Privacy and Cookie Policy
Policy Date: 11 November 2022
Privacy Policy
This Privacy Policy (“Privacy Policy”) is provided by Standard Ledger UK Limited (Company Number 14229845) (“Standard Ledger”, “we”, “us” or “our”) for the use of the offerings and services offered through our website standardledger.co and other sites (standardledger.co) (“Services”).
Privacy statement
Keeping customer information private is a priority for Standard Ledger, its subsidiaries and affiliates. To enable us to provide you with the information on this site, we need to collect certain information from you. However, we want to emphasize that we are committed to maintaining the privacy of this information in accordance with law. This Privacy Policy contains important information on how and why we collect, store, use and share any information relating to you (your “personal data”).
It also explains your rights in relation to your personal data and how to contact us or the relevant regulator in the event you have a complaint. Our collection, storage, use and sharing of your personal data is regulated by law, including under the UK General Data Protection Regulation (“UK GDPR”).
We are the controller of personal data obtained via the Services, meaning we are the organisation legally responsible for deciding how and for what purposes it is used.
Please read this Privacy Policy carefully.
We hope this privacy notice answers any questions you may have regarding our treatment of your personal data and reassures you of our dedication to keeping your personal data secure.
Standard Ledger Privacy Policy
1 Purpose of our policy
1.1 We have adopted this Privacy Policy to ensure that we have standards in place to protect the personal data that we collect about individuals that is necessary and incidental to:
(a) Providing the system and services that Standard Ledger offers; and
(b) The normal day-to-day operations of our business.
1.2 This Privacy Policy follows the data principles set by the UK GDPR and UK Data Protection Act 2018x.
1.3 By publishing this Privacy Policy, we aim to make it easy for our customers and the public to understand what personal data we collect and store, why we do so, how we receive and/or obtain that information, and the rights an individual has with respect to their personal data in our possession.
2 Who and what this policy applies to
2.1 Our Privacy Policy deals with how we handle “personal data” as it is defined under UK GDPR.
2.2 We handle personal data as a controller, in our own right and also for and on behalf of our customers and users.
2.3 Our Privacy Policy does not apply to information we collect about businesses or companies, however it does apply to information about the people in those businesses or companies which we store.
2.4 The Privacy Policy applies to all forms of information, physical and digital, whether collected or stored electronically or in hardcopy.
2.5 If, at any time, an individual provides personal data or other information about someone other than himself or herself, the individual warrants that they have that person’s consent to provide such personal data or information for the purpose specified.
2.6 Our website and services are unavailable to children (persons under the age of 18 years). If an individual is under 18 years of age, they can only use our website and services under the supervision of a parent or guardian.
2.7 By accessing or using standardledger.co and providing personal data, you agree to the terms and conditions of this Privacy Policy and explicitly authorize us, our affiliates and group companies, and third party service providers to process, transfer and share among them your personal data. For privacy information relating to our affiliates or third party service providers, please consult their privacy policies as appropriate.
3 The information we collect
3.1 In the course of business it is necessary for us to collect personal data. This information allows us to identify who an individual is for the purposes of our business, share personal data when asked of us, contact the individual in the ordinary course of business and transact with the individual. Without limitation, the type of information we may collect is:
(a) Personal data. We may collect personal details such as an individual’s name, location, date of birth, nationality, family details and other information defined as “Personal Data” in the UK GDPR that allows us to identify who the individual is;
(b) Contact Information. We may collect information such as an individual’s email address, telephone & fax number, third-party usernames, residential, business and postal address and other information that allows us to contact the individual;
(c) Financial Information. We may collect financial information related to an individual such as any bank or credit card details used to transact with us and other information that allows us to transact with the individual and/or provide them with our services;
(d) Statistical Information. We may collect information about an individual’s online and offline preferences, habits, movements, trends, decisions, associations, memberships, finances, purchases and other information for statistical purposes;
(e) Information an individual sends us. We may collect any personal correspondence that an individual sends us, or that is sent to us by others about the individual’s activities; and
(f) Information regarding your computer, network and browser (including your IP address).
