Policy Date: 11 November 2022
It also explains your rights in relation to your personal data and how to contact us or the relevant regulator in the event you have a complaint. Our collection, storage, use and sharing of your personal data is regulated by law, including under the UK General Data Protection Regulation (“UK GDPR”).
We are the controller of personal data obtained via the Services, meaning we are the organisation legally responsible for deciding how and for what purposes it is used.
We hope this privacy notice answers any questions you may have regarding our treatment of your personal data and reassures you of our dedication to keeping your personal data secure.
1 Purpose of our policy
(a) Providing the system and services that Standard Ledger offers; and
(b) The normal day-to-day operations of our business.
2 Who and what this policy applies to
2.2 We handle personal data as a controller, in our own right and also for and on behalf of our customers and users.
2.5 If, at any time, an individual provides personal data or other information about someone other than himself or herself, the individual warrants that they have that person’s consent to provide such personal data or information for the purpose specified.
2.6 Our website and services are unavailable to children (persons under the age of 18 years). If an individual is under 18 years of age, they can only use our website and services under the supervision of a parent or guardian.
3 The information we collect
3.1 In the course of business it is necessary for us to collect personal data. This information allows us to identify who an individual is for the purposes of our business, share personal data when asked of us, contact the individual in the ordinary course of business and transact with the individual. Without limitation, the type of information we may collect is:
(a) Personal data. We may collect personal details such as an individual’s name, location, date of birth, nationality, family details and other information defined as “Personal Data” in the UK GDPR that allows us to identify who the individual is;
(b) Contact Information. We may collect information such as an individual’s email address, telephone & fax number, third-party usernames, residential, business and postal address and other information that allows us to contact the individual;
(c) Financial Information. We may collect financial information related to an individual such as any bank or credit card details used to transact with us and other information that allows us to transact with the individual and/or provide them with our services;
(d) Statistical Information. We may collect information about an individual’s online and offline preferences, habits, movements, trends, decisions, associations, memberships, finances, purchases and other information for statistical purposes;
(e) Information an individual sends us. We may collect any personal correspondence that an individual sends us, or that is sent to us by others about the individual’s activities; and
(f) Information regarding your computer, network and browser (including your IP address).
4 How information is collected
4.1 Most information will be collected in association with an individual’s use of standardledger.co, an enquiry about Standard Ledger or generally dealing with us. However, we may also receive personal data from sources such as advertising, an individual’s own promotions, public records, mailing lists, contractors, staff, recruitment agencies and our business partners. In particular, information is likely to be collected as follows:
(a) Registrations/Subscriptions. When an individual registers or subscribes for a service, list, account, connection or other process whereby they enter personal data details in order to receive or access something, including a transaction;
(b) Third Party Services – such as #Facebook Open Graph and Hubspot
(c) Accounts. When an individual submits their details to open an account;
(d) Supply. When an individual supplies us with goods or services;
(e) Contact. When an individual contacts us in any way;
(f) Access. When an individual accesses us physically we may require them to provide us with details for us to permit them such access. When an individual accesses us through the internet we may collect information using cookies (if relevant – an individual can adjust their browser’s setting to accept or reject cookies) or analytical services; and/or
(g) Pixel Tags. Pixel tags enable us to send email messages in a format customers can read and they tell us whether mail has been opened. We use these for Facebook and Google Analytics.
4.2 As there are many circumstances in which we may collect information both electronically and physically, we will endeavour to ensure that an individual is always aware of when their Personal Information is being collected.
4.3 Where we obtain Personal Information without an individual’s knowledge (such as by accidental acquisition from a client) we will either delete/destroy the information, or inform the individual and obtain their consent for holding such information, in accordance with the UK GDPR.
5 When personal data is used and disclosed
5.1 (i) Under data protection law, we can only use your personal data if we have a proper reason, e.g.:
(a) where you have given consent,
(b) to comply with our legal and regulatory obligations,
(c) for the performance of a contract with you or to take steps at your request before entering into a contract, or
(d) for our legitimate interests or those of a third party.
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own. You can obtain details of this assessment by contacting us (see ‘How to contact us’ below).
The table below explains what we use your personal data for and why:
What we use your personal data for
Create and manage your account with us
To perform our contract with you or to take steps at your request before entering into a contract
Providing services and/or the functionalities of the Services to you
Depending on the circumstances:
To enforce legal rights or defend or undertake legal proceedings
Depending on the circumstances:
Communications with you not related to marketing, including about changes to our terms or policies or changes to the Services or service or other important notices
Depending on the circumstances:
Protect the security of systems and data
To comply with our legal and regulatory obligations we may also use your personal data to ensure the security of systems and data to a standard that goes beyond our legal obligations, and in those cases our reasons are for our legitimate interests or those of a third party, i.e., to protect systems and data and to prevent and detect criminal activity that could be damaging for you and/or us
Operational reasons, such as improving efficiency, training, and quality control or to provide support to you
For our legitimate interests or those of a third party, i.e., to be as efficient as we can so we can deliver the best service to you
Statistical analysis to help us manage our business, e.g., in relation to our performance, customer base, functionalities and offerings or other efficiency measures
For our legitimate interests or those of a third party, i.e. to be as efficient as we can so we can deliver the best service to you and improve and develop our app and introduce improved features
Updating and enhancing user records
Depending on the circumstances:
To share your personal data with members of our group and third parties in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency.
