Articles on: KYC & Compliance

Data Protection Policies and Procedures

Data Collection

We collect the following data:
- Name
- Contact details (including email address)
- Demographic details (postcode, country)
- Business-related information (company name, nature, trading name)
- IP address
- Proof of identity and address for Anti-Money Laundering (AML) and Know Your Customer (KYC) compliance.

Purpose: This data allows us to create your account, issue invoices, send updates, or contact you about your account. Note: We don't sell or distribute your information to third parties.

Data Storage

- Hoxton Mix CRM (Admin): Holds customer contact details, postal logs, KYC and AML checks, and audit reports related to suspicions of money laundering or terrorist financing. It also stores reports filed to Action Fraud and Audrey at Trading Standards.

- Plan Details
- Groove: Support desk ticketing system.
- Chargebee: Billing system.

Data Protection Measures

- Hoxton Mix CRM:
- 256 SSL encryption for data in transit.
- Secure access using Google login with 2-Step Verification.
- External monitoring services.
- Storage on Google Cloud Platform (GCP) and Amazon Web Services (AWS) with regular backups and stringent access controls.

- GitHub & Gitlab:
- Source code repository secured through 2-Step Verification.

- Groove: SMTP over SSL.

- Chargebee: PCI compliant with encrypted storage, ISO 27001:2013 certification, and EU-U.S. & Swiss-U.S. Privacy Shields.

- Twilio & Mailgun & Mailerlite: Secured via 2-Step Verification.

- Developer Equipment: Laptops and mobile phones encrypted and secured with biometric authentication.

Data Retention

Data is retained according to the Money Laundering Regulations 2007 (MLR 2007) and the General Data Protection Regulation (GDPR). Identity check records and SARs are stored for up to five years after the end of the business relationship or SAR filing, respectively.

Data collection and processing are compliant with:
- The Money Laundering Regulations 2007 (MLR 2007)
- London Local Authorities Act 2007

Communication of Privacy Information

Our Privacy Policy is available on the Hoxton Mix website in clear English. Customers are required to opt in during sign-up.

Subject Access Requests

We respect your right to access, correct, or delete your personal information. Requests can be made under the Data Protection Act 1998. Fees apply for unfounded or excessive requests. Reach out to for corrections.

Physical Data Measures

Physical data is safeguarded by locking filing cabinets and maintaining postal logs.

Deletion Requests

Compliance with GDPR and MLR 2007 determines our approach to deletion requests. Some data, such as KYC and AML documentation, must be retained for five years after the end of the business relationship. However, we make every effort to respect deletion requests where regulations permit.

Updated on: 17/08/2023

Was this article helpful?

Share your feedback


Thank you!