Privacy Policy

Last Updated: 29 March 2026

ERItax Limited (“ERItax”, “we”, “us” or “our”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, share and protect personal data when you:

• Visit our website;
• Contact us by email, telephone, post or via our website contact form;
• Request information, a demonstration or other communications from us;
• Subscribe for, access or use our platform, hosted services or API;
• Act as an authorised user, billing contact, administrator, support contact or representative of one of our customers; or
• Otherwise interact with us in connection with our services.

This Privacy Policy should be read in conjunction with our general Terms of Use, our separate Cookie Policy, and, where applicable, any subscription agreement, customer agreement or other contractual terms governing your use of our services.

1. Who we are

ERItax Limited is the controller of the personal data described in this Privacy Policy, except where this Privacy Policy specifically explains that we process personal data on behalf of a customer as a data processor.

Company details

• Name: ERItax Limited
• Company Number: 16237041

Registered office

71-75 Shelton Street
Covent Garden
London
WC2H 9JQ

General contact details

• Email: info@eritax.co.uk
• Phone: +44 (0) 3303 414 829

Data protection contact

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us at:

• Email: dpo@eritax.co.uk
• Post: Data Protection Officer, ERItax Limited, 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ

We are registered with the UK Information Commissioner’s Office (“ICO”) under registration number ZB874594.

2. Who this Privacy Policy applies to

This Privacy Policy applies to different categories of individuals whose personal data we may process, including:

• Website visitors;
• People who contact us or request information, demonstrations or support;
• Customers, prospective customers and their personnel;
• Authorised users, administrators and billing contacts for customer accounts; and
• Individuals whose personal data our customers upload to or enter into the ERItax platform, where we process that data on the customer’s behalf.

Different parts of this Privacy Policy may be more relevant depending on your relationship with us. In particular, section 6 explains when we act as a data processor on behalf of our customers rather than as a data controller in our own right.

3. Personal data we collect

We may collect and use the following categories of personal data:

Identity and contact data

This may include:

• Your name;
• Company or organisation name;
• Job title;
• Postal address;
• Email address; and
• Telephone number.

Enquiry, demonstration and correspondence data

This may include:

• The contents of emails, contact form messages, demonstration requests and other correspondence with us;
• Records of meetings, calls, onboarding discussions and follow-up communications; and
• Any information you choose to provide when contacting us.

Technical, security and usage data

When you use our website, platform or API, we may collect technical information such as:

• IP address;
• Browser type and version;
• Device type;
• Operating system;
• Referring website;
• Pages viewed and actions taken;
• Date and time of access;
• Approximate location derived from IP address;
• Session, authentication and security event data; and
• Diagnostic, audit, API, monitoring and performance information.

Cookie and analytics data

We and our service providers may collect information through cookies and similar technologies. Please see our Cookie Policy for full details.

Account, billing and service data

If you use any ERItax account, portal or service area, we may also collect:

• Login and authentication information;
• Account profile details;
• Organisation details;
• User role, permission and administration data;
• Subscription, billing and payment-related information;
• Support records and service communications; and
• Records necessary to provide, maintain and secure the service.

Customer platform data processed on behalf of customers

Our hosted services may allow customers to upload, enter, store, retrieve, analyse and export personal data relating to their own clients, investors, representatives or other third parties. Depending on how the service is used, this may include:

• Names and contact details;
• Client identifiers and internal references;
• Investment manager names and related account or transaction references;
• Financial holdings, disposals, portfolio and transaction-related information; and
• Tax-reporting, portfolio and associated metadata entered into the platform by or on behalf of the customer.

Marketing and preferences data

This may include:

• Your preferences regarding marketing or other communications from us; and
• Whether you have opened emails or interacted with communications, where lawful.

4. How we collect your personal data

We collect personal data:

• Directly from you, when you complete forms, contact us, request information, request a demonstration, sign up for updates, subscribe, onboard or otherwise communicate with us;
• Automatically, when you browse or interact with our website, platform, APIs or services;
• From service providers who support our website, communications, analytics, hosting, security and business operations;
• From publicly available sources, such as company websites, professional profiles or public registers, where lawful and appropriate for business-to-business communications;
• From other people within your organisation where they provide your details to us in connection with our services; and
• From our customers where they add you as a user, administrator, billing contact, authorised representative or other contact in connection with their use of the services.

