- to the website/portal features and services provided to you when you visit our websites, portals or our payment panels our clients may use on their websites;
- when you apply to use and/or use Everyfin’s products and services, as well as when you request changes to the services you are using;
- to your use of software including terminals, mobile and desktop applications provided by Everyfin; and to email, other electronic messages including SMS, telephone, webchat, website/portal and other communications between you and Everyfin.
INFORMATION WE MAY COLLECT AND HOLD ABOUT YOU.
We collect and process personal and non-personal information relating to you. We may collect and process your individually identifiable information, namely information that identifies a person or can, with reasonable efforts, identify a person directly of indirectly (“Personal data”).
We also collect non-personal information or may anonymise personal information in order to make it non-personal. Non-personal information is information that does not enable a specific individual to be identified, either directly or indirectly. We may collect, create, store, use, and disclose such non-personal information for any reasonable business purpose. For example, we may use aggregated transactional information for commercial purposes, such as trend analysis and the use of data analytics to obtain learnings and insight around payment transaction patterns and usage.
COLLECTING AND HOLDING YOUR INFORMATION.
We collect and store the following information through the following means:
Information you provide us when you (or your business) contact us for or apply for the Everyfin Services; register to use and/or use any Everyfin Services; upload and/or store information with us using the Everyfin Services; and when you communicate with us through email, SMS, a website or portal, or the telephone or other electronic means, e.g. in the context of contacting us about your account or transactions. Such information may reference or relate to you or your customers and includes:
- an individual’s identification data, such as name, surname, personal identity number, date and place of birth, identification document data (such as passport copy, ID card, photo, short video of individual and selfie) or another document containing personal data;
- an individual’s contact details (postal address, phone, email, Skype name, IP address, communication language with the customer, etc.);
- data on tax residency (for example, nationality, country of residence, tax residence, taxpayer number, social insurance number);
- data of related persons (for example, representatives and authorised persons of customer, family members of employees, heirs, guarantors and other related persons of customers);
- financial and wealth origin data such as accounts, income, ownership, transactions, commitments, data on the customer’s counterparties and personal activities (information on accounts, payments made, agreement and invoice copies, information on business activities, origin of funds, certificates of income, loans and other liabilities, information on accounts with other credit institutions);
- professional data such as education or professional career (for example, information on salary, previous places of employment, education etc.);
- audio / visual data (for example, records of phone conversations of Everyfin and customers, records of surveillance cameras placed in objects belonging to Everyfin and areas adjacent to them), communication data collected when the customer visits Everyfin, or communicates with Everyfin, email and other communications data obtained from visiting our website.
Information we collect about you automatically when you interact with Everyfin, whether or not you open an account or undertake a transaction with us; for example by way of “cookies” or similar technology. We also obtain certain information when your web browser accesses Everyfin Services or advertisements and other content provided by or on behalf of Everyfin. Collecting this information enables us to better understand the visitors and customers who use and interact with us, where they come from, and how they use Our Services. We use this information for our analytics purposes and to improve the quality and relevance of Our Services for our visitors and customers. This information includes:
- Technical information, including the Internet protocol (IP) address used to connect your computer or device to the Internet, your login information, browser type and version, equipment type, time zone setting, browser plug-in types and versions, operating system platform, frequency and length of visits, and what links you click on;
Information we obtain from external sources when you apply for and use Everyfin Services, we:
- search your records at fraud prevention agencies and KYC (Know Your Customer) and AML (Anti Money Laundering) service providers to fulfil our legal obligations.
- may also collect information about you from public sources for AML reasons or market research. This includes official public records, like Companies’ House and information published by the press or on social media.
- collect and hold data on research that makes it possible to conduct customer research activities in relation to the prevention of money laundering and terrorist financing and to ensure compliance with international sanctions and whether the individual is a politically exposed person;
- collect and hold data obtained when following regulatory requirements, such as data arising from requests for information from public authorities, the tax administration, investigative authorities, including the police, courts, sworn notaries and bailiffs;
- collect and hold data from, third parties like business partners, banks and other financial institutions, merchants, subcontractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, government lists and databases, social media sites (including posting made by or about you or us), credit reference and fraud prevention agencies.
WHAT WE DO WITH YOUR PERSONAL INFORMATION.
Data protection regulation says we need to have a lawful basis for using your personal information. We collect and hold personal information for specified, explicit and legitimate purposes and do not further process in a manner that is incompatible with those purposes.
We perform processing of data for the following purposes:
- compliance with legal acts,
- identification, due diligence and monitoring of individuals;
- performance of a contract;
- provision of services;
- management of the relationship with customers, partners and other related persons;
- ensuring physical and information security;
- protection of Everyfin’s and customers’ interests;
- risk management;
- personnel management.
- commercial communications promoted marketing campaigns and similar activities;
- satisfaction of customers’ claims.
The main lawful basis of Personal data processing for these purposes are:
- your consent to the personal data processing;
- conclusion and performance of the contract with you or your customer;
- fulfilment of legal obligations under applicable legislation;
- our legitimate interests.
We’ll ask for your consent to share information about you with companies we work with when we need your permission (see “DISCLOSURE OF YOUR INFORMATION” below).
