AI Icon Chat with our AI
Let's talk

DCM | Privacy Policy

Privacy Policy

Last updated: 17 February 2026

This Privacy Policy (“Policy”) explains how DCM CORP LIMITED (“DCM,” “we,” “company” or “us”) collects, uses, discloses, and safeguards personal data of:

  • visitors and users of our website https://dcm.systems/, other DCM-branded websites, and all related pages (collectively, the “Website”);
  • individuals who contact us via the Website (e.g., through forms, newsletters, or enquiries);
  • prospective clients or business partners who interact with us through the Website; and
  • candidates applying for roles with us as part of our recruitment process;

(hereinafter also referred to as “you”, “your”)

This Policy also gives you information about the legal rights that you have in respect of your personal data.

We take your privacy seriously and will use your personal data only for the purposes and legal bases of collecting and processing your personal data on the terms specified below.

1. What is Personal Data?

“Personal data” means any information relating to an identified or identifiable natural person; an identifiable natural person can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Other terms used in this Policy have the same meaning as in United Kingdom General Data Protection Regulation (UK GDPR).

You can read more about what constitutes personal data on the Information Commissioner’s Office (ICO) website at https://ico.org.uk.

2. What data do we collect?

We may collect and process different categories of personal data depending on how you interact with us, including:

  • Identification and contact details: such as your name, email address, phone number, organisation/institution, and your role or position.
  • Application or recruitment-related information: if you submit an application, apply for a role, or otherwise engage with us, we may collect information included in your application form, CV, project description, proposed timeline, team expertise, expected outcomes and impact, correspondence, or any files you submit.
  • Technical and usage information: when you visit our website, we may automatically collect information such as your IP address, domain name, the website that referred you to us, your browser type and version, operating system, and other technical identifiers. This data may qualify as personal data under the UK GDPR, as it can be linked to you indirectly. We use it to ensure the security and proper functioning of our website and to understand how our services are used.
  • Marketing preferences and consent records: where relevant, records of your preferences, opt-ins, and opt-outs for marketing communications.
  • AI assistant interaction data: if you use our website AI assistant, we may process the content of your messages and related technical information, such as timestamps, device/browser data, and usage metadata, to respond to your queries, improve the assistant, maintain security, and keep appropriate records.

3. How do we collect your data?

You directly provide us with most of the data we collect.

We collect personal data in several ways:

Directly from you:

  • When you fill in application forms, contact forms, or subscribe to newsletters;
  • When you voluntarily provide feedback, complete surveys, or communicate with us via email or other channels;
  • When you apply for a role or otherwise engage with our programmes or initiatives offered via our Website, or services;
  • When you submit questions or other information through our website AI assistant.

Automatically:

  • When you visit or interact with our Website, we may automatically collect certain technical information through cookies, web analytics tools, or similar technologies. This includes your IP address, domain name, the website that referred you to our Website, browser type and version, operating system, and other technical identifiers.

From third parties:

  • Where applicable, we may receive personal data from: 
    • background check providers and recruitment agencies;
    • professional referees and references you have provided;
    • publicly available sources (such as professional networks, company websites);
    • business partners or clients who refer you to our services;
    • regulatory or professional bodies (for verification purposes).

We use this information to provide and improve our services, ensure the security and proper functioning of our Website, manage applications and other engagement requests, and comply with legal obligations.

4. Why do we collect your data?

DCM collects and uses your personal data when required for specific, lawful purposes.

These purposes include:

  • to provide and manage professional services to our customers, prospective customers, business partners, and vendors;
  • to comply with applicable legal, regulatory, or contractual obligations;
  • to maintain contracts and agreements, and records related to interactions with our customers, prospective customers, and vendors;
  • to monitor, maintain, and secure our IT systems and infrastructure;
  • to identify potential organisations or individuals who may benefit from our services and to communicate relevant information about our offerings;
  • to perform data analytics to improve our services, operations, and offerings;
  • to provide AI-assisted responses to questions about DCM, our services, and related information available on our Website or in our approved business materials. The AI assistant is intended to provide general information about DCM and our services. It is not designed to provide quotations, pricing information, or legally binding advice. ;
  • to communicate with you about our services, industry insights, newsletters, and other relevant information that may be of interest to you, based on either your consent or our legitimate interests where you are an existing client or have enquired about our services. We may send you marketing communications including: Information about our services and updates; Industry insights and newsletters; Invitations to events or webinars; Other relevant business communications. We send marketing communications in accordance with applicable data protection and electronic marketing laws, and you can opt out at any time.

