Privacy Policy

1. Introduction

GFIRS (“GFIRS”, “we”, “us”, “our”) is committed to protecting and respecting your privacy.

GFIRS operates through two legal entities:

  • GFIRS C.I.C. – Community Interest Company (Mission Arm)

  • GFIRS Intelligence Ventures Limited – Private Limited Company (Technology & Venture Arm)

Together, these entities operate the GFIRS platform, marketplace, rating engine, advisory services, due diligence services, and market intelligence services.

This Privacy Policy explains how we collect, use, process, store, and protect personal data when you:

  • Visit our website

  • Register for an account

  • Use our rating or advisory services

  • Participate as a Founder, Investor, or Partner

  • Engage with us via email, events, or community programmes

2. Who We Are (Data Controller)

For the purposes of data protection law, the relevant GFIRS entity acting as Data Controller depends on the service being provided:

  • Mission-driven programmes and ecosystem support → GFIRS C.I.C.

  • Platform services, ratings, due diligence, data intelligence, and commercial services → GFIRS Intelligence Ventures Limited

Contact:
Email: info@gfirs.com

3. Information We Collect

We may collect and process the following categories of data:

3.1 Personal Information

  • Name

  • Email address

  • Phone number

  • Job title

  • Company name

  • LinkedIn or professional profile

  • Government-issued identification (for verification)

3.2 Company & Business Information

  • Corporate registration documents

  • Shareholding structure

  • Cap table

  • Financial statements

  • Customer contracts

  • Revenue data

  • Impact metrics

  • Governance documentation

3.3 Technical Information

  • IP address

  • Browser type and version

  • Device information

  • Usage analytics

  • Cookies and tracking data

3.4 Due Diligence & Verification Data

  • KYB (Know Your Business) documentation

  • Ownership and beneficial ownership data

  • Legal compliance checks

  • Risk indicators and audit findings

4. How We Use Your Information

We use data to:

Platform Operations

  • Create and manage user accounts

  • Generate GFIRS Ratings (GFI Score)

  • Produce GFI Scorecards

  • Enable Founder–Investor matching

Advisory & Due Diligence

  • Conduct governance and financial assessments

  • Perform KYB checks

  • Produce risk reports

  • Verify operational claims

Market Intelligence

  • Aggregate anonymised data

  • Produce sector reports

  • Generate ecosystem benchmarking insights

Legal & Compliance

  • Comply with regulatory obligations

  • Prevent fraud and financial crime

  • Enforce our Terms and Conditions

5. Legal Basis for Processing

We process personal data based on:

  • Contractual necessity (to deliver services)

  • Legitimate interests (platform security, risk management, analytics)

  • Legal obligations (anti-money laundering, fraud prevention)

  • Consent (where required for marketing communications)

6. Data Sharing

We may share data with:

  • Investors (where Founder consent is provided)

  • Verification and compliance providers

  • Professional advisers (legal, accounting, audit)

  • Regulatory authorities where legally required

  • Technology vendors and hosting providers

We do not sell personal data.

Anonymised and aggregated data may be used for research and market intelligence reporting.

7. International Transfers

As we operate in frontier and global markets, your data may be transferred outside your country of residence. Where this occurs, we ensure appropriate safeguards are implemented in line with applicable data protection laws.

8. Data Retention

We retain data only as long as necessary to:

  • Provide services

  • Comply with legal obligations

  • Resolve disputes

  • Maintain accurate historical rating records

Due diligence and compliance records may be retained longer where required by law.

9. Data Security

We implement:

  • Encryption protocols

  • Secure cloud infrastructure

  • Role-based access controls

  • Audit logging

  • Confidentiality agreements

While we take reasonable steps to protect data, no system can guarantee absolute security.

10. Your Rights

Subject to applicable law, you may have the right to:

  • Access your personal data

  • Correct inaccurate information

  • Request deletion

  • Restrict processing

  • Object to processing

  • Request data portability

  • Withdraw consent (where applicable)

Requests can be made to: [Insert Contact Email]

11. Cookies

We use cookies to:

  • Improve website performance

  • Analyse traffic

  • Enhance user experience

You can manage cookie preferences through your browser settings.

12. Children’s Data

Our services are not intended for individuals under 18. We do not knowingly collect data from minors.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Updates will be posted on our website with a revised effective date.