for everything from new build plots to large-scale developments. With deep commercial property experience, our experts ensure deadlines are met, challenges are managed, and your workload stays under control.

 
Land Registry overview >
Land Registry Services

Ordering Land Registry data has never been easier. With our LR Extract service, simply provide a list of addresses or title numbers, and our Managed Services team delivers a structured, easy-to-use report with all relevant register data—for faster, smarter data retrieval. Ordering titles and OC1s for a 100-property portfolio could take days. With LR Extract, it’s done in minutes.
Map Searches and Data Layers

Save time and simplify your commercial case management with our mapping and data services. Automatically outline properties, access detailed title information, and interact with data layers for seamless due diligence. With a clear, color-coded interface, law firms can quickly map cases and retrieve key insights before ordering searches—ensuring your commercial property transactions are faster and more efficient.
Digital AP1 Submission

Accuracy and efficiency are essential for SDLT returns. Our digital SDLT solution simplifies the process, reducing manual effort and minimising errors for a seamless, compliant experience. Pre-populated case details and built-in validation help catch mistakes before submission, ensuring accuracy and compliance. Submit seamlessly with direct integration with HMRC, whilst our automated audit trails and reminders ensure every submission is tracked, so you have full visibility and control.
Title Insurance overview >
First Title Insurance plc

Simplify title insurance for commercial transactions with First Title’s products. With a simple ordering process, just order the coverage you need, quickly and easily, all in one place. As an A-Rated insurer, First Title delivers reliable and effective insurance solutions to overcome title risks and assist in efficient transaction completions.
CLS Title Insurance

Handling insurance distribution, such as defective title cover, comes with strict regulatory responsibilities. Compliance isn’t optional—breaches can lead to serious penalties. That’s why we partner with CLS to offer Legal Indemnity Insurance solutions tailored for commercial transactions. Stay protected, stay compliant, and keep your transactions moving with confidence.
Digital Post-Completion overview >
SDLT

Accuracy and efficiency are essential for SDLT returns. Our digital SDLT solution simplifies the process, reducing manual effort and minimising errors for a seamless, compliant experience. Pre-populated case details and built-in validation help catch mistakes before submission, ensuring accuracy and compliance. Submit seamlessly with direct integration with HMRC, whilst our automated audit trails and reminders ensure every submission is tracked, so you have full visibility and control.
Digital AP1 Submission

Accuracy and efficiency are essential for SDLT returns. Our digital SDLT solution simplifies the process, reducing manual effort and minimising errors for a seamless, compliant experience. Pre-populated case details and built-in validation help catch mistakes before submission, ensuring accuracy and compliance. Submit seamlessly with direct integration with HMRC, whilst our automated audit trails and reminders ensure every submission is tracked, so you have full visibility and control.
tmSign

The first dedicated conveyancing Qualified Electronic Signature solution built with security and ease in mind. Fully endorsed by HM Land Registry and compliant with eIDAS, Complete property transactions with the highest level of legal assurance using tmSign.

Technology Overview

Sharper Insights. Simplified Processes. Seamless Integration.

Version Date: 14.04.26

  1. Our Privacy Notice:
  • In this Privacy Notice we explain how and on what basis we collect, store and Process Personal Data of Data Subjects (including Users of the Platforms such as Customers and Signers). We also explain the lawful bases We rely on, what Data Subjects’ rights are and our obligations under the UK GDPR and Data Protection Act 2018.
  • When Customers use the Platforms to upload Documents and request signatures, the Customers are the Data Controllers for the contents of those Documents and We act as their Data Processor. In addition, We act as a Data Controller is respect of certain categories of Personal Data that We determine the purposes and means of Processing for, including Account information, technical and usage information generated by the Platforms, audit trail records, billing and support information, and data retained for security, fraud prevention and legal compliance purposes.
  • In order to fully understand how Personal Data is Processed, Signers should also review privacy notices provided by the Customers who invite them to sign Documents, as those Customers determine the purposes of Processing the content of the Documents.
  • Please review this Privacy Notice carefully and contact our privacy team at info@verify365.app if you have any comments, questions or concerns. Our contact details are set out in Section 14.
  • Content of Privacy Notice:
  1. Our Privacy Notice in a Nutshell
  2. Definitions
  3. Our Main Privacy Principles
  4. How We Collect Personal Data
  5. The Content of Personal Data We Process
  6. Purpose Of Processing and Legal Ground of Processing for Provision of Our Services
  7. Automated Processing
  8. Rights of Users
  9. Disclosure and Transfer of Personal Data
  10. Security of Personal Data
  11. Retention of Personal Data
  12. Children’s Personal Data
  13. Jurisdiction-Specific Notices
  14. Contact Details and Information
  15. Important Documents, Guidelines and Procedures
  16. Availability of, and Changes to, this Privacy Notice
  17. Definitions

