Effective March, 2021
Your privacy and trust is important to us. So, we want to transparently explain how and why Cashfac PLC and its group companies (“Cashfac” “we”, “us” or “our”) gather, store, share and use your personal data in the context of our services – as well as outline the controls and choices you have around when and how you choose to share your personal data.
About this Policy
The terms governing your use of SlideBy are defined under App Terms.
This Policy does not generally apply to individuals whose personal information forms part of the content included within our Services, although you can find further information on that topic here.
Depending on the Service, we may provide additional or different privacy notices for specific interactions you have with us or to highlight how we use your personal information for specific Services. Where we do this, it will be clear which statements apply to which interactions and Services.
The aim of this Policy is to:
- Ensure that you understand what personal data we collect about you, the reasons why we collect and use it, and who we share it with;
- Explain the way we use the personal data that you share with us in order to give you a great experience when you are using our Services; and
- Explain your rights and choices in relation to the personal data we collect and process about you and how we will protect your privacy.
We hope this helps you to understand our privacy commitments to you. For information on how to contact us if you ever have any questions or concerns, please see the ‘How to contact us’ section below. Alternatively, if you do not agree with the content of this Policy, then please remember it is your choice whether you want to use our Services.
Your rights and your preferences: Giving you choice and control
You may have rights under European and other laws to have access to your personal information and to ask us to rectify, erase and restrict use of, your personal information. You may also have rights to object to your personal information being used, to ask for the transfer of personal information you have made available to us and to withdraw consent to the use of your personal information. Further information on how to exercise your rights is set out below.
You have the following rights under European laws and may have similar rights under the laws of other countries.
- Right of subject access: The right to make a written request for details of your personal information and a copy of that personal information
- Right to rectification: The right to have inaccurate information about you corrected or removed
- Right to erasure (‘right to be forgotten’): The right to have certain personal information about you erased
- Right to restriction of processing: The right to request that your personal information is only used for restricted purposes
- Right to opt out of marketing: You can manage your marketing preferences by using the unsubscribe links found in the communications you receive from us. Your choices in relation to marketing are explained here
- Right to object: The right to object to the processing of your personal information in cases where our processing is based on the performance of a task carried out in the public interest or we have let you know the processing is necessary for our or a third party’s legitimate interest
- Right to data portability: The right to ask for the personal information you have made available to us to be transferred to you or a third party in machine-readable format
- Right to withdraw consent: The right to withdraw any consent you have previously given us to handle your personal information. If you withdraw your consent, this will not affect the lawfulness of our use of your personal information prior to the withdrawal of your consent
These rights are not absolute, and they do not always apply in all cases.
In response to a request, we will ask you to verify your identity if we need to, and to provide information that helps us to understand your request better. If we do not comply with your request, whether in whole or in part, we will explain why.
In order to exercise your rights please complete this form.
How do we collect your personal data?
We collect personal information about you from your interactions with us, and from certain third parties and other sources.
We obtain personal information from you:
- through your interactions with us and our Services, such as, information you may give us by filling in forms or by corresponding with us by email, through community pages or otherwise. This includes the personal data you provide when registering to use our Services.
- when you download SlideBy or contact us for support. This includes personal data you provide when registering to use our Services.
- when you use our Services. We will have access to your personal data that you submit to us and personal data held by Account Servicing Payment Service Providers (i.e. any payment service provider, such as a bank or a credit card issuer that maintains an online payment account on your behalf) (“ASPSPs”) for the duration of the transmission. Such personal data may include your account information, account balance, transactions and payments.
- through your system/device and use of our Services. Our servers, logs and other technologies automatically collect system/device and usage information to help us administer, protect and improve our Services, analyse usage and improve users’ experience
- through cookies and similar technologies included on our Services. More information relating to cookies, and how to control their use can be found here.
- through third parties or publicly available sources. We may receive personal data about you from various third parties and public sources, for example, analytics providers such as Google.
We also collect personal information about you from third parties such as:
- the person(s) arranging for you to access our Services (e.g., your bank or service provider) in order to set up a user account
- an organization to which you belong where that organization provides you access to our Services (such as an accountancy firm providing you access to certain of our Services)
- partners and service providers who work with us in relation to your Service
- publicly available sources such as public websites, open government databases or other data in the public domain, to help us maintain data accuracy and provide and enhance the Services
We use anonymised and aggregated information for purposes that include testing our IT systems, research, data analysis, creating marketing and promotion models, improving our Services, and developing new features and functionality within the SlideBy App.
