Privacy Policy

Last updated: 1 April 2026

ACMIhub is committed to protecting your privacy. This Policy explains how we collect, use, share and protect personal data in connection with the ACMIhub platform. We are the data controller for the personal data described in this Policy. This Policy is compliant with the UK GDPR and EU GDPR.

1. What Data We Collect

We collect the following categories of personal data:

Category Examples Purpose
Identity data Name, job title, email address Account registration, communication
Company data Company name, registration number, AOC details, country KYB verification, marketplace trust
Contact data Phone number, address Deal communication, support
Usage data Login times, IP address, pages visited, search queries Security, analytics, fraud prevention
Transaction data Deal details, Quick Quotes, messages, documents uploaded Deal Room operation, dispute resolution
Financial data Subscription payment records, invoice details Billing, accounting
Technical data Browser type, device type, session data, cookies Platform functionality, security

2. How We Use Your Data

We use your personal data for the following purposes, on the legal bases indicated:

  • Contract performance: To provide Platform services, process transactions, manage your account and enable Deal Room functionality.
  • Legal obligation: KYB/AML compliance, sanctions screening, tax record keeping, audit log maintenance.
  • Legitimate interests: Platform security, fraud prevention, analytics to improve the Platform, displaying Trust Scores publicly, sending service updates.
  • Consent: Marketing emails (you may opt out at any time), non-essential cookies.

3. Data Sharing

We do not sell your personal data. We share data only in the following circumstances:

  • Between Users on the Platform: Company name, country, Trust Score, listing information and profile data are visible to other registered users as part of the marketplace functionality.
  • KYB verification partners: We share company and identity data with our third-party KYB/KYC provider (TrustVerifyID) for verification purposes.
  • Payment processors: Payment details are shared with our payment processor for subscription and commission processing.
  • Infrastructure providers: We use hosting, email, Redis and other infrastructure services. These providers process data on our behalf under data processing agreements.
  • Legal requirements: We may disclose data to law enforcement or regulators where required by law, court order or to protect our legal rights.
  • Business transfer: In the event of a merger, acquisition or asset sale, your data may be transferred to the acquirer, subject to this Policy.

4. International Transfers

Our primary servers are located in the European Economic Area. Where we transfer personal data outside the EEA (for example, to our payment or push notification providers), we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission or equivalent mechanisms under applicable law.

5. Data Retention

We retain personal data for as long as necessary to fulfil the purposes for which it was collected, including legal and regulatory obligations:

  • Account data: retained for the duration of the account plus 7 years after closure.
  • Deal Room data and transaction records: 7 years from deal completion (for accounting and legal compliance).
  • Audit log: 3 years from date of entry.
  • Contact form submissions: 2 years.
  • KYB verification documents: as required by applicable AML regulations (typically 5 years).

6. Cookies

We use cookies and similar technologies to operate the Platform, remember your session, and analyse usage. For full details, see our Cookie Policy.

7. Your Rights (GDPR)

Under UK and EU GDPR, you have the following rights regarding your personal data:

Access

Request a copy of the personal data we hold about you.

Rectification

Ask us to correct inaccurate or incomplete data.

Erasure

Request deletion of your data, subject to legal retention requirements.

Restriction

Ask us to pause processing of your data in certain circumstances.

Portability

Receive your data in a machine-readable format.

Objection

Object to processing based on legitimate interests.

Withdraw consent

Withdraw marketing consent at any time without affecting lawfulness of prior processing.

Complaint

Lodge a complaint with the ICO (UK) or your local supervisory authority.

To exercise any of these rights, contact us at privacy@acmihub.com. We will respond within 30 days.

8. Security

We implement technical and organisational measures to protect your data, including: TLS encryption in transit, encryption at rest, Redis-backed session management, rate limiting, role-based access controls, and regular security reviews. However, no system is completely secure and we cannot guarantee absolute security.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered Users by email of material changes. Continued use of the Platform constitutes acceptance of the updated Policy.

10. Contact

ACMIhub Limited — Data Protection

privacy@acmihub.com

For data subject requests, please include your registered email address and specify which right you wish to exercise.