Privacy Policy

1

Data Controller

The data controller responsible for your personal data is:

FXRM Services Ltd

Company Number: 16676788 (registered in England and Wales)
Registered Office: 74 Harwoods Road, Watford, WD18 7RE
ICO Registration: ZB975540
Privacy Contact: privacy@fxrm.com

2

Information We Collect

We collect different types of information depending on how you interact with our services. The categories below outline the personal data we may collect and process.

2.1 Personal Information

When you create an account or purchase our services, we collect:

Full name and contact details (email address, telephone number)
Postal address and billing address
Payment details (credit/debit card information, processed securely via our payment providers)
Company name and VAT number (where applicable)

2.2 Domain Registration Data

As an ICANN-accredited domain registrar, we are required to collect and maintain accurate registrant data, including:

Domain registrant contact details (name, organisation, address, email, telephone)
Administrative and technical contact details
WHOIS/RDAP information as required by ICANN and registry operators

2.3 Technical Data

When you visit our website or use our services, we automatically collect:

IP addresses and approximate geolocation
Browser type, version, and operating system
Server access and error logs
Cookie data and similar tracking technologies
Pages visited, referring URLs, and session duration

3

How We Use Your Information

We use your personal data for the following purposes:

Providing, maintaining, and improving our hosting, email, and domain registration services
Processing payments and managing your billing account
Registering and managing domain names with the relevant registry operators
Fulfilling our obligations as an ICANN-accredited registrar
Responding to customer support enquiries and resolving technical issues
Protecting the security and integrity of our infrastructure and preventing fraud
Complying with legal obligations, including tax, accounting, and law enforcement requirements
Sending service-related communications (e.g. renewal reminders, maintenance notices)

4

Legal Bases for Processing

Under the UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following bases depending on the nature of the processing:

Contract Performance

Processing that is necessary for the performance of our contract with you, including delivering hosting and domain registration services, managing your account, processing payments, and providing customer support.

Legitimate Interests

Processing that is necessary for our legitimate interests, provided those interests are not overridden by your rights. This includes maintaining the security of our infrastructure, detecting and preventing fraud, improving our services, and analysing how our website and services are used.

Legal Obligation

Processing that is necessary to comply with our legal obligations, including ICANN Registrar Accreditation Agreement requirements, Nominet terms and conditions for .uk domain registrations, retention of financial records for tax and accounting purposes (HMRC requirements), and responding to lawful requests from law enforcement or regulatory authorities.

Consent

Where we rely on your consent, such as for sending marketing emails, placing non-essential cookies, or processing data for purposes not covered by the bases above. You may withdraw your consent at any time by contacting us or using the unsubscribe mechanism provided.

5

Domain Registration and WHOIS Data

As an ICANN-accredited domain registrar, FXRM is required to collect and maintain accurate registrant data for all domain names registered through our services. This section explains how domain-related personal data is handled.

ICANN Obligations

Under our Registrar Accreditation Agreement with ICANN, we are obligated to collect registrant contact data, verify the accuracy of that data, and provide access to certain registration data via the Registration Data Access Protocol (RDAP) and WHOIS services. We are also required to participate in data escrow programmes, ensuring that domain registration data is securely deposited with an ICANN-approved escrow agent.

Registry Operators

When you register a domain name, your registrant data is shared with the relevant registry operator (e.g. Verisign for .com/.net, Nominet for .uk, Identity Digital for various new gTLDs). This sharing is necessary to complete the domain registration and is a requirement of the domain name system. Each registry operator has its own data processing obligations and privacy policies.

WHOIS Privacy and Proxy Services

Where permitted by the relevant registry operator, we offer WHOIS privacy and proxy services that replace your personal contact information in public WHOIS/RDAP records with generic contact details. Please note that even when privacy services are enabled, the underlying registrant data is still maintained by us and may be disclosed in response to lawful requests or as required by ICANN policies.

6

Data Sharing

We may share your personal data with the following categories of recipients, only to the extent necessary for the purposes described in this policy:

Domain registries and ICANN — registrant contact data as required for domain registration, WHOIS/RDAP services, and data escrow
Payment processors — to securely process your payments (we do not store full card details on our systems)
Hosting infrastructure providers — data centre operators and network providers who support the delivery of our services
Law enforcement and regulatory authorities — when required by law, court order, or to protect our legal rights
Professional advisers — accountants, auditors, and legal counsel where necessary

We do not sell your personal data. We never have and never will sell your personal information to third parties for marketing or any other purposes.

