US Privacy Policy & Data Compliance

Privacy Policy

Who We Are

Imperial PI is a private intelligence and investigation company registered in England and Wales, with a correspondence address at Lytchett House, 13 Freeland Park, Wareham Road, Poole, Dorset, BH16 6FA, UK. We are registered with the UK Information Commissioner's Office (ICO) and operate under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We provide remote private intelligence and investigative services to clients located in the United States, operating exclusively from the United Kingdom using digital, open-source, and lawful investigative methods. We do not conduct physical surveillance or maintain a physical presence in the United States.

For all US-related enquiries: usa@imperialpi.org

Information We Collect

From US Clients and Enquirers

When you contact us, submit an enquiry form, or instruct us to carry out investigative services, we may collect the following categories of personal data:

• Full name and contact details (email address, telephone number)
• Business name and professional role (where applicable)
• The nature of your enquiry or the matter you wish to instruct us on
• Any background information, documentation, or subject details you voluntarily provide
• Payment and billing information (processed securely; we do not store card details)
• Communication records (emails, messages, call notes) relating to your instruction

Subject Data (Third-Party Individuals)

In the course of conducting investigations on behalf of US clients, we may process personal data relating to third-party subjects. This data is gathered exclusively through lawful, open-source, and publicly accessible means, including:

• Publicly available records, databases, and court filings
• Open-source intelligence (OSINT) from publicly accessible digital sources
• Social media intelligence (SOCMINT) from publicly visible profiles and activity
• Commercial data providers operating within applicable legal frameworks
• Public property, company, and regulatory records

We do not access private communications, intercept data in transit, or use any unlawful means to obtain information about any subject.

Website and Technical Data

When you visit our website, we may automatically collect limited technical data including your IP address, browser type, referring URL, and pages viewed. This data is used solely for site security and performance purposes and is not used for advertising or behavioural tracking.

How We Use Your Information

We use personal data collected from US clients and enquirers solely for the following purposes:

• Responding to your enquiry and assessing the feasibility of your instruction
• Providing, managing, and delivering the investigative services you have instructed
• Communicating progress updates and intelligence findings to you throughout an engagement
• Preparing and delivering intelligence reports, evidence packages, and associated deliverables
• Issuing invoices and processing payment for services rendered
• Maintaining records of engagements for legal, regulatory, and professional compliance purposes
• Responding to complaints and resolving disputes under our formal complaints procedure

What We Will Never Do

• Sell, rent, or commercially transfer your personal data to any third party
• Use your personal data for direct marketing purposes without your explicit consent
• Share case details, client identity, or subject intelligence with any unauthorised party
• Process your data for purposes incompatible with those stated in this policy
• Disclose any information relating to your instruction to any person not directly involved in conducting or supervising the work

Legal Basis for Processing

Under UK GDPR, Imperial PI processes personal data on the following lawful bases:

Processing of Subject Data

The processing of personal data about third-party subjects in the course of investigations is conducted under the Legitimate Interests basis (Article 6(1)(f) UK GDPR), assessed in accordance with the ABI Code of Conduct for Investigative and Litigation Support Services — formally approved by the Information Commissioner's Office in October 2024. A Legitimate Interests Assessment (LIA) is conducted on each instruction to ensure proportionality and necessity.

Where We Store and Secure Your Data

Storage Location

All personal data processed by Imperial PI is stored within the UK and European Economic Area (EEA) on secure, encrypted infrastructure. Our primary client relationship management system is HubSpot (GDPR-compliant, EU data processing), supplemented by Zoho Workdrive for secure evidence delivery.

Security Measures

Imperial PI implements appropriate technical and organisational security measures to protect your personal data, including:

• Encryption of data at rest and in transit using industry-standard protocols
• Access controls limiting data access to authorised personnel only
• Secure delivery of investigative reports via encrypted channels (encrypted USB or Zoho Workdrive)
• Regular review of security practices in line with ICO guidance
• Contractual confidentiality obligations binding all personnel with access to case data

How Long We Keep Your Data

Imperial PI retains personal data in accordance with applicable legal, regulatory, and professional requirements. Our standard retention periods are as follows:

On expiry of the applicable retention period, all personal data is securely destroyed in accordance with ICO guidance. If you request erasure of your data prior to expiry of a retention period, we will comply where there is no overriding legal obligation to retain it, and we will notify you of the outcome within 30 days.