In this Privacy Notice, the following words and expressions have the meanings set out below:

Account means the account allocated to a Customer for use of the Services via the Platforms;

Advanced Electronic Signature (AES) means an electronic signature created using enhanced verification through Dynamic ID to confirm the Signer’s identity and meeting the requirements for an ‘advanced electronic signature’ under the UK eIDAS Regulations;

Agreement means the contract entered into between Us and the Customer governing use of the Services;

Customer means the individual or organisation that has entered into an Agreement with Us to use the Services;

Data Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of Processing Personal Data, as defined in the UK GDPR;

Data Processor means a natural or legal person, public authority, agency or other body which Processes Personal Data on behalf of a Data Controller, as defined in the UK GDPR;

Data Providers means external databases, official registries or other verified sources of information that may be accessed by Dynamic ID or by Evrotrust solely to verify the authenticity of Verification Data submitted by a Signer as part of identity verification under the Services;

Data Subject means an identified or identifiable natural person to whom Personal Data relates, as defined in the UK GDPR;

Document means any contract, agreement, form or other document uploaded to the Platforms for signing;

Dynamic ID means Our proprietary identity-verification technology, integrated into the Platforms, which is used to verify the identity of Signers when generating AES. Dynamic ID involves the Processing of Verification Data;

EEA means the European Economic Area, comprising the member states of the European Union together with Iceland, Liechtenstein and Norway;

Personal Data means any information relating to an identified or identifiable natural person, as defined in the UK;

Platforms means the ‘tmSign’ electronic signature application and website (https://www.app.tmsign.co.uk/login) through which the Services are provided GDPR (including the web and mobile applications);

Processing (or Process) means any operation or set of operation which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, as defined in the UK GDPR;

Privacy Notice means this privacy notice;

Qualified Electronic Signature (QES) means an electronic signature verified through a qualified trust service provider acting as an independent Data Controller under the UK eIDAS Regulation. Further information is available in our Third Party Products and Terms (https://verify365.app/terms/third-party-products-and-terms/);

Services means the electronic signature services (SES, AES and QES) and related features provided via the Platforms, including access made available to Signers for the purpose of signing Documents;

Signer means an individual invited by a Customer to review and / or sign a Document using the Services;

Simple Electronic Signature (SES) means a basic electronic signature without additional identity verification;

Special Category Data means Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data for the purpose of uniquely identifying a person, health data or data concerning a person’s sex life or sexual orientation, as defined in the UK GDPR, and includes biometric data Processed as part of Verification Data for AES or QES verification;

Sub Processor means a third party engaged by Us to Process Personal Data on Our behalf when We act as a Data Processor;

Supervisory Authority means the UK Information Commissioner’s Office (ICO) or any other competent data protection authority;

UK GDPR means the UK General Data Protection Regulation;

User means a Customer or a Signer using the Services;

Verification Data means Personal Data collected for the purpose of verifying a Signer’s identity when using AES or QES. This may include copies of identity documents (passports or driving licences), photographs or live images, biometric data (including facial images), metadata generated during the verification process, and the verification outcome;

We, Us or Our means Lawtech 365 Ltd incorporated and registered in England and Wales with company number 13107185 whose registered office is at 1200 Delta Business Park, Swindon, Wiltshire, England, SN5 7XZ.

  1. Our Privacy Principles

We are committed to protecting Personal Data and to Processing it in accordance with the principles set out in Article 5 of the UK GDPR. These principles guide how We handle Personal Data in practice when providing the Services via the Platforms:

  • Lawfulness, fairness and transparency

We will Process Personal Data lawfully, fairly and in a transparent manner. This means We will explain clearly how Personal Data is used, ensure there is always a lawful basis for Processing, and avoid using Personal Data in ways that would be unexpected or misleading.

  • Purpose limitation

We will collect Personal Data only for specified, explicit and legitimate purposes and will not further Process it in a manner that is incompatible with those purposes. If We need to use Personal Data for a new purpose, We will ensure the new use is compatible with the original purpose or identify a separate lawful basis and, where required, obtain consent, before doing so.