7

International Transfers

As part of the domain registration process, your registrant data may need to be transferred to registry operators, ICANN, or data escrow providers located outside the United Kingdom. Where such transfers occur, we ensure that appropriate safeguards are in place to protect your personal data, including:

UK International Data Transfer Agreements (IDTAs) or Standard Contractual Clauses (SCCs) approved by the Information Commissioner's Office
Transfers to countries that the UK Government has confirmed provide an adequate level of data protection
Transfers necessary for the performance of our contract with you (e.g. completing a domain registration with an overseas registry)

8

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. The specific retention periods are as follows:

Account and Billing Data

Retained for the duration of your active account plus 6 years after closure, as required for legal, tax, and accounting obligations under HMRC guidelines.

Domain Registration Data

Retained in accordance with ICANN requirements, which mandate that registration data be maintained for the life of the domain registration and for a period after its expiration or transfer, as specified in the Registrar Accreditation Agreement.

Server and Access Logs

Retained for 90 days for security monitoring, troubleshooting, and fraud detection purposes, after which they are automatically purged.

Marketing Consent Records

Retained until you withdraw your consent. You can unsubscribe from marketing communications at any time by clicking the unsubscribe link in any email or by contacting us at privacy@fxrm.com.

9

Your Rights

Under the UK GDPR, you have the following rights in relation to your personal data. To exercise any of these rights, please contact us at privacy@fxrm.com. We will respond to your request within one month.

Right of access — you can request a copy of the personal data we hold about you
Right to rectification — you can ask us to correct inaccurate or incomplete personal data
Right to erasure — you can request deletion of your personal data, subject to certain limitations (for example, we cannot delete domain registration data that we are required to retain under ICANN obligations)
Right to restriction of processing — you can ask us to limit how we use your data in certain circumstances
Right to data portability — you can request that we provide your data in a structured, commonly used, and machine-readable format
Right to object — you can object to processing based on legitimate interests or for direct marketing purposes
Right to withdraw consent — where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal

10

Cookies

Our website uses cookies and similar technologies to provide and improve our services. We use the following types of cookies:

Essential Cookies

These cookies are strictly necessary for the operation of our website and services. They enable core functionality such as maintaining your session, remembering your preferences, and securing your account. These cookies cannot be disabled.

Analytics Cookies

With your consent, we use analytics cookies to understand how visitors interact with our website. This helps us improve the user experience and identify areas for enhancement. These cookies are only placed after you provide your consent.

Affiliate Tracking Cookies

If you arrive at our website via an affiliate link, a cookie may be placed to track the referral for the purpose of attributing commissions to our affiliate partners. These cookies typically persist for 90 days.

11

Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, alteration, disclosure, or destruction. These measures include:

Encryption of data in transit using TLS/SSL and encryption of sensitive data at rest
Strict access controls ensuring that only authorised personnel can access personal data, on a need-to-know basis
Regular security audits, vulnerability assessments, and penetration testing of our infrastructure
Secure data centre facilities with physical security measures, redundant power, and environmental controls
Incident response procedures to detect, report, and investigate personal data breaches

12

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by updating the "Last updated" date at the top of this page and, where appropriate, by sending you an email notification or displaying a prominent notice on our website. We encourage you to review this policy periodically to stay informed about how we are protecting your data.

13

Complaints

If you are unhappy with how we have handled your personal data, we would like the opportunity to resolve your concerns. Please contact us first at privacy@fxrm.com or via our complaints procedure.

You also have the right to lodge a complaint with the UK supervisory authority:

Information Commissioner's Office (ICO)

Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Website: ico.org.uk
Helpline: 0303 123 1113

14

Contact Us

For any questions about this Privacy Policy or how we handle your personal data, please contact us:

Privacy Email

privacy@fxrm.com

Phone

+44 (0) 330 788 2211

Registered Office

74 Harwoods Road, Watford, WD18 7RE

Your Privacy Matters

Table of Contents