Download our full privacy notice.


  1. Introduction And Definitions
    1. Cor Financial Solutions Limited ("Cor") and its subsidiaries ("we", "our" and "us") are committed to protecting and respecting your privacy.  This notice (along with any contract you have with us) tells you how we process your personal data. If you have questions about correcting or deleting your personal data please refer to sections 7 and 11 below. References in this notice to "data protection law" mean (as applicable) the General Data Protection Regulation (Regulation (EU) 2016/679) and all related data protection legislation having effect in the United Kingdom from time to time.
  2. Our Details
    1. This section gives you the legal name of the company who holds your personal information – known as the ‘legal entity’ – and tells you how you can get in touch with us.
    2. Cor has a number of subsidiaries, whose details are set out below.  We'll let you know which you have a relationship with, when you deal with us or purchase a product or service from us.  The company you have a relationship with will be the company that controls your personal data and "we", "our" or "us" refers to that company.  Details of Cor and its subsidiaries are as follows:
      1. Cor Financial Solutions Limited, a company incorporated in England and Wales under registered number 03251713 whose registered office is at 73 Cornhill, London EC3V 3QQ
      2. BITA Plus Consultants Limited, a company incorporated in England and Wales under registered number 02790333 whose registered office is at 73 Cornhill, London EC3V 3QQ
      3. COR STP Solutions Limited, a company incorporated in England and Wales under registered number 04708688 whose registered office is at 73 Cornhill, London EC3V 3QQ
      4. COR Intelligent Banking Solutions Limited, a company incorporated in England and Wales under registered number 04411313 whose registered office is at 73 Cornhill, London EC3V 3QQ
      5. COR Technology Services Limited, a company incorporated in England and Wales under registered number 04448934 whose registered office is at 73 Cornhill, London EC3V 3QQ
      6. Integra SP Limited, a company incorporated in England and Wales under registered number 03926241 whose registered office is at 73 Cornhill, London EC3V 3QQ
      7. COR-IBS, Inc, a company incorporated in Delaware, United States of America under registered number 2901111 whose registered office is at 251 Little Falls Drive, Wilmington, Little Castle, DE 19808, United States of America.
    3. The data protection officer for the group is Jon Glover, Group Network Manager, Cor Financial Solutions Limited 28-30 Cornhill, 2nd floor, London, EC3V 3NF.
    4. The authorized representative of COR-IBS, Inc is COR Financial Solutions Limited.
  3. Which Information Do We Process And For What Reason?
    1. We collect information from customers, prospective customers, consultants and suppliers.  If you are one of these, or you work for one of these, then we may collect some personal information about you.
    2. We usually collect your contact details from you (name, email address, work address and telephone number) when we first make contact with you to discuss entering into an agreement to provide you with our goods and services, or to purchase goods or services from you.  We may collect this information by telephone, email or post.  If you are prospective customer we may occasionally collect information about you from social media or other publicly available source of information.
    3. We will also store emails or other correspondence you send us or that we send you, and notes of telephone conversations that we have with you. We may receive bank details from you, which may include personal information about you.
    4. We will also collect information concerning your marketing preferences.
    5. If you are a client of one of our customers, then your personal details may be provided to us in a database created using our software, for support or troubleshooting purposes.  We do not access that data and when we receive databases from our customers for troubleshooting or support, we promptly scrub them to clear them of any personally identifying information about individuals listed in the database.
    6. If you visit our premises, we may collect information about you from CCTV footage recorded at and around our premises.
    7. We process information you give to us for the following purposes:
      1. to carry out our obligations arising from any contracts entered into between you (or the business you work for) and us, including providing service and support;
      2. to invoice you and to manage your (or your employer's) account with us;
      3. to manage and administer any other arrangements between you and us;
      4. to notify you about changes to our services and to otherwise communicate with you; for example, we will use your contact details in order to respond to any queries that you submit to us;
      5. to address any claims made against us; for example, we may share details of our accident logs and CCTV footage with our claims handlers and insurers in connection with any claim made or likely to be made against us.
      6. if you are a supplier, to place orders with you (or the business you work for) and to manage our relationship with you as a supplier of goods or services; and
      7. to keep financial records relating to our business and to comply with our legal obligations.
  4. What Are The Grounds For Processing Your Information?
    1. Under data protection law we are only allowed to process your personal data if we have a legal ground to do so, and we must tell you what those legal grounds are.  We are processing your data on the following grounds:
      1. You have consented to the processing for the purposes stated in section section 3 above. This might apply, for example, where you have asked to be added to our mailing list.
      2. The processing is necessary for the performance of the contract between you and us. This includes where you have instructed us to take some pre-contractual steps (such as sending you information about our products) prior to us formalising the contract. 
      3. We have a legitimate interest in performing the processing and, in accordance with our obligations under data protection law, we have carefully weighed up your interests and fundamental rights and freedoms against our interest to process your information and we are satisfied that we are justified in processing your information for this purpose.  We rely on this ground where, for example:
        1. we have a contract with the business you work for and we have an interest in communicating with you to arrange and/or administer the performance of that contract, keep records of transactions under it, and to enforce our rights or defend claims under it; and