In such cases information will be anonymised where possible and only shared where necessary
Depending on the circumstances:
To send you marketing and promotional messages and other information that may be of interest to you and for the purpose of direct marketing. In this regard, we may use email, SMS, social media or mail to send you direct marketing communications. You can opt out of receiving marketing materials from us by using the opt-out facility provided (e.g. an unsubscribe link)
For our legitimate interests or those of a third party, i.e., to protect, realise or grow the value in our business and assets, to improve and develop our app and introduce improved features
To send you administrative messages, emails, reminders, notices, updates, security alerts, and other information requested by you
Depending on the circumstances:
5.2 We will retain personal data for as long as you have an active account with us and for a period of up to 6 years thereafter to comply with any accounting or legal obligations including in the event of the pursuit or defence of legal claims. Once you have closed your account with us, we will move your personal data to a separate database so that only key stakeholders in our business on a ‘need to know basis’ have access to such data. Following the end of the of the retention period stated above, we will delete or anonymise your personal data. .
5.4 We will not disclose or sell an individual’s personal data to unrelated third parties under any circumstances.
5.5 Information is used to enable us to operate our business, especially as it relates to an individual. This may include:
(a) The provision of services between an individual and us;
(b) Verifying an individual’s identity;
(c) Communicating with an individual about:
i Their relationship with us;
ii Our services;
iii Our own marketing and promotions to customers and prospects;
iv Competitions, surveys and questionnaires;
(d) Investigating any complaints about or made by an individual, or if we have reason to suspect that an individual is in breach of any of our terms and conditions or that an individual is or has been otherwise engaged in any unlawful activity; and/or
(e) As required or permitted by any law (including the UK GDPR).
5.6 There are some circumstances in which we must disclose an individual’s information:
(a) Where we reasonably believe that an individual may be engaged in fraudulent, deceptive or unlawful activity that a governmental authority should be made aware of;
(b) As required by any law (including the UK GDPR); and/or
(c) Subject to applicable law, in order to sell our business (in that we may need to transfer personal data to a new owner).
5.7(i) To provide our services, we may transfer your personal data to a country outside the UK where: the UK government has decided the particular country ensures an adequate level of protection of personal data (known as an ‘adequacy regulation’) further to Article 45 of the UK GDPR; there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for you; or a specific exception applies under relevant data protection law.
(ii) Accordingly, if we were transfer your personal data from the UK to:
- The EEA: we would rely on the adequacy finding granted by the UK to the EU under the Withdrawal Agreement to do; for any transfers from the EU to the UK, we would rely on the adequacy regulation granted to the UK under the Adequacy Decision.
- Any country located outside the UK/EEA: we would rely an appropriate safeguards under the UK GDPR, such as by including the relevant Standard Contractual Clauses in our data processing agreements.
5.9 We, our Affiliates or the third parties mentioned above may occasionally also need to share your personal data with:
- external auditors, e.g. in relation to the audit of our accounts and our company —the recipient of the information will be bound by confidentiality obligations;
- professional advisors (such as lawyers and other advisors)—the recipient of the information will be bound by confidentiality obligations;
- law enforcement agencies, courts or tribunals and regulatory bodies to comply with legal and regulatory obligations;
- other parties in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency—usually, information will be anonymised but this may not always be possible, however, the recipient of the information will be bound by confidentiality obligations.
6 Opting “in” or “out”
6.1 An individual may opt to not have us collect their personal data. This may prevent us from offering them some or all of our services and may terminate their access to some or all of the services they access with or through us. They will be aware of this when:
(a) Opt In. Where relevant, the individual will have the right to choose to have information collected and/or receive information from us; or
(b) Opt Out. Where relevant, the individual will have the right to choose to exclude himself or herself from some or all collection of information and/or receiving information from us.
6.2 If an individual believes that they have received information from us that they did not opt in to receive, they should contact us on the details below.
7.1 We intended to use email marketing to inform you of our services such as promotions, discounts and new offerings.
7.2 We will always ask you for your consent before sending you marketing communications, except where you have explicitly opted-in to receiving email marketing from us in the past or except where you were given the option to opt-out of email marketing when you initially signed up for your account with us and you did not do so.
7.3 You will have the right to opt out of receiving marketing communications at any time by:
- contacting us at email@example.com
- using the ‘unsubscribe’ link included in all marketing emails you may have received from us
7.4 We will always treat your personal data with the utmost respect and never sell or share it with other organisations for marketing purposes.
