- Home
- Privacy Policy
Legal
Privacy Policy
1. Introduction
This Privacy Policy explains how MyNotary ("MyNotary", "we", "our", "us") collects, uses, shares, and protects your personal data when you visit our website at uk.mynotary.io (the "Website") or use our notarisation services (the "Service").
This Privacy Policy forms an integral part of our Terms of Service and our Cookie Policy. By using the Service, you acknowledge having read this Privacy Policy.
We comply with the United Kingdom General Data Protection Regulation ("UK GDPR"), the Data Protection Act 2018 ("DPA 2018"), and the Privacy and Electronic Communications Regulations 2003 ("PECR").
---
2. Data Controller
MyNotary, a company incorporated under French law, acts as the data controller for the personal data collected through the Website and the Service, within the meaning of Article 4(7) of the UK GDPR and of the EU General Data Protection Regulation 2016/679 ("EU GDPR"). As a French-based company offering services to clients in the United Kingdom, MyNotary is subject to both the EU GDPR and the UK GDPR.
For any question relating to the processing of your personal data, you may contact us:
MyNotary
Email: support@mynotary.io
Website: uk.mynotary.io
---
3. Personal Data We Collect
3.1 Data You Provide Directly
When you use the Service, you provide us with the following data:
(a) Identification data: surname, given name, date of birth, place of birth, nationality, gender;
(b) Contact data: email address, postal address, telephone number;
(c) Identity documents: passport, identity card, driving licence, including all information appearing therein (document number, expiry date, issuing authority, photograph);
(d) Biometric data: facial scans, capture of facial features for biometric matching, performed by our identity verification provider;
(e) Professional data (where applicable): company name, position, registration number, billing address;
(f) Documents to be notarised: any document you submit for notarisation, which may include personal, professional, financial, medical, family, or any other type of information;
(g) Account data: login credentials, language preferences, region, communication preferences;
(h) Communication data: content of exchanges with our support, comments, complaints, requests.
3.2 Data Collected Automatically
When you browse the Website or use the Service, we automatically collect:
(a) Technical data: IP address, browser type and version, operating system, language settings, screen resolution, time zone, device fingerprint;
(b) Browsing data: pages visited, time spent on each page, links clicked, browsing path, referring source;
(c) Service usage data: timestamps of actions performed, files uploaded, identity verification attempts, video Session connections;
(d) Cookie data: see our Cookie Policy for details.
3.3 Data Collected from Third Parties
We may receive data about you from third parties, in particular:
(a) Our identity verification provider (Persona): identity verification results, fraud indicators, document authenticity scores;
(b) Our payment provider (Stripe): payment confirmation, fraud detection data, card token (no full card number is stored on our servers);
(c) Our advertising providers (Google Ads, via server-side GTM): GCLID identifiers, attribution data, conversion events;
(d) Anti-fraud providers: risk indicators, sanctions lists, politically exposed persons lists.
3.4 Sensitive Data
In the context of identity verification, we process special categories of personal data within the meaning of Article 9 of the UK GDPR, specifically:
(a) Biometric data for the purpose of uniquely identifying you;
(b) In some cases, data revealing racial or ethnic origin (indirectly, through your identity document).
The processing of these sensitive data is based on Article 9(2)(g) of the UK GDPR (substantial public interest, in particular the prevention of fraud and compliance with anti-money laundering obligations), and on Schedule 1 Part 2 of the DPA 2018.
3.5 Documents to Be Notarised
The documents you submit for notarisation may contain a wide variety of personal data, sometimes sensitive (in particular health data, family data, financial data, legal data). We process these data solely for the purpose of performing the Service and complying with our archiving obligations, with strict confidentiality.
---
4. Why We Process Your Data and Legal Bases
We process your personal data for the following purposes, with the corresponding legal bases:
4.1 Provision of the Service
Purposes: account creation and management, order processing, identity verification, performance of the notarisation Session, delivery of the executed document, customer support.
Legal basis: performance of the contract between you and MyNotary (Article 6(1)(b) of the UK GDPR).