Additionally, we may process your personal data:

  • where exceptionally necessary to protect someone’s vital interests; or
  • where otherwise permitted or required by applicable law.

If we change the purposes of processing specified above, we will inform you of such changes before using your personal data within the newly set purposes. Where required by law, we will obtain your consent for any new processing that is not compatible with the original purposes.

If you do not provide personal data that is necessary for us to respond to your enquiry, assess an application, or enter into a contract with you, we may be unable to do so.

5. Who is responsible for the personal data?

We are the controller and are ultimately responsible for any personal data which has been collected by us or on our behalf.

6. The lawful basis of the processing

In accordance with UK GDPR, we can only collect and use your personal data if we have a lawful basis to do so. Depending on the type of data and the purpose of processing, we rely on one or more of the following lawful bases:

  • Performance of a contract: When it is necessary to provide our services, manage requests or orders, or perform agreements with you, customers, prospective clients, or business partners.
  • Compliance with a legal obligation: Where processing is required to meet statutory or regulatory requirements, including tax, accounting, AML, sanctions, or other legal obligations.
  • Legitimate interests: We rely on legitimate interests where we have a genuine business need that does not override your rights and freedoms. Our legitimate interests include:
    • Website security and IT protection: Monitoring for cyber threats, preventing fraud, and maintaining system integrity. We consider this necessary for protecting both our business and your data. 
    • Service improvement: Analysing website usage patterns to enhance user experience and develop better services. We use aggregated, non-personal data where possible. 
    • Business development: Identifying potential clients who may benefit from our services and communicating relevant information to existing clients and those who have expressed interest. We only contact individuals with a genuine business connection. 
    • Internal operations: Managing our business effectively, including record-keeping and regulatory compliance. 
    • Operating and improving our website AI assistant to help users find relevant information about DCM and navigate our services more efficiently.

We have balanced these interests against your privacy rights and implement appropriate safeguards.

  • Consent:
    • Where you have explicitly agreed, for example, to receive marketing communications, participate in surveys, or share personal data with our partners for referrals.
    • You may withdraw your consent at any time without affecting the lawfulness of processing before withdrawal.

This lawful basis framework ensures that all processing of personal data on our website and in connection with our services is lawful, transparent, and respects your rights under the UK GDPR.

7. Who do we share your personal data with?

We do not sell your personal data to third parties. However, in order to operate our business, deliver our services, and meet our legal obligations, we may share your personal data with the following categories of recipients:

  • Service providers and business partners: Companies that support our operations, such as hosting providers, IT and cloud services, analytics providers (e.g. Google Analytics),, communication tools, AI service providers, ,and other suppliers who process data on our behalf.
  • Professional advisors: Including lawyers, auditors, accountants, consultants, or insurers where necessary to obtain professional advice or manage business risks.
  • Regulators, authorities, and law enforcement:  Where required by law or regulation, including HM Revenue & Customs, ICO, or other public bodies.
  • Corporate transactions: In the event of a merger, restructuring, sale, or transfer of our business or assets, your personal data may be shared with potential buyers, investors, or other relevant parties, subject to confidentiality obligations.
  • Referral or recruitment partners (if applicable):  Where you have asked us to share your details (for example, in connection with a referral or application process).

We require all third parties to respect the security of your personal data, use it only for specified purposes, and comply with applicable data protection laws.

8. Is the personal data shared internationally?

Your personal data is primarily processed in the United Kingdom and, where relevant, the EEA or other jurisdictions in which our service providers operate, subject to appropriate safeguards under UK GDPR.

We may transfer your personal data internationally in the following circumstances: 

  • to provide and deliver our services;
  • to operate and maintain our IT infrastructure and systems;
  • to comply with legal and regulatory obligations;
  • to protect our legitimate business interests;
  • where necessary for security, backup, and disaster recovery.

This may include transfers to cloud, analytics, communication, and AI service providers located outside the United Kingdom, where such providers support the operation, security, maintenance, or improvement of our Website and services. In such cases, we ensure that appropriate safeguards are in place in accordance with UK GDPR.

We may transfer your personal data internationally to: 

  • European Economic Area (EEA): The UK recognises the EEA as providing adequate protection under UK GDPR.
  • United States: Where our service providers are located (e.g., cloud hosting, analytics). Where applicable, we rely on the UK Extension to the EU–US Data Privacy Framework for transfers to certified US organisations. For other US transfers, we use the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses (SCCs) to ensure adequate protection.
  • Other countries: Only where appropriate safeguards are in place, such as the UK IDTA, the UK Addendum to SCCs, or adequacy regulations issued by the UK government.