What personal data do we collect from you?
The type of personal information we collect depends on how you are interacting with us and which Services you are using.
In many cases, you can choose whether or not to provide us with personal information, but if you choose not to, you may not get the full functionality from the Services.
We have set out in the tables below the categories of personal data we collect and use about you:
Personal data collected when you sign up for SlideBy and use our Service
|Categories of personal data||Description of category|
|Account Registration Data||This is the personal data that is provided by you or collected by us to enable you to sign up for and use the SlideBy App and Services. This includes your email address, first name, surname, phone number, unique user reference, such as, reference which we assign to you when you sign up to use our Service, to create your own unique data record and other similar contact data.
Some of the personal data we will ask you to provide is required in order to create your account e.g. on SlideBy Community. You also have the option to provide us with some additional personal data in order to make your account more personalised.
|SlideBy App Usage and Administration||This is personal data that is provided by you or collected by us to enable you to use the Service – this may include:
Personal data collected through your use of the Service
|Categories of personal data||Description of category|
|Service Usage Data||This is the personal data that is collected about you when you are using our Service – this may include:
Personal data collected with your permission that enables us to provide you with additional features/functionality
|Categories of personal data||Description of category|
|Marketing Data||This personal data is used to enable us and our partners / service providers to send you marketing communications either:
What do we use your personal data for?
When you use or interact with our Service, we use a variety of technologies to process the personal data we collect about you for various reasons. We have set out in the table below the reasons why we process your personal data, the associated legal basis we rely upon to legally permit us to process your personal data, and the categories of personal data (identified in section ‘What personal data do we collect from you?’) used for these purposes:
|Description of why we process your personal data (‘processing purpose’)||Legal Basis for the processing purpose||Categories of personal data used by us for the processing purpose|
|To provide, personalise, and improve your experience with our Service and other services and products provided by us, for example by providing customised, personalised, or localised content, recommendations, features, and advertising on or outside of the Service (including for third party products and services).||
|To understand how you access and use our Services to ensure technical functionality of our Service, develop new products and services, and analyse your use of our Services, including your interaction with SlideBy App, advertising, products, and services that are made available, linked to, or offered through our Services.||
|To communicate with you for SlideBy Service-related purposes.||
|To detect fraud including fraudulent payments and fraudulent use of the Service.||
|To communicate with you, either directly or through one of our partners, for:
|To provide you with features, information, advertising, or other content which is based on your specific location.||
You are welcome to contact us for further information on the legal grounds that we rely on in relation to any specific processing of your personal information.
Data retention and deletion
We retain your information in accordance with our legal and regulatory obligations. You can find more information on the criteria used to calculate the retention periods set out below.
Cashfac implement policies and rules relating to the retention of personal information. We calculate retention periods for your personal information in accordance with the following criteria:
- the length of time necessary to fulfil the purposes we collected it for
- when you or your employer (or other subscriber providing your access to our Services) cease to use our Services
- the length of time it is reasonable to keep records to demonstrate that we have fulfilled our duties and obligations
- any limitation periods within which claims might be made
- the existence of any relevant proceedings
- any retention periods prescribed by law or recommended by regulators, professional bodies or associations
We will normally retain your information for a period of 60 days after your account is deactivated or 60 days after your information is no longer needed to provide you with our Services. After this period, the data will be deleted from our systems and we will be unable to access it.
Where we are required to retain the personal data for our legal, tax, audit, and accounting obligations, we will retain the necessary personal data for the period required by applicable law and/or, where necessary for our legitimate business interests such as fraud prevention or to maintain the security of our users.
In some circumstances you can ask us to delete your data sooner. If you do wish to cancel your account or request that we no longer use your information to provide you Services, please contact us at firstname.lastname@example.org.
Where we anonymise your personal data (i.e. so that it can no longer be associated with you) for further research or statistical purposes, then we may use this information indefinitely without further notice to you.
Transfer to other countries
Cashfac is a global organisation, and your personal information may be stored and processed outside of your home country, including in countries that may not offer the same level of protection for your personal information as your home country. We have measures in place to ensure that when your personal information is transferred internationally, it is subject to appropriate safeguards in accordance with data protection laws. Often, these include contractual safeguards. More information about these safeguards can be obtained by contacting us here.
