PARTNER PRIVACY NOTICE

Date Last Revised: January 14, 2021

This Partner Privacy Notice ("Notice") describes and summarizes the policies and procedures of the Company with respect to the collection, use, storing, processing, disclosure and protection of Personal Data of Authorized Personnel in connection with the provision of Services to Partner. Capitalized terms used in this Notice and not defined herein shall have the same meanings given to them in the Partner Terms of Use.


1. DEFINITIONS

For the purposes of this Notice, in addition to the capitalized terms defined elsewhere in this Notice or Partner Terms of Use, the following terms shall have the meanings given to them as follows:

1.1. "Applicable Data Protection Laws" means the GDPR and its implementation in the national law of, as applicable, the United Kingdom (Data Protection Act 2018) or the Czech Republic (Act No. 110/2019 Coll., on personal data processing), as well as the laws implementing or supplementing the GDPR in each EU Member State, as amended, replaced or superseded from time to time, and which are applicable to the Company as regards the privacy, protection, processing, collection, use or disclosure of Personal Data of Authorized Personnel.

1.2. "Consent", "Controller", "Personal Data", "processing" (including its derivatives), "Processor" and "Supervisory Authority" as used in this Notice shall have the meanings given to such terms in the GDPR.

1.3. "GDPR" means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.


2. ACKNOWLEDGEMENT

By registering a Partner Account and using the Services, each of the Authorized Personnel acknowledges and confirms that they (i) are at least eighteen (18) years old, or of the legal age of majority in the jurisdiction applicable to such Authorized Personnel, and (ii) have carefully reviewed this Notice and consent to the collection, use, and processing of their Personal Data as described in this Notice.


3. COLLECTION OF PERSONAL DATA

When creating a Partner Account, the Company will collect certain information, including Personal Data relating to Authorized Personnel, such as:


  • first name/last name;
  • the name of the company represented by such Authorized Personnel and on whose behalf such Authorized Personnel is acting;
  • email address;
  • password; and
  • any other information that we may require during the registration or post-registration of Partner Account in order to validate Partner’s intended use of the Services and/or to upgrade the status of Partner Account.

4. LEGAL BASES FOR PROCESSING

The Company’s legal bases for processing the Personal Data collected as described in this Notice will depend on the type of Personal Data and the circumstances under which it is collected. We will collect and process Personal Data based on the following legal bases:

  1. processing is necessary for the performance of a contract to which Partner is a party, particularly for the provision of the Services under the Partner Terms of Use;
  2. processing is necessary for compliance with a legal obligation to which the Company is subject;
  3. processing is necessary for the purposes of the legitimate business interests pursued by the Company in order to ensure the security and integrity of the Partner Dashboard, Partners API and Services, and to monitor Partner’s compliance with the Partner Terms of Use; and
  4. processing is based on Authorized Personnel’s Consent when subscribing to receive our newsletter or other informational emails regarding our products and services.

If there is another legal basis for the Company to collect and process Personal Data, we will provide the required notification to Authorized Personnel at or before the time the Personal Data is collected.


5. USE OF PERSONAL DATA

The Company will use and process the collected Personal Data of Authorized Personnel for the following purposes:

  • to provide, maintain, administer, support, protect and improve the Services;
  • to handle and process enquiries submitted by Partner;
  • to send system alert messages relating to the Services and Partner Account;
  • to send our newsletter and product updates to which Authorized Personnel has subscribed;
  • to monitor and enforce compliance with, and exercise our rights under, the Partner Terms of Use;
  • to investigate any illegal or fraudulent activity in connection with the Services or under the Partner Account;
  • to protect the rights, property and safety of the Company and third parties;
  • to comply with legal obligations to which the Company is subject; and
  • to respond to Authorized Personnel’s requests for exercising their rights under the Applicable Data Protection Laws.

6. DISCLOSURES AND TRANSFERS

We will disclose or transfer Personal Data to third parties to the extent necessary or required in order to provide the Services, or for business or legal reasons. Personal Data may be processed in and transferred to jurisdictions other than Authorized Personnel’s country of residence which may have different data protection and privacy laws. In this respect, the Company may disclose or transfer Personal Data as follows:

