Skip to main content

Emerald Privacy Policy

Here you can find all the information regarding the Personal Data Processing principles of Legex Ltd company. The objective of Legex Ltd is to be a reliable partner that will respect your rights in the processing of Personal Data.

Our contact details

Name: LEGEX LTD ("us", "we", or "our")

Address: 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ

Company number: 15018265

E-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

1. Definitions

Definitions provide the meanings of the words and expressions that are capitalised and used frequently in this Privacy Policy.

Data Subject is a natural person about whom Legex has got information or data enabling to identify the natural person. Data Subjects are, for example, the Clients or their representatives, Visitors and cooperation partners, as well as the employees or other related persons of the above mentioned who are natural persons and whose personal data are held by Legex.
Privacy Policy is this text which sets out the principles for Personal Data Processing by Legex.
Personal Data is any information concerning an identified or identifiable natural person.
Personal Data Processing is any operation or set of operations which is performed on the Personal Data of a Data Subject, such as collection, recording, organisation, structuring, storage, alteration and disclosure, enabling an access to, retrieval, consultation, use, transmission, cross-checks, alignment or combination, restriction, erasure or destruction of Personal Data, irrespective of the manner of performing these operations or the means exploited.
Client is any legal person that uses or has expressed a desire to use the Services of Legex.
Agreement is the Terms and Conditions of Services (found at, or any other agreement entered into between Legex and the Client.
Website means the website of Legex:
Software is the integrated cloud computing solution for providing the Legex Products, including mobile applications, software, hardware, databases, interfaces, associated media, documentation, updates, new releases and other components or materials provided therewith.
Visitor is any person using the Website of Legex.
Services are any services and products offered by Legex.
Cookies are the data files sometimes recorded in the device of a Visitor of the Website.
Data Protection Officer of Legex is the person who monitors the implementation of the Personal Data Processing principles of Legex and who can be contacted by the Data Subject in case of a complaint.
Client Account is the user account of the Client which primarily provides access to the digital products of Legex and through which the Clients identify themselves.

The above words and expressions are used in the meanings set out above in the Privacy Policy, Agreement and in the communication between the parties.

2. Introduction

We own and operate the website at and (the “Websites”) and its content, where we collect and process particular personal data in order to be able provide you our services via Websites (the "Services").

It is important that you know exactly what we do with the personal data you make available to us, why we collect it and what it means for you. This document outlines our approach to Data Privacy to fulfil our obligations under the UK GDPR (UK General Data Protection Regulation 2021) and DPA (Data Protection Act 2018).

This Privacy Policy describes our approach regarding the collection, use, and disclosure of personal data when you use our Services and the choices you have associated with that data.

We use your data to provide and improve the Services. By using the Services, you agree to the collection and use of information in accordance with this Policy. Unless otherwise defined in this Policy, terms used in this Policy have the same meanings as in our Terms and Conditions.

Our Services do not address anyone under the age of 18 ("Children"). We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Children has provided us with personal data, please contact us. If we become aware that we have collected personal data from children without verification of parental consent, we’ll take steps to remove that information from our servers.

Our Services may contain links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third party’s site. We strongly advise you to review the privacy policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

We may also collect information how the Services are accessed and used ("Usage Data"). This Usage Data may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Services that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

For the use of “Cookies” please refer to our Cookies Policy available at: [website address].

3. The type of personal information we collect

We collect and process different types of information for various purposes to provide and improve our Services to you. The personal data we would like to collect from you may include, but is not limited to:

  • First Name and Surname;
  • Place and date of birth;
  • Tax residency (tax payer number and country);
  • Email address;
  • Telephone number;
  • Address;
  • Data gained from your identity documents, including your personal ID number;
  • Information on source of income;
  • Other personal information such as telephone recordings; security questions, user ID;
  • Log-in credentials and data;
  • Biometrical data (during verification process);
  • Answers to requests and surveys;
  • Information about your finances, that includes bank accounts you have and details of transactions you made, in particular, we also get your transaction data from EMERALD24 (see below).

4. How we get the personal information and why we have it

Most of the personal information we process is provided to us directly by you for one of the following reasons:

  • to provide and maintain the Services;
  • to verify your identity;
  • to notify you about changes to our Services;
  • to allow you to participate in interactive features of our Services when you choose to do so;
  • to provide customer care and support;
  • to provide analysis or valuable information so that we can improve the Services;
  • to monitor the usage of the Services;
  • to detect, prevent and address technical issues;
  • to comply with our legal obligations for prevention of fraud, money laundering, counter terrorist financing and misuse of the Services;
  • where requested by law enforcement for investigation of crime.