4 How information is collected
4.1 Most information will be collected in association with an individual’s use of standardledger.co, an enquiry about Standard Ledger or generally dealing with us. However, we may also receive personal data from sources such as advertising, an individual’s own promotions, public records, mailing lists, contractors, staff, recruitment agencies and our business partners. In particular, information is likely to be collected as follows:
(a) Registrations/Subscriptions. When an individual registers or subscribes for a service, list, account, connection or other process whereby they enter personal data details in order to receive or access something, including a transaction;
(b) Third Party Services – such as #Facebook Open Graph and Hubspot
(c) Accounts. When an individual submits their details to open an account;
(d) Supply. When an individual supplies us with goods or services;
(e) Contact. When an individual contacts us in any way;
(f) Access. When an individual accesses us physically we may require them to provide us with details for us to permit them such access. When an individual accesses us through the internet we may collect information using cookies (if relevant – an individual can adjust their browser’s setting to accept or reject cookies) or analytical services; and/or
(g) Pixel Tags. Pixel tags enable us to send email messages in a format customers can read and they tell us whether mail has been opened. We use these for Facebook and Google Analytics.
4.2 As there are many circumstances in which we may collect information both electronically and physically, we will endeavour to ensure that an individual is always aware of when their Personal Information is being collected.
4.3 Where we obtain Personal Information without an individual’s knowledge (such as by accidental acquisition from a client) we will either delete/destroy the information, or inform the individual and obtain their consent for holding such information, in accordance with the UK GDPR.
5 When personal data is used and disclosed
5.1 (i) Under data protection law, we can only use your personal data if we have a proper reason, e.g.:
(a) where you have given consent,
(b) to comply with our legal and regulatory obligations,
(c) for the performance of a contract with you or to take steps at your request before entering into a contract, or
(d) for our legitimate interests or those of a third party.
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own. You can obtain details of this assessment by contacting us (see ‘How to contact us’ below).
The table below explains what we use your personal data for and why:
What we use your personal data for | Our reasons |
Create and manage your account with us | To perform our contract with you or to take steps at your request before entering into a contract |
Providing services and/or the functionalities of the Services to you | Depending on the circumstances:
|
To enforce legal rights or defend or undertake legal proceedings | Depending on the circumstances:
|
Communications with you not related to marketing, including about changes to our terms or policies or changes to the Services or service or other important notices | Depending on the circumstances:
|
Protect the security of systems and data | To comply with our legal and regulatory obligations we may also use your personal data to ensure the security of systems and data to a standard that goes beyond our legal obligations, and in those cases our reasons are for our legitimate interests or those of a third party, i.e., to protect systems and data and to prevent and detect criminal activity that could be damaging for you and/or us |
Operational reasons, such as improving efficiency, training, and quality control or to provide support to you | For our legitimate interests or those of a third party, i.e., to be as efficient as we can so we can deliver the best service to you |
Statistical analysis to help us manage our business, e.g., in relation to our performance, customer base, functionalities and offerings or other efficiency measures | For our legitimate interests or those of a third party, i.e. to be as efficient as we can so we can deliver the best service to you and improve and develop our app and introduce improved features |
Updating and enhancing user records | Depending on the circumstances:
|
To share your personal data with members of our group and third parties in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency. In such cases information will be anonymised where possible and only shared where necessary | Depending on the circumstances:
|
To send you marketing and promotional messages and other information that may be of interest to you and for the purpose of direct marketing. In this regard, we may use email, SMS, social media or mail to send you direct marketing communications. You can opt out of receiving marketing materials from us by using the opt-out facility provided (e.g. an unsubscribe link) | For our legitimate interests or those of a third party, i.e., to protect, realise or grow the value in our business and assets, to improve and develop our app and introduce improved features |
To send you administrative messages, emails, reminders, notices, updates, security alerts, and other information requested by you | Depending on the circumstances:
|
5.2 We will retain personal data for as long as you have an active account with us and for a period of up to 6 years thereafter to comply with any accounting or legal obligations including in the event of the pursuit or defence of legal claims. Once you have closed your account with us, we will move your personal data to a separate database so that only key stakeholders in our business on a ‘need to know basis’ have access to such data. Following the end of the of the retention period stated above, we will delete or anonymise your personal data. .