  1. disclosure and/or transfer to subcontractors: we have put in place adequate contractual (including data protection, confidentiality and security provisions) and other technical and organizational measures with subcontractors that we may engage from time to time in connection with the provision, operation, security and/or maintenance of the Partner Dashboard, Partners API, Services or any part thereof. At the date of this Notice the Company engages the following entity as subcontractor: Salt Edge Inc., 251 Laurier Ave. West, Suite 900, Ottawa, Ontario K1P 5J6, Canada.
  2. disclosure and/or transfer to Processors: the Company may disclose and/or transfer Personal Data to Processors engaged by us to carry out the processing of Personal Data on our behalf in connection with the provision of Services. We will ensure that any engaged Processor provides sufficient guarantees that appropriate technical and organizational measures are implemented and that processing of Personal Data by Processor will meet the requirements set forth in this Notice and the Applicable Data Protection Laws. At the date of this Notice the Company engages the following entity as Processor: Salt Edge Inc., 251 Laurier Ave. West, Suite 900, Ottawa, Ontario K1P 5J6, Canada.
  3. disclosure for legal reasons: we may disclose Personal Data when we believe in good faith that the disclosure of such information is reasonably necessary or appropriate:
    • to comply with the Applicable Data Protection Laws, any subpoena, enforceable request from the competent authorities, or other legal process;
    • to enforce the Company’s rights under the Partner Terms of Use, including investigation of actual or alleged violations;
    • to help detect, curb or investigate fraud or other prohibited or illegal activities that affect or hurt the interests of the Company or third parties;
    • to identify, contact or bring legal action against someone who may be causing injury to, or interference with (either intentionally or unintentionally), the Company’s rights or property, other users of the Services, or anyone else (including the rights or property of anyone else) that could be harmed by such activities; and
    • to help us comply with a legal obligation to which we are subject, or accounting or security requirements, in which case we may disclose such information to our auditors, professional consultants, accountants and/or legal advisors.

In all the foregoing cases, the Company will disclose Personal Data only as required or permitted by the Applicable Data Protection Laws.


7. USE OF COOKIES

The Company uses cookies for various purposes, including without limitation tracking movements within the Partner Dashboard, analyzing trends, gathering statistical data and improving user experience and the overall quality of the Services. Cookies can be disabled or controlled by setting a preference within the Authorized Personnel’s web browser or on their device. However, if cookies are disabled some features of the Services may not function properly or the Company may not be able to customize the delivery of information to Authorized Personnel. For detailed guidance on how to control, manage and delete cookies, please visit https://www.aboutcookies.org/. The Company uses first-party cookies and third-party cookies:

  1. First-party cookies: We use session cookies and persistent cookies when Authorized Personnel navigate in the Partner Dashboard and use the Services. These types of cookies are essential to the operation of the Partner Dashboard and the provision of Services. The session cookie is stored in temporary memory and is not retained after the browser is closed. Session cookies do not collect information from the individual’s computer. They store information in the form of a session identification that does not personally identify the individual. The persistent cookies are set with expiration date and are stored on the individual’s hard drive until they expire or are deleted. We do not collect any Personal Data in the session and persistent cookies. We use session and persistent cookies for technical purposes, including but not limited to verifying the origin of requests, distributing requests among multiple servers, authenticating Authorized Personnel and determining what functionality of the Services or areas within the Partner Dashboard such Authorized Personnel are allowed to access.
  2. Third-party cookies: We use third-party cookies of Google Analytics and Google Tag Manager. We have integrated Google Analytics and Google Tag Manager, analytics tools provided by Google Inc., in the Partner Dashboard in order to collect and analyze data about users’ activity. Google Analytics and Google Tag Manager use cookies that collect information allowing the Company to understand how users interact with the Partner Dashboard. Such information contains online identifiers, including cookie identifiers, IP addresses and device identifiers, which may be considered Personal Data under the Applicable Data Protection Laws. We have enabled the IP address anonymization feature that prevents the storage of full IP address information in Google Analytics cookies. Google Inc. uses the collected information to provide online reports and other related services that help the Company to enhance user experience and evaluate the use of the Partner Dashboard. The collected information may be transferred to and stored in the U.S.A. by Google Inc. or any third-party service providers acting on its behalf. If Authorized Personnel object to the collection and processing of such data by Google Inc., they must install a browser add-on (available at https://tools.google.com/dlpage/gaoptout) which will prevent further collection and transmission of information via Google Analytics cookies. Additional details about Google Analytics cookie usage can be found here.

8. DATA RETENTION AND DELETION

The Company will retain Personal Data for no longer than what is necessary for the purposes for which such Personal Data is collected and processed. The retention period depends on the requirements of the applicable laws or regulations the Company must comply with, the purposes of the collection and processing of Personal Data, and the legitimate interests of the Company to establish, exercise or defend our legal rights in connection with the Partner Terms of Use.

