Get in touch
Get in touch

Privacy Policy

Introduction

Your privacy and trust is important to us. So, we want to transparently explain how and why Cashfac  PLC and its group companies (“Cashfac” “we”, “us” or “our”) gather, store, share and use your personal data in the context of our services – as well as outline the controls and choices you have around when and how you choose to share your personal data.

About this Policy

We want you to be confident when you use our Services that you know what your personal data is being used for, and that it is being kept safe. This Privacy Policy (“Policy”) sets out the essential details relating to your personal data relationship with us. The Policy applies to individuals who use our websites, products, software or service of ours that hyperlink to this Policy (“Services”).

This Policy does not generally apply to individuals whose personal information forms part of the content included within our Services, although you can find further information on that topic here.

Depending on the Service, we may provide additional or different privacy notices for specific interactions you have with us or to highlight how we use your personal information for specific Services. Where we do this, it will be clear which statements apply to which interactions and Services.

The aim of this Policy is to:

  1. Ensure that you understand what personal data we collect about you, the reasons why we collect and use it, and who we share it with;
  2. Explain the way we use the personal data that you share with us in order to give you a great experience when you are using our Services; and
  3. Explain your rights and choices in relation to the personal data we collect and process about you and how we will protect your privacy.

We hope this helps you to understand our privacy commitments to you. For information on how to contact us if you ever have any questions or concerns, please see the ‘How to Contact Us’ section below. Alternatively, if you do not agree with the content of this Policy, then please remember it is your choice whether you want to use our Services.

Your rights and your preferences: Giving you choice and control

You may have rights under European and other laws to have access to your personal information and to ask us to rectify, erase and restrict use of, your personal information. You may also have rights to object to your personal information being used, to ask for the transfer of personal information you have made available to us and to withdraw consent to the use of your personal information. Further information on how to exercise your rights is set out below.

You have the following rights under European laws and may have similar rights under the laws of other countries.

  • Right of subject access: The right to make a written request for details of your personal information and a copy of that personal information
  • Right to rectification: The right to have inaccurate information about you corrected or removed
  • Right to erasure (‘right to be forgotten’): The right to have certain personal information about you erased
  • Right to restriction of processing: The right to request that your personal information is only used for restricted purposes
  • Right to opt out of marketing: You can manage your marketing preferences by using the unsubscribe links found in the communications you receive from us. Your choices in relation to marketing are explained
    here
  • Right to object: The right to object to the processing of your personal information in cases where our processing is based on the performance of a task carried out in the public interest or we have let you know the processing is necessary for our or a third party’s legitimate interest
  • Right to data portability: The right to ask for the personal information you have made available to us to be transferred to you or a third party in machine-readable format
  • Right to withdraw consent: The right to withdraw any consent you have previously given us to handle your personal information. If you withdraw your consent, this will not affect the lawfulness of our use of your personal information prior to the withdrawal of your consent

These rights are not absolute, and they do not always apply in all cases.

In order to exercise your rights please complete Subject Access Request Form.

In response to a request, we will ask you to verify your identity if we need to, and to provide information that helps us to understand your request better. If we do not comply with your request, whether in whole or in part, we will explain why.

How do we collect your personal data?

We collect personal information about you from your interactions with us, and from certain third parties and other sources.

We obtain personal information from you:

  • through your interactions with us and our Services, such as, information you may give us by filling in forms or by corresponding with us by email, information you provide at our events or otherwise.
  • through your system/device and use of our Services. Our servers, logs and other technologies automatically collect system/device and usage information to help us administer, protect and improve our Services, analyse usage and improve users’ experience
  • through cookies and similar technologies included on our Services. More information relating to cookies, and how to control their use can be found here.
  • Through third parties or publicly available sources. We may receive personal data about you from various third parties and public sources, for example, analytics providers such as Google.

We also collect personal information about you from third parties such as:

  • publicly available sources such as public websites, open government databases or other data in the public domain, to help us maintain data accuracy and provide and enhance the Services

We use anonymised and aggregated information for purposes that include testing our IT systems, research, data analysis, creating marketing and promotion models, improving our Services, and developing new features and functionality.

What personal data do we collect from you?

The type of personal information we collect depends on how you are interacting with us and which Services you are using.

In many cases, you can choose whether or not to provide us with personal information, but if you choose not to, you may not get the full functionality from the Services.

We have set out in the tables below the categories of personal data we collect and use about you:

Personal data collected through your use of the Service

Categories of personal data Description of category
Service Usage Data This is the personal data that is collected about you when you are using our Service – this may include:

  • Information about your interactions with our Service which includes the date and time of any requests you make, video content you’ve watched. This also may include details of advertising you receive.
  • Customer testimonials, this could include your name, job title, social media handle and/or any testimonial, review or other comment on our products or services that you choose to provide to us.
  • Technical data which may include URL information, cookie data, your IP address, the types of devices you are using to access or connect to the our Service, unique device IDs, device attributes, network connection type (e.g. WiFi, 3G) and provider, network and device performance, browser type, language, information enabling digital rights management and operating system. Further details about the technical data that is processed by us can be found in our Cookies Policy.

 

Personal data collected with your permission that enables us to provide you with additional features/functionality

Categories of personal data Description of category
Marketing Data This personal data is used to enable us and our partners / service providers to send you marketing communications either:

  • Via email;
  • Whilst using our Service; and/or
  • Direct from the third party.

What do we use your personal data for?

When you use or interact with our Service, we use a variety of technologies to process the personal data we collect about you for various reasons. We have set out in the table below the reasons why we process your personal data, the associated legal bases we rely upon to legally permit us to process your personal data, and the categories of personal data (identified in section  ‘What personal data do we collect from you?’) used for these purposes:

Description of why we process your personal data (‘processing purpose’) Legal Basis for the processing purpose Categories of personal data used by us for the processing purpose
To provide, personalise, and improve your experience with our Service and other services and products provided by us, for example by providing customised, personalised, or localised content, recommendations, features, and advertising on or outside of the Service (including for third party products and services).
  • Performance of a Contract
  • Legitimate Interest
  • Service Usage Data
To understand how you access and use our Services to ensure technical functionality of our Service, develop new products and services, and analyse your use of our Services, advertising, products, and services that are made available, linked to, or offered through our Services.
  • Legitimate Interest
  • Service Usage Data
To detect fraud including fraudulent use of the Service.
  • Compliance with legal obligations
  • Legitimate Interest
  • Website Usage and Administration
To communicate with you, either directly or through one of our partners, for:

  • marketing,
  • research,
  • participation in contests, surveys and sweepstakes,
  • promotional purposes,

via emails, notifications, or other messages, consistent with any permissions you may have communicated to us.
  • Consent
  •  Legitimate Interest
  • Contests, Surveys and Sweepstakes Data
  •  Marketing Data
To provide you with features, information, advertising, or other content which is based on your specific location.
  • Consent
  • Service Usage Data

 

You are welcome to contact us for further information on the legal grounds that we rely on in relation to any specific processing of your personal information.

How we share personal information

We have set out the categories of recipients of the personal data collected or generated through your use of the Service.

Publicly available information

Many professionals and third parties rely on the use of publicly available information in order to carry out research or to satisfy their compliance obligations (e.g., to carry out anti-money-laundering checks).

To assist them, we make available information obtained from publicly available sources like public websites, open government databases or other data in the public domain.

We take privacy seriously and put in place measures designed to ensure that we process personal information in a proportionate way and in compliance with data protection laws.

Personal data you may choose to share

The following personal data will only be shared with the categories of recipients outlined in the table below if:

  • you choose to make use of a specific Service feature where sharing of particular personal data is required for the proper use of the Service feature; or
  • you grant us your permission to share the personal data.
Categories of Recipients Reason for sharing
Service Providers and Others We use technical service providers which may operate the technical infrastructure that we need to provide the Service, in particular providers which host, store, manage, and maintain the website, its content and the data we process.
We use marketing and advertising partners to show you more tailored content, or to help us understand your use of the Services, to provide you with a better service. We also may share personal data with certain marketing and advertising partners to send you promotional communications about the Services.
Other Cashfac Group Companies and its advisors We will share your personal data with other Cashfac Group companies, including our professional advisers, such as, lawyers, bankers, auditors, insurers and information security professionals who provide consultancy, banking, legal, insurance and accounting services to carry out our daily business operations and to enable us to maintain and provide the Services to you.
Law Enforcement and Data Protection Authorities We will share your personal data when we in good faith believe it is necessary for us to do so in order to comply with a legal obligation under applicable law, or respond to valid legal process, such as a search warrant, a court order, or a subpoena.
We also will share your personal data where we in good faith believe that it is necessary for the purpose of our own, or a third party’s legitimate interest relating to national security, law enforcement, litigation, criminal investigation, protecting the safety of any person, or to prevent death or imminent bodily harm, provided that we deem that such interest is not overridden by your interests or fundamental rights and freedoms requiring the protection of your personal data.
Regulators and other authorities or bodies We may share your personal data with regulators and other authorities or bodies who require reporting of processing activities in certain circumstances. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction and when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, or investigate fraud
Purchasers of our business We will share your personal data in those cases where we sell or negotiate to sell our business to a buyer or prospective buyer. In this situation, we will continue to ensure the confidentiality of your personal data and give you notice before your personal data is transferred to the buyer or becomes subject to a different Privacy Policy.

Data retention and deletion

We retain your information in accordance with our legal and regulatory obligations. You can find more information on the criteria used to calculate the retention periods set out below.
Cashfac implement policies and rules relating to the retention of personal information. We calculate retention periods for your personal information in accordance with the following criteria:

  • the length of time necessary to fulfil the purposes we collected it for
  • when you or your employer (or other subscriber providing your access to our Services) cease to use our Services
  • the length of time it is reasonable to keep records to demonstrate that we have fulfilled our duties and obligations
  • any limitation periods within which claims might be made
  • the existence of any relevant proceedings
  • any retention periods prescribed by law or recommended by regulators, professional bodies or associations

Where we are required to retain the personal data for our legal, tax, audit, and accounting obligations, we will retain the necessary personal data for the period required by applicable law and/or, where necessary for our legitimate business interests such as fraud prevention or to maintain the security of our users.
Where we anonymise your personal data (i.e. so that it can no longer be associated with you) for further research or statistical purposes, then we may use this information indefinitely without further notice to you.

Transfer to other countries

Cashfac is a global organisation, and your personal information may be stored and processed outside of your home country, including in countries that may not offer the same level of protection for your personal information as your home country. We have measures in place to ensure that when your personal information is transferred internationally, it is subject to appropriate safeguards in accordance with data protection laws. Often, these include contractual safeguards. More information about these safeguards can be obtained by contacting us here.

We have networks, databases, servers, systems, support and helpdesks around the world. We collaborate with third parties like cloud hosting services, suppliers and technology support located around the world to serve the needs of our business, workforce and customers. We take appropriate steps to ensure that personal information is processed, secured and transferred according to applicable law. In some cases, we may need to disclose or transfer your personal information within Cashfac Group or to third parties in areas outside of your home country, including to countries that have not been declared adequate for the purposes of data protection by the European Commission.

The areas in which these recipients are located will vary from time to time, but include the United States, Europe, Australia, and other countries where Cashfac has a presence or uses contractors.
When we transfer personal information internationally, we put in place safeguards in accordance with applicable law (including Articles 44 to 50 of the EU General Data Protection Regulation). If you would like to know more about our data transfer practices and obtain copies of any relevant safeguarding measures, please contact our Legal & Compliance Team.

Keeping your personal data safe

Cashfac takes the security of personal information seriously and we use appropriate technologies and procedures to protect personal information (including administrative, technical and physical safeguards) according to the risk level and the service provided. We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security.
Our information security policies and procedures are closely aligned with widely accepted international standards and are reviewed regularly and updated as necessary to meet the sensitivity of the personal information we handle, our business needs, changes in technology and regulatory requirements. We have implemented appropriate information security controls.
View ISO 27001 certificate.

Links to other websites

Our websites may include links to third-party websites, plug-ins and applications. This includes for example, e.g. Social Media Features, such as the LinkedIn Like button and Widgets, the “Share this” button or interactive mini programs that run on our website. Clicking on those links or enabling those Features may allow third parties to collect or share data about you. For example, these Features may collect your IP address or which page you are visiting on our site and may set a cookie to enable the Feature to function properly. Social Media Features and Widgets are either hosted by a third party or hosted directly on our site.
We cannot control or be held responsible for third parties’ privacy practices and content. If you click on a third-party advertisement or link, please understand that you are leaving our Service and any personal data you provide will not be covered by this Policy. Please read their privacy policies to find out how they collect and process your personal data.

Marketing

We deliver marketing and event communications to you across various online and offline platforms including email, telephone, social media, events and advertising. Where required by law, we will ask you to explicitly opt in to receive marketing from us. If we send you a marketing communication, it will include instructions on how to opt out of receiving these communications in the future. Honouring your marketing preferences is important to us. You have the right to opt out of receiving direct marketing.

How to Opt Out of Marketing Emails
Where we send marketing emails, we provide unsubscribe options for your use within our emails. In addition, you can also email marketing@cashfac.com

Where to find further privacy information on our products and services

This Policy generally relates to the personal information we collect about users in connection with the Services, where we make decisions about how that personal information is handled (Cashfac as a controller).
Where we need to give you additional information about how your personal information is used in relation to a specific Service, we will provide separate or additional privacy notices.

How to contact us

If you have any questions, comments, complaints or suggestions in relation to data protection or this Policy, or any other concerns about the way in which we process information about you, please contact our Legal & Compliance Team at legal@cashfac.com or at Legal & Compliance Team, Cashfac PLC, Monument House, 18 King William Street, London, EC4N 7BP.

If you are not satisfied with the response, we encourage you to escalate your query to our Data Protection Officer at legal@cashfac.com or at Data Protection Officer, Cashfac PLC, Monument House, 18 King William Street, London, EC4N 7BP.

Filing a complaint

If you are not content with how Cashfac manages your personal information, we hope you will talk to us, however, you can also lodge a complaint with a privacy supervisory authority. In the European Economic Area, the relevant supervisory authority is the one in the country or territory where (i) you are resident (ii) you work, or (iii) the alleged infringement took place. A list of National Data Protection Authorities in the European Economic Area can be found here: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080]

Updates to this Policy

This Policy may be subject to updates. Any material future changes or additions to the processing of personal information as described in this Policy affecting you will be communicated to you through an appropriate channel. For example, we may place a prominent notice on our website or email you to let you know of an updated Policy.
LAST UPDATED: May 2023