5.3 It may be necessary for us to disclose an individual’s personal data to third parties in a manner compliant with the UK GDPR for the purpose set out in this Privacy Policy.
5.4 We will not disclose or sell an individual’s personal data to unrelated third parties under any circumstances.
5.5 Information is used to enable us to operate our business, especially as it relates to an individual. This may include:
(a) The provision of services between an individual and us;
(b) Verifying an individual’s identity;
(c) Communicating with an individual about:
i Their relationship with us;
ii Our services;
iii Our own marketing and promotions to customers and prospects;
iv Competitions, surveys and questionnaires;
(d) Investigating any complaints about or made by an individual, or if we have reason to suspect that an individual is in breach of any of our terms and conditions or that an individual is or has been otherwise engaged in any unlawful activity; and/or
(e) As required or permitted by any law (including the UK GDPR).
5.6 There are some circumstances in which we must disclose an individual’s information:
(a) Where we reasonably believe that an individual may be engaged in fraudulent, deceptive or unlawful activity that a governmental authority should be made aware of;
(b) As required by any law (including the UK GDPR); and/or
(c) Subject to applicable law, in order to sell our business (in that we may need to transfer personal data to a new owner).
5.7 We are an international accounting firm, and we may disclose and transfer data, including your personal data, relating to you to other Standard Ledger offices (“Affiliates”). All Standard Ledger offices may hold, process, use, and disclose and transfer to other Standard Ledger offices, such personal data for purposes set out in this Privacy Policy.
5.7(i) To provide our services, we may transfer your personal data to a country outside the UK where: the UK government has decided the particular country ensures an adequate level of protection of personal data (known as an ‘adequacy regulation’) further to Article 45 of the UK GDPR; there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for you; or a specific exception applies under relevant data protection law.
(ii) Accordingly, if we were transfer your personal data from the UK to:
- The EEA: we would rely on the adequacy finding granted by the UK to the EU under the Withdrawal Agreement to do; for any transfers from the EU to the UK, we would rely on the adequacy regulation granted to the UK under the Adequacy Decision.
- Any country located outside the UK/EEA: we would rely an appropriate safeguards under the UK GDPR, such as by including the relevant Standard Contractual Clauses in our data processing agreements.
5.8 We routinely share personal data with service providers we use to help us run our business or provide the services or functionalities in the Services, including developers, Google Maps and location functionality and cloud storage providers i.e. Google Cloud by Google, Inc. We exert no control over Google’s data processing and storage terms and conditions, and privacy policy and we therefore recommend that you consult their data processing and storage terms and conditions privacy policy for further information on how Google protect personal data – here and here. These third party service providers are for instance, Google, Inc., and Hubspot and may be used to communicate with an individual and to store contact details about an individual. These service providers are located in the United States of America.
5.9 We, our Affiliates or the third parties mentioned above may occasionally also need to share your personal data with:
- external auditors, e.g. in relation to the audit of our accounts and our company —the recipient of the information will be bound by confidentiality obligations;
- professional advisors (such as lawyers and other advisors)—the recipient of the information will be bound by confidentiality obligations;
- law enforcement agencies, courts or tribunals and regulatory bodies to comply with legal and regulatory obligations;
- other parties in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency—usually, information will be anonymised but this may not always be possible, however, the recipient of the information will be bound by confidentiality obligations.
