Cheddar Privacy Policy

Last updated: 7th January 2022

At Cheddar we take your privacy seriously. Please read this privacy policy carefully as it contains important information on who we are and how and why we collect, store, use and share your personal information. It also explains your rights in relation to your personal information and how to contact us, or supervisory authorities, in the event you have a complaint.

Our Privacy Policy explains:

Who we are
Scope
Information we collect from you and use of your personal information
Transferring your personal information out of the UK and EEA
How long we retain your information
Cookies and other similar technologies
Marketing
Your rights
Keeping your personal information secure
Deactivating your account
How to complain
Changes to this privacy policy

Who we are

This platform is operated by Cheddar Payments Limited (“we”, “us”, “our” or “Cheddar”).

We collect, use and are responsible for certain personal information about you as a “data controller” and when we do so we are responsible for that personal information for the purposes of applicable data protection laws.

Contacting us

Please contact us if you have any questions about this privacy policy or the information we hold about you, using the following contact details:

Email: data_protection@cheddar.me
Postal address: Cheddar, Soho Works, 2 Television Centre, 101 Wood Lane, London, W12 7FR
Telephone: +44203 389 8703

Scope

Cheddar offers the ability to make, accept, request or record payments between individuals. The additional Cheddar Terms of Service (Terms of Service) set the terms under which we supply the Services to you. Cheddar will collect, use, disclose, retain or otherwise process your information as described in this policy when you apply or sign up for and use a Cheddar account.

Information we collect from you and use of your personal information

Personal information we collect about you

We collect personal information about you when you access our App or website, register with us, use our services (either via our App or website), contact us, send us feedback or complete customer surveys.

We collect this personal information from you either directly, such as when you register with us and use our services, or indirectly, such as your browsing activity while on our App and website (see “Cookies” below).

We also collect personal information about you from other sources as follows:

1. directly from third parties such as:
a. our merchant customers;
b. third parties that we engage to monitor visits to our website;
c. identity verification and anti-money laundering check providers; and
d. our data service providers
2. from third parties when you have authorised this, such as
a. your banks or building societies; and
b. from publicly available sources, such as Companies House.


The personal information we collect about you depends on the purpose for which you engage with us. This information includes the following:

Identity Data - full name, title, date of birth and gender.
Contact Data - address, email address and telephone numbers.
Financial Data - bank account details.
Transaction Data - details about payments to and from you
Balance Data - details about your balance
Technical Data – mobile device ID, internet protocol(IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our App or website
Profile Data - your username and password, your interests, preferences and cheddartag
Usage Data - information about how you use our App, website and services, including survey responses.
Marketing and Communications Data - your preferences in receiving marketing from us and our marketing partners and your communication preferences.
Contacts Information -. In order to provide you with the Cheddar Service, we will also need to collect information from you about the intended recipient of the payment or payment request you instruct us to make. We will therefore ask you to provide contact details of your intended recipient. You can do this by: (a) manually entering a phone number or email address into the cheddar App; or, (b) as described below (under Information You Provide to Enhance Your Experience), you can choose to give us access to your phone contacts to facilitate the entry of recipient information. You can update your settings to stop sharing your phone contacts with us at any time, although we will always need a recipient’s phone number, email address or cheddartag to send money to them as requested by you.

This personal information is required to provide our services to you. If you do not provide personal information we ask for, it may delay or prevent us from providing services to you.
In addition, we do not envisage that we will collect or process any special categories of personal data about you.

Information You Provide to Enhance Your Experience

You can choose to provide us with additional information in order to obtain a better user experience when using our Services. This additional information will be processed with your consent:

Contacts Information - We collect the telephone numbers of all your phone contacts if you choose to give us access to your phone contacts. You can update your settings to share your phone contacts with us at any time although we will always need a recipient’s phone or email address to send money to them as requested by you.

Social Media Information - Any social media account details you give us express permission to collect, if you choose to share such information.

Other Information You Provide - We collect information that you voluntarily provide to us, including your photograph, if you choose to upload a picture to the Services; survey responses; participation in contests, or other marketing lead forms or devices; suggestions for improvements; referrals; or any other actions performed on the Services.