We will delete Personal Data of Authorized Personnel from our production servers when:

  • Authorized Personnel request deletion of their Personal Data;
  • Partner deletes its Partner Account or such account is terminated by the Company in accordance with Partner Terms of Use; or
  • the Company terminates access to the Partner Dashboard and Partners API, and the provision of Services under the Partner Terms of Use.

As a result of the deletion, Personal Data of Authorized Personnel will be deleted and excised permanently from our production servers, subject to our right to retain Personal Data or portions thereof: (a) in backup files on its backup servers for a period of up to one (1) month from the date of deletion from the production servers in accordance with general internal retention procedures; and (b) in log files in order to comply with the requirements of the applicable laws or regulations, to exercise or defend (ongoing) legal claims, and to meet audit or statutory requirements.

It is Partner’s responsibility to ensure that the information relating to Authorized Personnel acting under the Partner Account is accurate and up-to-date. Should any Authorized Personnel leave Partner’s organization, Partner should remove such Authorized Personnel from the Partner Account without undue delay and provide the required information for the relevant replacement.


9. PERSONAL DATA RIGHTS UNDER GDPR

Taking into account the nature of the processing and the type of Personal Data processed, Authorized Personnel have the right to exercise the following rights as set forth in the GDPR:

  • the right to be informed
  • the right of access
  • the right to rectification
  • the right to erasure (right to be forgotten)
  • the right to restrict processing
  • the right to data portability
  • the right to object
  • rights in relation to automated decision-making and profiling
  • the right to lodge a complaint with the applicable Supervisory Authority
  • the right to withdraw Consent (provided that the Consent is the legal basis for processing)

Authorized Personnel may exercise any of the foregoing rights at any time by contacting the Company (see further Section 12 for contact details). We will endeavor to respond to any submitted requests in the manner and as set forth in the GDPR. Where the requests for exercising the rights under GDPR are manifestly unfounded or excessive, in particular because of their repetitive character, or further copies of the Personal Data undergoing processing are requested, the Company may charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested.


10. PERSONAL DATA SECURITY

We are committed to maintaining the confidentiality, integrity and security of the Personal Data under our custody or control. The Company employs advanced security techniques to safeguard Personal Data against unauthorized access, use and/or disclosure. We strictly restrict access to Personal Data in accordance with specific internal procedures governing access to such information. We carefully select the individuals privileged with access to Personal Data in accordance with internal security policies and practices, and each such individual is bound by confidentiality obligations. Access to our systems requires multiple levels of authentication, and industry-vetted encryption techniques are applied when processing Personal Data.


11. UPDATES TO THIS NOTICE

The Company reserves the right to change this Notice at any time and from time to time in order to reflect changes in the Services or the Applicable Data Protection Laws. If we decide to change this Notice in the future, we will post an appropriate notice at the top of this page. Any non-material changes (such as clarifications) to this Notice will become effective on the date the changes are posted and any material changes will become effective thirty (30) days from the date of their publication. The date this Notice was last revised appears at the top of this document. Authorized Personnel are advised to print a copy of this Notice for reference and revisit this Notice from time to time to ensure that they are aware of any changes. Authorized Personnel’s continued use of the Services after the changes to this Notice become effective signifies their acceptance of any such changes.


12. CONTACT INFORMATION

In case of any questions, comments or feedback regarding this Notice or our collection, use, disclosure or processing of Personal Data, or any other privacy or security concern, please address them to the Company using the following contact details:

Company Contact details Data Protection Officer
Salt Edge Limited
Mailing address:
Level 39, One Canada
Square, Canary Wharf
London E14 5AB
United Kingdom
Email:
privacy@saltedge.com
Mailing address:
Level 39, One Canada
Square, Canary Wharf
London E14 5AB
United Kingdom
Email:
dpo@saltedge.com
BudgetBakers s.r.o.
Mailing address:
Radlická 180/50, Smíchov
150 00 Praha 5
Czech Republic
Email:
dashboard@budgetbakers.com
Mailing address:
Radlická 180/50, Smíchov
150 00 Praha 5
Czech Republic
Email:
dpo@budgetbakers.com
Spendee a.s.
Mailing address:
Namesti I.P. Pavlova 1789/5
120 00 Prague
Czech Republic
Email:
dashboard@spendee.com
Mailing address:
Namesti I.P. Pavlova 1789/5
120 00 Prague
Czech Republic
Email:
dpo@spendee.com