Privacy & Cookies
Effective November, 2018
Your privacy and trust are important to us. This Policy explains how Cashfac PLC and its group companies (“Cashfac” “we”, “us” or “our”) collect, handle, store and protect personal information about you in the context of our services. It also provides information about your rights and about how you can contact us. If you have questions about how we handle your information.
Who this Policy applies to and what it covers
This Policy applies to individuals who use any website, Slide app, mobile application, products, software or service of ours that hyperlinks to this Policy (we call these our “Services”). We want you to be confident when you use our Services that you know what your personal data is being used for, and that it is being kept safe.
It does not generally apply to individuals whose personal information forms part of the content included within our Services, although you can find further information on that topic here.
Depending on the Service, we may provide additional or different privacy notices for specific interactions you have with us or to highlight how we use your personal information for specific Services. Where we do this, it will be clear which statements apply to which interactions and Services.
Within our Services, there may be links to third-party websites or applications. We are not responsible for the content or privacy compliance of third-party websites or applications. You should check those websites or applications for their privacy statements and terms that apply to them.
Who we are
The Services are provided by Cashfac PLC (registration number 03781239), a company registered in England, registered office address: 50 Mark Lane, London EC3R 7QR. Slide is owned and operated by Cashfac PLC. Cashfac PLC is a registered AIS (Account Information Service) and PIS (Payment Initiation Service) provider, reference no. FRN 805666 at fca.org.uk/register. Cashfac PLC is authorised and regulated by the Financial Conduct Authority.
Cashfac is an Account Information Service Provider (AISP). The Slide app lets you see your business’s payment and balance history sorted by your customer and supplier transactions. The app provides a real-time cash flow forecast based on your current cash at your bank/s and anticipated receipts and payments. The Slide app is an aid to help you make informed decisions on the customers and supplier payments central to your cash flow.
The Services is an aid to you in managing your cash flow. We are not authorised nor are we seeking to provide advice under the Financial Services and Markets Act 2000. If you require such advice or services, please seek independent advice from an authorised adviser.
For some Services, we make decisions on how personal information is used in the context of a Services (Cashfac is a controller of personal information in this case), and for other Services we will only use personal information as instructed by our customers (Cashfac is a processor of personal information in this case).
Sources of personal information
We collect personal information about you from your interactions with us, and from certain third parties and other sources.
We obtain personal information from you:
- through your interactions with us and our Services, such as, information you may give us by filling in forms or by corresponding with us by email, through community pages or otherwise. This includes personal data you provide when registering to use our Service.
- when you download Slide or use our Services or contact us for support. This includes personal data you provide when registering to use our Services
- through your system/device and use of our Services. Our servers, logs and other technologies automatically collect system/device and usage information to help us administer, protect and improve our Services, analyse usage and improve users’ experience
- through cookies and similar technologies included on our Services. More information relating to cookies, and how to control their use can be found below.
- through third parties or publicly available sources. We may receive personal data about you from various third parties and public sources, for example, analytics providers such as Google.
We also collect personal information about you from third parties such as:
- the person(s) arranging for you to access our Services (e.g., your bank or service provider) in order to set up a user account
- an organization to which you belong where that organization provides you access to our Services (such as an accountancy firm providing you access to certain of our Services)
- partners and service providers who work with us in relation to your Service
- publicly available sources such as public websites, open government databases or other data in the public domain, to help us maintain data accuracy and provide and enhance the Services
What types of personal information we collect
The type of personal information we collect depends on how you are interacting with us and which Services you are using.
In many cases, you can choose whether or not to provide us with personal information, but if you choose not to, you may not get full functionality from the Services.
The personal information we collect consists of the following:
- Name and contact data, such as, first and last name, email address, postal address, phone number, and other similar contact data
- Account Credentials, such as, passwords and other security information for authentication and access
- Unique user reference, such as, reference which we assign to you when you sign up to use our service, to create your own unique data record
- User content, such as, communications and files provided by you in relation to your use of the Slide and Services
- Account and Transactional Information, such as, your account details, account transaction information, account features and benefits and regular payments
- Customer Testimonials, this could include your name, job title, social media handle and/or any testimonial, review or other comment on our products or services that you choose to provide to us
- Financial Services Records, this is record-keeping information which we collect in order to meet our regulatory and statutory duties
- Device information, such as, information about your device, such as IP address, location or provider
- Usage information and browsing history, such as, information about how you navigate within our Services, your browsing history and which elements of our Services you use the most
- Demographic information, such as, your country, and preferred language
How we use personal information
This section includes details of the purposes for which we use personal information and also the different legal grounds upon which we process that personal information. We use personal information to provide and improve Services and for other purposes that covered in our legitimate interests section, as well as for compliance purposes.