How and why we use your personal information

We collect and can use information about you when you request to engage with our Services. For example, we need some of the information we collect from you to deliver the Services to you, sometimes we are required by law and regulations to collect and process this information about you, at other times, we consider it is in our legitimate business interests to collect and process this information, taking into consideration your privacy right. Under data protection law, we can only use your personal information if we have a legal basis for doing so. For example:

Consent: where you have given us clear consent for us to process your personal information for a specific purpose
Contract: where our use of your personal information is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract
Legal obligation: where our use of your personal information is necessary for us to comply with the law (not including contractual obligations)
Legitimate interests: where our use of your personal information is necessary for our legitimate interests or the legitimate interests of a third party (unless there is a good reason to protect your personal information which overrides our legitimate interests)

We use information about you in the following ways:

Providing, Improving and Developing our Services

Determining whether the Services are available in your country. We process Location Information where you have requested use of the Services, but before you agree to the Terms of Service we have to verify if we are able to process your request. Without this information, we cannot confirm whether we are able to offer the Services to you under the Terms of Service.

Processing or recording payment transactions or money transfers (as both the recipient or instigator of the payment). We need this information in order to fulfill our obligations arising out of the Terms of Service entered into between you and us. Without this information we would not be able to provide the Services requested by you. Information required for these reasons include:
● Identification Information;
● Cheddar account Information;
● Transaction Information; and
● Contact Information.

Providing you with the Cheddar product and features you choose to use. You have the choice to use certain features of the Services, for example, linking multiple bank  accounts, or providing a profile photo.

If you choose to use these features of the product we will need to collect associated information from you either with your consent, for compliance with the law, or where it is in our legitimate business interests to further process your information as described above. You can update your choice to share this information with us at any time.

Displaying balance and historical transaction information. As set out in our Terms of Service, we may provide information regarding your balance and transaction history. We therefore need to collect and process this information to satisfy our obligations under these terms.

Connecting you with people you already know. For example, you can choose to upload contact information from your device’s address book through the Cheddar App. With your consent, we will match the contact information you choose to upload this way to the information provided by other users of Cheddar App in order to provide and improve the Services, including making it easier to find contacts to whom you may send or request payments. We may also make certain information available to other Cheddar App customers to help them know they’re making a payment to the right person, such as when you joined Cheddar App, your cheddartag, your legal name and whether you appear in their contacts.

Providing, maintaining and improving our Services. It is in our legitimate business interests to continue to maintain our product and service offering to individuals in order to keep running our business

Developing new products and services. It is in our legitimate business interests to continue to improve our product and service offering to individuals in order to develop and grow our business.

Delivering the information and support you request through the use of our Services. This includes push-notification messages, technical notices, security alerts and support and administrative messages including to resolve disputes, collect fees and provide assistance for problems with our Services or your Cheddar account.

We may need to communicate with you in our legitimate business interests, or to fulfil our own obligations or meet your requests that arise from the Terms of Service between you and us and we need your Identification Information in order to deliver this information to you. If you do not provide this information, we will not be able to fulfil our obligations or meet your requests under the Terms of Service.

Improving, personalising and facilitating your use of our Services. For example, when you sign up for a Cheddar account, we can associate certain information with your new account, such as information about other Cheddar accounts you had or currently have, and prior transactions you made using our Services. We do this in order to ensure in our legitimate interests that content from our Services is presented in the most effective manner for you.

Measuring, tracking and analysing trends and usage in connection with your use or the performance of our Services. We want to understand how current products and services are used in order to develop and enhance our products in our legitimate interests. In order to ensure that our legitimate business interests of striving to deliver a consistent, secure and continuous service are met, we need to carry out certain analytics on the performance of our Services.

Communicating with You About our Services

● Sending you promotional information we think you may find useful or which you have requested from us about our products and services, including future marketing of our Services.

● We will only send you push notifications regarding promotional information where we have your consent to do so, by selecting your choice in the Notifications section of the App. Please see Your Rights section for further information.

● Conducting surveys and collecting feedback about our Services.

● We do this to pursue our legitimate interests to understand if the Services are helpful to you and to evaluate the effectiveness of any updates we provide.

Protecting our Services and Maintaining a Trusted Environment

● Investigating, detecting, and preventing fraud, security breaches, other potentially prohibited or illegal activities, or to otherwise help protect your account, including to dispute chargebacks on your behalf.

● We do this as we are required by law to ensure effective fraud prevention processes are in place. We also do this to prevent out Services being misused for fraudulent activities which is in our legitimate interests as a provider of the Services and other payment processing services.

