Privacy
Policy

Introduction

Welcome to SDLT Compass Limited’s privacy policy. References to personal data in this policy include information relating to you and your clients in connection with our website.
SDLT Compass Limited respects your privacy and is committed to protecting your personal data. This privacy policy explains how we look after your personal data when you visit our website (regardless of where you visit it from) or subscribe to, or use, our SDLT Compass Service at client.compass.tech. Alternatively, we may be given your personal data by users of our SDLT Compass Service. This policy also sets out your privacy rights and how the law protects you.
This privacy policy is presented in a layered format so you can click through to specific areas. Please also use the Glossary to understand the meaning of some of the terms used in this policy.

Contents

  • Important information and who we are
  • The personal data we collect about you
  • How your personal data is collected
  • How we use your personal data
  • Disclosures of your personal data
  • International transfers
  • Data security
  • Data retention
  • Your legal rights
  • Glossary

1. Important information and who we are

Purpose of this privacy policy


This policy provides information on how SDLT Compass Limited collects and processes your personal data. Typically, we will:

  • Collect your personal data through your use of this website, including any personal data you provide when subscribing to or using our SDLT Compass Service; or
  • Receive your personal data from users of our SDLT Compass Service – usually because you have asked them to pass your data to us (for example, as part of a referral) or because it is necessary as part of your contract with that user (for example, for an SDLT calculation).


This privacy policy supplements other notices and privacy policies we may provide and is not intended to override them.

Controller

In most cases SDLT Compass Limited is the controller of your personal data.

Processor

Where we receive your personal data from a user of our SDLT Compass Service, we act as a processor. In this case, the controller will usually be your professional adviser or other organisation using our services.

Contact details

If you have any questions about this policy, please contact our Data Privacy Manager:

  • Email: support@compass.tech
  • Post: 8-10 Hill Street, Mayfair, London, W1J 5NG


You may also raise a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk. However, we would appreciate the chance to deal with your concerns before you contact the ICO.

Changes to this privacy policy

We keep our privacy policy under regular review. This version was last updated on 11 September 2025.

2. The personal data we collect about you

We may collect, use, store and transfer the following categories of personal data:

  • Identity Data – name, marital status, title, date of birth, gender.
  • Contact Data – billing address, email address, telephone numbers.
  • Financial Data – bank account and payment details.
  • Transaction Data – details about payments and services purchased.
  • Technical Data – IP address, login data, browser type/version, time zone, location, plug-ins, operating system, devices.
  • Profile Data – username, password, purchases, interests, feedback.
  • Usage Data – information about how you use our website and services.
  • Marketing and Communications Data – preferences for receiving marketing.


We also collect aggregated data (e.g., statistical or demographic data) that does not identify individuals.

We do not collect special categories of personal data or information about criminal convictions.

3. How your personal data is collected

We use different methods to collect personal data:

  • Direct interactions – via forms, correspondence, account creation, subscription, marketing requests, or feedback.
  • Automated technologies – technical data collected automatically via cookies and similar technologies.
  • Third parties – such as payment service providers or professional advisers using our service on your behalf.

4. How we use your personal data

We will only use your personal data where the law allows. Common uses include:

  • To perform a contract with you or your employer (or the organisation using our SDLT Compass Service).
  • To pursue legitimate business interests, provided your rights do not override these.
  • To comply with legal obligations.


We do not rely on consent except for direct marketing, where required. You may withdraw consent at any time.

5. Disclosures of your personal data

We may share your personal data with:

  • Service providers acting as processors (e.g., IT and hosting).
  • Professional advisers (e.g., bankers, auditors, insurers).
  • Third parties involved in a business sale, transfer or merger.


We require all third parties to protect your personal data in line with the law and our standards.

6. International transfers

We do not transfer your personal data outside the European Economic Area (EEA).

7. Data security

We have implemented appropriate security measures to prevent unauthorised access, loss, or disclosure of personal data. Access is restricted to employees and contractors with a business need, who are bound by confidentiality obligations.
Procedures are in place to deal with any suspected data breach. Where legally required, we will notify you and the relevant regulator.

8. Data retention

We only keep personal data as long as necessary for the purposes collected, including legal, regulatory, tax, and accounting requirements.

By law, we must retain certain basic information (Identity, Contact, Financial and Transaction Data) for six years after you cease being a customer.

In some cases, we may anonymise data for research or statistical purposes.

9. Your legal rights

You have the right to:

  • Request access to your personal data.
  • Request correction or erasure.
  • Object to processing or request restriction.
  • Request transfer of your data.
  • Withdraw consent at any time (where applicable).


We aim to respond to all legitimate requests within one month.

10. Glossary

  • Controller – determines how and why personal data is processed.
  • Processor – processes personal data on behalf of the controller.
  • Legitimate interest – our business interest in operating effectively and securely.
  • Performance of a contract – when processing is necessary to fulfil an agreement.
  • Legal obligation – when processing is required by law.