5. How we use your personal data and our lawful bases

We use personal data only where we have a valid lawful basis to do so.

We may use your personal data for the following purposes:

To respond to enquiries and requests

We use your details to respond to messages, contact form submissions, demonstration requests, support questions and other communications.

Lawful basis:

• Our legitimate interests in operating and promoting our business and responding to enquiries; or
• Taking steps at your request before entering into an agreement or contract, where your enquiry relates to our services.

To provide, administer and manage our services

We use personal data to provide services, manage business relationships, onboard users, administer accounts, provide support, manage subscriptions, operate APIs and maintain records.

Lawful basis:

• Performance of an agreement or contract;
• Taking steps prior to entering into an agreement or contract; and/or
• Our legitimate interests in administering our services and customer relationships.

To operate, secure and improve our website, platform and services

We use technical and usage data to keep our website and systems secure, detect misuse, troubleshoot issues, monitor performance, enforce our terms and improve functionality.

Lawful basis:

• Our legitimate interests in operating a secure, reliable and effective website, platform and service.

To send service and administrative communications

We may send you non-marketing communications relating to your enquiries, account, service updates, subscription status, billing matters, security matters, support matters, or important legal or operational notices.

Lawful basis:

• Performance of an agreement or contract;
• Legal obligation; and/or
• Our legitimate interests in administering our services and communicating effectively with users, customers and contacts.

To send marketing communications

Where lawful, we may send you information about ERItax services, updates, events or insights that we believe may be relevant to you.

Lawful basis:

• Your consent, where required; and/or
• Our legitimate interests in promoting our services to business contacts, where permitted by law.

You can opt out of marketing communications at any time by using the unsubscribe link in an email or by contacting us.

To comply with legal and regulatory obligations

We may process personal data where required to comply with applicable law, regulation, court orders, tax or accounting obligations, or to respond to lawful requests from authorities.

Lawful basis:

• Compliance with a legal obligation.

To establish, exercise or defend legal claims

We may use personal data where necessary in connection with disputes, complaints, investigations or legal proceedings.

Lawful basis:

• Our legitimate interests in protecting our business, rights and legal position; and/or
• Where necessary for compliance with legal obligations.

6. When ERItax acts as a data processor on behalf of customers

In addition to acting as a data controller for our own business purposes, there will be circumstances in which ERItax processes personal data on behalf of a customer.

Where a customer uploads or enters personal data into the ERItax platform relating to its own clients, investors, contacts, representatives, brokers, account holders or other third parties, that customer will generally be the data controller for that personal data and ERItax will generally act as a data processor on the customer’s behalf.

In those circumstances:

• We process such personal data in order to provide and support the hosted services;
• We process such personal data on the customer’s documented instructions, subject to applicable law;
• The customer remains responsible for determining its lawful basis for processing, giving any required privacy information to the relevant individuals, and ensuring that its use of the services complies with applicable data protection law; and
• The more specific data processing terms for that customer data are governed by the applicable subscription agreement, customer agreement and any related data processing addendum.

For the avoidance of doubt, this Privacy Policy is intended to provide general transparency regarding such processing, but where ERItax acts as processor the applicable customer contract and data processing addendum govern the processor relationship in more detail.

7. If you do not provide personal data

Where we need personal data to respond to your enquiry, provide requested information, enter into a contract, create an account, administer a subscription, or deliver services, and you do not provide that data, we may be unable to do so fully.

8. Cookies and similar technologies

Our website uses cookies and similar technologies for functionality, security, analytics and, where applicable, user preference management.

We maintain a separate Cookie Policy which explains:

• What cookies and similar technologies we use;
• Why we use them; and
• How you can manage your preferences.

Please read our Cookie Policy for more information.

9. Sharing your personal data

We do not sell your personal data.