  • Data Minimisation

We will ensure that the Personal Data We collect is adequate, relevant and limited to what is necessary in relation to the purposes for which it is Processed. We will not ask for or retain information that is not needed to deliver or support the Services.

  • Accuracy

We will take reasonable steps to ensure that Personal Data is accurate and, where necessary, kept up to date. Data Subjects have the right to request that inaccurate or incomplete Personal Data is corrected without undue delay.

  • Storage limitation

We will keep Personal Data in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the Personal Data is processed. Retention periods reflect legal requirements and Our business needs, after which Personal Data will be securely deleted or anonymised (see Section 11).

  • Integrity and confidentiality

We will Process Personal Data in a manner that ensures appropriate security. Including protection against unauthorised or unlawful Processing and against accidental loss, destruction or damage, supported by technical and organisational measures designed to protect the confidentiality, integrity and availability of Personal Data. We regularly test, assess and evaluate the effectiveness of these measures.

  • Accountability

We are responsible for, and able to demonstrate compliance with, these principles. This includes maintaining records of Processing, implementing policies and procedures to support compliance, training Our staff, and ensuring that Our partners and suppliers also meet their data protection obligations and carrying out data protection impact assessments (DPIAs) where required.

  1. How We Collect Personal Data
    • We collect Personal Data in connection with the provision of the Services, including through the following means:
  • From Customers, when they register or are onboarded to use the Platforms, and when they upload or send Documents containing Personal Data for e-signature or verification as part of the Services.
  • From Customers, who may provide Personal Data about Signers (such as name, email address and organisation details) so that the Signer can be invited to review and sign Documents.
  • From Users, when they provide information required to complete a signing or identity verification process under the Services (for example, entering their name or email address, or submitting Verification Data).
  • Automatically, though the operation of the Platforms when providing the Services, including metadata, audit logs, device information and technical identifiers necessary to ensure functionality, security and compliance.
  • For AES, We collect Verification Data directly from Users via Dynamic ID in accordance with this Privacy Notice.
  • For QES, We receive limited Personal Data from Our qualified trust service provider, which acts as an independent Data Controller for the purpose of performing identity verification and issuing qualified certificates.
  • When a User contacts Us for support, submits feedback, or otherwise communicates with Us (for example, via email, chat or contact forms), We collect the information they choose to provide to handle the request.
  • We also use limited analytics within the Platforms to monitor performance and reliability (for example, error rates, latency and system events). These analytics are used only to maintain and improve the Services and do not include the contents of any Documents.
    • We may also collect Personal Data from Data Providers where necessary to verify the identity information or comply with legal or regulatory obligations.
    • In all cases, We collect only the Personal Data necessary to provide the Services and handle it in accordance with this Privacy Notice.
  1. The Content of Personal Data We Process
    • We collect and Process different categories of Personal Data depending on whether you are a Customer or a Signer, and depending on the type of Services being used.
    • Personal Data we Process about Users

When Users access or use the Platforms, We may Process the following categories of Personal Data:

  • Contact information (such as name, email address and postal address).
  • Account information (such as login credentials, user profile information and Customer organisation details).
  • Document Information (including Documents uploaded to the Platforms, together with related metadata such as file names).
  • Audit trail information (including timestamps, IP addresses, device information and signing events generated when a Document is reviewed or signed).
  • Technical data (such as log files, browser type and version, operating system, and information about how you access and use the Platforms).
  • Location data (derived from IP addresses or device information, used for audit, fraud prevention and security purposes).
  • Communications data (correspondence with Us, including helpdesk or support enquiries).
  • Preference data (such as notification, language or communication preferences, where Users choose to provide them).
  • Analytics data (information about how the Platforms are accessed and used, collected through cookies or similar technologies – see Our Cookie Policy at https://verify365.app/terms/cookie-policy/). Some of this may also be retained or used to demonstrate the validity of electronic transactions, comply with legal or regulatory obligations, or support the establishment, exercise or defence of legal claims. We may analyse aggregated usage patters within the Platforms to monitor reliability and improve User experience. This does not include the content of any Documents.
  • Payment Information (if a Customer makes payments for Services directly through the Platforms, such as billing contact details and transaction records).
    • Additional Personal Data for SES

When you use a Simple Electronic Signature, We Process the Personal Data above in 5.2, together with any Personal Data contained in the Document itself.