6 Opting “in” or “out”
6.1 An individual may opt to not have us collect their personal data. This may prevent us from offering them some or all of our services and may terminate their access to some or all of the services they access with or through us. They will be aware of this when:
(a) Opt In. Where relevant, the individual will have the right to choose to have information collected and/or receive information from us; or
(b) Opt Out. Where relevant, the individual will have the right to choose to exclude himself or herself from some or all collection of information and/or receiving information from us.
6.2 If an individual believes that they have received information from us that they did not opt in to receive, they should contact us on the details below.
7 Marketing
7.1 We intended to use email marketing to inform you of our services such as promotions, discounts and new offerings.
7.2 We will always ask you for your consent before sending you marketing communications, except where you have explicitly opted-in to receiving email marketing from us in the past or except where you were given the option to opt-out of email marketing when you initially signed up for your account with us and you did not do so.
7.3 You will have the right to opt out of receiving marketing communications at any time by:
- contacting us at privacy@standardledger.co
- using the ‘unsubscribe’ link included in all marketing emails you may have received from us
7.4 We will always treat your personal data with the utmost respect and never sell or share it with other organisations for marketing purposes.
For more information on your right to object at any time to your personal data being used for marketing purposes, see ‘Your rights’ below.
8 The safety and security of personal data
8.1 Our Data Protection Officer oversees the management of this Privacy Policy and compliance with the UK data protection laws and UK GDPR. This officer may have other duties within our business and also be assisted by internal and external professionals and advisors.
8.2 We will take all reasonable precautions to protect an individual’s personal data from unauthorised access. This includes appropriately securing our physical facilities and electronic networks. We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business or legal need to access it.
8.3 We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so. If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.
8.4 We are not responsible for the privacy or security practices of any third party (including third parties that we are permitted to disclose an individual’s personal data to in accordance with this Privacy Policy or any applicable laws). The collection and use of an individual’s information by such third parties may be subject to separate privacy and security policies.
8.5 If an individual suspects any misuse or loss of, or unauthorised access to, their Personal Information, they should let us know immediately.
8.6 We are not liable for any loss, damage or claim arising out of another person’s use of the Personal Information where we were authorised to provide that person with the Personal Information.
9 Storage of personal data
9.1 All personal information we collect is stored on servers located in [insert] and, for the most part, we do not disclose or transfer personal information overseas.
9.2 However, the cloud service providers we engage to provide us [Google]-based servers may operate overseas disaster recovery sites or have personnel overseas who may access the personal information we hold to assist us in managing our servers.
9.3 Personal data provided to us by post if stored safely in our offices.
9.4 When you communicate with us through a social media service such as Facebook or Twitter, the social media provider and its partners may collect and hold your personal data overseas.
10 Your Rights
10.1 You generally have the following rights, which you can usually exercise free of charge. For more information regarding these rights, please visit the ICO website here.
Access to a copy of your personal data | The right to be provided with a copy of your personal data. |
Correction (also known as rectification) | The right to require us to correct any mistakes in your personal data. |
Erasure (also known as the right to be forgotten) | The right to require us to delete your personal data—in certain situations. |
Restriction of use | The right to require us to restrict use of your personal data in certain circumstances, e.g. if you contest the accuracy of the data. |
Data portability | The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations. |
To object to use | The right to object:
|
Not to be subject to decisions without human involvement | The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you. We do not make any such decisions based on data collected by the Services. |
For further information on each of those rights, including the circumstances in which they do and do not apply, please contact us (see ‘How to contact us’ below). You may also find it helpful to refer to the guidance from the UK’s Information Commissioner on your rights under the UK GDPR.
- If you would like to exercise any of those rights, please send us an email, call or write to us—see below: ‘How to contact us’. When contacting us please:
provide enough information to identify yourself (e.g., your full name and username) and any additional identity information we may reasonably request from you, and - let us know which right(s) you want to exercise and the information to which your request relates.
11 How to access and/or update information
11.1 Subject to the UK GDPR, an individual has the right to request from us the personal data that we have about them, and we have an obligation to provide them with such information within 28 days of receiving their written request.
