Privacy Policy

Corporate Avenue Services Limited (“CASL”, “we”, “us”, “our”) is committed to safeguarding the privacy and security of your personal data. This Privacy Policy explains how we collect, use, and protect your personal data when you interact with us, in compliance with the UK GDPR, Data Protection Act 2018 and other applicable laws.

1. Who We Are

Corporate Avenue Services Limited (“CASL”) is authorised by the UK Financial Conduct Authority (“FCA”) as a Payment Institution (Firm Reference Number: 943165). CASL is registered in England and Wales under Company Number 10533023, with its registered office at 3rd Floor, 19 Gerrard Street, London, W1D 6JG, United Kingdom.

2. What Data We Collect

To provide our services securely, operate our website and digital channels, and comply with applicable legal and regulatory obligations (including financial crime requirements).

Corporate Avenue Services Limited may collect and process the following categories of personal data depending on how you interact with us.

“Personal Data” means any information relating to an identified or identifiable individual.

1) Identity, Contact and Profile Data
  • Full name, date of birth, nationality (where required)
  • Residential and/or business address
  • Email address and telephone number
  • Business/professional affiliation (e.g., employer, role/position), where relevant
2) Compliance, Verification and Due Diligence Data (KYC/AML)
  • Identity and address verification documents (e.g., passport/ID, driving licence, utility bill, bank statement)
  • Source of funds / source of wealth information (where required)
  • Customer risk assessment information and outcomes of screening checks (e.g., sanctions/PEP/adverse media screening results)
3) Financial, Account and Transaction Data
  • Bank account details (e.g., account holder name, bank name, account number/IBAN, sort code/BIC)
  • Payment card details (as required for processing, typically handled via secure payment providers)
  • Transaction and payment details (e.g., payer/beneficiary details, amounts, dates, references, confirmations, charges, transaction history)
  • Information needed to process requests, reconciliations, returns, disputes, chargebacks, and related service administration

Important: We do not ask you to provide your full online banking passwords, PINs, or transaction authentication codes (e.g., “TAN”).

Where bank-connect or similar functionality is used, relevant information is accessed through secure authorised channels and we receive only what is required to provide the service.

4) Technical, Usage and Cookies Data
  • IP address, device identifiers (where applicable), device type, browser type/version, operating system
  • Log-in and security-related data (including log-in times)
  • Approximate location data (derived from IP/device settings, where enabled)
  • Website/app usage and analytics data (e.g., pages visited, time spent, clickstream, traffic data)
  • Cookie data and similar technologies (see the Cookies section of this Privacy Policy)
5) Communications and Engagement Data
  • Emails, messages, and other correspondence you send to us
  • Customer support interactions (including online chat where applicable)
  • Call recordings and call metadata (where calls are recorded and lawful/appropriate)
  • Survey responses, feedback, and (where applicable) participation in promotions/marketing campaigns, including your communication preferences and consent records

Important: We only collect and use personal data that is necessary to provide our services, operate our platforms, and meet our legal and regulatory obligations.

3. How is your data collected?

This data collection occurs in the following ways

  • We collect personal data when you register, request or use our services, or use our website/digital channels.
  • We collect data you provide by completing forms, submitting documents, or communicating with us (e.g., phone, email, post, or other channels).
  • We may also receive personal data from third parties where necessary to provide services and meet legal/regulatory obligations (e.g., banks/payment partners, identity verification and screening providers, fraud prevention services, IT/analytics providers, professional advisers, and public registers).
  • If you provide us personal data about another person (e.g., director, authorised signatory, beneficial owner, payee), you confirm you are authorised to share it and have made them aware of this Privacy Policy (or directed them to it).
  • We process personal data in accordance with applicable data protection law, including the UK GDPR and the Data Protection Act 2018, regardless of how it is obtained.
4. How We Use Your Data

We use the personal data we collect to operate our services, meet our legal and regulatory obligations, and protect our customers and our business. In particular, we may use your personal data for the following purposes:

  • Providing and administering our services: to onboard you, set up and manage your account (where applicable), process and execute payment transactions, communicate with you about your transactions, and provide customer support.
  • Regulatory and legal compliance: to comply with applicable UK legal and regulatory obligations, including requirements relating to anti-money laundering (AML), counter-terrorist financing (CTF), sanctions compliance, fraud prevention, record keeping, audits, complaints handling, and responding to requests from courts, law enforcement, regulators, and other competent authorities.
  • Risk management, security and fraud prevention: to carry out risk assessments, monitor and detect suspicious or potentially unlawful activity, prevent and investigate fraud, protect our systems and customers, and maintain the security of our website, platforms and applications.
  • Operational and service improvement: to analyse service performance and user interactions (where possible using aggregated or anonymised data) so we can troubleshoot issues, improve functionality, enhance customer experience, and develop new features and services.
  • Marketing communications (where permitted): where you have provided consent (or where otherwise permitted by applicable law), to send you updates about our products and services and manage your communication preferences. You can opt out of marketing at any time.