Some laws require us to explain our lawful reason for processing your personal information. We process personal information about you on the basis that it is:
- necessary for the performance of a contract: where we have a contract with you, we will process your personal information in order to fulfil that contract (i.e., to provide you with Services)
in our or a third parties’ legitimate interests: details of those legitimate interests are set out in more detail below (e.g., provision of Services that we are contractually obliged by a third party, such as your employer or our partner, to deliver to you)
- where you give us your consent: we only ask for your consent in relation to specific uses of personal information where we need to and, if we need it, we will collect it separately and make it clear that we are asking for consent
for compliance with a legal obligation (e.g., to respond to a court order or a regulator)
You are welcome to contact us for further information on the legal grounds that we rely on in relation to any specific processing of your personal information.
Legitimate interests for use
We use personal information for a number of legitimate interests, including to provide and improve Services, administer our relationship with you and our business, for marketing and in order to exercise our rights and responsibilities. More detailed information about these legitimate interests is set out below.
- to set up and administer your account, provide technical and customer support and training, verify your identity, and send important account, subscription and Service information
- to administer our relationship with you, our business and our third-party providers (e.g., to send invoices)
- to deliver and suggest tailored content such as news, reports and business information
- to personalize your experience with our Services. We may retain your browsing and usage information to make your searches within our Services more relevant and use those insights to target advertising to you online on our websites and apps. Your choices in relation to marketing are explained here.
We may sometimes share your personal information across our Services so that we can make all of the Services we deliver to you more intuitive (e.g., rather than requiring you to enter the same data many times)
- to contact you in relation to, and conduct, surveys or polls you choose to take part in and to analyse the data collected for market research purposes
- to display information you choose to post, share, upload or make available in forums, messaging services, and community and event forums (including in community and event profiles) and for related collaboration, peer connection and information exchange
- to provide any third party, who has made our Services available to you (e.g., your employer or our partner), insights about use of the Services
- for internal research and development purposes and to improve, test and enhance the features and functions of our Services
- to provide you with marketing as permitted by law
- to maintain our statutory records to comply with our regulatory requirements
- to meet our internal and external audit requirements, including our information security obligations (and if your employer or our subscriber provides for your access to our Services, to meet their internal and external audit requirements)
- to enforce our terms and conditions
- to protect our rights, privacy, safety, networks, systems and property, or those of other persons
- for the prevention, detection or investigation of a crime or other breach of law or requirement, loss prevention or fraud
- to comply with requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, including where they are outside your country of residence
- in order to exercise our rights, and to defend ourselves from claims and to comply with laws and regulations that apply to us or third parties with whom we work
- in order to participate in, or be the subject of, any sale, merger, acquisition, restructure, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings)
Where we rely on legitimate interests as a lawful ground for processing your personal information, we balance those interests against your interests, fundamental rights and freedoms.
We deliver marketing and event communications to you across various online and offline platforms including email, telephone, social media and advertising. Where required by law, we will ask you to explicitly opt in to receive marketing from us. If we send you a marketing communication, it will include instructions on how to opt out of receiving these communications in the future.
Honouring your marketing preferences is important to us. You have the right to opt out of receiving direct marketing.
How to Opt Out of Marketing Emails
Where we send marketing emails, we provide unsubscribe options for your use within our emails. In addition, you can also email firstname.lastname@example.org.
Even if you opt out of receiving marketing communications by email, we may still send you service communications or important transactional information related to your accounts and subscriptions (for purposes such as providing customer support).
Cashfac is a global organisation, and your personal information may be stored and processed outside of your home country, including in countries that may not offer the same level of protection for your personal information as your home country. We have measures in place to ensure that when your personal information is transferred internationally, it is subject to appropriate safeguards in accordance with data protection laws. Often, these include contractual safeguards. More information about these safeguards can be obtained by contacting us here.
We have networks, databases, servers, systems, support and helpdesks around the world. We collaborate with third parties like cloud hosting services, suppliers and technology support located around the world to serve the needs of our business, workforce and customers. We take appropriate steps to ensure that personal information is processed, secured and transferred according to applicable law. In some cases, we may need to disclose or transfer your personal information within Cashfac Group or to third parties in areas outside of your home country, including to countries that have not been declared adequate for the purposes of data protection by the European Commission.
The areas in which these recipients are located will vary from time to time, but include the United States, Europe, Australia, and other countries where Cashfac has a presence or uses contractors.
When we transfer personal information internationally, we put in place safeguards in accordance with applicable law (including Articles 44 to 50 of the EU General Data Protection Regulation). If you would like to know more about our data transfer practices and obtain copies of any relevant safeguarding measures, please contact our Legal & Compliance Team.
How we secure personal information
Cashfac takes the security of personal information seriously and we use appropriate technologies and procedures to protect personal information (including administrative, technical and physical safeguards) according to the risk level and the service provided. We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security.