You can contact us to obtain further details of the specific safeguards applied to international transfers of your personal data.

9. How do we protect your data?

We take appropriate  technical and organisational measures, proportionate to the risks associated with processing, to protect your personal data from accidental loss or destruction, unlawful processing, unauthorised access, or misuse.

Our measures include:

  • restricting access to personal data to individually authorised personnel,
  • technical, administrative, and physical safeguards to secure our IT systems and information,
  • encryption and other protective technologies where appropriate,
  • disaster recovery and backup procedures to ensure availability and integrity, and
  • periodic reviews of our security controls to reflect technological developments and best practices.

All personnel are subject to confidentiality obligations. Any subcontractors or subprocessors are also bound by confidentiality agreements where this is not already covered by the main contract.

While no security measure can guarantee absolute protection, we regularly assess and update our safeguards to help ensure your personal data remains secure.

10. How long do we store your data?

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to meet any legal, regulatory, tax, accounting, or reporting obligations.

When determining the appropriate retention period, we take into account:

  • the amount, nature, and sensitivity of the personal data,
  • the potential risk of harm from unauthorised use or disclosure,
  • the purposes for which we process the data and whether these can be achieved through other means, and
  • applicable legal, regulatory, or contractual requirements.

In general:

  • Contact and communication records – retained for the duration of our agreement with your company and up to 6 years after termination.
  • Access logs and credentials – retained for the duration of the account and up to 1 year after deactivation.
  • Financial and transaction records – retained for at least 6 years following termination, to comply with tax and accounting obligations.
  • Application and recruitment data – CV, application forms, and related correspondence retained for 12 months after the recruitment process concludes, unless you consent to longer retention for future opportunities. 
  • Website analytics data: retained for up to 14 months, unless a shorter period applies under our analytics configuration or cookie settings. 
  • Marketing communications: retained until you unsubscribe, withdraw consent, or after 24 months of inactivity, unless a longer period is required by law;
  • AI assistant interaction records: retained for up to 12 months, unless a shorter period applies, or longer retention is required for security, legal claims, or compliance purposes.

Data will be securely deleted or anonymised after these periods, unless a longer retention period is required by law or is necessary for the establishment, exercise, or defence of legal claims.

In some circumstances, we may anonymise your personal data (so it no longer identifies you) for research, analytical, or statistical purposes. In such cases, we may use this information indefinitely without further notice to you.

11. Your legal rights & how they can be exercised

You have several rights set out under data protection laws in relation to your personal data. You have the right to:

  • Request access
    This is usually referred to as a “subject data request” and allows you to receive a copy of the personal data we hold about you and verify that we are processing it lawfully.
  • Request correction
    You can request correction of the personal data we hold about you. This allows you to have incomplete or inaccurate data corrected, although we may need to verify the accuracy of the new information you provide.
  • Have your data erased
    You can request erasure of your personal data under certain circumstances. This allows you to ask us to delete or remove personal data where there is no valid reason for us to continue processing it. You also have the right to request erasure if you have successfully objected to processing, if we have processed your data unlawfully, or if we are required to erase your data to comply with local laws. Note that we may not always be able to comply with your erasure request for specific legal reasons, which will be communicated to you at the time of your request.
  • Object to your personal data being processed
    You can object to the processing of your personal data where we rely on a legitimate interest (or those of a third party) as the legal basis for using your data, including for profiling purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information that override your objection rights. You also have an absolute right to object to the processing of your personal data for direct marketing purposes at any time.
  • Request that your data be transferred
    You can request the transfer of your personal data to yourself or a third party. 
  • Withdraw consent
    You can withdraw your consent at any time when we rely on consent to process your personal data – i.e. in relation to sharing your data with our referral partners. Withdrawing consent does not affect the lawfulness of any processing carried out before you withdraw it. If you withdraw your consent, we may not be able to provide certain products or services to you, and we will inform you if this is the case at the time of your withdrawal.
  • Restrict the processing of your data
    You can request restriction or suspension of processing of your personal data in the following circumstances:
    • you would like us to verify the data’s accuracy;
    • our use of the data is unlawful, but you do not want it erased;
    • you need us to hold the data even if we no longer require it, as you need it to establish, exercise, or defend legal claims; or
    • you have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.

Your marketing rights:

    • You can opt out of marketing communications at any time by clicking the ‘unsubscribe’ link in any email or by contacting us directly;
    • You can specify which types of communications you wish to receive;
    • Opting out of marketing will not affect essential service-related communications necessary for our business relationship;
    • We will not share your personal data with third parties for their own marketing purposes without your explicit consent.

