- PURPOSE OF OUR POLICY
1.1. Divido Financial Services Limited (Company number 09259397) (Divido, we, us or our) provides the Divido website (www.divido.com). We also provide an online lending platform service to merchants and lenders
1.2. For the purposes of the General Data Protection Regulation 2016 (GDPR), the Data Protection Act 2018 (DPA) and any associated data protection legislation, we act as a data processor on behalf of merchants and lenders who use our service. This means that, if you make a purchase from a merchant and receive finance for it from a lender through the Divido lending platform, the merchant and the lender will be primarily responsible for ensuring your personal data is handled correctly. The merchant's and the lender's respective privacy policies will apply to the processing of personal data for these purposes and you should make sure that you read those privacy policies carefully.
1.3. We are the data controller in respect of any information collected through our website and information that you provide directly to us when using our support services.
1.4. By publishing this policy, we aim to make it easy for you to understand what data we collect and store, why we do so, how we receive and/or obtain that information, and the rights an individual has with respect to their data in our possession.
- WHO AND WHAT THIS POLICY APPLIES TO
2.1. Our policy does not apply to information we collect about businesses or companies, however it does apply to personal data that we hold about the people within those businesses or companies.
2.2. The policy applies to all forms of information, physical and digital, whether collected or stored electronically or in hard copy.
- THE DATA WE COLLECT
3.1. We collect the following personal data:
3.1.1. Your email address, telephone number and any personal data in your message, if you fill in our contact form on our website.
3.1.2. Any other personal data that you voluntarily provide about yourself when you request for our support services or otherwise communicate with us via telephone, email, chat, post or social media (including where you post publicly about, or to, Divido) or in relation to a competition, survey or questionnaire.
- THE PURPOSES FOR WHICH WE USE DATA
4.1. We use your personal data for the following purposes, to the extent that they are relevant to our relationship with you:
4.1.1. to book a demo if you request one through our website;
4.1.2. to on-board your business as a client;
4.1.3. to manage our relationship with you and your business;
4.1.4. to send you marketing communications if you have consented to receive these;
4.1.5. to collate and assess responses to competitions, surveys and questionnaires that you have responded to;
4.1.6. to respond to any correspondence that you send to us via telephone, email, chat, post or social media, including to address any customer service requests you make via public social media posts;
4.1.7. to monitor and influence public opinion of Divido (for example, by responding to Tweets about our customer service); and
4.1.8. to provide support to you if you request support through our phone, email or chat based support service.
4.2. We process your personal data for the purposes above on the basis that it is in our legitimate interests to do so. The legitimate interests that we rely on for these purposes are as follows:
4.2.1. our interests in promoting, running and managing our business and our relationships; and
4.2.2. our interests in fulfilling our contractual obligations to our lenders to provide support directly to end customers and business users via our customer support platforms.
- WHEN DATA IS DISCLOSED
5.1.1 We use third party service providers who have access to your personal data in order for us to be able to collect and use your personal data for the purposes set out in this policy. These include our website developer, our CRM system provider, our cloud storage provider and the supplier who provides our chat communications service for customer support.
5.2. We will not sell an individual’s data to unrelated third parties.
5.3. There are some circumstances in which we must disclose an individual’s information, for example:
5.3.1. where we reasonably believe that an individual may be engaged in fraudulent, deceptive or unlawful activity
5.3.2. that a governmental authority should be made aware of;
5.3.3. as required by any law (including the GDPR) or under any court orders;
5.3.4. as required by UK and overseas regulators and authorities in connection with their duties; and/or fraud prevention agencies.
5.4. If we are involved in a merger, asset sale, financing, liquidation or bankruptcy, or acquisition of all or some portion of the business to another company, we may share information with that company before and after the transaction closes.
- HOW AND WHERE DATA IS STORED
6.1. The data that we collect from you will be stored in the European Economic Area (EEA). Our third party suppliers sometimes transfer your personal data to a destination outside the EEA. Where this is the case, we make sure that there are appropriate controls for protection of personal data at least equivalent to those required by the GDPR. We do this by either:
6.1.1. ensuring that the recipient is in a country which has been designated by the European Commission as having adequate data protection laws in place;
6.1.2. ensuring that the recipient has signed standard contractual clauses, which the European Commission has approved as providing adequate protection for personal data; and/or
6.1.3. for transfers to the USA, ensuring that the recipient is certified with the EU/US "Privacy Shield" framework, which means that the recipient complies with certain principles to protect personal data.
- HOW LONG DATA IS RETAINED FOR
7.1. We will retain data for the period necessary to fulfil the purposes outlined in this policy unless a longer retention period is required or permitted by law.
7.2. In order to determine appropriate retention periods for your personal data, we take into account the following:
7.2.1. the purposes for which we process your personal data;
7.2.2. the amount, nature and sensitivity of the personal data and the potential risk of harm from unauthorised use or disclosure of personal data;
7.2.3. applicable legal, regulatory, tax, accounting or other requirements;
7.2.4. our own internal audit and record-keeping requirements; and
7.2.5. whether your personal data is likely to be needed in the future to deal with any claims or complaints.
- COLLECTION OF DATA
9.1. Most of the personal data we collect is provided voluntarily by you. If you do not want us to collect and process your personal data, we will not be able to communicate with you.
9.2. If you have opted in to receive marketing from us, you have the right to opt out at any time by clicking the "unsubscribe" link in any marketing communication. If you believe that you have received marketing from us that you did not consent to receive, you should contact us using the details below.
- THE SAFETY & SECURITY OF DATA
10.1. We will take all reasonable precautions to protect your personal data from unauthorised access. This includes appropriately securing our physical facilities and implementing appropriate technical security measures to protect our digital networks and online platform.
10.2. The security of communications sent by electronic means or by post cannot be guaranteed. Each individual that provides information to us via the internet or by post does so at their own risk. We cannot accept responsibility for misuse or loss of, or unauthorised access to, data where the security of information is not within our control.
10.3. If you suspect any misuse or loss of, or unauthorised access to, your data, you should let us know immediately using the contact details below.
- HOW TO EXERCISE YOUR RIGHTS
11.1. The GDPR gives you certain rights in relation to the personal data that we hold about you, including:
11.1.1. a right to access your personal data;
11.1.2. a right to require us to correct any mistakes in your personal data;
11.1.3. a right to require the erasure of personal data concerning you in certain situations;
11.1.4. a right to object to the processing of your personal data;
11.1.5. a right to restrict our processing of your personal data in certain circumstances; and
11.1.6. a right to claim compensation for damages caused by our breach of any data protection laws.
11.2. You can exercise these rights by contacting the Divido Data Protection Officer via firstname.lastname@example.org.
- COMPLAINTS AND DISPUTES
12.1. If you have an objection or complaint about our handling of your data, you should address your complaint in writing to the details below.
12.2. You have the right to lodge a complaint with a supervisory authority if you consider that the processing of your data infringes the GDPR or the DPA. In the case of the UK, this is the Information Commissioner's Office (ico.org.uk)
- CHANGES TO THIS POLICY
13.1. We may make changes to this policy from time to time and post the updated version on our website.
- CONTACTING US
14.1. All correspondence relating to privacy should be addressed to (by email where possible) - email@example.com - and otherwise to: The Data Protection Officer, Divido Financial Services Limited, Office 7, 35-37 Ludgate Hill, London, EC4M 7JN, United Kingdom.
Last updated: 16 April 2019