Our information security policies and procedures are closely aligned with widely accepted international standards and are reviewed regularly and updated as necessary to meet the sensitivity of the personal information we handle, our business needs, changes in technology and regulatory requirements. We have implemented appropriate information security controls.
How long we keep personal information
We retain your information in accordance with our legal and regulatory obligations. You can find more information on the criteria used to calculate the retention periods set out below.
Cashfac implement policies and rules relating to the retention of personal information. We calculate retention periods for your personal information in accordance with the following criteria:
- the length of time necessary to fulfil the purposes we collected it for
- when you or your employer (or other subscriber providing for your access to our Services) cease to use our Services
- the length of time it is reasonable to keep records to demonstrate that we have fulfilled our duties and obligations
- any limitation periods within which claims might be made
- the existence of any relevant proceedings
- any retention periods prescribed by law or recommended by regulators, professional bodies or associations
We will normally retain your information for a period of 60 days after your account is deactivated or 60 days after your information is no longer needed to provide you with our Services. After this period, the data will be deleted from our systems and we will be unable to access it. In some circumstances you can ask us to delete your data sooner. If you do wish to cancel your account or request that we no longer use your information to provide you Services, please contact us at email@example.com.
Where we anonymise your personal data (i.e. so that it can no longer be associated with you) for further research or statistical purposes, then we may use this information indefinitely without further notice to you.
Links to other websites
Our websites may include links to third-party websites, plug-ins and applications. This includes [ e.g. Social Media Features, such as the Facebook Like button and Widgets, the “Share this” button or interactive mini-programs that run on our website.
Clicking on those links or enabling those Features may allow third parties to collect or share data about you. For example, these Features may collect your IP address or which page you are visiting on our site, and may set a cookie to enable the Feature to function properly.
You may have rights under European and other laws to have access to your personal information and to ask us to rectify, erase and restrict use of, your personal information. You may also have rights to object to your personal information being used, to ask for the transfer of personal information you have made available to us and to withdraw consent to the use of your personal information. Further information on how to exercise your rights is set out below.
You have the following rights under European laws and may have similar rights under the laws of other countries.
- Right of subject access: The right to make a written request for details of your personal information and a copy of that personal information
- Right to rectification: The right to have inaccurate information about you corrected or removed
- Right to erasure (‘right to be forgotten’): The right to have certain personal information about you erased
- Right to restriction of processing: The right to request that your personal information is only used for restricted purposes
- Right to opt out of marketing: You can manage your marketing preferences by unsubscribe links found in the communications you receive from us
- Right to object: The right to object to processing of your personal information in cases where our processing is based on the performance of a task carried out in the public interest or we have let you know the processing is necessary for our or a third party’s legitimate interest
- Right to data portability: The right to ask for the personal information you have made available to us to be transferred to you or a third party in machine-readable format
- Right to withdraw consent: The right to withdraw any consent you have previously given us to handle your personal information. If you withdraw your consent, this will not affect the lawfulness of our use of your personal information prior to the withdrawal of your consent
These rights are not absolute, and they do not always apply in all cases.
In response to a request, we will ask you to verify your identity if we need to, and to provide information that helps us to understand your request better. If we do not comply with your request, whether in whole or in part, we will explain why.
In order to exercise your rights please complete the subject access request form here.
You do not have to use this form, but it will help us to deal with your request as quickly and effectively as possible if you do. You can also send your request to firstname.lastname@example.org or write to Data Protection Officer, Cashfac PLC, 50 Mark Lane, London, EC3R 7QR.
If you are making the request by email, we will provide the information to you in an electronic format unless you ask us not to.
Cookies and similar technologies
What is a cookie?
A cookie is a small text file that is placed on a computer or other device and is used to identify the user or device and to collect information. Cookies are typically assigned to one of four categories, depending on their function and intended purpose: absolutely necessary cookies, performance cookies, functional cookies, and cookies for marketing purposes.
Types of cookies and why we use them
Absolutely necessary cookies: These cookies are essential to enable you to move around a website and use its features. Without these cookies, Services you have asked for, like adding items to an online shopping cart, cannot be provided.
Performance cookies: These cookies collect information about how you use our websites. Information collected includes, for example, the Internet browsers and operating systems used, the domain name of the website previously visited, the number of visits, average duration of visit, and pages viewed. These cookies only collect information in an aggregated format. Performance cookies are used to improve the user-friendliness of a website and enhance your experience.
Functionality cookies: These cookies allow the website to remember choices you make (such as your username or ID, or the area or region you are in) and provide enhanced, more personal features. These cookies can also be used to remember changes you have made to text size, fonts, and other customizable parts of web pages. They may also be used to provide Services you have asked for, such as watching a video or commenting on a blog. These cookies cannot track your browsing activity on other websites.