  • Additional Personal Data for AES

When you use an Advanced Electronic Signature, we Process the Personal Data listed above in 5.2 and 5.3, together with Verification Data collected through Dynamic ID for the purpose of verifying the Signer’s identity.

  • Additional Personal Data for QES

When you use a Qualified Electronic Signature, We Process the Personal Data listed above in 5.2 and 5.3, together with Verification Data.

For Qualified Electronic Signatures, the identity verification is performed by Our qualified trust service provider. This provider acts as an independent Data Controller in respect of the Processing it carries out to verify identity and issue qualified certificates. We do not have access to the biometric information Processed by Our qualified trust service provider, but We will receive confirmation of the verification outcome. Further information about this provider is available on our Third Party Products and Terms page (https://verify365.app/terms/third-party-products-and-terms/).

  • Special Category Data

In the case of AES and QES, biometric information forms part of the Verification Data. This constitutes Special Category Data under the UK GDPR. Such Personal Data is Processed only where strictly necessary to verify identity and provide the requested Service, on the basis of a lawful condition under Article 9 of the UK GDPR, and is subject to additional technical and organisational safeguards reflecting its sensitivity.

  1. Purpose of Processing and legal grounds of Processing for provision of Our Services
    • We Process the categories of Personal Data described in Section 5 for specific purposes connected with the provision of the Services. Under the UK GDPR, We must also identify the lawful basis that applies to each type of Processing, and where Processing involves Special Category Data, the applicable condition.

Where We act as a Processor on behalf of a Customer (for example, in relation to the content of Documents uploaded or signed through the Platforms), the Customer is the Data Controller, and determines the lawful basis for that Processing. For AES, We Process Verification Data via Dynamic ID strictly on the Customer’s documented instructions. For QES, identity verification is performed by Our qualified trust service provider acting as an independent Data Controller.

Where We act as a Data Controller (for example, for User Account administration, audit trail generation, Service communications, billing, security and platform reliability / analytics), We determine the applicable lawful basis for Processing.

We may also Process Personal Data to detect and prevent fraud, verify identities, and ensure the integrity and security of the Services. Before relying on legitimate interests as a lawful basis for Processing, We carry out a balancing assessment to ensure that such interests are not overridden by the rights and freedoms of Users. We do not rely on legitimate interests alone to Process Special Category Data.

The table below sets out, for each category of Personal Data listed in paragraphs 5.2 to 5.6, the purposes for which We Process it, together with the applicable lawful basis under Article 6 UK GDPR and, where relevant, the condition for Special Category Data.

 

Category of Personal Data Purpose of Processing Legal Basis

(Art 6 UK GDPR)

 Special Category Data Condition (Art 9 UK GDPR)
Contact information (name, email, address) To create and manage User accounts

 

To send invitations to sign

 

To communicate with Users

 

To send Service related updates, or where consented, marketing communications

 Contract – provision of the Services

 

Legitimate interests – maintaining communication

 

Consent – for marketing communications where required

 N/A
Account information (login credentials, Customer organisation details) To authenticate Users and provide secure access to the Services Contract N/A
Document information (uploaded documents, metadata) To provide the Services, enable Customers to manage signed Documents, and maintain legal enforceability Contract

 

Legal obligation – eIDAS / recordkeeping duties

 N/A
Audit trail information (timestamps, IP addresses, signing events) To generate legally valid audit logs, to evidence the validity of signatures Legal obligation

 

Legitimate interests – ensuring enforceability and preventing fraud

 N/A
Technical and location information (device log, browser type, IP, OS) To maintain platform security, detect and prevent fraud, and ensure compatibility Legitimate interests – securing and improving the Services N/A
Communications data (support requests, correspondence) To respond to User enquiries and provide support Legitimate interests – servicing Users N/A
Preference data (language, notification settings) To personalise the User experience and manage communications Legitimate interests – improving usability N/A
Analytics data (cookies, usage) To analyse use of the Platforms and improve Services, to ensure functionality Consent – for non-essential cookies

 

Legitimate interests  – for essential service analytics

 N/A
Payment information (billing details, transactions) To process payments where applicable Contract

 

Legal obligation  – financial recordkeeping

 N/A
Verification Data (identity documents, photos, biometric information, metadata, outcome) To verify identity for AES and QES Contract

 

Legal obligation – compliance with eIDAS requirements

 Explicit consent – for biometric data used in AES.