11.2 If an individual cannot update his or her own information, we will correct any errors in the personal data we hold about an individual within 7 days of receiving written notice from them about those errors.
11.3 It is an individual’s responsibility to provide us with accurate and truthful personal data. We cannot be liable for any information that is provided to us that is incorrect.
11.4 We may charge an individual a reasonable fee for our costs incurred in meeting any of their requests to disclose the personal data we hold about them.
12 Complaints and disputes
12.1 If an individual has a complaint about our handling of their personal data, they should address their complaint in writing to the details below.
12.2 If we have a dispute regarding an individual’s personal data, you must first attempt to resolve the issue directly with us.
12.3 If we become aware of any unauthorised access to an individual’s personal data, we will inform them at the earliest practical opportunity once we have established what was accessed and how it was accessed.
13 Contacting individuals
13.1 From time to time, we may send an individual important notices, such as changes to our terms, conditions and policies. Because this information is important to the individual’s interaction with us, they may not opt out of receiving these communications.
14 How to contact us
14.1 All correspondence with regards to privacy should be addressed to:
The Data Protection Officer
Standard Ledger
mail@standardledger.co
You may contact the Data Protection Officer by email in the first instance.
15 Changes to this Privacy Policy
15.1 If we decide to change this Privacy Policy, we will post the changes on our webpage at www.standardledger.co. Please refer back to this Privacy Policy to review any amendments.
Cookie Policy
This Cookies Policy (“Cookies Policy”) is provided by Standard Ledger UK Limited (Company Number 14229845) (“Standard Ledger”, “we”, “us” or “our”), for use of our services (“Services”), through our website standardledger.co (“Website”).
Please read this Cookies Policy carefully as it contains important information on who we are and how we use cookies on our Services. This Cookies Policy should be read together with our Privacy Policy which set out who we are, how to contact us, what data is collected, how and why we collect, store, use and share personal information generally, as well as your rights in relation to your personal information and details of how to contact us and supervisory authorities if you have a complaint.
1 Cookies
A cookie is a small text file which is placed onto your device (e.g. your smartphone or other electronic device) when you use our Services. When we use cookies on our Services, you will always be informed by a pop-up within the Services.
Cookies help us to recognise you and your device and allow us to store some information about your preferences or past actions, including your location data (for more information, please see our Privacy Policy).
For example, we may monitor how many times you use our Services, which parts of the Services you go to, location data. This information helps us to understand use of the Services by our users. Some of this data will be aggregated or statistical, which means that we will not be able to identify you individually.
For further information on our use of cookies, including a detailed list of your information which we and others may collect through cookies, please see below.
For further information on cookies generally, including how to control and manage them, visit the guidance on cookies published by the UK Information Commissioner’s Office, www.aboutcookies.org or www.allaboutcookies.org.
2 Consent to use cookies and changing settings
We will ask for your consent to place cookies or other similar technologies on your device, except where they are essential for us to provide you with a service that you have requested (e.g. to allow you to remain logged-in to the Services as you navigate within the Services and use the Services functionalities).
You can withdraw any consent to the use of cookies or manage any other cookie preferences by using the tool made available to you within the Services itself. You can then adjust sliders or untick boxes as appropriate to reflect your choice. It may be necessary to refresh or restart the Services for the updated settings to take effect.
3 Our use of cookies
The table below provides more information about the cookies we use and why:
4 How to turn off all cookies and consequences of doing so
If you do not want to accept any cookies, you may be able to change your device settings so that cookies (including those which are essential to the services requested) are not accepted. If you do this, please be aware that you may lose some of the functionality of our Services and of other Services you use on your device. For further information about cookies and how to disable them please go to the guidance on cookies published by the UK Information Commissioner’s Office, www.aboutcookies.org or www.allaboutcookies.org.
5 Changes to this policy
This Cookie Policy was published on 11 November 2022 and last updated on 11 November 2022. We may change this Cookie Policy from time to time, when we do we will inform you via the Services or by sending an email to the email address you provided when you signed up to the Services.
