Legal
UK Privacy Policy
1. Introduction
This Privacy Notice explains how Grey Finance LTD ("Grey", "we", "us" or "our") collects, uses, shares and protects your personal information across our websites, applications, products, and related services (collectively, the “Services). we are committed to protecting your privacy and ensuring transparency in our data processing activities. This Privacy Notice forms part of our Terms of Use.
This Privacy notice applies to your use of our Services through any device, including desktop, mobile, or tablet. It does not apply to services not owned or controlled by Grey, including third-party websites or platforms. Such third parties operate under their own privacy policies, and Grey is not responsible for their data handling practices.
2. Who We Are
Grey Finance LTD is registered in England and Wales (company number 13849254) with our registered office at Suite Q, Athene House 86 The Broadway, Mill Hill, London, United Kingdom, NW7 3TD. We act as the data controller for the personal information we collect and process about you.
3. Information We Collect and Process
To gain full access to our website and services, you must register for a Grey account. When you register for an account, we collect Personal Information which you voluntarily provide to us. Personal Information refers to information relating to an identified person or information that can be used to identify you, (e.g. name, email, address, bank details, telephone number). It may also include anonymous information that may be linked to you specifically, (e.g. IP address).
The Personal Information we have about you is directly made available to us when you:
- Sign up for a Grey Account;
- Use any of our services;
- Contact us or our customer support team;
- Fill our online forms;
3.1 Core Data Categories
3.2 Lawful Bases for Processing
We process your data based on the following legal grounds:
- Contractual necessity
- Legal obligations
- Legitimate interests
- Consent
Each of them is discussed in more detail below.
3.2.1 Contractual Necessity
We process data where it is required for the purposes of entering into or fulfilling a contract between us. This includes situations required to:
- To provide our services
- To execute your payment instructions
- To maintain your account
- To deliver our core financial services
3.2.2 Legal Obligations
We process data where it is required to fulfil our legal obligations. These legal obligations include but are not limited to:
- Anti-money laundering checks
- Counter-terrorist financing verification
- Counter-proliferation financing compliance
- Regulatory reporting requirements
- Tax compliance obligations
- Financial crime prevention
3.2.3 Legitimate Interests
We process data for our legitimate interests where necessary and proportionate:
3.2.4 Consent
Lastly, we rely on your consent and where appropriate, we obtain your explicit consent for:
- Marketing communications
- Special category data processing
- Cookies and tracking technologies
- Third-party data sharing
Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
Data Protection Principles
4.1 Security Measures
We take your data’s security seriously and have put in place strong measures to keep it safe. These include:
- Encrypting your data: This applies both when it’s being sent over networks (in transit) and when it’s stored (at rest).
- Restricting access: Only authorised individuals with proper credentials can access your data.
- Regular checks: We routinely assess and update our security systems to stay ahead of potential risks.
- Training our team: All staff undergo regular training to ensure they understand and comply with data protection practices.
- Preparedness for incidents: If there’s ever a security issue, we have clear procedures in place to handle it quickly and minimise any impact.
5. Data Retention
We keep your personal data for as long as necessary to meet regulatory and legal requirements, fulfil business needs, and improve our services. Specifically:
6. Categories of Recipients of Personal Data
6.1 Overview of Data Sharing
We share your personal data with various recipients to provide our services, meet regulatory obligations, and maintain security. All data sharing is conducted in accordance with applicable data protection laws and subject to appropriate safeguards.
6.2 Categories of Recipients
7. International Transfers
If your data needs to be transferred outside the UK or the European Economic Area (EEA), we ensure it’s handled with the same level of protection as required under UK laws. This includes:
- Implementing safeguards and using standard contractual clauses approved for international data transfers.
- Using proper mechanisms to ensure that all transfers comply with data protection regulations.
- We make sure your data privacy rights are upheld, no matter where your information is processed.