4.2 Compliance with Legal and Regulatory Obligations
Purposes: compliance with anti-money laundering and counter-terrorism financing obligations (AML/CTF), archiving of notarial deeds, accounting and tax obligations, response to requests from competent authorities.
Legal basis: legal obligation of MyNotary (Article 6(1)(c) of the UK GDPR).
4.3 Fraud Prevention and Platform Security
Purposes: detection of fraud, identity theft, abusive use, cyberattacks; protection of the platform's integrity; defence against chargebacks and disputes.
Legal basis: legitimate interest of MyNotary to ensure the security and reliability of its Service (Article 6(1)(f) of the UK GDPR).
4.4 Improvement of the Service
Purposes: analysis of platform usage, identification of friction points, A/B testing, improvement of features.
Legal basis: your consent for analytics cookies (Article 6(1)(a) of the UK GDPR), legitimate interest for server-side aggregated and anonymised analyses (Article 6(1)(f)).
4.5 Marketing Communications
Purposes: sending of newsletters, promotional offers, satisfaction surveys.
Legal basis: your consent (Article 6(1)(a) of the UK GDPR) or legitimate interest of MyNotary for existing clients with the possibility to object at any time (soft opt-in under regulation 22 of PECR).
4.6 Advertising and Acquisition
Purposes: measurement of advertising campaign effectiveness, attribution of conversions, retargeting.
Legal basis: your consent for advertising cookies (Article 6(1)(a) of the UK GDPR).
4.7 Litigation Management
Purposes: management of disputes, complaints, chargebacks, legal proceedings.
Legal basis: legitimate interest of MyNotary to defend its rights (Article 6(1)(f) of the UK GDPR), legal obligation in the event of judicial proceedings.
4.8 Generation of Audit Trail
Purposes: generation of a cryptographic audit trail attesting to the performance of the Service, anchored on the Bitcoin blockchain via our trust services provider (Woleet).
Legal basis: performance of the contract (Article 6(1)(b) of the UK GDPR), legal obligation relating to the probative value of notarial deeds (Article 6(1)(c)).
---
5. Recipients of Your Data and Processors
5.1 Internal Recipients
Your personal data may be accessed by:
(a) members of the MyNotary team strictly necessary for the performance of their duties (technical, operations, support, legal);
(b) Notaries appointed by MyNotary to perform your notarisation Session.
All persons accessing your data are bound by strict confidentiality obligations.
5.2 Processors
We use the following processors, each acting under our instructions and in accordance with the UK GDPR:
| Processor | Location | Function |
|---|---|---|
| Supabase | Ireland (EU) and USA | Hosting of the database, authentication |
| Vercel | USA | Hosting of the Website and frontend infrastructure |
| Stripe | USA, Ireland | Payment processing and fraud detection |
| Persona | USA | Identity verification and biometric checks |
| Daily.co | USA | Video Session platform and recording |
| Woleet | France (EU) | Generation of cryptographic audit trail |
| PostHog | USA | Audience analytics and session recording |
| Sentry | USA | Error monitoring and server-side performance |
| USA | Advertising (Google Ads) and tag management (server-side GTM) | |
| Openapi.com | EU | Qualified electronic signature (eIDAS QES) |
Each processor is contractually bound by appropriate guarantees in accordance with Article 28 of the UK GDPR.
5.3 Third Parties and Authorities
We may share your personal data with:
(a) Competent authorities (tax authorities, judicial authorities, financial intelligence units, regulators) when required by applicable law;
(b) Our professional advisors (lawyers, accountants, auditors), bound by professional secrecy;
(c) Our anti-fraud partners in the event of suspected fraud or abusive chargeback, in accordance with the Cancellation Policy;
(d) Acquirers or successors in the event of a sale, merger, reorganisation, or restructuring transaction of MyNotary, subject to maintaining the level of protection provided by this Privacy Policy.
5.4 No Sale of Data
MyNotary does not sell your personal data to third parties. Sharing with our processors and partners is strictly limited to the purposes set out in this Privacy Policy.