How to Exercise Your Rights and Submit a Subject Access Request (SAR):

If you wish to exercise any of your rights, including your right of access (Subject Access Request – SAR), please contact us using the details provided in Section 16 of this Policy.

Submission channels: You may submit your request by email to privacy@dcm.systems or by post to our registered address. For your convenience, we can provide a standard request form, although its use is not mandatory.

Identity verification: To protect personal data, we may need to verify your identity before we can act on your request. This may involve asking you to provide additional information, such as proof of identity or details already held by us. Any verification data will be used solely for this purpose and deleted once verification is complete.

Fees: You will not have to pay a fee to exercise your rights. However, we may charge a reasonable fee or refuse to comply if your request is clearly unfounded, repetitive, or excessive.

Response time: We aim to respond to all legitimate requests within one month of receipt. If your request is complex or you have made multiple requests, we may extend this period by up to two further months. If an extension is necessary, we will inform you within the first month and explain the reasons.

Limitations: In certain cases, we may refuse to comply with your request if it is manifestly unfounded, excessive, or if compliance would conflict with applicable law. If we refuse your request, we will explain the reasons and inform you of your right to complain to the ICO.

12. Automated Decision-Making and Profiling

We do not use your personal data for automated decision-making or profiling that would have legal or similarly significant effects on you. 

We do use automated analytics tools (such as Google Analytics) to analyse website usage and improve our services. This processing does not create individual profiles that affect your rights or access to services.

We use AI-assisted tools on our Website to respond to user questions about DCM and our services. These tools are designed to provide informational support only and are not used to make decisions about individuals that produce legal or similarly significant effects. AI-generated responses may be incomplete, inaccurate, or out of date and should not be relied on as the sole basis for important decisions. If you need confirmation of important information, or a formal or binding response, please contact us directly using the contact details provided in this Policy.

If we introduce automated decision-making with significant effects in future, we will inform you beforehand, explain the logic involved, and provide details of your right to human intervention.

13. Cookies

We use cookies to improve your experience. For more details, see our Cookie Policy .

14. Third-party links on the website

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We have no control over these third-party websites and are not responsible for their privacy policies. When you leave our website, you should ensure that you read the privacy policy of every website you visit.

15. Changes to this Policy

We may amend or update this Policy from time to time. Please check this page regularly for updates.

16. Contact Information

If you have any questions about the Policy or your data being processed by us, or would like to exercise your legal rights, you are welcome to contact us:
Email: privacy@dcm.systems
Phone: +44 20 4577 1963
Address for written correspondence: 

20 Wenlock Road, London, England, N1 7GU

You also have the right to complain to the ICO in the UK (as the UK’s data protection regulator). Please visit the ICO’s website for further information on how to make a complaint.

If you have any security concerns or would like to report a security issue, you are welcome to contact our security / compliance team:

Email: security@dcm.com

DCM

Side-core platform

Grants

About us
Insights

Solutions

Payment Messaging Platform

Tokenized deposits

Clearing & Settlement

Payments for business

CBDC

Sandbox

Cookie Policy

Privacy Policy

Subsidiaries

Subscribe to the DCM newsletter

For details on how we process your personal data, please review our Privacy Policy.

Follow us

Security Badges
NIST CSF
★ INFORMATION SECURITY MANAGEMENT ★ ISO/IEC 27001
OWASP

info@dcm.systems

20 Wenlock Road,
London, England, N1 7GU

DCM CORP LIMITED is a company incorporated in England and Wales and operates as a software development and SaaS solutions provider.

DCM designs, develops, and licenses software products and provides related technical and support services.

DCM does not provide financial services, payment services, banking services, investment services, custodial services, crypto-asset services, virtual asset services, or any other regulated activities within the meaning of applicable financial services legislation in the United Kingdom or any other jurisdiction.

DCM does not act as a financial institution, payment institution, electronic money institution, investment firm, crypto-asset service provider, virtual asset service provider (VASP), custodian, broker, exchange, or intermediary of any kind.

Any regulated financial activities are carried out solely by our clients or by appropriately licensed third-party partners in accordance with applicable laws and regulatory requirements. DCM does not hold client funds, control digital assets, execute transactions on behalf of end users, or provide financial advice.

Nothing on this website constitutes financial advice, investment advice, legal advice, or an offer, solicitation, or arrangement of regulated financial services.

DCM processes personal data in accordance with the requirements of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. For further information on how we collect, use, and protect personal data, please refer to our Privacy Policy. available on this website.

Tap into the future of payments

Tap into the future of payments