        2. we contact prospective business customers about our products or promoting our business; and
        3. we process personal data to keep our premises safe and secure.
      4. The processing is necessary for us to comply with our legal obligations, including in relation to keeping tax and accounting records.
  5. Duration And Further Processing
    1. We only keep your information for so long as it is reasonably necessary. When setting our data retention periods, we consider the amount, nature, and sensitivity of the information we hold, the potential risk of harm from unauthorised use or disclosure of the information and the purposes for which we process the information (including whether we can achieve those purposes by other means). We also take into account our other legal obligations to keep or securely dispose of personal information.
    2. Generally speaking, we retain your information for the following periods of time:
      1. If you are a supplier or client (or you work for one of our suppliers or clients) for the duration of our contract with you (or the person you work for) and for a period of six years after the end of the contract.
      2. If you are on our marketing database, until you indicate that you no longer wish to hear from us, although if you have not engaged with us for a long time, we may delete you contact details sooner;
    3. If we need to keep your information for a longer period then we will notify you of the reason and grounds for doing so.
  6. Who Is Your Information Shared With?
    1. In order to achieve the purposes set out in section 3 above, we may share your data with the following people or group of people:
      1. We may share personal data with other members of the group of companies of which we form part.
      2. We may share personal data with consultants that we work with to help us provide our services.
      3. Our outsourced IT providers may have access to your personal data on our IT systems if such access is required to enable them to resolve problems with our systems. We control what our IT providers can access and they are subject to strict obligations of confidentiality.
      4. We may provide personal data to our legal advisers or other professional advisers, if necessary to defend claims, protect our rights, or receive advice on compliance with the law.  Such transfers will be protected by confidentiality obligations owed by our advisers.
      5. If the situation should ever arise that we sell our business, we may share personal data with potential purchasers of our business, subject to those persons entering into strict confidentiality obligations with us and only to the extent permissible under data protection law.
    2. Other than as set out in the next paragraph, to the best of our knowledge, understanding and belief, your information will not be transferred outside of the European Economic Area or to any country which is not approved by the European Commission. If this changes then we will let you know.
    3. We transfer personal data to COR-IBS, Inc. (one of our group companies) for back up purposes.  This company is based in the United States of America.  We have a binding agreement with each of these companies and that agreement is drafted on standard data protection clauses approved by the European Commission.
  7. Your Rights
    1. Under data protection law you have the following rights:
      1. if we are processing your data on the basis of your consent then you have the right to withdraw that consent at any time. Consent can be withdrawn by notifying us using the details set out in section 12 below. The lawfulness of our historic processing based on your consent will not be retrospectively affected by your withdrawal of consent;
      2. the right to access a copy of your information which we hold. This is called a 'subject access request'. Additional details on how to exercise this right are set out in section 8, below;
      3. the right to prevent us processing your information for direct marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us using the details set out in section 12, below;
      4. the right to object to decisions being made about you by automated means. We will inform you if your information is subject to automated processing;  We do not make automated decisions about you based on your information.
      5. the right to object to us processing your personal information in certain other situations;
      6. the right, in certain circumstances, to have your information rectified, blocked, erased or destroyed if it is inaccurate; and
      7. the right, in certain circumstances, to claim compensation for damages caused by us breaching data protection law.
      8. in certain circumstances, the right to request the information we hold on you in a machine readable format so that you can transfer it to other services.
    2. You also have the general right to complain to us (in the first instance) and to the Information Commissioner's Office (if you are not satisfied by our response) if you have any concerns about how we hold and process your information. Our contact details are set out in section 12, below. The Information Commissioner's Office website is
    3. For further information on your rights under data protection law and how to exercise them, you can contact the Citizens Advice Bureau ( or the Information Commissioner's Office (
  8. Access To Information
    1. Under data protection law you can exercise your right of access by making a written request to receive copies of some of the information we hold on you. You must send us proof of your identity, or proof of authority if making the request on behalf of someone else, before we can supply the information to you. Requests should be sent to us using the contact details in section 12 below.
    2. You will not have to pay a fee unless you are requesting copies of documents you already possess, in which case we may charge our reasonable administrative costs. We will also be allowed to charge you for our reasonable administrative costs in collating and providing you with details of the requested information which we hold about you if your request is clearly unfounded or excessive. In very limited circumstances, we are also entitled to refuse to comply with your request if it is particularly onerous.
  9. Cookies And Site Access Statistics
    1. Our site uses cookies to distinguish you from other users of our site. This helps us to provide you with a good experience when you browse our site and also allows us to improve our site.
    2. Visitors to our site who do not wish to have cookies placed on their computers should set their browsers to refuse cookies before using our site. This will mean that some features of our site may not function properly without the aid of cookies.
    3. The cookies our website uses include the following:


