Privacy Policy for customers located in the United States of America

Last edited 3 March 2022

1. Introduction

This Privacy Policy provides a comprehensive description of how Cledara collects, uses, and shares information about you as well as your rights and choices regarding such information. For purposes of this Privacy Policy, "Cledara", "we", "our", and "us" refers to Cledara Limited and its subsidiaries and "you" or "your" refers to the natural person interacting with us.

This Privacy Policy applies to residents of the United States of America that access our website available at www.cledara.com ("Website"), use our web application available at app.cledara.com (“Web Application”), use our Chrome Extension, our emails and advertisements, and any other location, online or offline, operated by us that makes this Privacy Policy available to you (collectively, the "Service").

As further described in the "Information Collected through the Product" section, when you apply for an account with Cledara as a business customer or create an account as an authorized user of a business customer ("Cledara Account"), access or interact with our online platform available at https://app.cledara.com through your Cledara Account ("Platform"), or use a virtual payment card issued by a bank issuer managed through your Cledara Account ("Card") (collectively, the "Product"), our processing of information through the Product is governed by the terms of our agreements with the issuing bank and the applicable business customer, including our Platform Agreement. In the event we are permitted to process the information for our own purposes, we will process the information in accordance with the practices described in this Privacy Policy.

Your use of the Service or Product constitutes your agreement to our data practices, and any other policies made available by us to you. If you do not agree, please notify us in writing, close your Cledara Account, delete any cookies you may have on your devices, and cease all use of the Service and Product. In certain circumstances, the business customer on whose behalf we provide services will need to confirm your choice before we can fully process your request.

If you have any questions or wish to exercise your rights and choices, please contact us at dpo@cledara.com or as further set out in the "Contact Us" section. If you are a Nevada resident, or a California resident, please see the additional disclosures at the end of this Privacy Policy.

2. Information That Cledara Collects

A. Information Collected through the Service

We collect information when you use or interact with our Service. For example, we collect information when you browse our Website, use our Web Application or Chome Extension, read our emails, view our advertisements, engage in our affiliate referral program, apply for a job, contact us, or ask us a question. We collect information that you actively provide to us, and information that is automatically collected through tracking technologies (described below).

The categories of information you provide to us through our Service include:

  • Contact Data, including your first name, last name, email address, phone number, Social Security Number and date of birth..
  • Company Data, including your company name, size, and postal address, bank details, bank transaction information, and your job title .
  • Content, including content within any messages you send to us (such as when contacting sales or asking a question).
  • Job Applicant Data, including your employment and education history, transcripts, writing samples, and references as necessary to consider your job application for open positions.
  • Referral Data, including information you provide about any potential referrals as part of our affiliate referral program, such as their name, email address, and phone number. Where you provide information about potential referrals, you agree that you have all rights and permissions necessary to provide such information to us.

You may choose to voluntarily provide other information to us that we do not request, and, in such instances, you are solely responsible for such information.

The categories of information we automatically collect through our Service include:

  • Service Use Data, including information about how much time you spend on particular pages you visit, the features you use, your preferences or selections, the services you view, the SaaS products you use, the time of day your browse, and your referring and exiting pages
  • Device Data, including information about the type of device or browser you use, your device's operating software, your internet service provider, your device's regional and language settings, and device identifiers such as IP address and Ad Id.
  • Location Data, including imprecise location information (such as location derived from an IP address or information that indicates a city or postal code level).

The types of tracking technologies we use to automatically collect information include:

  • Log Files, which are files that record events that occur in connection with your use of the Service.
  • Cookies, which are small data files stored on your device that act as a unique tag to identify your browser. We use two types of cookies: session cookies and persistent cookies. Session cookies make it easier for you to navigate websites and expire when you close your browser. Persistent cookies help with personalizing your experience, remembering your preferences, and supporting security features. Additionally, persistent cookies allow us to bring you advertising. Persistent cookies may remain on your device for extended periods of time, and generally may be controlled through your browser settings.
  • Pixels (also known as web beacons), which is code embedded in a website, email, or advertisement that sends information about your use to a server. There are various types of pixels, including image pixels (which are small graphic images) and JavaScript pixels (which contains JavaScript code). When you access a website, email, or advertisement that contains a pixel, the pixel may permit us or a separate entity to drop or read cookies on your browser. Pixels are used in combination with cookies to track activity by a particular browser on a particular device. We may incorporate pixels from separate entities that allow us to track our conversions, bring you advertising, and provide you with additional functionality.
  • Device Fingerprinting, which is the process of analyzing and combining sets of data elements from your device's browser, such as JavaScript objects and installed fonts, to create a "fingerprint" of your device and uniquely identify your browser and device.