Disclosure and international transfers (cross-reference)

We may share personal data with regulators, law enforcement, courts, and other authorities where required by law or necessary to protect our legal rights. We may also share personal data with service providers and partners who help us deliver our services, including where such providers are
located outside the UK.

Where personal data is transferred internationally, we apply appropriate safeguards to protect it in accordance with UK data protection law, such as adequacy regulations where available, or contractual protections such as the UK International Data Transfer Agreement (IDTA) and/or the UK Addendum to the EU Standard Contractual Clauses.

5. Legal Basis for Processing

We process your personal data on the following legal bases:

  • Contractual Necessity: Processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
  • Legal Obligation: Processing is necessary to comply with our legal obligations.
  • Legitimate interests: where necessary for our legitimate interests (or those of a third party), such as improving our services, preventing fraud, and maintaining the security of our systems, provided these interests are not overridden by your rights.
  • Consent: Use of personal data for marketing purposes is made only with the consent of the users.
6. Sharing Your Data

We may share your personal data with the following third parties:

  • Service Providers: suppliers who help us deliver our services and operate our business (for example, banks/payment partners, identity verification and screening providers, fraud prevention services, IT hosting/support providers, and professional advisers). Where a supplier processes personal data on our behalf, they do so under contractual obligations (including confidentiality and appropriate security requirements) and only for the purposes we instruct.
  • Regulatory Bodies: Regulatory authorities, law enforcement agencies, and other governmental bodies as required by law or regulation.
  • Affiliates and Business Partners: Affiliates and group entities (where applicable): where necessary to provide the services, for compliance, risk management, internal administration, and operational purposes, subject to appropriate safeguards.
  • Others: Any other parties with your consent or as permitted by law.
7. International Data Transfers

Your personal data may be transferred to, stored in, or accessed from countries outside the United Kingdom. Where we make such transfers, we ensure appropriate safeguards are in place in accordance with UK data protection law. This may include reliance on UK adequacy regulations (where applicable), or the use of approved contractual safeguards such as the UK International Data Transfer Agreement (IDTA) and/or the UK Addendum to the EU Standard Contractual Clauses, together with any additional measures required.

8. Data Retention

Personal data is retained only for as long as necessary to meet the legal, regulatory, and business purposes for which it was collected. Typically, personal data will be retained for a minimum of five years from end of business relationship / completion of transaction and may be retained longer (up to 10 years) where required/permitted or as required by
applicable regulations. Once the retention period has elapsed, we will securely delete or anonymize your data.

9. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

  • Right to Access: You can request a copy of the personal data we hold about you.
  • Right to Rectification: You can request correction of inaccurate or incomplete data.
  • Right to Erasure: You can request deletion of your data where it is no longer necessary for the purposes for which it was collected.
  • Right to Restrict Processing: You can request that we limit the processing of your data under certain circumstances.
  • Right to Data Portability: You can request the transfer of your data to another service provider.
  • Right to Object: You can object to the processing of your data for direct marketing or other purposes based on our legitimate interests.
  • Right to Withdraw Consent: You can withdraw your consent to processing where we rely on your consent as the legal basis for processing.
  • Right to Lodge a Complaint: If you believe that your personal data has been mishandled, you have the right to lodge a complaint with the Information Commissioner’s Office in the UK.

We would appreciate the opportunity to address your concerns first, so please contact us in the first instance using the details provided in the “Contact Us” section below.

10. Data Security

We are committed to ensuring the security of your personal data. To protect your data from unauthorized access, disclosure, alteration, or destruction, we have implemented a variety of security measures, including:

  • HTTPS Encryption: All data transmitted between your browser and our website is encrypted using HTTPS, ensuring that your information is secure during transmission.
  • Data Encryption: We use advanced encryption standards to protect your data at rest and in transit, ensuring that your personal information is stored securely.
  • Access Controls: Access to your personal data is restricted to authorized personnel only, and we use role-based access controls to ensure that employees can only access data necessary for their role.
  • Secure Payment Gateways: We use secure, PCI DSS-compliant payment gateways to process your financial transactions, ensuring that your payment information is handled safely and securely.
  • Regular Security Audits: We conduct regular security audits and assessments to identify and address potential vulnerabilities in our systems.
  • Incident Response Plan: We have an incident response plan in place to respond swiftly to any data breaches or security incidents, including notifying affected individuals and relevant authorities as required by law.
11. Cookies and Tracking Technologies

We use cookies and similar technologies to operate our website, support security, and (where you choose) to analyse and improve performance. You can manage your cookie preferences at any time using the Cookie Settings link on our website. For more information, please see our Cookies Policy – Corporate Avenue

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. Any updates will be posted on our website Privacy Policy – Corporate Avenue and we encourage you to review this policy periodically.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Contact Details
Registered Office 3rd Floor, 19 Gerrard Street, London. W1D 6JG
Email admin@corporateavenue.co.uk