● Protecting our customers’ rights or property, or the security or integrity of our Services.

● Enforcing our Terms of Service or other applicable agreements or policies.

This is necessary in order to fulfil the obligations between you and us under the Terms of Service.

● Verifying your identity (e.g., through government-issued identification numbers).

We need to verify your identity to comply with our contractual obligations, applicable law, and / or for our legitimate interest in protecting the security and integrity of our Services and your account.

● Complying with any applicable laws or regulations, or in response to lawful requests for information from the government or through legal process.

● Fulfilling any other purpose disclosed to you in connection with our Services.

● Contacting you to resolve disputes, collect fees and provide assistance with our Services.

We process this information given our legitimate interest to provide you with our Services, to measure the adequate performance of our contract with you and to comply with applicable laws.

Advertising and Marketing

● Marketing of our Services.

● Communicating with you about opportunities, products, services, contests, promotions, discounts, incentives, surveys and rewards offered by us and select partners.

If we send you marketing emails, each email will contain instructions permitting you to “opt out” of receiving future marketing or other communications. We will only process your information for these purposes where we have your consent to do so.

Other Uses

● For any other purpose disclosed to you in connection with our Services from time to time.

If we intend to process your personal data for a purpose other than that set out above, we will provide you with information prior to such processing, and will obtain your consent where necessary.

Some of our processes for how we use your information may involve automated processing and automated decisions. We need to do this to meet our own contractual obligations, to comply with applicable law and as it is in our legitimate business interests to carry out such checks for fraud prevention purposes or where we are under a legal or regulatory obligation to do so (or we believe we are required to do so under such legal or regulatory obligation). For example:

Identity verification processing. We use third party identification verification services or data to automatically verify your identity, so we know you are who you say you are. We set out more information on this above and how this affects you. If we cannot identify you, we may not be able to provide the Services to you. This identity verification check will be based on the information you provide to us and the results we get for the third party verification services (which is limited to the result of the check).

Fraud and crime prevention processing. We have developed processes, for the purposes set out above, to check that our Services are not being used for fraudulent purposes. We will consider information you provide to access our Services, information you provide to enhance your experience, information we automatically collect from your use of our Services and information we collect from other sources. We regularly check that our processes are up to date and implemented robustly and fairly to ensure that we can deliver the Services to you and that they are safe to use. If we feel that our fraud and crime prevention processing detects activities or use of our Services which could be used for fraudulent or criminal activities, we may not be able to provide the Services to you.

Product development and creation. We can process the information you provide to us, the information we collect from your use of our Services and the information we obtain from third parties automatically to improve our product and develop new products. The information we use will help us to understand what is important to our users, and how we can create better products and services.

Product marketing. With your consent, we can process the information you provide to us, the information we collect from your use of our Services and the information we obtain from third parties automatically to market new products to you by delivering notifications in our applications or on our websites.

Who we share your personal information with

We routinely share personal information with:

1. Our group companies, including:
a. our parent company, Cheddar Payments B.V.; and
b. other affiliates, for the purposes outlined above, and as it is necessary to provide our Services to you and fulfill our obligations in our Terms of service.

2. third parties we use to help deliver our services to you, such as:
a. identity verification and anti-money laundering check providers;and
b. your banks or building societies, with which you hold accounts that you have authorised us to aggregate via our services.

3. other third parties we use to help us run our business, such as:
a. our CRM provider;
b. marketing agencies; and
c. App and website hosting providers.

We only allow our service providers to handle your personal information if we are satisfied they take appropriate measures to protect your personal information. We also impose contractual obligations on service providers to ensure they can only use your personal information to provide services to us and to you.

We may also share personal information with external auditors, e.g. in relation to the audit of our accounts.

We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.

We may also need to share some personal information with other parties, such as potential buyers of some or all of our business or during a restructuring. Usually, information will be anonymised but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.

We may also share aggregated information with third parties that does not specifically identify you or any individual user of our Services.

Transferring your personal information out of the UK and EEA

To deliver services to you, it is may sometimes be necessary for us to share your personal information outside the UK and/or EuropeanEconomic Area (EEA), however we do not envisage that we will need to do so as all of our third parties hold our data within either the UK or EEA.

That said, if we are ever required to transfer your personal data outside of the UK or EEA we will always ensure the transfer complies with data protection law and all personal information will be secure.