You may limit our collection of this information through tracking technologies by changing your browser or device settings. However, doing so may affect or limit the features available to you. For further information on how we use tracking technologies for analytics and advertising, and your rights and choices regarding them, see the "Analytics and Advertising" and "Your Rights and Choices" sections below.

B. Information Collected through the Product

Our Product is designed for use by business customers and their employees and authorized users. Our processing of information collected through the Product or otherwise provided to us by a business customer in connection with their use of the Product is governed by the terms of our agreements with the issuing bank and the applicable business customer, including our Platform Agreement. In the event of a conflict between this Privacy Policy and the terms of any agreements between a business customer and Cledara, the terms of those agreements will control. In the event we are permitted to process the information for our own purposes, we will process the information in accordance with the practices described in this Privacy Policy. We are not responsible for how our business customers treat information we collect on their behalf, and we recommend you review their own privacy policies.

We collect information through the Product when you:

  • Start the process of creating a Cledara Account.
  • Fill out an application or open a Cledara Account.
  • Sign-in to or access your Cledara Account.
  • Browse the Platform.
  • Make a purchase on your Card.
  • View your purchases or make changes to your Cledara Account.
  • Change administrative or other settings within your Cledara Account.
  • Use or redeem cash back rewards, such as cash back applied toward future statement balances.
  • Use or redeem partner rewards, such as discounts on partner products and services.
  • Use integrations to connect your Cledara Account to third party services.
  • Install and log in to the Cledara Chrome extension.

The categories of information you provide to us through the Product include:

  • Contact Data.
  • Company Data, including the information listed in Section 2.A. as well as any information you submit to us about your company when you apply for a Cledara Account or otherwise, such as details about your company's leadership, ownership, Financial Data, and Billing Data.
  • Financial Data, including your or your company's bank balance, routing and account numbers, transaction history, tax identification number, and related information.
  • Billing Data, including information to process your payments to us, such as your payment card number, expiration date, and security code.
  • Account Credentials, including your password and information for authentication and account access.
  • Transaction Data, including information associated with use of your Card, whether online or in store, such as your Card number, transactions, and purchase details, amounts, and locations.
  • Receipt Data, including information you submit to us to process your receipts, such as photos and messages if you opt-in to text messages.
  • Authorized User Data, including information you provide about any users who will be issued a Card, such as their name, email address, and phone number. Where you provide information about other users, you agree that you have all rights and permissions necessary to provide such information to us.
  • Cash Back Rewards Data, including funds and available points for cash back rewards.
  • Content, including content within any messages you send to us (such as when contacting support or asking a question). We also collect content within any messages you exchange with other users through the Product (such as when you use the Slack integration to submit a request to the Cledara Account administrator to make a transaction or to increase a spending limit on a Card).
  • SaaS Usage Data, including the SaaS products you use and how frequently you access them.

Where you do not provide information when required---or where it is inaccurate, out-of-date, or unable to be validated---we may prohibit your use of the Product.

In addition, when you access or interact with our Platform, we automatically collect Service Use Data, Device Data, and Location Data through the types of tracking technologies listed in Section 2.A. above.

C. Information Collected from Other Sources

We also collect information from other sources. The categories of sources from which we collect information include:

  • Financial Partners, Card Network Partners, Merchants, Payment Processors and Card Issuing Partners in connection with your use of the Product.
  • Identity Verification Services and Financial Information Providers.
  • Third Party Integrations, such as with your designated bank, account services, transactional information providers, and other integrations that you connect to your Cledara Account.
  • Social Networks and other locations that serve or assist in serving our advertisements.
  • Joint Marketing, Referrals, and Rewards Partners that we engage for joint marketing activities and also our referrals and rewards programs.
  • Publicly-available sources, including information in the public domain.

We treat the information collected from other sources subject to any laws or contractual obligations applicable to us. In the event we are permitted to process the information for our own purposes, we will process the information in accordance with the practices described in this Privacy Policy.