For QES, biometric processing is carried out Our qualified trust service provider as an independent Controller

Further information on retention periods and the anonymisation of Personal Data is set out in Section 11 (Retention of Personal Data).

  • Sharing of Personal Data

In connection with the purposes set out above, We may share Personal Data with the following categories of recipients:

  • Service providers – trusted third-party suppliers who provide IT infrastructure, hosting, support, analytics and communications services. These suppliers act as Our processors and may only Process Personal Data on Our instructions and in accordance with this Privacy Notice. Each supplier is engaged under a written contract that requires them to implement appropriate technical and organisational measures to protect Personal Data and to maintain its confidentiality and security at all times and may only engage sub-processors with Our prior written consent and subject to equivalent data protection obligations). Further details are available on our Third Party Products and Terms page (https://verify365.app/terms/third-party-products-and-terms/).
  • Qualified Trust Service Provider – for QES, Personal Data is shared with Our qualified trust service provider, which acts as an independent Data Controller for identity, verification and certificate issuance. Further details are available on our Third Party Products and Terms page (https://verify365.app/terms/third-party-products-and-terms/).
  • Professional advisors and auditors – including lawyers, accountant and consultants engaged in the ordinary course of business.
  • Regulators, authorities and law enforcement – where disclosure is required by law or regulations, or to protect Our rights.
  • Group companies – We may share Personal Data with other companies within Our group where necessary for the provision of the Services or for administrative purposes on the basis of appropriate intra-group data transfer arrangements complying with the UK GDPR.
  • Corporate transactions – We may share Personal Data in connection with any merger, acquisition, restructuring or sale of all or part of Our business, in which case the recipient will be bound by obligations consistent with this Privacy Notice.
  • With consent – where a User provides consent for specific Processing activities, such as receiving marketing communications or participating in optional feedback surveys, We may share Personal Data as described at the time of collection.

 

If We Process Personal Data for purposes that are materially different from, or incompatible with, those originally described, We will notify Users in advance and seek consent where required by law.

 

Where consent is required (for example, to Process Verification Data when using the AES or QES), withdrawal of that consent may prevent completion of the relevant Service.

We do not sell or otherwise make Personal Data available to third parties for their own marketing purposes.

  1. Automated Processing
    • We use limited automated processing within the Services where necessary o verify identities, ensure platform integrity and provider Users with a secure and efficient experience.
    • Some aspects of the Services involve automated processing of Personal Data. This includes the automated verification of Verification Data for AES and QES, and the automated generation of audit trail and timestamp information relating to signed Documents.
    • These automated processes are used solely to perform or support the Services and are subject to appropriate technical and organisational measures designed to ensure the reliability, integrity and security of Processing and results.
    • No fully automated decision making takes place that produces legal effects or similarly significant impacts on Users within the meaning of Article 22 of the UK GDPR. Where any automated checks form part of the verification process, the results are automatically assessed but remain subject to review by authorised personnel where intervention is required to ensure Users retain the right to obtain human review, express their point of view and contest the decision,
  2. Rights of Users
    • Under the UK GDPR, Users have the following rights in relation to Personal Data:
  • Access – to obtain confirmation of whether Personal Data is Processed and to receive a copy.
  • Rectification – to have inaccurate or incomplete Personal Data corrected.
  • Erasure – to request deletion of Personal Data where there is no lawful reason for its continued Processing.
  • Restriction – to request restriction of Processing in certain circumstances.
  • Portability – to receive Personal Data in a structured, commonly used and machine-readable format and to transmit it to another Data Controller, where technically feasible.
  • Objection – to object to Processing based on legitimate interests (including related profiling) and to object at any time to direct marketing.
  • Withdrawal of consent – where Processing is based on consent (for example, to Process Verification Data when using AES or QES), consent may be withdrawn at any time. Withdrawal will not affect the lawfulness of Processing before withdrawal and may prevent completion of the relevant Service.
    • Requests to exercise rights should be submitted using the contact details in Section 14 (Contact Details).
    • To protect confidentiality, We may request information necessary to verify the identity of the requester before responding.
    • We aim to respond without undue delay and in any event within one month of receipt of a valid request. Where necessary, this period may be extended by up to two further months due to the complexity or number of requests. If so, We will inform the User within one month of receipt and explain the reasons for the delay.
    • No fee will be charged for exercising rights. A reasonable fee may be charged, or a request refused, where requests are clearly unfounded, excessive or repetitive. We may refuse to comply with a request in these circumstances and will inform the requester of the reason.
    • Users have the right to lodge a complaint with a Supervisory Authority. However, We ask that any concerns or complaints are raised with Us first so that We have the opportunity to address them quickly and fairly.

