top of page

Privacy Policy

Last Updated: 15th October 2025

​

1. Introduction

 

Welcome to Comentis’ Privacy Policy.

 

Your privacy matters to us. This Policy explains how we collect, use, and protect your personal data when you:

  • Visit our website,

  • Use our platform or services as a Customer, or

  • Complete an assessment as an End-User at the direction of a Customer (e.g., a financial services provider).

 

It also outlines your rights and how to exercise them in line with applicable data protection legislation, including the UK GDPR.

 

2. Who This Policy Applies To

 

This Privacy Policy applies to three types of individuals:

 

​

​

 

 

 

 

 

 

 

 

 

Important: The way we collect and process data differs depending on which group you fall into. Please read the relevant section(s) below.

 

3. How We Collect and Use Personal Data

 

A. Website Visitors

 

When you visit our website, we collect only minimal data necessary to operate and improve your browsing experience.

 

Data collected:

  • Cookies and similar technologies (see Section 7)

  • Device type, IP address, browser type (via analytics tools)

 

Purposes:

  • To provide and improve website functionality

  • To understand website performance and usage patterns

  • To keep the website secure

 

We do not collect any identifiable personal data unless you choose to contact us (e.g., via a contact form or email).

 

B. Customers / Registered Users

 

If you are a Customer or a user representing a Customer, we act as a Data Controller in respect of your personal data collected to deliver the platform and services.

 

Data collected may include:

  • Account Information: full name, email, job title, organisation, and contact details

  • Login & Profile Information: username, password, authentication details

  • Device & Usage Information: IP address, device identifiers, browser settings, log data

  • Marketing Preferences (if opted-in)

  • Payment / Billing Information (where applicable)

 

Purposes:

  • To set up and manage accounts

  • To deliver and support the platform and services

  • To provide customer support and respond to inquiries

  • To send operational and marketing communications (where consent has been given)

  • To comply with legal or regulatory obligations

 

Legal bases:

  • Performance of a contract

  • Legitimate interests (e.g., service improvement, security)

  • Consent (e.g., marketing)

  • Legal obligation

 

C. End-Users (Assessment Participants)

 

If you are completing an assessment or questionnaire at the direction of one of our Customers (e.g., your financial service provider), Comentis processes your personal data as a Data Processor on behalf of that Customer (the Data Controller).

 

Data collected directly from you:

  • Responses to the Duty of Care questionnaire, including:

    • Demographic data (e.g., age, marital status)

    • Life event information (e.g., bereavement, financial change)

    • Health-event data (e.g., memory challenges, physical or mental health impacts — high level only)

    • Psychometric question responses

  • Device information (e.g., IP address, browser type, cookie identifiers)

 

Data collected from the Customer:

  • Full name

  • Date of birth

  • Account information (e.g., Customer reference ID)

 

What we do not collect:

  • Contact information (email, address, phone)

  • Government-issued IDs or biometric data

  • Sensitive identifiers such as passport or NI numbers

 

Purpose:

  • To provide the assessment service and generate a Consumer Duty report for the Customer

  • To help the Customer meet their regulatory obligations under FCA Consumer Duty standards

 

Legal basis:

  • Performance of contract with the Customer (the Controller)

 

Important:

  • Comentis does not reuse, sell, or access your personal data for purposes other than delivering the service.

  • If you wish to exercise your data protection rights, please contact the Customer (your financial service provider) directly.

 

4. Sharing Your Personal Data

 

We may share data in the following circumstances:

  • Service Providers: trusted third parties providing hosting, analytics, or support (under strict contractual obligations).

  • Professional Advisors: lawyers, auditors, insurers, or consultants.

  • Regulatory or Legal Authorities: where required by law or to protect our legal rights.

  • Business Transfers: if Comentis undergoes a merger, acquisition, or restructuring.

 

We never sell your personal data.

 

5. International Data Transfers

 

If we transfer personal data outside the UK or EEA, we ensure appropriate safeguards are in place (e.g., UK Addendum to EU SCCs, adequacy decisions, or equivalent mechanisms).

 

6. Data Security

 

We use industry-standard security measures to protect your personal data against unauthorised access, loss, or misuse. Access is restricted to authorised personnel on a need-to-know basis.

 

In the event of a data breach, we will notify the relevant supervisory authorities and affected individuals where required by law.

 

7. Cookies

 

Our website uses cookies to improve user experience and analyse site performance.

  • Essential cookies: required for the site to function.

  • Analytics cookies: help us improve services.

  • Preference cookies: remember your settings.

 

You can manage cookie preferences through your browser or site settings. Some features may not work without certain cookies.

 

8. Data Retention

 

We keep personal data only as long as necessary to fulfil the purpose it was collected for or as required by law or regulation.

  • Website visitors: minimal cookie and analytics data retained per tool configuration.

  • Customers: retained for the duration of the contract plus any applicable statutory retention periods.

  • End-Users: data is processed and stored in line with the Customer’s instructions.

 

9. Your Rights

 

Depending on your relationship with Comentis and applicable law, you may have the right to:

  • Access, correct, or delete your personal data

  • Withdraw consent where applicable

  • Object to or restrict processing

  • Lodge a complaint with a supervisory authority

 

If you are an End-User, please contact the Customer (your financial service provider) directly to exercise your rights. Comentis can assist the Customer where required.

 

For Customers and Website Visitors, please contact: support@comentis.co.uk

 

10. Updates to This Policy

 

We may update this Privacy Policy from time to time. Significant changes will be communicated via our website or email notification.

 

11. Contact Us

 

If you have any questions about this Privacy Policy or how we process your personal data, contact:

 

Data Protection Officer

Email: dane@comentis.co.uk

Phone: 0203 282 0582

Security Policy table.gif
bottom of page