---
6. International Data Transfers
6.1 Transfers Outside the United Kingdom
Some of our processors are located outside the United Kingdom, in particular in the United States and the European Union. Transfers of personal data to these jurisdictions are subject to appropriate guarantees:
(a) United Kingdom adequacy decisions (where applicable), in particular for transfers to the European Union;
(b) Standard contractual clauses approved by the Information Commissioner's Office (ICO) for transfers to other jurisdictions;
(c) UK Extension of the Data Privacy Framework for transfers to the United States to certified organisations;
(d) Additional technical measures (encryption, pseudonymisation, access restrictions) to strengthen the protection of transferred data.
6.2 Information on Guarantees
You may request a copy of the guarantees implemented for international transfers by contacting us at support@mynotary.io.
---
7. Data Retention Periods
We retain your personal data only for the time necessary for the purposes for which they were collected, in compliance with our legal obligations.
7.1 Retention Schedule
| Category of data | Retention period | Reason |
|---|---|---|
| Account data | Duration of the account + 3 years | Customer relationship management |
| Identity documents and KYC data | 5 years after the end of the business relationship | AML/CTF obligation |
| Notarised documents | 12 years from the date of execution | UK archiving obligations |
| Notarial audit trail (Woleet) | 12 years from the date of execution | Probative value and legal obligation |
| Video recordings of Sessions | 7 years from the date of the Session | Evidence of consent and identity |
| Payment data | 7 years from the transaction | UK tax and accounting obligations |
| Communications with support | 3 years from the last contact | Customer relationship management |
| Analytics data | 24 months maximum | Performance analysis |
| Marketing data | Until withdrawal of consent or 3 years of inactivity | Commercial relationship |
| Cookies | See the Cookie Policy | According to the type of cookie |
| Dispute and chargeback data | 5 years from resolution | Defence of MyNotary's rights |
7.2 Anonymisation
At the end of the retention period, your personal data are either deleted or anonymised in an irreversible manner. Anonymised data may be retained without time limit for statistical and Service improvement purposes.
---
8. Your Rights
In accordance with the UK GDPR, you have the following rights regarding your personal data:
8.1 Right of Access
You have the right to obtain confirmation that your data are being processed and to receive a copy of the data we hold about you, free of charge for the first request.
8.2 Right to Rectification
You have the right to obtain the rectification of inaccurate or incomplete data without delay.
8.3 Right to Erasure (Right to Be Forgotten)
You have the right to request the deletion of your data in certain circumstances. This right is however limited by our legal obligations to retain certain data (in particular notarised documents, KYC data, and accounting data).
8.4 Right to Restriction of Processing
You have the right to request the restriction of the processing of your data in certain circumstances, in particular if you contest the accuracy of the data or if you object to the processing.
8.5 Right to Data Portability
You have the right to receive the data you have provided to us in a structured, commonly used, and machine-readable format, and to transmit them to another data controller.
8.6 Right to Object
You have the right to object at any time, on grounds relating to your particular situation, to processing based on our legitimate interest. You may also object at any time to the processing of your data for direct marketing purposes, without any reason.
8.7 Right Not to Be Subject to Automated Decisions
You have the right not to be subject to a decision based solely on automated processing producing legal effects concerning you. Our automated processing (in particular identity verification by Persona and fraud detection by Stripe Radar) systematically includes the possibility of human review on request.
8.8 Right to Withdraw Consent
When the processing is based on your consent, you may withdraw it at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
8.9 Right to Lodge a Complaint
You have the right to lodge a complaint with the competent supervisory authority (see section 14).
8.10 How to Exercise Your Rights
To exercise your rights, you may contact us:
Email: support@mynotary.io
Subject: "Exercise of UK GDPR Rights"
We will respond to your request within 30 calendar days, which may be extended by 60 days for complex requests. We may ask you for additional information to verify your identity before processing your request.
---
9. Data Security
9.1 Technical and Organisational Measures
We implement appropriate technical and organisational measures to protect your personal data, including:
(a) Encryption of data in transit (TLS 1.3) and at rest (AES-256);
(b) Strict access control based on the principle of least privilege;
(c) Multi-factor authentication for accesses to internal systems;
(d) Continuous monitoring of access logs and detection of intrusion attempts;
(e) Encrypted and isolated backups carried out regularly;
(f) Awareness training of our staff on the protection of personal data;
(g) Regular audits of our systems and processes;
(h) Incident response plan documented and tested.