3. How We Use Information

We collect and use information for business and commercial purposes in accordance with the practices described in this Privacy Policy. Our business purposes for collecting and using information include:

  • Providing Services. We use the information we collect to operate and manage our Service and Product, including to provide the Website, determine eligibility for the Product, allow you to use the Card and access the Platform, and otherwise provide services requested by you and our business customers.
  • Important Communications with You. We use the information we collect to send you technical notices, updates, security alerts, information regarding changes to our policies, and support administrative messages.
  • Security and Fraud Detection. We use the information we collect to prevent and detect potentially fraudulent or unauthorized transactions, breach of policies or terms, and threats of harm.
  • Cledara Rewards. If you choose to participate in our rewards program, we use the information we collect as necessary to determine your eligibility and to facilitate the rewards program effectively.
  • Understanding Usage and Improving our Services and Products. We use the information we collect to understand how our business customers use the Service and Product, and improve our services and products. For example, we may use information to provide you with recommendations on how to lower your spending and inefficiency. We may also improve usability of the Service and Product by analyzing how you interact with our Service and Product (such as analyzing how you use tools made available to you or which links you click).
  • Auditing and Research. We use the information we collect to conduct internal reporting, auditing, and research, including focus groups and surveys.
  • Marketing and Advertising. We use the information we collect through the Service to develop and send advertising, direct marketing, and communications about our and other entities' products, offers, promotions, rewards, events, and services.
  • At your Direction. We use the information we collect to fulfill any other purpose at your direction. For example, if you send us a photo of your receipt through text message, we will process that receipt to provide the Product to you. Also, if you direct us to connect your Cledara Account to a third party integration, such as Slack, we will process that request accordingly.
  • With Notice to You and Your Consent. We may otherwise use the information we collect after providing notice to you and obtaining your consent.

Notwithstanding the above, we may use information that does not identify you (including information that has been aggregated or de-identified) for any purpose except as prohibited by law or contractual obligation applicable to us. For information on your rights and choices regarding how we use information about you, please see the "Your Rights and Choices" section below.

4. Sharing Information

We share information we collect, including information that identifies you, in accordance with the practices described in this Privacy Policy. The categories of parties with whom we share information include:

  • Service Providers. We share information with service providers that process information on our behalf. Service providers assist us with services such as payment processing, Card services, data analytics, website hosting, and technical support. We contractually prohibit our service providers from retaining, using, or disclosing information about you for any purpose other than performing the services for us, although we may permit them to use information that does not identify you (including information that has been aggregated or de-identified) for any purpose except as prohibited by applicable law or contractual obligation.
  • Affiliates. We share information with our affiliates and related entities, including where they act as our service providers or for their own internal purposes.
  • Business Customers. We share information with our business customers to provide services on their behalf. For example, we share information with our business customers to facilitate your Cledara Account purchases, maintain and administer your Cards, respond to your and their questions, comply with your and their requests, and otherwise comply with the law. In addition, business customer administrators and managers will see certain information you submit through your Cledara Account, such as receipts uploaded, or requests submitted. Our business customers are independent entities and their processing of information is subject to their own privacy policies.
  • Identity Verification Services. We share information as necessary to verify your identity.
  • Card-issuing Partners. We share information with banks in connection with providing Card services to you.
  • Credit Reporting Agencies and Other Financial Information Providers. We share information about you and your account with credit reporting agencies to verify information about your business, to report on your business's performance, and to report late payments, missed payments, or other defaults.
  • Cledara Rewards. We share information about you and your Cledara Account as necessary to determine your eligibility and to facilitate the rewards program effectively.
  • Marketing and Advertising. We share information collected through the Service with vendors or other parties for marketing and advertising related purposes. These parties may act as our service providers, or in certain contexts, independently decide how to process your information. For more information, see the "Analytics and Advertising" section below.
  • Mergers and Acquisition. We share information in connection with, or during negotiations of, any proposed or actual merger, purchase, sale or any other type of acquisition or business combination of all or any portion of our assets, or transfer of all or a portion of our business to another business.
  • Security and Compelled Disclosure. We share information to comply with the law, regulations, payment network rules, or other legal process, and where required in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We also share information with regulators, law enforcement, financial services providers, and other authorized third parties as required by law. We will also share information to protect the rights, property, life, health, security and safety of us, the Service, the Product, or anyone else.
  • Referrals and Joint Marketing. We share information with our partners in connection with facilitating referral partnerships or engaging in joint marketing activities. For example, if you were referred to our Service or Product through a referral partner, we share information with our referral partner to calculate the referral fee.
  • At your Request. We share information at your request or direction, such as if you direct us to connect your Cledara Account to a third party integration.
  • With Notice to You and Your Consent. We may otherwise share information after providing notice to you and obtaining your consent.

Notwithstanding the above, we may share information that does not identify you (including information that has been aggregated or de-identified) for any purpose except as prohibited by law or contractual obligation applicable to us. For information on your rights and choices regarding how we share information about you, please see the "Your Rights and Choices" section below.

5. Other Parties

The Service and Product may link to or integrate with websites, platforms, and services operated or controlled by other parties. Some examples include:

  • Links. Our Service and Product may link to websites, platforms, and other services not operated or controlled by us.
  • Log-In. We may embed a pixel on our Service that allows you to log-in to your Cledara Account through another service. For example, you may log-in to your Cledara Account through your account with Google. If you choose to engage with such integration, we may receive information from the other service that you have authorized to share with us. Please note that the other service may independently collect information about you through the integration.
  • Social Media. We may offer our content through social media. Any information you provide to us when you engage with our content is treated in accordance with this Privacy Policy. Also, if you publicly reference our Service or Product on social media (e.g., by using a hashtag associated with Cledara in a tweet or post), we may use your reference on or in connection with our Service.
  • Platform Linking. We may offer you the ability to link your Cledara Account to another service in order to retrieve certain information about your account on that service. For example, if you link your account to an accounting and bookkeeping platform, such as QuickBooks or NetSuite, or a business communication platform, such as Slack, the linking may allow us to obtain information such as your username, email address, photo, Transaction Data, and duplicate transactions. For more information about how these platforms handle information about you, please refer to their respective privacy policies and terms of use.

Please note that when you interact with other parties, including when you leave our Service or Product, those parties may independently collect information about you and solicit information from you. The information collected and stored by those parties remains subject to their own policies and practices, including what information they share with us, your rights and choices on their services and devices, and whether they store information in the U.S. or elsewhere. We encourage you to familiarize yourself with and consult their privacy policies and terms of use.

6. Analytics and Advertising

We use analytics services, such as Google Analytics, to help us understand how users access and use the Service. In addition, we work with agencies, advertisers, ad networks, and other technology services to place advertisements on our behalf on other websites and services. For example, we may place ads through Google and Facebook that you may view on their platforms as well as on other websites and services.

As part of this process, we may incorporate tracking technologies into our own Service (including our Website and emails) as well as into our ads displayed on other websites and services. Some of these tracking technologies may track your activities across time and services for purposes of associating the different devices you use, and delivering relevant ads and/or other content to you ("Interest-based Advertising").

As indicated above, vendors and other parties may act as our service providers, or in certain contexts, independently decide how to process your information. We encourage you to familiarize yourself with and consult their privacy policies and terms of use.

While you may disable some tracking technologies by blocking cookies in your browser, you may still see advertising as part of a broader marketing campaign. For further information on the types of tracking technologies we use on the Service and your rights and choices regarding analytics and Interest-based Advertising, please see the "Information Collected through the Service" and "Your Rights and Choices" sections.

7. Data Transfer

Our Service and Product are operated from and directed toward business customers with a presence in the United States, for exclusive use by their employees and authorized users. Any information we collect may be transferred to, processed, used, handled, and stored in the United States, the United Kingdom, European Union and other jurisdictions. Data protection laws in the United States and other jurisdictions may differ from those of your country of residence. The information we collect is governed according to United States law.

By using the Service or Product, you consent to the transfer, processing, use of, handling, and storage of information about you in the United States and other jurisdictions as described in this Privacy Policy. For personal data transferred from Europe or the United Kingdom, we will provide appropriate safeguards, such as through the use of standard contractual clauses. For further information, please refer to our UK & European Privacy Policy accessible at www.cledara.com.

8. Additional Important Information

Security. We use organizational, technical, and administrative measures designed to protect information about you from loss, theft, misuse, and unauthorized access, disclosure, alteration and destruction. However, no information security program or transfer via the internet is entirely secure and we cannot guarantee the security of information about you.

Use by Minors. We do not direct any of our services to children. We do not knowingly collect personal information (as defined by the U.S. Children's Privacy Protection Act, or "COPPA") from children under 13. We also do not knowingly "sell," as that term is defined under the CCPA, the personal information of minors under 16 who are California residents. If you are a parent or guardian and believe we have violated this provision, contact us at dpo@cledara.com.

Changes to this Privacy Policy. We reserve the right to change and reissue this Privacy Policy at any time by posting an updated version. Your continued use of our Service or Product indicates your consent to the Privacy Policy then posted. If we have an existing relationship with you, you represent a business customer, or if you are an employee or authorized user, we may provide you or the business customer notice through our Website or your Cledara Account; or provide notice directly to you using the Contact Data provided to us. If we do not have an existing relationship with you---for instance, if you only visit our Website---any notice we provide will be posted to our Website. Any privacy notice is effective upon posting or when it is provided to you.

9. Your Rights and Choices

Cledara Account. The information in your Cledara Account is governed by our agreements with the applicable business customer. You may access, update, or delete certain information within your Cledara Account through the Platform, provided that the business customer will make the ultimate decision around the processing. The business customer's administrator is responsible for your Cledara Account and Cards associated with the business customer. The business customer administrator has the ability to grant, restrict, suspend, or terminate your access to or use of the Product. The administrator can also access information about you on Product, access and retain information we have stored on its behalf, and limited your ability to edit, modify, delete, or use information associated with your use of the Product. Please note that if you delete information through your Cledar5a Account, we will retain and use information about you as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Tracking Technology Choices.

  • Cookies and Pixels. Most browsers accept cookies by default. You can instruct your browser, by changing its settings, to decline or delete cookies. If you use multiple browsers on your device, you will need to instruct each browser separately. Your ability to limit cookies is subject to your browser settings and limitations.
  • Do Not Track. Your browser settings may allow you to automatically transmit a "Do Not Track" signal to online services you visit. Note, however, there is no industry consensus as to what site and app operators should do with regard to these signals. Accordingly, unless and until the law is interpreted to require us to do so, we do not monitor or take action with respect to "Do Not Track" signals. For more information on "Do Not Track," visit http://www.allaboutdnt.com.

Please be aware that if you disable or remove tracking technologies some parts of the Service and Product may not function correctly.

Analytics and Interest-Based Advertising. Google provides tools to allow you to opt out of the use of certain information collected by Google Analytics at https://tools.google.com/dlpage/gaoptout and by Google Analytics for Display Advertising or the Google Display Network at https://www.google.com/settings/ads/onweb.

The companies we work with to provide you with targeted ads in connection with the Service are required by us to give you the choice to opt out of receiving targeted ads. Most of these companies are participants of the Digital Advertising Alliance ("DAA") and/or the Network Advertising Initiative ("NAI"). To learn more about the targeted ads provided by these companies, and how to opt out of receiving certain targeted ads from them, please visit: (i) for website targeted ads from DAA participants, https://www.aboutads.info/choices; and (ii) for targeted ads from NAI participants, https://www.networkadvertising.org/choices. Opting out only means that the selected participants should no longer deliver certain targeted ads to you, but does not mean you will no longer receive any targeted content and/or ads (e.g., in connection with the participants' other customers or from other technology services).

Please note that if you opt out using any of these methods, the opt out will only apply to the specific browser or device from which you opt out. We are not responsible for the effectiveness of, or compliance with, any opt out options or programs, or the accuracy of any other entities' statements regarding their opt out options or programs.

Communications.

  • E-mails. You can opt-out of receiving promotional emails from us at any time by following the instructions as provided in emails to click on the unsubscribe link or changing your email preferences in the Cledara Web Application. Please note that you cannot opt-out of non-promotional emails, such as those about your Cledara Account, transactions, servicing, or our ongoing business relations.

Please note that your opt out is limited to the email address used and will not affect subsequent subscriptions.

Unlinking Platforms. If you have linked your Cledara Account with certain other services, such as Slack or QuickBooks, you may unlink your accounts at any time by visiting your Cledara Account settings. Please note that unlinking your accounts will not affect any information previously shared through the linking. Cledara is not responsible for the data practices of any other entities, and we recommend that you carefully review their privacy policies and terms of use.

10. Contact Us

If you have any questions about this Privacy Policy, our data practices, or our compliance with applicable law, please contact us:

By email: dpo@cledara.com.

If you experience any difficulties accessing the information in this Privacy Policy, please contact us at dpo@cledara.com

11. Additional Disclosures for Nevada Residents

Nevada law (NRS 603A.340) requires each business to establish a designated request address where Nevada consumers may submit requests directing the business not to sell certain kinds of personal information that the business has collected or will collect about the consumer. A sale under Nevada law is the exchange of personal information for monetary consideration by the business to a third party for the third party to license or sell the personal information to other third parties. If you are a Nevada consumer and wish to submit a request relating to our compliance with Nevada law, please contact us at dpo@cledara.com.

12. Additional Disclosures for California Residents

These additional disclosures apply only to California residents and only to the extent applicable.

Our Service and Product are primarily intended to provide information and services to job applicants and business customers. You understand and agree that personal information collected about you is solely within the context of (i) your role as an employee, authorized user, job applicant, owner, director, officer, or contractor or (ii) Cledara conducting due diligence regarding, or providing or receiving a product or service to or from your employer.

We acknowledge that you may have rights under the CCPA in connection with the personal information we process on behalf of our business customers. If personal information about you has been processed by us as a service provider on behalf of a business customer and you wish to exercise any rights you have with such personal information, please inquire with our business customer directly. If you wish to make your request directly to us, please provide the name of our business customer on whose behalf we processed your personal information. We will refer your request to that business customer, and will support them to the extent required by applicable law in responding to your request.

Notice of Collection

The California Consumer Privacy Act of 2018 ("CCPA") provides additional rights and requires businesses collecting or disclosing personal information to provide notices and means to exercise rights. In the past 12 months, we have collected the following categories of personal information enumerated in the CCPA:

  • Identifiers, including name, postal address, email address, and online identifiers (such as IP address).
  • Customer records, including phone number, billing address, bank account and credit or debit card information.
  • Characteristics of protected classifications under California or federal law, including gender.
  • Commercial or transactions information, including records of products or services purchased, obtained, or considered.
  • Internet activity, including browsing history, search history, and interactions with a website, email, application, or advertisement.
  • Geolocation data.
  • SaaS Usage Data, including the SaaS products you use and how frequently you access them.
  • Employment and education information.
  • Inferences drawn from the above information about your predicted characteristics and preferences.

For further details on information we collect, including the sources from which we receive information, review the "Information that Cledara Collects" section above. We collect and use these categories of personal information for the business purposes described in the "How We Use Information" section above.

Right to Know and Delete

You have the right to know certain details about our data practices in the past 12 months. In particular, you may request the following from us:

  • The categories of personal information we have collected about you;
  • The categories of sources from which the personal information was collected;
  • The categories of personal information about you we disclosed for a business purpose or sold;
  • The categories of third parties to whom the personal information was disclosed for a business purpose or sold;
  • The business or commercial purpose for collecting or selling the personal information; and
  • The specific pieces of personal information we have collected about you.

In addition, you have the right to delete the personal information we have collected from you.

To exercise any of these rights, please submit a request by sending an email to dpo@cledara.comm with "CCPA Request" in the subject line and specify which right you are seeking to exercise and the scope of the request. We will confirm receipt of your request within 10 days. If personal information about you has been processed by us as a service provider on behalf of a business customer, we will follow the procedure set out above. We may require specific information from you to help us verify your identity and process your request. If we are unable to verify your identity, we may deny your requests to know or delete.

Authorized Agent.

You can designate an authorized agent to submit requests on your behalf. However, we will require signed proof of the agent's permission to do so and verify your identity directly.

Right to Non-Discrimination.

You have the right not to receive discriminatory treatment by us for the exercise of any your rights.

Shine the Light.

Customers who are residents of California may request (i) a list of the categories of personal information disclosed by us to third parties during the immediately preceding calendar year for those third parties' own direct marketing purposes; and (ii) a list of the categories of third parties to whom we disclosed such information. To exercise a request, please write us at dpo@cledara.com or the postal address set out in "Contact Us" above and specify that you are making a "California Shine the Light Request." We may require additional information from you to allow us to verify your identity and are only required to respond to requests once during any calendar year.



Privacy Policy for users located in the UK and Europe

Last edited 12 June 2023

Introduction

Cledara is committed to protecting the information it holds about you. This privacy notice describes how, when, and why Cledara Limited (“we”) may use your information, as well as your rights in relation to this information. For the purposes of this notice, “you” means any business customer (a sole trader, company or partnership).

We ask that you read this privacy policy which was last updated on the date set out below (Privacy Policy) carefully as it contains important information on who we are, how and why we collect, store, use, transfer and share personal information, your rights in relation to your personal information, and how to contact us and supervisory authorities (the ICO (as defined below)) in the event you have a complaint. This Privacy Policy should be read alongside, and in addition to any separate product or service agreement entered into between us from time to time.

Whenever we refer to the ‘law’ under this Privacy Policy we are referring to those laws all as amended from time to time. Where we have used but haven’t explained the meaning of a defined term in this Privacy Policy, that defined term has the same meaning as set out under the DPA (available here). When we refer to ‘information’ or ‘data’ under this Privacy Policy we refer to your personal information.

Who We are

In this Privacy Policy reference to us, our, we, or Cledara are to Cledara Ltd (Co. No. 11455373). We are registered with ICO (registration no. ZA466806) and are registered with the Financial Conduct Authority as an EMD Agent (reference no. 902831) of PayrNet Limited, an Electronic Money Institution authorised by the Financial Conduct Authority (reference number: 900594)

We collect, process, use and are responsible for certain personal information about you. When we do so, we are regulated under the General Data Protection Regulation (EU) 2016/679 (GDPR) which applies across the European Union and EEA (including in the UK), and the Data Protection Act 2018 (together with the DPA).

We are responsible as ‘controller’ of that personal information for the purposes of those laws. If you have any queries about this Privacy Policy or how we (may) collect, store or use your information, please contact us by email at dpo@cledara.com.

Information we hold about you

Below is a list of types of personal information that we may collect and use when you apply for, or use any of our products or services.

  • Contact: Your name, addresses, e-mail  addresses, phone numbers and other ways in which to contact you
  • Transactional: Details about the transactions you carry out and the payments to and from your accounts with us
  • Contractual: Details about the products or services we provide to you
  • Locational: Data we get about where you are. This may come from your mobile phone or the place where you connect a computer to the internet. It may also include locations where you used your card
  • Behavioural: Details about how you use products and services via our Platform from us and other organisations
  • Technical: Details on the devices and technology you use
  • Communications: What we learn about you from communications between us
  • Public and third-party records: We also collect information about you which we receive from other companies, such as (without limitation) credit reference or fraud protection agencies
  • Usage Data: Other data about how you use our products and service
  • Documentary Data: Details about you that are stored in documents in different formats, or copies of them.This could include things like (without limitation) your passport, driver’s licence, photographs or birth certificate
  • Consents: Any permissions, consents or preferences that you give us

Where we collect personal information

Data you provide to us

This includes data given by you or your business, as well as data provided by people linked with you or your business’ product or service, or people working on your behalf.

  • When you apply for our products and services
  • When you talk to us on the phone
  • When you use our website or mobile app
  • In emails, web chats and letters
  • In surveys
  • If you take part in our competitions or promotions

Data we collect when you use our products or services

  • Payment and transaction data
  • Profile and usage data (including, without limitation, your security details, app or your website browser settings, marketing choices and data from the devices you use to connect to our Platform so we can provide you with our products or services).
  • Where you connect an email account to us for our invoice capture feature, we collect emails sent to you by SaaS companies, along with any attachments where our algorithms determine that such email is likely to contain an invoice.
  • Where you use 'Cledara Engage', we collect the date and time that you access SaaS products through your associated web browser.
  • We also use cookies and other internet tracking software to collect data while you are using our website or mobile app (or any other device) (as described in more detail below).

Data from third parties

  • Companies and business partners that introduce you to us
  • Our service partners, such as Railsbank and PayrNet
  • Our third-party vendors, including (without limitation) those that help us authenticate your identity
  • Social networks and other technology providers (for instance, when you click on one of our Facebook or Google adverts)
  • Fraud prevention agencies
  • Other financial services companies (to fulfil a payment or other service as part of a contract [which they have] with you, or to help prevent, detect and prosecute unlawful acts, money laundering, and fraudulent behaviour)
  • Public information sources such as (without limitation) Companies House
  • Third-party agents, suppliers, sub-contractors and advisers
  • Market researchers
  • Firms providing data services
  • Government, law enforcement agencies, authorities and regulatory bodies to help Cledara comply with its legal obligations;

What we use your information for and the legal basis for doing so

We use the information you provide us to provide our service to you and to communicate with you about the product and services you have expressed interest for and to manage complaints and resolve queries. The legal basis for doing so is taking the steps to enter into an agreement with you and to provide our service to you.

We also use the information provided to comply with regulatory and legal obligations to which we are subject and cooperate with regulators and law enforcement bodies. The legal basis for doing so is complying with the law and where it is in our legitimate interest to protect our business.

When we process personal data to meet our legitimate interests, we put in place robust safeguards to ensure that your privacy is protected and to ensure that our legitimate interests do not override your interests or fundamental rights and freedoms.

Below is a list of the ways that we may use your personal information and our reasons for doing so:

Serving You

  • Managing our relationship with you or your business
  • Developing and carrying out marketing activities
  • Studying how our customers use products and services from us and other organisations
  • Communicating with you about our and our business partners’ products and services

Improving Our Business

  • Testing new products
  • Improving our products and services
  • Managing how we work with other companies that provide services to us and our customers
  • Developing new ways to meet our customers’ needs and to grow our business

Managing Our Operations

  • Delivering our and our business partners’ products and services, for example using emails captured from the email address you connect to us to automatically capture, upload and reconcile you SaaS invoices
  • Making and managing customer payments
  • Managing fees, charges and interest due on customer accounts
  • Collecting and recovering money that is owed to us

Crime Prevention and Managing of Risks

  • Identifying, investigating, reporting and preventing fraud, money laundering and other crime
  • Managing risk for us and our customers
  • Complying with laws and regulations
  • Investigating and responding to complaints and feedback

Business Management

  • Operating our business in an efficient and proper way, including managing our financial position, business capability, planning, adding and testing systems and processes, managing communications, corporate governance, and audit
  • Carrying out our obligations arising from and exercising our rights set out in our contracts


Who will we share your information with?

Below is a list of the types of third parties that we may share your personal information with. We will only disclose personal information with such third parties for the reasons explained in this Privacy Policy.

Authorities

This means legal or other official bodies that include (without limitation):

  • Central and local government, and where applicable, any EU/EEA or any other international government agency
  • HM Revenue & Customs, regulators and other domestic, EU/EEA or international tax authorities
  • Local, EU/EEA or international law enforcement or fraud prevention agencies (where applicable).

Services

Third-party companies we work with to provide our services and products to you and to run our business.

  • Agents, business partners, suppliers, sub-contractors and advisers
  • Someone linked with your business, such as an employee or a recipient of a payment as required by the payment system
  • Other financial services companies (for example, without limitation), to help prevent, detect and prosecute unlawful acts, money laundering or fraudulent behaviour)
  • Accountants (if you have one and have provided your consent to us sharing your information with them)
  • Companies you ask us to share your data with

General business

Third-party companies we use to help grow and improve our business.

  • Companies we have a joint venture or agreement to co-operate with
  • Organisations that introduce you to us
  • Market researchers
  • Advisers who help us to come up with new ways of doing business.
  • Advertisers and technology providers that you use (such as third-party websites you visit, social networks, and providers of apps and smart devices)

International data transfer

When we or fraud prevention agencies share information with organisations in another jurisdiction, we will ensure they agree to apply equivalent levels of protection for personal data as we do. If this is not possible – for example because we are required by law to disclose information – we will ensure the sharing of that information is lawful. Also, if they are not in a jurisdiction that the European Commission regards as having adequate levels of protections for personal data, we will put in place appropriate safeguards (such as contractual commitments), in accordance with applicable legal requirements, to ensure that your data is adequately protected.

The personal data that we hold will be stored in the UK or the European Economic Area (EEA), but may also be transferred to, and stored at, a destination outside the UK or EEA, with and by third parties, to help us provide our products or run our services. If we do transfer your personal information outside the UK or  EEA, we will make sure that it is protected to the same extent as in the UK and EEA. In these circumstances, we ensure that the recipient of your Personal Data offers an adequate level of protection and security, for instance by entering into the appropriate back-to-back agreements and, if required, standard contractual clauses or an alternative mechanism for the transfer of data as approved by the European Commission (Art. 46 GDPR) or other applicable regulators or legislators. Where required by applicable law, we will only share, transfer or store your Personal Data outside of your jurisdiction with your prior consent.

Retention of your data

We will keep your personal information as long as you are a customer of Cledara.

We may keep your personal information for up to 10 years after you stop being a customer. The reasons we may do this are:

  • To respond to a question or complaint, or to show whether we gave you fair treatment
  • To study customer data as part of our own research
  • To comply with legal rules that apply to us about keeping records. For example, the Money Laundering Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 require us to retain certain data for a minimum of 5 and a maximum of 10 years.

We may also keep your data for longer than 10 years if certain laws mean that we cannot delete it for legal, regulatory or technical reasons.


Individual rights

An individual has certain rights regarding his or her personal information, subject to local law. These include the following rights to:

  • request a copy of the personal information we hold about them;
  • request that we supply them (or a nominated third party) with an electronic copy of the personal information that they or you have provided us with;
  • inform us of a correction to their personal information;
  • exercise their right to restrict our use of their personal information;
  • exercise their right to erase their personal information; or
  • object to particular ways in which we are using their personal information.

To proceed with any of the above please contact us via DPO@cledara.com

Cookies

We may use cookies and similar technologies on our websites and in our emails. Cookies are text files that get small amounts of information, which your computer or mobile device stores when you visit a website. When you return to the websites they recognise these cookies and therefore your device.

We use cookies to do many different jobs, like letting you navigate between pages efficiently, remembering your preferences and generally improving your online experience.

We also use cookies in some of our emails to help us understand a little about how you interact with our emails, and to help us improve our future email communications.

Google

Where Cledara use or transfer data to any other app information received from Google APIs, Cledara will adhere to Google API Services User Data Policy, including the Limited Use requirements.

How to contact us

If you would like more information on your rights, or wish to exercise them, please submit a request via  The Data Protection Officer, Cledara Limited, 3rd Floor 86-90 Paul Street, London, England, EC2A 4NE or DPO@cledara.com

Cledara Limited is the ‘data controller’ for your personal data. This means it is responsible for deciding how we can use your personal data.

We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, you have the right to make a complaint to the data protection authority of the United Kingdom using their website - https://ico.org.uk.

Changes to the privacy notice

A copy of this privacy notice can be requested from us using the contact details set out above. We may modify or update this privacy notice from time to time.

Where changes to this privacy notice will have a fundamental impact on the nature of the processing or otherwise have a substantial impact on you, we will give you sufficient advance notice so that you have the opportunity to exercise your rights (e.g. to object to the processing).