Your privacy and trust is important to us. So, we want to transparently explain how and why Cashfac PLC and its group companies (“Cashfac” “we”, “us” or “our”) gather, store, share and use your personal data in the context of our services – as well as outline the controls and choices you have around when and how you choose to share your personal data.
About this Policy
This Policy does not generally apply to individuals whose personal information forms part of the content included within our Services, although you can find further information on that topic here.
Depending on the Service, we may provide additional or different privacy notices for specific interactions you have with us or to highlight how we use your personal information for specific Services. Where we do this, it will be clear which statements apply to which interactions and Services.
The aim of this Policy is to:
- Ensure that you understand what personal data we collect about you, the reasons why we collect and use it, and who we share it with;
- Explain the way we use the personal data that you share with us in order to give you a great experience when you are using our Services; and
- Explain your rights and choices in relation to the personal data we collect and process about you and how we will protect your privacy.
We hope this helps you to understand our privacy commitments to you. For information on how to contact us if you ever have any questions or concerns, please see the ‘How to Contact Us’ section below. Alternatively, if you do not agree with the content of this Policy, then please remember it is your choice whether you want to use our Services.
Your rights and your preferences: Giving you choice and control
You may have rights under European and other laws to have access to your personal information and to ask us to rectify, erase and restrict use of, your personal information. You may also have rights to object to your personal information being used, to ask for the transfer of personal information you have made available to us and to withdraw consent to the use of your personal information. Further information on how to exercise your rights is set out below.
You have the following rights under European laws and may have similar rights under the laws of other countries.
- Right of subject access: The right to make a written request for details of your personal information and a copy of that personal information
- Right to rectification: The right to have inaccurate information about you corrected or removed
- Right to erasure (‘right to be forgotten’): The right to have certain personal information about you erased
- Right to restriction of processing: The right to request that your personal information is only used for restricted purposes
- Right to opt out of marketing: You can manage your marketing preferences by using the unsubscribe links found in the communications you receive from us. Your choices in relation to marketing are explained
- Right to object: The right to object to the processing of your personal information in cases where our processing is based on the performance of a task carried out in the public interest or we have let you know the processing is necessary for our or a third party’s legitimate interest
- Right to data portability: The right to ask for the personal information you have made available to us to be transferred to you or a third party in machine-readable format
- Right to withdraw consent: The right to withdraw any consent you have previously given us to handle your personal information. If you withdraw your consent, this will not affect the lawfulness of our use of your personal information prior to the withdrawal of your consent
These rights are not absolute, and they do not always apply in all cases.
In order to exercise your rights please complete Subject Access Request Form.
In response to a request, we will ask you to verify your identity if we need to, and to provide information that helps us to understand your request better. If we do not comply with your request, whether in whole or in part, we will explain why.
How do we collect your personal data?
We collect personal information about you from your interactions with us, and from certain third parties and other sources.
We obtain personal information from you:
- through your interactions with us and our Services, such as, information you may give us by filling in forms or by corresponding with us by email, information you provide at our events or otherwise.
- through your system/device and use of our Services. Our servers, logs and other technologies automatically collect system/device and usage information to help us administer, protect and improve our Services, analyse usage and improve users’ experience
- through cookies and similar technologies included on our Services. More information relating to cookies, and how to control their use can be found here.
- Through third parties or publicly available sources. We may receive personal data about you from various third parties and public sources, for example, analytics providers such as Google.
We also collect personal information about you from third parties such as:
- publicly available sources such as public websites, open government databases or other data in the public domain, to help us maintain data accuracy and provide and enhance the Services
We use anonymised and aggregated information for purposes that include testing our IT systems, research, data analysis, creating marketing and promotion models, improving our Services, and developing new features and functionality.
What personal data do we collect from you?
The type of personal information we collect depends on how you are interacting with us and which Services you are using.
In many cases, you can choose whether or not to provide us with personal information, but if you choose not to, you may not get the full functionality from the Services.
We have set out in the tables below the categories of personal data we collect and use about you:
Personal data collected through your use of the Service
|Categories of personal data||Description of category|
|Service Usage Data||This is the personal data that is collected about you when you are using our Service – this may include:
Personal data collected with your permission that enables us to provide you with additional features/functionality
|Categories of personal data||Description of category|
|Marketing Data||This personal data is used to enable us and our partners / service providers to send you marketing communications either:
What do we use your personal data for?
When you use or interact with our Service, we use a variety of technologies to process the personal data we collect about you for various reasons. We have set out in the table below the reasons why we process your personal data, the associated legal bases we rely upon to legally permit us to process your personal data, and the categories of personal data (identified in section ‘What personal data do we collect from you?’) used for these purposes:
|Description of why we process your personal data (‘processing purpose’)||Legal Basis for the processing purpose||Categories of personal data used by us for the processing purpose|
|To provide, personalise, and improve your experience with our Service and other services and products provided by us, for example by providing customised, personalised, or localised content, recommendations, features, and advertising on or outside of the Service (including for third party products and services).||
|To understand how you access and use our Services to ensure technical functionality of our Service, develop new products and services, and analyse your use of our Services, advertising, products, and services that are made available, linked to, or offered through our Services.||
|To detect fraud including fraudulent use of the Service.||
|To communicate with you, either directly or through one of our partners, for:
via emails, notifications, or other messages, consistent with any permissions you may have communicated to us.
|To provide you with features, information, advertising, or other content which is based on your specific location.||
You are welcome to contact us for further information on the legal grounds that we rely on in relation to any specific processing of your personal information.
Publicly available information
Many professionals and third parties rely on the use of publicly available information in order to carry out research or to satisfy their compliance obligations (e.g., to carry out anti-money-laundering checks).
To assist them, we make available information obtained from publicly available sources like public websites, open government databases or other data in the public domain.
We take privacy seriously and put in place measures designed to ensure that we process personal information in a proportionate way and in compliance with data protection laws.
Data retention and deletion
We retain your information in accordance with our legal and regulatory obligations. You can find more information on the criteria used to calculate the retention periods set out below.
Cashfac implement policies and rules relating to the retention of personal information. We calculate retention periods for your personal information in accordance with the following criteria:
- the length of time necessary to fulfil the purposes we collected it for
- when you or your employer (or other subscriber providing your access to our Services) cease to use our Services
- the length of time it is reasonable to keep records to demonstrate that we have fulfilled our duties and obligations
- any limitation periods within which claims might be made
- the existence of any relevant proceedings
- any retention periods prescribed by law or recommended by regulators, professional bodies or associations
Where we are required to retain the personal data for our legal, tax, audit, and accounting obligations, we will retain the necessary personal data for the period required by applicable law and/or, where necessary for our legitimate business interests such as fraud prevention or to maintain the security of our users.
Where we anonymise your personal data (i.e. so that it can no longer be associated with you) for further research or statistical purposes, then we may use this information indefinitely without further notice to you.
Transfer to other countries
Cashfac is a global organisation, and your personal information may be stored and processed outside of your home country, including in countries that may not offer the same level of protection for your personal information as your home country. We have measures in place to ensure that when your personal information is transferred internationally, it is subject to appropriate safeguards in accordance with data protection laws. Often, these include contractual safeguards. More information about these safeguards can be obtained by contacting us here.
We have networks, databases, servers, systems, support and helpdesks around the world. We collaborate with third parties like cloud hosting services, suppliers and technology support located around the world to serve the needs of our business, workforce and customers. We take appropriate steps to ensure that personal information is processed, secured and transferred according to applicable law. In some cases, we may need to disclose or transfer your personal information within Cashfac Group or to third parties in areas outside of your home country, including to countries that have not been declared adequate for the purposes of data protection by the European Commission.
The areas in which these recipients are located will vary from time to time, but include the United States, Europe, Australia, and other countries where Cashfac has a presence or uses contractors.
When we transfer personal information internationally, we put in place safeguards in accordance with applicable law (including Articles 44 to 50 of the EU General Data Protection Regulation). If you would like to know more about our data transfer practices and obtain copies of any relevant safeguarding measures, please contact our Legal & Compliance Team.
Keeping your personal data safe
Cashfac takes the security of personal information seriously and we use appropriate technologies and procedures to protect personal information (including administrative, technical and physical safeguards) according to the risk level and the service provided. We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security.
Our information security policies and procedures are closely aligned with widely accepted international standards and are reviewed regularly and updated as necessary to meet the sensitivity of the personal information we handle, our business needs, changes in technology and regulatory requirements. We have implemented appropriate information security controls.
View ISO 27001 certificate.
We deliver marketing and event communications to you across various online and offline platforms including email, telephone, social media, events and advertising. Where required by law, we will ask you to explicitly opt in to receive marketing from us. If we send you a marketing communication, it will include instructions on how to opt out of receiving these communications in the future. Honouring your marketing preferences is important to us. You have the right to opt out of receiving direct marketing.
How to Opt Out of Marketing Emails
Where we send marketing emails, we provide unsubscribe options for your use within our emails. In addition, you can also email email@example.com
Where to find further privacy information on our products and services
This Policy generally relates to the personal information we collect about users in connection with the Services, where we make decisions about how that personal information is handled (Cashfac as a controller).
Where we need to give you additional information about how your personal information is used in relation to a specific Service, we will provide separate or additional privacy notices.
How to contact us
If you have any questions, comments, complaints or suggestions in relation to data protection or this Policy, or any other concerns about the way in which we process information about you, please contact our Legal & Compliance Team at firstname.lastname@example.org or at Legal & Compliance Team, Cashfac PLC, 50 Mark Lane, London, EC3R 7QR.
If you are not satisfied with the response, we encourage you to escalate your query to our Data Protection Officer at email@example.com or at Data Protection Officer, Cashfac PLC, 50 Mark Lane, London, EC3R 7QR.
Filing a Complaint. If you are not content with how Cashfac manages your personal information, we hope you will talk to us, however, you can also lodge a complaint with a privacy supervisory authority. In the European Economic Area, the relevant supervisory authority is the one in the country or territory where (i) you are resident (ii) you work, or (iii) the alleged infringement took place. A list of National Data Protection Authorities in the European Economic Area can be found here: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080]
Updates to this Policy
This Policy may be subject to updates. Any material future changes or additions to the processing of personal information as described in this Policy affecting you will be communicated to you through an appropriate channel. For example, we may place a prominent notice on our website or email you to let you know of an updated Policy.
LAST UPDATED: September 2019