9.2 Data Breach
In the event of a personal data breach likely to result in a high risk to your rights and freedoms, we will inform you without undue delay, in accordance with Articles 33 and 34 of the UK GDPR.
---
10. Cookies and Similar Technologies
The use of cookies and similar technologies on our Website is governed by our Cookie Policy, which forms an integral part of this Privacy Policy.
---
11. Minors
The Service is intended exclusively for persons aged 18 and over. We do not knowingly collect personal data of minors. If you believe that a minor has provided us with their personal data, please contact us at support@mynotary.io so that we can take appropriate measures.
---
12. Automated Decision-Making
12.1 Identity Verification
Our identity verification process, performed by Persona, includes automated decision-making elements (verification of the authenticity of identity documents, biometric matching, fraud detection).
(a) Logic involved: automated comparison between the photograph of the identity document, the facial scan provided, and authenticity verification algorithms;
(b) Consequences: in the event of automated rejection, the Service cannot be provided. You may request a human review by contacting us at support@mynotary.io;
(c) Your rights: you have the right to obtain human intervention, to express your point of view, and to contest the decision.
12.2 Fraud Detection
We use Stripe Radar to detect fraudulent transactions. This system may automatically refuse a transaction considered suspicious.
(a) Logic involved: analysis of multiple risk indicators (transaction history, geolocation, device, behaviour);
(b) Consequences: in the event of automated rejection, the Order is not validated and the payment is not collected;
(c) Your rights: you may contact us to request a manual review of your file.
---
13. Modification of the Privacy Policy
MyNotary reserves the right to modify this Privacy Policy at any time. The version applicable is the version published on the Website on the date of your visit.
In the event of substantial modification (in particular new purpose of processing, new processor, new category of recipients), we will inform you by email or by a notice on the Website at least 30 days before the modification comes into effect.
You are invited to consult this Privacy Policy regularly to keep informed of any changes.
---
14. Contact and Complaints
14.1 Contact MyNotary
For any question, request, or complaint relating to the processing of your personal data:
MyNotary
Email: support@mynotary.io
Website: uk.mynotary.io
Response guaranteed within 30 calendar days, in accordance with the UK GDPR.
14.2 Right to Lodge a Complaint with a Supervisory Authority
If you consider that the processing of your personal data does not comply with applicable regulations, you have the right to lodge a complaint with the competent supervisory authority.
As MyNotary is a French company offering services to clients in the United Kingdom, you may lodge a complaint with either:
Commission Nationale de l'Informatique et des Libertés (CNIL) (French supervisory authority)
3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France
Tel: +33 1 53 73 22 22
Website: [cnil.fr](https://www.cnil.fr)
or
Information Commissioner's Office (ICO) (UK supervisory authority)
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, United Kingdom
Tel: 0303 123 1113
Website: [ico.org.uk](https://ico.org.uk)
If you reside in another jurisdiction, you may also lodge a complaint with the supervisory authority of your country of residence.
14.3 Amicable Resolution
Before lodging a complaint with a supervisory authority, we encourage you to contact us directly so that we can attempt to resolve your concerns amicably.
---
15. Specific Provisions Relating to Notarial Activity
15.1 Professional Secrecy
Notaries appointed by MyNotary are bound by strict professional secrecy under their professional rules. The personal data and documents transmitted in the context of a notarisation Session are protected by this secrecy, subject to the legal exceptions provided (in particular declaration of suspicion in the context of AML/CTF).
15.2 Notarial Archiving
The notarised documents and their associated audit trail are archived in accordance with the legal obligations applicable to notarial activity in the United Kingdom. These archives may be communicated to the competent authorities upon request and in accordance with applicable procedures.
15.3 Notarial Audit Trail (Woleet)
The cryptographic audit trail generated by Woleet is anchored on the Bitcoin blockchain. This anchoring takes the form of a cryptographic hash (irreversible fingerprint) of the document and metadata, and does not allow your personal data or the content of your document to be reconstructed from the blockchain. This processing complies with the principles of data minimisation and irreversibility within the meaning of the UK GDPR.
Last updated: