Cledara is committed to protecting the information it holds about you. This privacy notice describes how, when, and why Cledara Limited (“we”) may use your information, as well as your rights in relation to this information. For the purposes of this notice, “you” means any business customer (a sole trader, company or partnership).
Who We are
We collect, process, use and are responsible for certain personal information about you. When we do so, we are regulated under the General Data Protection Regulation (EU) 2016/679 (GDPR) which applies across the European Union and EEA (including in the UK), and the Data Protection Act 2018 (together with the DPA).
Information we hold about you
Below is a list of types of personal information that we may collect and use when you apply for, or use any of our products or services.
- Contact: Your name, addresses, e-mail addresses, phone numbers and other ways in which to contact you
- Transactional: Details about the transactions you carry out and the payments to and from your accounts with us
- Contractual: Details about the products or services we provide to you
- Locational: Data we get about where you are. This may come from your mobile phone or the place where you connect a computer to the internet. It may also include locations where you used your card
- Behavioural: Details about how you use products and services via our Platform from us and other organisations
- Technical: Details on the devices and technology you use
- Communications: What we learn about you from communications between us
- Public and third-party records: We also collect information about you which we receive from other companies, such as (without limitation) credit reference or fraud protection agencies
- Usage Data: Other data about how you use our products and service
- Documentary Data: Details about you that are stored in documents in different formats, or copies of them.This could include things like (without limitation) your passport, driver’s licence, photographs or birth certificate
- Consents: Any permissions, consents or preferences that you give us
Where we collect personal information
Data you provide to us
This includes data given by you or your business, as well as data provided by people linked with you or your business’ product or service, or people working on your behalf.
- When you apply for our products and services
- When you talk to us on the phone
- When you use our website or mobile app
- In emails, web chats and letters
- In surveys
- If you take part in our competitions or promotions
Data we collect when you use our products or services
- Payment and transaction data
- Profile and usage data (including, without limitation, your security details, app or your website browser settings, marketing choices and data from the devices you use to connect to our Platform so we can provide you with our products or services).
Data from third parties
- Companies and business partners that introduce you to us
- Our service partners, such as Railsbank and PayrNet
- Our third-party vendors, including (without limitation) those that help us authenticate your identity
- Social networks and other technology providers (for instance, when you click on one of our Facebook or Google adverts)
- Fraud prevention agencies
- Other financial services companies (to fulfil a payment or other service as part of a contract [which they have] with you, or to help prevent, detect and prosecute unlawful acts, money laundering, and fraudulent behaviour)
- Public information sources such as (without limitation) Companies House
- Third-party agents, suppliers, sub-contractors and advisers
- Market researchers
- Firms providing data services
- Government, law enforcement agencies, authorities and regulatory bodies to help Cledara comply with its legal obligations;
What we use your information for and the legal basis for doing so
We use the information you provide us to communicate with you about the product and services you have expressed interest for and to manage complaints and resolve queries. The legal basis for doing so is taking the steps to enter into an agreement with you.
We also use the information provided to comply with regulatory and legal obligations to which we are subject and cooperate with regulators and law enforcement bodies. The legal basis for doing so is complying with the law and where it is in our legitimate interest to protect our business.
When we process personal data to meet our legitimate interests, we put in place robust safeguards to ensure that your privacy is protected and to ensure that our legitimate interests do not override your interests or fundamental rights and freedoms.
Below is a list of the ways that we may use your personal information and our reasons for doing so:
- Managing our relationship with you or your business
- Developing and carrying out marketing activities
- Studying how our customers use products and services from us and other organisations
- Communicating with you about our and our business partners’ products and services
Improving Our Business
- Testing new products
- Improving our products and services
- Managing how we work with other companies that provide services to us and our customers
- Developing new ways to meet our customers’ needs and to grow our business
Managing Our Operations
- Delivering our and our business partners’ products and services
- Making and managing customer payments
- Managing fees, charges and interest due on customer accounts
- Collecting and recovering money that is owed to us
Crime Prevention and Managing of Risks
- Identifying, investigating, reporting and preventing fraud, money laundering and other crime
- Managing risk for us and our customers
- Complying with laws and regulations
- Investigating and responding to complaints and feedback
- Operating our business in an efficient and proper way, including managing our financial position, business capability, planning, adding and testing systems and processes, managing communications, corporate governance, and audit
- Carrying out our obligations arising from and exercising our rights set out in our contracts
Who will we share your information with?
This means legal or other official bodies that include (without limitation):
- Central and local government, and where applicable, any EU/EEA or any other international government agency
- HM Revenue & Customs, regulators and other domestic, EU/EEA or international tax authorities
- Local, EU/EEA or international law enforcement or fraud prevention agencies (where applicable).
Third-party companies we work with to provide our services and products to you and to run our business.
- Agents, business partners, suppliers, sub-contractors and advisers
- Someone linked with your business, such as an employee or a recipient of a payment as required by the payment system
- Other financial services companies (for example, without limitation), to help prevent, detect and prosecute unlawful acts, money laundering or fraudulent behaviour)
- Accountants (if you have one and have provided your consent to us sharing your information with them)
- Companies you ask us to share your data with
Third-party companies we use to help grow and improve our business.
- Companies we have a joint venture or agreement to co-operate with
- Organisations that introduce you to us
- Market researchers
- Advisers who help us to come up with new ways of doing business.
- Advertisers and technology providers that you use (such as third-party websites you visit, social networks, and providers of apps and smart devices)
International data transfer
When we or fraud prevention agencies share information with organisations in another jurisdiction, we will ensure they agree to apply equivalent levels of protection for personal data as we do. If this is not possible – for example because we are required by law to disclose information – we will ensure the sharing of that information is lawful. Also, if they are not in a jurisdiction that the European Commission regards as having adequate levels of protections for personal data, we will put in place appropriate safeguards (such as contractual commitments), in accordance with applicable legal requirements, to ensure that your data is adequately protected.
The personal data that we hold will be stored in the UK or the European Economic Area (EEA), but may also be transferred to, and stored at, a destination outside the UK or EEA, with and by third parties, to help us provide our products or run our services. If we do transfer your personal information outside the UK or EEA, we will make sure that it is protected to the same extent as in the UK and EEA. We’ll use one of these legal safeguards:
- Transfer it to a non-UK or non-EEA country with privacy laws that give the same protection as those under the UK or the EEA.
- Put in place a contract with the recipient that means they must protect it to the same standards as the UK and EEA.
- Transfer it to organisations that are part of Privacy Shield (see the ICO’s website for more information about the Privacy Shield – https://ico.org.uk/).
Retention of your data
We will keep your personal information as long as you are a customer of Cledara.
We may keep your personal information for up to 10 years after you stop being a customer. The reasons we may do this are:
- To respond to a question or complaint, or to show whether we gave you fair treatment
- To study customer data as part of our own research
- To comply with legal rules that apply to us about keeping records. For example, the Money Laundering Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 require us to retain certain data for a minimum of 5 and a maximum of 10 years.
We may also keep your data for longer than 10 years if certain laws mean that we cannot delete it for legal, regulatory or technical reasons.
An individual has certain rights regarding his or her personal information, subject to local law. These include the following rights to:
- request a copy of the personal information we hold about them;
- request that we supply them (or a nominated third party) with an electronic copy of the personal information that they or you have provided us with;
- inform us of a correction to their personal information;
- exercise their right to restrict our use of their personal information;
- exercise their right to erase their personal information; or
- object to particular ways in which we are using their personal information.
To proceed with any of the above please contact us via DPO@cledara.com
Cledara use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
How to contact us
If you would like more information on your rights, or wish to exercise them, please submit a request via The Data Protection Officer, Cledara Limited, London, SE16 2BF or DPO@cledara.com
Cledara Limited is the ‘data controller’ for your personal data. This means it is responsible for deciding how we can use your personal data.
We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, you have the right to make a complaint to the data protection authority of the United Kingdom using their website - https://ico.org.uk.
Changes to the privacy notice
A copy of this privacy notice can be requested from us using the contact details set out above. We may modify or update this privacy notice from time to time.
Where changes to this privacy notice will have a fundamental impact on the nature of the processing or otherwise have a substantial impact on you, we will give you sufficient advance notice so that you have the opportunity to exercise your rights (e.g. to object to the processing).