      Google Analytics Tracking

      1st party, Lasts for - 6 months

      This cookie stores the type of referral used by the visitor to reach your site, whether via a direct method, a referring link, a website search, or a campaign such as an ad or an email link. It is used to calculate search engine traffic, ad campaigns and page navigation within your own site. The cookie is updated with each page view to your site


      Google Analytics Tracking

      1st Party Persistent/Lasts for 2 years

      This cookie is typically written to the browser upon the first visit to your site from that web browser. If the cookie has been deleted by the browser operator, and the browser subsequently visits your site, a new __utma cookie is written with a different unique ID. This cookie is used to determine unique visitors to your site and it is updated with each page view. Additionally, this cookie is provided with a unique ID that Google Analytics uses to ensure both the validity and accessibility of the cookie as an extra security measure.


      Google Analytics Tracking

      1st Party Persistent/Lasts for 30 mins

      This cookie is used to establish and continue a user session with your site. When a user views a page on your site, the Google Analytics code attempts to update this cookie. If it does not find the cookie, a new one is written and a new session is established. Each time a user visits a different page on your site, this cookie is updated to expire in 30 minutes, thus continuing a single session for as long as user activity continues within 30-minute intervals. This cookie expires when a user pauses on a page on your site for longer than 30 minutes. You can modify the default length of a user session with the _setSessionCookieTimeout() method.


      Google Analytics Tracking

      1st Party Session

      This cookie is no longer used by the ga.js tracking code to determine session status. Historically, this cookie operated in conjunction with the __utmb cookie to determine whether or not to establish a new session for the user. For backwards compatibility purposes with sites still using the urchin.js tracking code, this cookie will continue to be written and will expire when the user exits the browser. However, if you are debugging your site tracking and you use the ga.js tracking code, you should not interpret the existence of this cookie in relation to a new or expired session

      Access statistics

      We automatically track certain information about you in the course of using our site. This information includes the URL that you came from and the URL you go to next, the browser you are using and your IP address. This information is gathered for systems administration purposes and to report aggregate information to help us to ensure our site reflects our users’ needs and that the high quality of our services is maintained.

  10. Data Security
    1. We will always store your digital information on secure servers. Unfortunately, however, the transmission of information via the internet is not completely secure. Although we will do our best to protect your information, we cannot guarantee the security of your information transmitted to our site or otherwise to our servers (such as by email). Any such transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
  11. Changes To Our Privacy Notice
    1. This notice was last updated in May 2018. Any material changes we may make to our privacy notice in the future will be uploaded to our website and if the change is significant we will send you the updated notice by email.  Please check back frequently to see any updates or changes to our privacy notice.
  12. Contact
    1. Questions, comments and requests regarding this privacy notice are welcomed and should be addressed by email to John Glover at: or by post to Jon Glover, Group Network Manager, Cor Financial Solutions Limited 28-30 Cornhill, 2nd floor, London, EC3V 3NF.