Your Rights Under UK GDPR

As a data subject, you have the following rights in respect of personal data held by Imperial PI. These rights apply regardless of whether you are based in the United Kingdom or the United States.

To exercise any of these rights, please contact us at usa@imperialpi.org or submit a formal data privacy request:

Cookies

Our website uses only essential functional cookies required for the site to operate correctly. We do not deploy advertising cookies, cross-site tracking cookies, or third-party behavioural analytics.

• Session cookies: required for form submission and basic site functionality
• HubSpot analytics: limited, GDPR-compliant visitor analytics to understand how our site is used — no personal profiling

We do not participate in ad networks, retargeting, or behavioural advertising programmes. You may disable non-essential cookies via your browser settings at any time without affecting your ability to use our site.

US Data Compliance Statement

Federal Baseline: How We Align with US Data Standards

While the United States does not have a single federal comprehensive data protection law equivalent to the UK GDPR, Imperial PI voluntarily aligns its data practices with widely recognised US federal privacy standards and Fair Information Practice Principles (FIPPs), as adopted by the Federal Trade Commission (FTC):

• Notice: We clearly inform individuals of our data collection practices through this policy prior to or at the time of collection
• Choice: We provide individuals with meaningful options regarding how their data is used and shared
• Access: Individuals may access and correct personal data we hold about them
• Security: We implement reasonable and appropriate safeguards to protect data against unauthorised access or disclosure
• Enforcement: We are subject to ICO oversight (UK) and adhere to the ABI Code of Conduct, both of which provide independent accountability mechanisms

Applicable US Federal Privacy Laws

The following federal laws are relevant to our processing of personal data for US clients and subjects. Imperial PI observes their spirit and, where applicable, their requirements in all engagements:

California Consumer Privacy Act (CCPA) — Awareness Statement

The California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) provides California residents with specific rights regarding their personal information. Imperial PI acknowledges these rights and extends comparable data subject rights to California residents as follows:

• Right to Know: California residents may request disclosure of the categories and specific pieces of personal information we have collected about them, the sources, and our purposes for collection
• Right to Delete: California residents may request deletion of personal information we hold about them, subject to legal retention obligations and applicable exemptions
• Right to Correct: California residents may request correction of inaccurate personal information
• Right to Opt-Out of Sale: We do not sell personal information. No opt-out mechanism is required as this practice does not apply to Imperial PI
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights
• Right to Limit Sensitive Personal Information: We process sensitive personal information only to the extent necessary to provide the services you have instructed

State-Level Privacy Law Awareness

Multiple US states have enacted or are in the process of enacting comprehensive consumer data privacy legislation. The following table summarises the status of key state laws that may be relevant to US clients and data subjects engaging Imperial PI:

PI Licensing and Remote Intelligence Work

Imperial PI does not hold a US private investigator licence. This is not required for the scope of our US operations, which is limited exclusively to remote, open-source, and digital investigative research conducted from the United Kingdom. We do not:

• Conduct physical surveillance in any US state
• Engage US-based field operatives or sub-contractors
• Access private property or trespass in any US jurisdiction
• Conduct activities requiring a US state PI licence (physical observation, in-person locate, process serving)

Our services are research-based, OSINT-led, and delivered entirely from the UK. This model is intentional, lawful, and an important feature of how we serve US clients without jurisdictional licence conflicts. For clients in California, Texas, Florida, or any other state with specific PI licensing requirements — our remote-only, UK-operated model means no US licence is triggered for our scope of work.

Admissibility of Intelligence for US Legal Proceedings

All intelligence reports produced by Imperial PI are structured to meet evidential standards including chain-of-custody documentation, source attribution, and timestamped evidence. Our reports are regularly used by US attorneys to support case strategy, pre-litigation intelligence, and evidence review. Whether a specific report or finding is admissible in a particular US proceeding is a question for your attorney — we recommend instructing US legal counsel to review our output in the context of your specific matter.