Complaints can be submitted using Our online form at [insert].

If a User remains dissatisfied after We have responded, or believes that the issue has not been resolved, they may contact the Information Commissioner’s Office at www.ico.org.uk.

  • Requests relating to Documents signed through the Platforms may also need to be directed to the relevant Customer or organisation that initiated the signing process, as that party may act as a separate Data Controller for certain Personal Data contained within the Documents. We are not responsible for Personal Data for which the Customer acts as a Data Controller, and any such requests should be addressed directly to that Customer.
  1. Disclosure and transfer of Personal Data
    • As described in paragraph 6.2, Personal Data may be shared with certain service providers that support the Platforms and Services. Each disclosure will be limited to what is necessary for the relevant purpose and will be made in accordance with the UK GDPR. In addition, Personal Data may be disclosed or transferred in the following circumstances:
  • Authorised employees and contractors who need access to perform their duties and who are subject to appropriate confidentiality obligations.
  • Professional advisors (such as auditors, lawyers and insurers) where reasonably necessary for Our business operations.
  • Regulatory bodies, law enforcement agencies, courts or other authorities where disclosure is required by law or necessary to establish, exercise or defend legal claims.
    • Where We act as a Processor on behalf of a Customer, We will only disclose or transfer Personal Data as instructed by that Customer and as permitted under the Agreement. In those cases, the Customer acts as the Data Controller and determines the lawful basis for any such disclosure.
    • Service providers that process Personal Data on Our behalf act only on Our instructions, are appointed under written agreements governing the Personal Data Processing that comply with the UK GDPR, and are required to implement appropriate technical and organisational measures to protect Personal Data. We also share Personal Data with Our qualified trust service provider that acts as an independent Data Controller solely for the purpose of identity verification and certificate issuance under QES processes. We when providing QES verification and issuance.
    • We currently store and Process Personal Data within the United Kingdom and the European Economic Area (EEA). We do not transfer Personal Data to countries outside the United Kingdom or EEA. If this changes in the future, We will update this Privacy Notice accordingly and ensure that any such transfers comply with the UK GDPR.
    • Further details of Our current service providers and the safeguards in place to protect Personal Data can be obtained by contacting Us using the details in Section 14 (Contact Details).
  1. Security of Personal Data
  • We take the security of Personal Data seriously and implement appropriate technical and organisational measures designed to protection it against unauthorised or unlawful Processing, accidental loss, destruction or damage.
  • These measures include access controls, encryption, secure storage, multi-factor authentication, and regular monitoring of systems for vulnerabilities and potential threats. Access to Personal Data is restricted to authorised personnel and contractors who need the information to perform their duties and who are bound by confidentiality obligations.
  • We also maintain internal policies and procedures to ensure ongoing confidentiality, integrity, availability and resilience of Processing systems ad services. Regular reviews and updates are carried out to ensure Our security measures remain appropriate in light of technological developments and evolving threats.
  • Personal Data collected through the Platforms is stored on secure servers operated by trusted infrastructure and technology partners acting as our processors. These partners maintain industry-standard security controls and certifications, are appointed under written agreements governing the Personal Data Processing in accordance with the UK GDOR, and Process Personal Data only in accordance with Our documented instructions.
  • Despite these measures, no system or method of transmission over the internet is completely secure. We cannot guarantee absolute security of Personal Data transmitted via the Platforms, but We will notify affected parties and the Information Commissioner’s Office where required by law in the event of a Personal Data breach. Where appropriate, We will also take reasonable steps to mitigate any potential adverse effect arising from such a breach.
  1. Retention of Personal Data
  • We will retain Personal Data only for as long as necessary to fulfil the purposes for which it was collected, including to deliver the Services, comply with legal, accounting or reporting requirements, and resolve disputes.
  • The appropriate retention period for each category of Personal Data depends on its nature, sensitivity and purposes, and on any legal or contractual obligations that apply. Documents and associated audit trails are generally retained for as long as required to evidence valid electronic signature, to meet statutory record-keeping obligations, or to support a Customer’s business needs. Customers may request earlier deletion or purging of Documents (subject to technical feasibility and any contractual or legal requirements).
  • Verification Data collected for AES or QES is retained only for the period necessary to complete the verification process and provide legally valid evidence of identity verification. Where required under applicable UK law, including the Money Laundering Regulations 2017, Verification Data relating to identity verification is retained for up to six years to satisfy legal record-keeping obligations.
  • Certain metadata, audit logs or related certificate information may be retained for a longer period than the underlying Document to preserve evidential validity of the electronic signature and to demonstrate compliance with Our legal and regulatory obligations.
  • We may also retain certain records where necessary to establish, exercise or defend legal claims, to respond to regulatory requests, or to demonstrate compliance with Our legal obligations.
  • When Personal Data is no longer required, We will delete, anonymise or otherwise remove it securely and in accordance with the UK GDPR. Where We anonymise Personal Data, the resulting information will no longer constitute Personal Data under the UK GDPR and may be used for analytical, statistical or reporting purposes. Where we anonymise Personal Data, We apply measures designed to ensure that the information cannot be reasonably reidentified.
  • Further details of Our current retention practices can be obtained by contacting Us using the details in Section 14 (Contact Details).
  1. Children’s Personal Data
  • The Platforms and Services are not intended for, and should not be used to Process Personal Data of, individuals under the age of 18, except where such Processing is lawfully carried out by a Customer using the Services. Customers remain responsible for ensuring any Processing of children’s Personal Data through the Services is lawful and compliant with the UK GDPR.
  • We do not knowingly collect or Process Personal Data directly from anyone under the age of 18. However, in limited cases, We may Process Personal Data relating to minors when acting as a Data Processor on behalf of a Customer, where such Processing is lawful, necessary and limited to the Customer’s purposes.
  • If We become aware that Personal Data has been collected from a minor without appropriate consent or authorisation, We will take all reasonable steps to delete that Personal Data promptly.
  • If any User or Customer believes that a minor’s Personal Data has been provided to Us in error, they should contact Us using the details set out in Section 14 (Contact Details).
  1. Jurisdiction Specific Notices
  • This Privacy Notice has been prepared in accordance with the UK GDPR and the Data Protection Act 2018.
  • If the Services are accessed by Users outside of the United Kingdom or EEA, We will comply with any local data-protection law that apply to the relevant Processing activities.
  • Where We are required by applicable law to provide additional privacy disclosures or to recognise additional rights for Users in particular jurisdictions, We will make the relevant local notces available on the Platforms or within the Services.
  • If any User has questions regarding how this Privacy Notice applies in their jurisdiction, they should contact Us using the details in Section 14 (Contact Details).
  1. Contact Details and Information
  • If any User has questions, comments or concerns about this Privacy Notice, or wishes to exercise their data protection rights, they may contact Us using the details below:

