Cleriqa iconCleriqa
Log inBook a demo

Legal

Privacy Policy

Last updated: May 2026

This Privacy Policy describes how Onwards Capita ("Cleriqa", "we", "us", or "our") collects, uses, and protects personal data when you visit our website or interact with us in connection with our services. It applies where we act as the data controller determining the purposes and means of processing.

Onwards Capita is a company incorporated in Singapore. Our registered address and contact details are available on request via our contact page.

This policy does not cover personal data we process on behalf of our business customers as a data processor. Processing in that capacity is governed by the relevant service agreement and data processing addendum between Cleriqa and the customer.

Personal data we collect and why

We collect personal data in the following contexts. For each, we set out what data is involved, the purpose, and the legal basis under applicable data protection law including the GDPR where it applies to individuals in the European Economic Area.

Enquiries and demo requests

When you submit an enquiry, book a demo, or contact us through this website, we collect the information you provide, including your name, work email address, company or firm name, country, and any message or context you include.

  • We use this information to respond to your request, route it to the relevant member of our team, and follow up where appropriate.
  • Legal basis: performance of pre-contractual steps at your request, or our legitimate interest in managing commercial relationships and responding to inbound interest.

Customer and partner management

In managing relationships with accounting firm partners, SME customers, and pilot participants, we process contact and identity information about relevant individuals at those organisations, including names, email addresses, job titles, and correspondence.

  • Legal basis: performance of the contract between Cleriqa and the relevant organisation, and our legitimate interest in administering and developing those relationships.
  • We may also retain records of interactions where required to satisfy accounting, tax, or regulatory obligations.

Marketing communications

Where you have asked to receive updates, product news, or other communications from us, we process your name and email address for that purpose.

  • We will only send marketing communications where you have requested them or where we have a legitimate interest in doing so. You can unsubscribe at any time using the link in any communication or by contacting us directly.
  • Legal basis: your consent, or our legitimate interest in communicating with people who have expressed interest in our product.

Website and analytics

When you visit our website we may collect information about your visit through cookies or similar technologies, including IP address, browser type, pages viewed, referral source, and session duration.

  • This data is used to understand how the site is used, identify issues, and improve content and navigation. It is not used to identify you individually without your consent.
  • Legal basis: our legitimate interest in operating and improving a functional website. Where consent is required by applicable law for the use of non-essential cookies, we will ask for it.
  • You can disable or restrict cookies through your browser settings at any time.

Business operations

In the ordinary course of running our business, we process contact and correspondence information about individuals at supplier organisations, professional advisers, and other counterparties.

  • Legal basis: our legitimate interest in operating the business and fulfilling obligations to our contractual counterparties.

Sharing and international transfers

We do not sell your personal data. We may share it with the following categories of recipient where necessary:

  • Service providers — third-party providers who help us operate the website, deliver emails, host infrastructure, or support business operations. These providers act as data processors under appropriate contractual protections.
  • Professional advisers — legal, accounting, and audit professionals where required.
  • Regulatory and public authorities — where we are legally required to disclose information.
  • Business transfers — in the event of a merger, acquisition, or sale of assets, personal data may be transferred as part of that transaction under equivalent protections.

Where personal data is transferred outside the country in which it was collected — including transfers outside the EEA — we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the relevant supervisory authority, or reliance on an adequacy decision. You may request further information about any such transfer by contacting us.

Data security

We apply appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, alteration, or disclosure. Access to personal data is limited to individuals with a business need to access it, and all such individuals are subject to confidentiality obligations.

In the event of a personal data breach that is likely to result in a risk to individuals, we will notify the relevant supervisory authority and, where required, the affected individuals, in accordance with applicable law.

Retention

We retain personal data only for as long as necessary for the purpose for which it was collected, or as required by law. In practice:

  • Enquiry and contact data is retained for as long as the relationship or potential relationship is active, and for a reasonable period afterwards in case of follow-up.
  • Customer and partner data is retained for the duration of the engagement and for a period thereafter as required by accounting, tax, or legal obligations — typically five to seven years depending on the applicable jurisdiction.
  • Marketing contact data is removed promptly on unsubscribe or on request.
  • Website analytics data is retained in aggregated or pseudonymised form and reviewed periodically.

Your rights

Depending on your location and the applicable law, you may have the following rights in relation to your personal data. To exercise any of them, use our contact page with your full name and email address. We will respond within the timeframe required by law.

  • Access — the right to obtain confirmation that we hold your personal data and to receive a copy of it.
  • Rectification — the right to have inaccurate or incomplete data corrected.
  • Erasure — the right to request deletion of your personal data where we no longer have a lawful basis to hold it.
  • Restriction — the right to ask us to pause processing in certain circumstances, for example while a rectification request is considered.
  • Objection — the right to object to processing based on legitimate interests or carried out for direct marketing purposes.
  • Portability — the right to receive data you have provided to us in a structured, machine-readable format where processing is based on consent or contract and carried out by automated means.
  • Withdrawal of consent — where processing relies on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

If you are located in the EEA, UK, or another jurisdiction with a data protection supervisory authority, you have the right to lodge a complaint with that authority if you believe your personal data has been processed unlawfully. We would, however, welcome the opportunity to address your concerns directly before you do so.

Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The date at the top of this page reflects the most recent revision. Material changes will be communicated where appropriate.