1. Introduction
Notary7 ("we", "us", or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit our website at notary7.com (the "Site") or use our notary, apostille, embassy legalisation, sworn translation, and document retrieval services (the "Services").
By using our Site and Services, you consent to the practices described in this Privacy Policy. If you do not agree with this policy, please do not access or use our Site or Services.
This policy is written in accordance with the EU General Data Protection Regulation (GDPR), the UK GDPR, and other applicable data protection legislation.
2. Who we are
Notary7 is the data controller for the personal data collected through this Site and our Services. Our registered office is in the United Kingdom.
We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this Privacy Policy. If you have any questions, including requests to exercise your legal rights, please contact the DPO using the details above.
3. Data we collect
We collect and process different categories of personal data depending on how you interact with us:
| Category | Examples | Purpose |
|---|---|---|
| Identity & contact | Name, email address, phone number, postal address | Account management, service delivery, communication |
| Document data | Passport copies, birth certificates, contracts, powers of attorney | Notarisation, apostille, legalisation, translation services |
| Transaction data | Payment details, billing address, order history | Payment processing, invoicing, fraud prevention |
| Technical data | IP address, browser type, device info, cookies | Site security, analytics, performance optimisation |
| Usage data | Pages visited, time on site, features used | Improving user experience and service quality |
We do not intentionally collect special category data (such as racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic or biometric data, health data, or data concerning sex life or orientation) unless it is necessary for the specific service you request and you explicitly provide it.
4. How we use your data
We use your personal data for the following purposes:
- Service provision — to deliver notarisation, apostille, legalisation, translation, and document retrieval services you request.
- Account management — to create and maintain your account, verify your identity, and manage your orders.
- Communication — to respond to your enquiries, send service-related notifications, and provide customer support.
- Payment processing — to process payments, issue invoices, and prevent fraud.
- Legal compliance — to comply with applicable laws, regulations, and notarial obligations.
- Service improvement — to analyse usage patterns, troubleshoot issues, and enhance our Site and Services.
- Marketing — where you have consented, to send you promotional materials about our services.
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason compatible with the original purpose.
5. Legal basis for processing
Under data protection law, we must have a legal basis to process your personal data. The legal bases we rely on are:
We need to process your data to fulfil our contract with you — e.g. to provide notary or apostille services.
We may need to process data to comply with applicable laws, such as anti-money laundering regulations or court orders.
We process data for our legitimate business interests, such as fraud prevention, network security, and service improvement, provided these interests do not override your rights.
Where required by law, we will ask for your explicit consent before processing — e.g. for marketing communications or certain cookies.
6. Data sharing & third parties
We do not sell your personal data. We may share your data with trusted third parties in the following circumstances:
- Service providers — companies that provide services on our behalf, such as payment processing, cloud hosting, email delivery, and customer support tools.
- Government authorities — where required by law, we may disclose data to courts, regulators, or law enforcement agencies.
- Professional advisers — lawyers, auditors, and insurers who provide professional services to us.
- Business transfers — in the event of a merger, acquisition, or sale of assets, your data may be transferred to the new owner.
All third parties who process data on our behalf are bound by contractual obligations to keep your data secure and to use it only for the specified purposes. A full list of sub-processors is available in our Data Processing Agreement.
7. International transfers
Notary7 operates globally, and your personal data may be transferred to and processed in countries outside your country of residence, including countries that may not have equivalent data protection laws.
When we transfer personal data from the European Economic Area (EEA), UK, or Switzerland to countries not deemed adequate by the European Commission, we ensure appropriate safeguards are in place, including:
- EU Standard Contractual Clauses (SCCs) approved by the European Commission.
- UK International Data Transfer Agreements (IDTAs) where required for UK data transfers.
- Additional technical and organisational measures, such as encryption and pseudonymisation, to protect transferred data.
You can request a copy of the relevant transfer mechanism by contacting us at support@notary7.com.
8. Data retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.
Specific retention periods depend on the type of data and the applicable legal requirements:
| Data type | Retention period | Rationale |
|---|---|---|
| Account data | Duration of account + 6 years | Legal and tax obligations |
| Document copies | 7 years from completion | Notarial record-keeping and dispute resolution |
| Payment records | 7 years from transaction | Tax and accounting compliance |
| Marketing data | Until consent withdrawn | Consent-based marketing |
| Log/technical data | Up to 12 months | Security monitoring and incident response |
When data is no longer required, we securely delete or anonymise it in accordance with our data retention schedule.
9. Data security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction:
- Encryption of data in transit using TLS 1.2 or higher.
- Encryption of data at rest using AES-256.
- Role-based access controls and least-privilege principles.
- Multi-factor authentication for all staff and contractor accounts.
- Regular security audits and penetration testing.
- Employee training on data protection and information security.
- Incident response and business continuity plans.
Despite these measures, no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee absolute security but commit to notifying you promptly of any breach affecting your personal data in accordance with applicable law.
10. Your rights
Depending on your location and applicable law, you have certain rights regarding your personal data. These rights are summarised below:
You can request a copy of the personal data we hold about you.
You can ask us to correct inaccurate or incomplete data.
You can request deletion of your data in certain circumstances ('right to be forgotten').
You can ask us to limit how we use your data while we verify its accuracy or resolve a dispute.
You can request your data in a structured, machine-readable format to transfer to another provider.
You can object to processing based on legitimate interests or direct marketing at any time.
Where we rely on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.
You have the right to complain to a data protection supervisory authority in your country of residence.
To exercise any of these rights, please contact us at support@notary7.com. We will respond to your request within one month, which may be extended by two further months for complex requests. We may need to verify your identity before fulfilling your request.
11. Children's privacy
Our Site and Services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately at support@notary7.com and we will take steps to delete such information.
12. Cookies & tracking
We use cookies and similar tracking technologies to enhance your experience on our Site, analyse usage, and deliver relevant content. For detailed information about the cookies we use and how to manage your preferences, please see our Cookie Policy.
13. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make material changes, we will notify you by updating the effective date at the top of this policy and, where appropriate, by posting a notice on our Site or sending you a direct communication.
We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.
14. Contact us
If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us:
You also have the right to lodge a complaint with a data protection supervisory authority in your country of habitual residence, place of work, or place of an alleged infringement.