You don’t have to share information about yourself if you don’t want to. But if you don’t, you may not be able to use some (or any) of Our Services.
DISCLOSURE OF YOUR INFORMATION.
- members of management bodies, employees, representatives, authorised persons of Everyfin;
- internet/computer software services providers, companies specializing in IT and marketing services;
- IT infrastructure services providers;
- customer support services providers and helpdesk services providers;
- public institutions, public officials, investigatory authorities, courts, prosecutor’s office, subjects of operational activities, orphans’ courts, notaries, law enforcement officials, judicial and investigatory authorities of other member states and foreign countries, tax authorities, arbitration courts, out-of-court dispute resolution bodies;
- financial and payments market participants (global financial messaging infrastructures, correspondent banks, insurance companies, payment systems, payment service providers and technical and non-technical processors, agency companies, business partners of Everyfin or customers, financial service intermediaries etc.);
- companies that carry out KYC/AML database checks and fraud database checks;
- Everyfin’s cooperation partners, agents, suppliers and service providers, auditors, financial management and legal advisors;
- Video surveillance/security services provider/s;
- Other persons connected with the provision of our services.
We may monitor or record telephone calls, emails, web chat or other communications with you for regulatory, security, quality assurance or training purposes. When visiting our offices, video surveillance, access control systems and/or other monitoring systems may be in operation for security reasons and for health and safety and office management purposes.
We may also share your details with people or companies if there’s a corporate restructuring, merger, acquisition or takeover.
WHERE WE STORE YOUR PERSONAL INFORMATION.
Usually, we do not transfer your personal information to countries outside the UK or the European Economic Area (“UK or EEA”). However, We, our service providers, and other parties with whom we may share your personal information (as described above) may process your personal information in territories that are outside the UK or EEA, or otherwise outside of the territory in which you reside. These countries may have data protection standards that are different to (and, in some cases, lower than) those of the territory in which you reside.
- the UK and European Commission says the country or organisation has adequate data protection, or
- we’ve agreed to standard data protection clauses approved by the European Commission with the organisation.
HOW WE PROTECT YOUR PERSONAL INFORMATION.
We comply with its obligations under the applicable data protection laws by:
- keeping personal data up to date;
- storing and destroying it securely;
- not collecting or retaining excessive amounts of data;
- protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical and organizational measures are in place to protect personal data.
The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your information transmitted to our site, unless you are communicating with us through a secure channel that we have provided. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
HOW LONG WE KEEP YOUR INFORMATION.
We store personal information no longer than it is reasonably required for the purposes for which particular personal information is processed. Personal data storage periods shall be determined based on applicable legal acts or our legitimate interests.
In order to establish how long we keep different categories of data, we consider why we hold it, how sensitive it is, how long the law says we need to keep it for, and what the risks are.
We reserve the right to erase specific information before the expiry of the set period if this is not prohibited by the applicable legal acts.
AUTOMATED DECISION MAKING AND PROFILING
In some instances, our use of your personal information may result in automated decisions being taken (including profiling) that legally affect you or similarly significantly affect you.
We may process of Personal data by automated means for the purposes of legislation relating to risk management and continuous and periodic monitoring of transactions in order to prevent fraud, money-laundering and terrorist financing events.
If you are using the Everyfin Services in the EEA, when we make an automated decision about you, you have the right to contest the decision, to express your point of view, and to require a human review of the decision. You can exercise this right by contacting us at the details below. Privacy laws continue to develop and if you think or are unsure as to whether such right may apply to you, please also contact us, so we can assess and advise.
You have the following rights as a data subject:
- your personal data may be processed on the basis of your consent or some other legitimate basis;
- to receive information on the processing of personal data performed by Everyfin and exercise your rights;
- to receive a confirmation if your personal data are not processed;
- to access your personal data and receive information on the purpose and legal basis of data processing, category of data, recipient of data, storage period, information on other sources of data if personal data are obtained from third parties, and guarantees, if the data have been sent to a third party or international organisation;
- to receive information on whether the provision of personal data is related to the law or an agreement, whether the provision of data is a precondition for the conclusion of an agreement, as well as information that the subject is required to provide personal data, and consequences in case such data are not provided;
- to be informed about a new purpose of data processing in advance;
- to object to data processing and withdraw your consent to data processing;
- to request rectification of data if data are incorrect;
- to data portability;
- to request the erasure of data if this does not contradict the UK and EU laws.
To exercise any of these rights, please contact us by emailing [email protected]. We will aim to fulfil all requests within one calendar month.
HOW TO MAKE A COMPLAINT.
If you have a complaint about how we use your personal information, please contact us through the app or send an email to [email protected] and we’ll do our best to fix the problem.
If you’re still not happy, you can refer your complaint to a data protection supervisory authority in the EU country you live or work, or where you think a breach has happened. The UK’s supervisory authority is the Information Commissioner’s Office (ICO). For more details, you can visit their website at ico.org.uk.
You may submit your questions, requests and complaints to our data privacy department by email to [email protected] or by post to Everyfin Ltd., 65 Compton Street, London, England, EC1V 0BN.