We may share personal data where necessary with:

• Companies within our corporate group, where relevant, for internal administration or service provision;
• Website hosting, infrastructure, cloud database, analytics, advertising, productivity, communications, payment, IT support and security providers;
• Professional advisers, including lawyers, accountants, insurers and auditors;
• Regulators, law enforcement agencies, courts or public authorities where required by law or necessary to protect our rights; and
• Actual or prospective buyers, investors or advisers in connection with a merger, acquisition, reorganisation or sale of assets, subject to appropriate confidentiality measures.

If third-party providers process personal data on our behalf, we require them to do so only on our instructions where applicable and to implement appropriate security measures.

Our current service providers may include Microsoft business services, Google services (including analytics and advertising tools where enabled), IONOS UK hosting and cloud database infrastructure, and other service providers used for communications, operations, billing, support and security.

10. International transfers

ERItax seeks, where practicable, to use UK-based hosting and UK-based database infrastructure for its core website and platform environments, and we currently exclusively use UK-based hosting arrangements for core website and database infrastructure.

However, some of our service providers may process personal data outside the UK or European Economic Area, or may permit support, administration or access from outside the UK in limited circumstances.

Where we transfer personal data internationally, we will ensure that appropriate safeguards are in place as required by applicable data protection law. Depending on the circumstances, this may include:

• Transfers to countries recognised as providing an adequate level of protection;
• The use of approved standard contractual clauses or the UK International Data Transfer Agreement / addendum; or
• Another lawful transfer mechanism permitted by applicable law.

You can contact us if you would like further information about any international transfers and the safeguards we use.

11. Data retention

We retain personal data only for as long as reasonably necessary for the purposes for which it was collected, including to satisfy legal, regulatory, tax, accounting, security and reporting requirements.

As a guide:

In some cases we may retain data for longer where necessary to comply with law, resolve disputes, enforce agreements or defend legal claims.

12. Data security

We take appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure and unauthorised access.

These measures may include:

• Secure hosting and access controls;
• Encryption where appropriate;
• Authentication, session and access management controls;
• Logging, monitoring and security review processes;
• Least-privilege access practices and confidentiality obligations; and
• Contractual controls with service providers and sub-processors.

However, no transmission over the internet or electronic storage method is completely secure. While we take reasonable steps to protect personal data, we cannot guarantee absolute security.

13. Your rights

Depending on the circumstances, you have the following rights under applicable data protection law:

• The right to be informed about how your personal data is used;
• The right of access to the personal data we hold about you;
• The right to rectification if your personal data is inaccurate or incomplete;
• The right to erasure in certain circumstances;
• The right to restrict processing in certain circumstances;
• The right to object to processing based on legitimate interests, and to direct marketing;
• The right to data portability in certain circumstances;
• The right to withdraw consent at any time, where we rely on consent; and
• The right to lodge a complaint with a supervisory authority.

To exercise any of your rights, please contact us using the details in section 1.

We may need to request information to confirm your identity before responding to your request.

Where ERItax acts purely as a data processor on behalf of one of our customers, you may also need to contact the relevant customer directly, as that customer will usually be the data controller responsible for responding to your request.

14. Complaints

If you have concerns about how we handle your personal data, please contact us in the first instance and we will try to resolve the issue.

You also have the right to complain to the Information Commissioner’s Office (“ICO”) in the UK:

ICO Contact Details

• Website: https://www.ico.org.uk
• Phone: +44 (0) 0303 123 1113
• Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

If you are located in the EU, you may also have the right to complain to your local supervisory authority.

15. Third-party websites

Our website may contain links to third-party websites, plug-ins or services. If you follow a link to any third-party website, please note that those websites have their own privacy notices and terms. We are not responsible for the content, privacy practices or policies of those third parties.

16. Children

Our website and services are not directed to children, and we do not knowingly collect personal data from children.

17. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in law, guidance, technology, our services or our business practices.

When we make changes, we will update the “Last updated” date at the top of this page. Where appropriate, we may take additional steps to notify you.

18. Contact us

For questions or queries relating to this Privacy Policy, or to access information we hold about you, contact us using the details provided in section 1 above. Alternatively, you may contact our Data Protection Officer at dpo@eritax.co.uk.