Where required, Imperial PI can provide a sworn declaration in support of intelligence reports, confirming the lawful methods used, the authenticity of evidence, and the qualifications of the investigator responsible.

Lawful Basis for Processing US Subject Data

Where we process personal data about US-based third-party subjects in the course of an investigation, we do so under the following framework:

• UK GDPR Legitimate Interests (Article 6(1)(f)) — proportionate processing for a legitimate investigative purpose
• ABI Code of Conduct compliance — every instruction is assessed for necessity, proportionality, and lawful purpose before commencement
• Client warranty and declaration — all clients warrant a genuine, lawful purpose and agree that they will not misuse intelligence delivered
• No sensitive data processed without specific assessment — where intelligence research may touch on special category data (health, political opinion, religion, sexual orientation), an enhanced proportionality review is conducted

Data Minimisation for US Engagements

Consistent with UK GDPR data minimisation principles and good US data practice, Imperial PI collects and processes only the minimum personal data necessary to fulfil the stated investigative purpose. Subject intelligence reports contain only information directly relevant to the agreed scope of work. We do not profile subjects beyond what is proportionate and necessary for the instruction.

US Client Data Rights — How to Exercise Them

US clients and data subjects (including California, Virginia, Colorado, Connecticut, Texas, and Florida residents) may exercise their data rights at any time by contacting us via:

• Email: usa@imperialpi.org
• Data Privacy Request Portal: Submit a formal data request
• Post: Lytchett House, 13 Freeland Park, Wareham Road, Poole, Dorset, BH16 6FA, UK

We will acknowledge all data rights requests within 5 business days and respond in full within 30 days (or within the applicable statutory period under relevant state law).

GDPR Compliance Statement

Imperial PI is committed to full compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 on every engagement, including those conducted for US clients.

Data Controller

Imperial PI is the Data Controller responsible for personal information collected and processed through this website and in connection with our investigative services. Where we process personal data on behalf of a client (for example, where a client provides us with data about a subject to be investigated), we act as a Data Processor and will enter into a Data Processing Agreement with the client upon request.

ICO Registration

Imperial PI is registered with the UK Information Commissioner's Office (ICO). Registration confirms our commitment to lawful, fair, and transparent data processing. Our ICO registration is publicly verifiable at ico.org.uk.

ABI Code of Conduct

Imperial PI operates in full compliance with the Association of British Investigators (ABI) Code of Conduct for Investigative and Litigation Support Services, which was formally approved by the ICO in October 2024. This Code governs the lawful methods, data handling practices, and ethical conduct required on every investigation — including those conducted remotely for US clients. It provides an additional layer of professional accountability beyond statutory GDPR compliance.

Regulatory Complaint Rights

If you believe that your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. For matters governed by UK GDPR, the relevant authority is:

• Information Commissioner's Office (ICO) — ico.org.uk — 0303 123 1113

US residents may also contact their state Attorney General's office in respect of state-level data protection matters, or the FTC at ftc.gov for federal matters.

Confidentiality & Mutual Non-Disclosure

Every Imperial PI engagement is governed by a mutual confidentiality obligation. We treat the existence, nature, and content of every instruction with absolute discretion. This is not merely a policy position — it is a contractual obligation in every client agreement.

• The identity of our clients is never disclosed to any third party without express written consent
• Case details are shared only with the investigative personnel directly responsible for the work
• Intelligence reports and evidence packages are delivered via secure, encrypted channels only
• Sub-contractors (engaged only in exceptional circumstances) are bound by equivalent confidentiality obligations
• We do not discuss, reference, or disclose any case in any media or public forum

Corporate clients with heightened confidentiality requirements may request a separate Non-Disclosure Agreement (NDA) before consultation commences. We are accustomed to working under NDA with law firms, private equity houses, insurance companies, and in-house legal teams.

Questions About This Policy

If you have any questions, concerns, or requests relating to this privacy policy or the handling of your personal data, please contact us using the details below. All communications are treated with absolute confidentiality.