 

Email: info@verify365.app

 

Postal address:

Lawtech 365 Ltd

1200 Delta Business Park

Swindon

Wiltshire, England,

SN5 7XZ

  • We encourage all Users to raise any questions or concerns with Us in the first instance. Complaints or requests relating to the Processing of Personal Data (including concerns about how Personal Data has been collected, used or shared) should be submitted using Our online complaint form (insert). We will review and respond to all privacy related queries promptly and in accordance with Our internal complaint handling procedures.
  • If a User remains dissatisfied after We have responded, or believes that the matter has not been resolved, they may contact the Information Commissioner’s Office at ico.org.uk.
  1. Important Documents, Guidelines and Procedures
  • This Privacy is supported by the following documents, guidelines and procedures, which together describe how We Process and protect Personal Data:
  • Data Protection Terms contained within the Agreement, which govern how We Process Personal Data on behalf of Customers when providing the Services.
  • Cookie Policy, which explains how cookies and similar technologies are used within the Platforms, available at [insert].
  • Information Security Policy, which sets out the organisational and technical measures implemented to safeguard Personal Data.
  • Responsible Disclosure Policy, which describes how security researchers an Users can report potential vulnerabilities relating to the Platforms.
  1. Availability of, and changes to, this Privacy Notice
  • This Privacy Notice is available within the Platforms and may also be provided to Users upon request.
  • We may update this Privacy Notice from time to time to reflect operational, legal or regulatory changes. Where material changes are made, We will take reasonable steps to notify Users, including by email or in Platform notification where appropriate.
  • Users are encouraged to review this Privacy Notice periodically to remain informed about how We handle Personal Data.