Privacy Policy
Last updated: 21 October 2025
This Privacy Policy applies to Intrepid Advisors Limited, doing business as Optax, and to the entities we own or control, including Optax Limited (collectively “Optax”, “we”, “us”, or “our”).
We are committed to protecting your privacy and handling your information openly, lawfully, and transparently. This statement explains how we collect, use, share, and safeguard your personal data when you:
- use our websites, including www.optax.co.uk, www.structurechart.com, emprise.tax
- Emprise, and Emprise SC;
- engage us to provide advisory or technology services; or
- otherwise interact with us as a client, supplier, or visitor.
- Who we are
Controller:
Intrepid Advisors Limited (t/a Optax)
Registered office: 170 High Street, Amersham, Buckinghamshire HP7 0EG, United Kingdom
Email: info@optax.co.uk
Optax is the data controller responsible for your personal data unless stated otherwise.
- What personal data we collect
We collect and process personal data in both physical and electronic form in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
(a) Data you provide directly
Examples include:
- Name, job title, company, and contact details (email, address, phone);
- Identification or tax-related information supplied for FATCA/CRS or compliance services;
- Payment and billing details;
- Login credentials and user preferences for Emprise or Emprise SC;
- Information you provide when registering for events, newsletters, or marketing updates;
- CVs, references, or application data (for recruitment).
(b) Data we receive from others
We may obtain information from:
- Your employer or professional adviser;
- Public registers (e.g. Companies House, GIIN List);
- Service providers assisting us with data hosting or analytics; or
- Publicly available sources such as LinkedIn.
When we obtain data from third parties, we will inform you within one month (or at first communication) unless an exemption applies.
(c) Data we collect automatically
When you use our websites or software, we may collect:
- IP address, browser type, operating system, access times;
- Activity logs and usage data within Emprise and Emprise SC;
- Cookies or similar technologies (see our Cookie Policy).
- Special category data
We may process limited “special categories” of data—such as dietary or access requirements when attending meetings, or data relevant to our legal or compliance obligations (for example, investor tax residency).
We only process such data where:
- you have given explicit consent;
- processing is necessary for legal, regulatory, or employment obligations;
- processing is required for the establishment or defence of legal claims; or
- the information has been manifestly made public by you.
- How we use personal data and lawful bases
| Purpose | Examples | Lawful Basis |
| Delivering our advisory, compliance, and technology services | FATCA / CRS reporting, investor data validation, Emprise / Emprise SC account management | Contract performance |
| Managing client relationships, billing, and records | Correspondence, invoicing, CRM, document storage | Legitimate interests / Legal obligation |
| Regulatory and due-diligence checks | KYC, anti-money-laundering, sanctions screening | Legal obligation |
| Marketing and communications | Thought leadership, newsletters, service updates | Consent / Legitimate interests (with right to object) |
| Operating and improving our websites and software | Usage analytics, bug reporting, performance optimisation | Legitimate interests |
| Recruitment and hiring | Evaluating candidates and maintaining talent pools | Consent / Contract steps / Legitimate interests |
We do not use purely automated decision-making that produces legal or similarly significant effects.
- Sharing your data
We may share data with:
- Service providers who host, secure, or support our systems (including Microsoft Azure and other IT vendors);
- Our professional advisers (lawyers, accountants, consultants);
- Competent authorities, regulators, or courts where required by law;
- Successors in the event of a reorganisation, merger, or sale of our business; and
- Other entities within the Intrepid / Optax group for administrative purposes.
All third-party access is governed by written agreements requiring them to protect your data in accordance with UK GDPR standards.
- International transfers
Because we operate internationally, your personal data may be accessed from or transferred to countries outside the UK, including the United States and India.
Where these jurisdictions do not have an adequacy decision, we use appropriate safeguards such as the UK International Data Transfer Addendum (to the EU Standard Contractual Clauses) or equivalent contractual terms approved by the ICO.
Copies of relevant safeguards can be requested by emailing dpo@optax.co.uk.
- Retention periods
We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by law.
Typical retention periods are:
- Client and engagement data: 7 years after the end of the engagement;
- Marketing contact data: 3 years from last interaction or until you unsubscribe;
- Software account data (Emprise / Emprise SC): 2 years after account closure;
- Job applicant data: 6 months after recruitment process unless retained with consent;
- CCTV / visitor records: 30 days unless required for investigation.
- Security measures
We employ administrative, technical, and physical safeguards to protect your personal data, including:
- Staff training and confidentiality undertakings;
- Access controls and encryption within Microsoft Azure-hosted environments;
- Firewalls, antivirus, and intrusion-detection systems;
- Regular penetration testing and independent security audits; and
- Policies and procedures aligned to SOC 2 Type II and ISO 27001 controls.
However, transmission of data over the internet is never completely secure, and we cannot guarantee absolute protection.
- Your rights
Under the UK GDPR you have the right to:
- Request a copy of the personal data we hold about you;
- Request correction or update of inaccurate data;
- Request deletion or restriction of processing;
- Object to processing (including marketing based on legitimate interests);
- Withdraw consent at any time (where consent is the lawful basis); and
- Request data portability where processing is based on consent or contract.
We will respond within one month of receiving your request, subject to legal extensions where permitted.
To exercise your rights, contact info@optax.co.uk.
You also have the right to complain to the Information Commissioner’s Office (ICO):
www.ico.org.uk | Tel: 0303 123 1113.
If you are located outside the UK, you may contact your local EU Data Protection Authority.
- Marketing communications
We may contact you about services, insights, or events that may be of interest. You can unsubscribe at any time by following the link in our emails or contacting dpo@optax.co.uk.
We will always comply with the Privacy and Electronic Communications Regulations (PECR) and honour your preferences.
- Cookies and tracking technologies
Our websites and software platforms use cookies and similar tools to improve functionality and analyse usage.
Full details—including types of cookies used and how to manage your preferences—are set out in our Cookie Policy.
- Changes to this policy
We may update this Privacy Policy from time to time. The latest version will always be available on our websites and will include the effective date above.
If we make material changes, we will notify you by email or through the relevant platform.
- Contact us
If you have any questions or concerns about this Privacy Policy or our data practices, please contact:
Data Protection Officer
Optax (Intrepid Advisors Limited)
170 High Street, Amersham, Buckinghamshire HP7 0EG United Kingdom
Email: info@optax.co.uk