5. Use of personal information

The personal data we collect from you is used for, but not limited to:

  • providing the Services, including your account set up and its administration;
  • personalisation of content, business information and user experience;
  • delivering marketing and events communication;
  • carrying out polls and surveys;
  • internal research and development purposes;
  • legal obligations (e.g. prevention of fraud);
  • meeting internal audit requirements

6. Transfer of the information

Your information, including personal data, may be transferred, and maintained outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those in your jurisdiction.

If you are located outside of the UK and choose to provide information to us, please note that we may transfer the data and process it outside the UK. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your personal data will take place to an organisation or a country unless there are adequate controls in place including the security of your data and other personal information.

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

We also may disclose your personal data in the good faith belief that such action is necessary to:

  • comply with a legal obligation;
  • protect and defend the rights or property of us;
  • prevent or investigate possible wrongdoing in connection with the Services;
  • protect the personal safety of users of the Services or the public;
  • protect against legal liability.

You should be aware that customers who, via our Websites, have requested account opening and have been assigned with account number in the format GBxxEMFGxxxxxxxxxxxxxx although are still going to access and receive the services through Websites, the electronic money issuance and/or payment services will be provided by our business partner and service provider – EMERALD FINANCIAL GROUP (UK) LTD (the “EMERALD24). EMERALD24 is incorporated and registered in England & Wales with company number 11557885, with its head office at Hamilton House, 1 Temple Avenue, London, United Kingdom, EC4Y 0HA. EMERALD24 is registered with the Information Commissioner’s Office (ICO) reference number ZA553246.

As the result EMERALD24 shall gain access to and will use your personal data. Such data includes, but not limited to your transactions and other operations, payment card data and transactions, log-in data and communications.

In respect to Services provided in cooperation with EMERLAD24, we are the data processor and EMERALD24 is the data controller. Where “processor” is responsible for processing personal data on behalf of a controller, and “controller” in turn determines the purposes and means of processing personal data.

Your data at EMERELAD24 will be processed according to their Privacy Policy available at

We may use third-party Service Providers to monitor and analyse the use of our Services, such as Google Analytics.

Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Services. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.

You can opt-out of having made your activity on the Services available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity.

7. Grounds for processing of personal data

Under the UK GDPR, the lawful bases we rely on for processing this information are:

  • your consent. You are able to remove your consent at any time. You can do this by contacting us;
  • we have a contractual obligation;
  • we have a legal obligation;
  • we have a legitimate interest.

8. How we store your personal information

Your information is securely stored. We use trusted cloud and data storage service providers. Access to personal data is divided and assigned only to particular employees according to their job responsibilities. Where possible we apply data encryption.

The security of your data is important to us but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

We may employ third party companies and individuals to facilitate our Services, to provide the Services on our behalf, to perform Service-related services or to assist us in analysing how our Services are used.

These third parties have access to your personal data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

We will keep your personal data not more than 5 years either from the moment a) you have been rejected to open an account, or b) business relationship with you is terminated, except in cases where there is a legal reason to hold it longer (e.g., due to AML reasons, claims, initiated court proceedings).

We will then dispose your information by deleting all data from our servers, except for those that are required to be kept under the regulations.

9. Your data protection rights

Under data protection law, you have rights including:

Your right of access – you have the right to ask us for copies of your personal information.

Your right to rectification – you have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure – you have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing – you have the right to ask us to restrict the processing of your personal information in certain circumstances.

Your right to object to processing – you have the right to object to the processing of your personal information in certain circumstances.

Your right to data portability – you have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. Please contact us if you wish to make a request.

10. How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us.

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address: Information Commissioner’s Office, Wycliffe House, Water Lane Wilmslow, Cheshire, SK9 5AF, UK

Helpline number: 0303 123 1113, ICO website:

11. Changes to this Policy

We may update this Privacy Policy from time to time. When a material changes to this Privacy Policy are made, we will notify you with prominent notice as appropriate under the circumstances (e.g. by displaying a prominent notice on the Websites or by sending you an email).

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on the Websites.

If you have any questions about this Privacy Policy, please contact us using the e-mail address set above.

The Privacy Policy was entered into force on June 23, 2024.