We have networks, databases, servers, systems, support and helpdesks around the world. We collaborate with third parties like cloud hosting services, suppliers and technology support located around the world to serve the needs of our business, workforce and customers. We take appropriate steps to ensure that personal information is processed, secured and transferred according to applicable law. In some cases, we may need to disclose or transfer your personal information within Cashfac Group or to third parties in areas outside of your home country, including to countries that have not been declared adequate for the purposes of data protection by the European Commission.
The areas in which these recipients are located will vary from time to time, but include the United States, Europe, Australia, and other countries where Cashfac has a presence or uses contractors.
When we transfer personal information internationally, we put in place safeguards in accordance with applicable law (including Articles 44 to 50 of the EU General Data Protection Regulation). If you would like to know more about our data transfer practices and obtain copies of any relevant safeguarding measures, please contact our Legal & Compliance Team.
Keeping your personal data safe
Cashfac takes the security of personal information seriously and we use appropriate technologies and procedures to protect personal information (including administrative, technical and physical safeguards) according to the risk level and the service provided. We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security.
Our information security policies and procedures are closely aligned with widely accepted international standards and are reviewed regularly and updated as necessary to meet the sensitivity of the personal information we handle, our business needs, changes in technology and regulatory requirements. We have implemented appropriate information security controls.
Links to other websites
Our websites may include links to third-party websites, plug-ins and applications. This includes for example, e.g. Social Media Features, such as the Facebook Like button and Widgets, the “Share this” button or interactive mini-programs that run on our website. Clicking on those links or enabling those Features may allow third parties to collect or share data about you. For example, these Features may collect your IP address or which page you are visiting on our site, and may set a cookie to enable the Feature to function properly. Social Media Features and Widgets are either hosted by a third party or hosted directly on our site.
We cannot control or be held responsible for third parties’ privacy practices and content. If you click on a third-party advertisement or link, please understand that you are leaving our Service and any personal data you provide will not be covered by this Policy. Please read their privacy policies to find out how they collect and process your personal data.
We deliver marketing and event communications to you across various online and offline platforms including email, telephone, social media and advertising. Where required by law, we will ask you to explicitly opt in to receive marketing from us. If we send you a marketing communication, it will include instructions on how to opt out of receiving these communications in the future.
Honouring your marketing preferences is important to us. You have the right to opt out of receiving direct marketing.
How to Opt Out of Marketing Emails
Where we send marketing emails, we provide unsubscribe options for your use within our emails. In addition, you can also email email@example.com.
Even if you opt out of receiving marketing communications by email, we may still send you service communications or important transactional information related to your accounts and subscriptions (for purposes such as providing customer support).
Where to find further privacy information on our products and services
This Policy generally relates to the personal information we collect about users in connection with the Services, where we make decisions about how that personal information is handled (Cashfac as a controller).
Where we need to give you additional information about how your personal information is used in relation to a specific Service, we will provide separate or additional privacy notices.
Your professional service provider (e.g., your financial, tax or accounting adviser) and other third parties may enter your personal information into Services we make available to, and host for them on their behalf. They may provide their own privacy notices to you. You should contact them for these notices, and you may also be able to find their privacy notices on their websites.
How to contact us
If you have any questions, comments, complaints or suggestions in relation to data protection or this Policy, or any other concerns about the way in which we process information about you, please contact our Legal & Compliance Team at firstname.lastname@example.org or at Legal & Compliance Team, Cashfac PLC, 50 Mark Lane, London, EC3R 7QR.
If you are not satisfied with the response, we encourage you to escalate your query to our Data Protection Officer at email@example.com or at Data Protection Officer, Cashfac PLC, 50 Mark Lane, London, EC3R 7QR.
Filing a Complaint. If you are not content with how Cashfac manages your personal information, we hope you will talk to us, however, you can also lodge a complaint with a privacy supervisory authority. In the European Economic Area, the relevant supervisory authority is the one in the country or territory where (i) you are resident (ii) you work, or (iii) the alleged infringement took place. A list of National Data Protection Authorities in the European Economic Area can be found here.
Updates to this Policy
This Policy may be subject to updates. Any material future changes or additions to the processing of personal information as described in this Policy affecting you will be communicated to you through an appropriate channel. For example, we may place a prominent notice on our website or email you to let you know of an updated Policy.
Thank you for using SlideBy.
LAST UPDATED: March 2021