When you fill out a form or communicate with us, we collect personal information about you. We may also receive personal information about you from our third-party partners. We collect this personal information for several reasons such as: providing you with services you have requested, complying with regulations, improving the service we provide to you. We may also share this personal information with third-party partners to provide you with services you have requested and to comply with regulations.
All personal information we collect is securely stored on Amazon Web Services - the same servers trusted by banks. Although we may transfer data outside the EEA, it will be handled in a manner that is consistent with EEA regulations.
We will hold your personal information for as long as is necessary by law or until we no longer need it for the purpose for which we were using it. By law, you have the legal right to know what personal information we hold and how we process that data. You also have the right to withdraw your consent to our processing of your personal data or to correct it. Please, note that your legal rights only apply to personal data.
“Tallysticks”, “we”, “us” and “our” means Tallysticks Limited and we are committed to respecting your privacy.
We are registered in the UK and our registered address is at 41 Luke Street, London, EC2A 4DP, United Kingdom and our company registration number is 09826036.
For the purposes of data protection law, we are a data controller in respect of your personal data. Tallysticks is responsible for ensuring that it uses your personal data in compliance with data protection law.
We will collect and process the following personal data about you:
• Information that you provide to us or one of our affiliates.
This includes information about you that you give us by filling in forms or by communicating with us, whether face-to-face, by phone, e-mail or otherwise. This information may include, but is not limited to:
o Name of individual employees, name of employer, email address, contact number(s), position within the company, home address (for identity verification), employment address.
• Information we collect or generate about you. This includes:
o You and others may post content that includes information about you (as part of articles, posts, comments, videos) on third party services such as social media. We collect public information about you, such as professional-related comments and news to better understand how we may improve our services and better support our clients.
• Information we obtain from other sources.
o Our regulatory risk management partners (CreditSafe and NorthRow), payment service partners (CurrencyCloud and Barclays), lending partner (Mariana Capital) and payment resolution partners may provide us with additional information about you, your employer/company, its employees and its directors.
Your personal data may be stored and processed by Tallysticks in the following ways and for the following purposes:
• you have requested to become a User of the Tallysticks Platform;
• we have legal and/or regulatory obligations that we have to satisfy;
• you have requested a service from one of our third party partners and they have requested information about you as part of their regulatory checks;
• we are undertaking an assessment for compliant use of our software per Tallysticks User Terms and Conditions;
• we wish to contact you to offer software support, gauge satisfaction with our services, elicit feedback or suggest ways to save money on fees to be paid to us.
We are entitled to use your personal data in these ways because:
• we have legal and regulatory obligations that we have to discharge;
• we may need to in order to establish, exercise or defend our legal rights or for the purpose of legal proceedings; or
• the use of your personal data as described is necessary for our legitimate business interests (or the legitimate interests of one or more of our affiliates), such as:
o providing you with access to the Tallysticks Platform and other Tallysticks services;
o you have requested a service from one of our third party partners and they have requested information about you as part of their regulatory checks;
o we are undertaking an assessment to check your compliant use of the Tallysticks Platform in accordance with our User Terms and Conditions
o we wish to contact you to offer software support, gauge satisfaction with our services, elicit feedback or suggest ways to save money on fees to be paid to us.
We may also share your personal data outside of Tallysticks:
• to third party agents (for example, the technology and banking partners for our foreign exchange, payment protection, lending and dispute resolution services) for the purposes of providing services to you;
• if we sell any of our business or assets, in which case we may disclose your personal data to the prospective buyer for due diligence purposes;
• if we are acquired by a third party, in which case personal data held by us about you will be disclosed to the third party buyer;
• to third party agents or contractors (for example, the providers of our electronic data storage services) for the purposes of providing services to us. These third parties will be subject to confidentiality requirements and they will only use your personal data as described in this privacy notice; and
• to the extent required by law, for example if we are under a duty to disclose your personal data in order to comply with any legal obligation, establish, exercise or defend our legal rights.
The personal data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside of the EEA who work for our affiliates or for one of our suppliers.
Where we transfer your personal data outside the EEA, we will ensure that it is protected in a manner that is consistent with how your personal data will be protected by us in the EEA. This can be done in a number of ways, for instance:
• the country that we send the data to might be approved by the European Commission;
• the recipient might have signed up to a contract based on “model contractual clauses” approved by the European Commission, obliging them to protect your personal data; or
• where the recipient is located in the US, it might be a certified member of the EU-US Privacy Shield scheme.
In other circumstances the law may permit us to otherwise transfer your personal data outside the EEA. In all cases, however, we will ensure that any transfer of your personal data is compliant with data protection law.
You can obtain more details of the protection given to your personal data when it is transferred outside the EEA (including a copy of the standard data protection clauses which we have entered into with recipients of your personal data) by contacting us in accordance with the “Contacting us” section below.
How long we hold your personal data for will vary. The retention period will be determined by various criteria including:
• the purpose for which we are using it – we will need to keep the data for as long as is necessary for that purpose; and
• legal obligations – laws or regulation may set a minimum period for which we have to keep your personal data.
You have a number of legal rights in relation to the personal data that we hold about you. These rights include:
• the right to obtain information regarding the processing of your personal data and access to the personal data which we hold about you;
• the right to withdraw your consent to our processing of your personal data at any time. Please note, however, that we may still be entitled to process your personal data if we have another legitimate reason (other than consent) for doing so;
• in some circumstances, the right to receive some personal data in a structured, commonly used and machine-readable format and/or request that we transmit those data to a third party where this is technically feasible. Please note that this right only applies to personal data which you have provided to us;
• the right to request that we rectify your personal data if it is inaccurate or incomplete;
• the right to request that we erase your personal data in certain circumstances. Please note that there may be circumstances where you ask us to erase your personal data but we are legally entitled to retain it;
• the right to object to, and the right to request that we restrict, our processing of your personal data in certain circumstances. Again, there may be circumstances where you object to, or ask us to restrict, our processing of your personal data but we are legally entitled to continue processing your personal data and / or to refuse that request; and
• the right to lodge a complaint with the data protection regulator (details of which are provided below) if you think that any of your rights have been infringed by us.
You can exercise your rights by contacting us using the details set out in the “Contacting us” section below.
You can find out more information about your rights by contacting the Information Commissioner’s Office, or by searching their website at https://ico.org.uk/.
If you would like further information on the collection, use, disclosure, transfer or processing of your personal data or the exercise of any of the rights listed above, please address questions, comments and requests via email to firstname.lastname@example.org or via regular mail to:
41 Luke Street
London EC2A 4DP