We are committed to treating your data with the utmost care, ensuring compliance with all relevant laws and maintaining the highest standards of security.
8. Your Privacy Rights
8.1 Core Rights
As a data subject, you are entitled to specific rights under data protection laws to give you control over your personal information. These include:
- Access your data: Request a copy of the personal data we hold about you.
- Correct inaccuracies: Ask us to fix any errors or incomplete information in your records.
- Erase your data: Request deletion of your data, provided there’s no overriding legal or regulatory reason for us to keep it.
- Restrict processing: Limit how we use your data, for instance, while you’re disputing its accuracy or lawfulness.
- Data portability: Obtain a copy of your data in a portable format to transfer it to another service.
- Object to processing: Refuse the use of your data for certain purposes, such as direct marketing or automated decision-making.
8.2 Additional rights
In addition to the core rights, you may:
- Withdraw consent: If we rely on your consent to process your data, you can revoke it at any time.
- Complain to authorities: File a complaint with your local data protection authority if you believe your rights have been violated.
- Challenge automated decisions: Contest decisions made solely by automated systems that significantly affect you, and request human intervention.
- Request processing limitations: Temporarily or permanently limit certain types of data processing.
8.3 Exercising your rights
We’ve made it easy for you to exercise your privacy rights:
- Reach out directly for guidance or to submit a request.
- Submit a rights request via the designated section in our app.
- Send an email to dpo@grey.co with your request details.
8.4 Response times
We aim to address your requests promptly and efficiently:
- Within 1 business day of receiving your request, we’ll provide initial acknowledgement.
- We will provide you with a full response usually within 1 month.
- If your request requires extensive investigation, we may extend the deadline by 2 months to provide a full response, but we’ll keep you informed every step of the way.
We value your privacy and are committed to respecting your rights. Please don’t hesitate to reach out if you have any questions or concerns about how your data is handled.
9. Cookies and Tracking
We use cookies and similar technologies to enhance your experience with our services. These tools help secure our systems, remember your preferences for a more personalised experience, and analyse how our services are used so we can improve their performance.
Cookies enable our servers to recognise information such as IP addresses, the date and time of visits, and general web traffic patterns. This helps us monitor usage, improve functionality, and prevent fraudulent activities.
Our cookies do not store personal or sensitive information. Instead, they contain a unique random reference that allows us to recognise your browser and provide relevant content when you return to the site.
If your browser or browser add-on allows it, you may choose to disable cookies on our website. However, doing so may affect certain features and your overall experience. By continuing to use our website without disabling cookies, you consent to their use.
10. Updates to This Notice
10.1 Changes and Notifiactions
This privacy notice may be updated from time to time to ensure it remains accurate and reflective of:
- New features, functionalities, or service updates
- Changes in laws, regulations, or guidance from authorities
- Enhancing your understanding and clarity
- Changes in how we collect, use, or handle your data
We are committed to keeping you informed about any significant changes to this notice but you should still visit this page from time to time. If you keep using our Services, you consent to all amendments of this Privacy Policy.
11. Contact Information
11.1 General Enquiries
For day-to-day questions and account support, we're here to help:
- Through our app's chat feature (fastest response)
- By email at support@grey.co
Our support team can assist with account questions, transaction issues, and general matters. Most queries can be resolved quickly through these channels.
11.2 Data Protection Queries
For questions or concerns about your data privacy or this notice, you can contact our Data Protection Officer (DPO) at dpo@grey.co.
11.3 Complaints
If you are dissatisfied with how we handle your personal data, we encourage you to reach out so we can address your concerns.
- Contact our DPO: We will work to resolve your issue promptly and transparently.
- Escalate to the ICO: If you feel your complaint remains unresolved, you can contact the UK’s Information Commissioner’s Office (ICO). More details on how that can be done can be found here: https://ico.org.uk/global/contact-us/contact-us-public/
Last updated:
May 11, 2026
.svg)
Back to top