You can find more information about the individual cookies we use and the purposes for which we use them in the table below:
|Slide||Random token – resource downloads active||The Slide website tracks whether a user has registered for content downloads. When a user registers, a token is set to indicate they can download content. This is not a personally identifiable token.||1 year|
|YouTube||GPS||We embed videos on this site using YouTube. This cookie registers a unique ID on mobile devices to enable tracking based on geographical GPS location.||Session|
|http://doubleclick.net via YouTube||IDE||Used by Google DoubleClick to register and report the website user’s actions after viewing or clicking one of the advertiser’s ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.||2 years|
|YouTube||PREF||Registers a unique ID that is used by Google to keep statistics of how the visitor uses YouTube videos across different websites.||8 months|
|YouTube||VISITOR_INFO1_LIVE||Tries to estimate the users’ bandwidth on pages with integrated YouTube videos.||179 days|
|YouTube||YSC||Registers a unique ID to keep statistics of what videos from YouTube the user has seen.||Session|
You can manage website cookies in your browser settings, and you always have the choice to change these settings by accepting, rejecting, or deleting cookies. If you choose to change your settings, you may find that certain functions and features will not work as intended on the Services. All browser settings are slightly different, so to manage cookies, you should refer to the relevant settings within your browser.
Here are some useful resources that provide detailed information about types of cookies, how they are used, and how you can manage your cookie preferences: www.allaboutcookies.org or www.aboutcookies.org. Please click below for detailed information on how to disable and delete cookies in some commonly used browsers:
We use certain other tracking technologies in addition to cookies:
Web beacons: Our web pages may contain electronic images known as web beacons (also called single-pixel gifs and transparent graphic images) that we use to help deliver cookies on our sites, count users who have visited those sites, deliver Services, and analyze the effectiveness of our promotional campaigns, for example. We may also include web beacons in our marketing email messages or newsletters to determine whether an email is opened or if links are clicked. Web beacons are also used to deliver you interest-based advertising.
- Web server & application logs: Our servers automatically collect certain information to help us administer and protect the Services, analyze usage, and improve users’ experience. The information collected includes:
- IP address and browser type
- Device information including Unique Device Identifier (UDID), MAC address, Identifier For Advertisers (IFA), and similar identifiers we or others may assign
- Device operating system and other technical facts
- The city, state, and country from which you access our website
- Pages visited and content viewed, stored, and purchased
- Information or text entered via forms
- Links and buttons clicked
“Do Not Track” Signals
Some browsers transmit Do Not Track (DNT) signals to websites. Due to the lack of a common interpretation of DNT signals throughout the industry, we do not currently alter, change, or respond to DNT requests or signals from these browsers. We continue to monitor industry activity in this area and reassess our DNT practices as necessary.
To opt out of being tracked by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout.
Where to find further privacy information on our products and services
This Policy generally relates to the personal information we collect about users in connection with the Services, where we make decisions about how that personal information is handled (Cashfac as a controller).Where we need to give you additional information about how your personal information is used in relation to a specific Services we will provide separate or additional privacy notices.Your professional service provider (e.g., your financial, tax or accounting adviser) and other third parties may enter your personal information into Services we make available to, and host for them on their behalf. They may provide their own privacy notices to you. You should contact them for these notices, and you may also be able to find their privacy notices on their websites.
Use of Publicly Available Data within Our Services
Many professionals and third parties rely on the use of publicly available information in order to carry out research (e.g., on case law) or to satisfy their compliance obligations (e.g., to carry out anti-money-laundering checks).
To assist them, we make available information obtained from publicly available sources like public websites, open government databases or other data in the public domain (some of which is behind a paywall and some not).
We take privacy seriously and put in place measures designed to ensure that we process personal information in a proportionate way and in compliance with data protection laws.
How to contact us
If you have any questions, comments, complaints or suggestions in relation to data protection or this Policy, or any other concerns about the way in which we process information about you, please contact our Legal & Compliance Team at email@example.com or at Legal & Compliance Team, Cashfac PLC, 50 Mark Lane, London, EC3R 7QR.
If you are not satisfied with the response, we encourage you to escalate your query to our Data Protection Officer at firstname.lastname@example.org or at Data Protection Officer, Cashfac PLC, 50 Mark Lane, London, EC3R 7QR.
Filing a Complaint
If you are not content with how Cashfac manages your personal information, we hope you will talk to us, however, you can also lodge a complaint with a privacy supervisory authority. In the European Economic Area, the relevant supervisory authority is the one in the country or territory where (i) you are resident (ii) you work, or (iii) the alleged infringement took place.
A list of National Data Protection Authorities in the European Economic Area can be found here: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080
Updates to this Policy
This Policy may be subject to updates. Any material future changes or additions to the processing of personal information as described in this Policy affecting you will be communicated to you through an appropriate channel. For example, we may place a prominent notice on our website or email you to let you know of an updated Policy.