For more information on your right to object at any time to your personal data being used for marketing purposes, see ‘Your rights’ below.
8 The safety and security of personal data
8.2 We will take all reasonable precautions to protect an individual’s personal data from unauthorised access. This includes appropriately securing our physical facilities and electronic networks. We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business or legal need to access it.
8.3 We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so. If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.
8.5 If an individual suspects any misuse or loss of, or unauthorised access to, their Personal Information, they should let us know immediately.
8.6 We are not liable for any loss, damage or claim arising out of another person’s use of the Personal Information where we were authorised to provide that person with the Personal Information.
9 Storage of personal data
9.1 All personal information we collect is stored on servers located in [insert] and, for the most part, we do not disclose or transfer personal information overseas.
9.2 However, the cloud service providers we engage to provide us [Google]-based servers may operate overseas disaster recovery sites or have personnel overseas who may access the personal information we hold to assist us in managing our servers.
9.3 Personal data provided to us by post if stored safely in our offices.
9.4 When you communicate with us through a social media service such as Facebook or Twitter, the social media provider and its partners may collect and hold your personal data overseas.
10 Your Rights
10.1 You generally have the following rights, which you can usually exercise free of charge. For more information regarding these rights, please visit the ICO website here.
Access to a copy of your personal data
The right to be provided with a copy of your personal data.
Correction (also known as rectification)
The right to require us to correct any mistakes in your personal data.
Erasure (also known as the right to be forgotten)
The right to require us to delete your personal data—in certain situations.
Restriction of use
The right to require us to restrict use of your personal data in certain circumstances, e.g. if you contest the accuracy of the data.
The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations.
To object to use
The right to object:
Not to be subject to decisions without human involvement
The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.
We do not make any such decisions based on data collected by the Services.
For further information on each of those rights, including the circumstances in which they do and do not apply, please contact us (see ‘How to contact us’ below). You may also find it helpful to refer to the guidance from the UK’s Information Commissioner on your rights under the UK GDPR.
- If you would like to exercise any of those rights, please send us an email, call or write to us—see below: ‘How to contact us’. When contacting us please:
provide enough information to identify yourself (e.g., your full name and username) and any additional identity information we may reasonably request from you, and
- let us know which right(s) you want to exercise and the information to which your request relates.
11 How to access and/or update information
11.1 Subject to the UK GDPR, an individual has the right to request from us the personal data that we have about them, and we have an obligation to provide them with such information within 28 days of receiving their written request.
11.2 If an individual cannot update his or her own information, we will correct any errors in the personal data we hold about an individual within 7 days of receiving written notice from them about those errors.
11.3 It is an individual’s responsibility to provide us with accurate and truthful personal data. We cannot be liable for any information that is provided to us that is incorrect.
11.4 We may charge an individual a reasonable fee for our costs incurred in meeting any of their requests to disclose the personal data we hold about them.
12 Complaints and disputes
12.1 If an individual has a complaint about our handling of their personal data, they should address their complaint in writing to the details below.
12.2 If we have a dispute regarding an individual’s personal data, you must first attempt to resolve the issue directly with us.
12.3 If we become aware of any unauthorised access to an individual’s personal data, we will inform them at the earliest practical opportunity once we have established what was accessed and how it was accessed.
13 Contacting individuals
13.1 From time to time, we may send an individual important notices, such as changes to our terms, conditions and policies. Because this information is important to the individual’s interaction with us, they may not opt out of receiving these communications.
14 How to contact us
14.1 All correspondence with regards to privacy should be addressed to:
The Data Protection Officer
You may contact the Data Protection Officer by email in the first instance.
This Cookies Policy (“Cookies Policy”) is provided by Standard Ledger UK Limited (Company Number 14229845) (“Standard Ledger”, “we”, “us” or “our”), for use of our services (“Services”), through our website standardledger.co (“Website”).
For example, we may monitor how many times you use our Services, which parts of the Services you go to, location data. This information helps us to understand use of the Services by our users. Some of this data will be aggregated or statistical, which means that we will not be able to identify you individually.
For further information on cookies generally, including how to control and manage them, visit the guidance on cookies published by the UK Information Commissioner’s Office, www.aboutcookies.org or www.allaboutcookies.org.
We will ask for your consent to place cookies or other similar technologies on your device, except where they are essential for us to provide you with a service that you have requested (e.g. to allow you to remain logged-in to the Services as you navigate within the Services and use the Services functionalities).
The table below provides more information about the cookies we use and why:
4 How to turn off all cookies and consequences of doing so
If you do not want to accept any cookies, you may be able to change your device settings so that cookies (including those which are essential to the services requested) are not accepted. If you do this, please be aware that you may lose some of the functionality of our Services and of other Services you use on your device. For further information about cookies and how to disable them please go to the guidance on cookies published by the UK Information Commissioner’s Office, www.aboutcookies.org or www.allaboutcookies.org.
5 Changes to this policy