If you would like further information please contact us (see the contact details at the start of this policy).

HOW LONG WE RETAIN YOUR INFORMATION

We generally retain your information only as long as reasonably necessary to provide you the Services or to comply with applicable law. However, even after you deactivate your Cheddar account (see below for more information), we can retain copies of information about you and any transactions or Services in which you may have participated for a period of time that is consistent with applicable law, applicable statute of limitations or as we believe is reasonably necessary to comply with applicable law, regulation, legal process, or governmental request, to detect or prevent fraud, to collect fees owed, to resolve disputes, to address problems with our Services, to assist with investigations, to enforce our General Terms or other applicable agreements or policies, or to take any other actions consistent with applicable law.

COOKIES AND OTHER SIMILAR TECHNOLOGIES

We use various technologies to collect information when you access or use our Services, including placing a piece of data, commonly referred to as a “cookie,” or similar technology on your device and using web beacons.

Cookies are small data files that are stored on your hard drive or in your device memory when you visit a website or view a message. Among other things, cookies support the integrity of our registration process, retain your preferences and account settings, and help evaluate and compile aggregated statistics about user activity.

We will begin collecting information about you or from activity on devices you use as soon as you use our Services. By using our Services, you permit us to collect and use your information from activity on devices you use in accordance with this Privacy Policy. For more information and to learn how to block or delete cookies used in the Services, please see below.

Certain cookies we use last only for the duration of your web or application session and expire when you close your browser or exit the application. Other cookies are used to remember you when you return to use the Services and, as such, will last longer.

We use cookies to:

● Remember that you have visited us or used the Services before. This means we can identify the number of unique visitors we receive, which allows us to make sure we have enough capacity to accommodate all of our users.

● Customise elements of the promotional layout and/or content of our Services.

● Collect data about the way you interact with our Services (e.g., when you use certain features or upload attachments).

● Collect anonymous statistical information about how you use the Services (including the length of your application session) and the location from which you access the Services, so that we can improve the Services and learn which elements and functions of the Services are most popular with our users.

Some of the cookies used in the Services are set by us, and others are set by third parties who deliver services on our behalf.

Most web and mobile device browsers are set to automatically accept cookies by default. However, you can change your browser settings to prevent automatic acceptance of cookies, or to notify you each time a cookie is set.

You also can learn more about cookies by visiting http://www.allaboutcookies.org, which includes additional useful information on cookies and how to block cookies on different types of browsers and mobile devices. Please note, however, that by blocking or deleting cookies used in the Services, you may not be able to take full advantage of the Services.

Type of Cookies

Essential Cookies -
Essential cookies are cookies that enable you to navigate and use all the features in the Services provided by us. For example, without these, you would not be able to navigate between pages on the website.

Functionality Cookies - These cookies enable us to remember you have used our Services before, preferences you may have indicated and information you have provided to us to give you a customised experience. For example, this would include ensuring the continuity of your registration process.

Performance and Analytical Cookies - This information is used to make sure our Services can cope with the volume of users, to help us correct errors in the Services and to measure use across our Services. These cookies help us understand if you have used our Services before so we can identify the number of unique users we receive. They also help us understand how long you spend using our Services and from where you have accessed the Services, so that we can improve the Services and learn about the most popular aspects of the Services. We use third parties, for example, Google Analytics, to analyse statistical information from users of the Site. We might be able to associate such information with other information which we collect from you once we receive it from a third party.

Retargeting or advertising Cookies - These cookies collect information about the pages you visit and also other information about other websites you visit. This information is only collected by reference to the cookie identifier that you are using. For more information visit http://www.youronlinechoices.com/uk/

We also may collect information using web beacons. Web beacons are electronic images that may be used in our Services or emails. We use web beacons to deliver cookies, track the number of visits to our website, understand usage and campaign effectiveness and determine whether an email has been opened and acted upon.

Third-Party Advertising and Analytics

We can use third-party service providers to provide site metrics and other analytics services. These third parties can use cookies, web beacons and other technologies to collect information, such as your IP address, identifiers associated with your device, other applications on your device, the browsers you use to access our Services, webpages viewed, time spent on webpages, links clicked and conversion information (e.g., transactions entered into). This information can be used by Cheddar and third-party service providers on behalf of Cheddar to analyse and track usage of our Services, determine the popularity of certain content, and better understand how you use our Services. The third-party service providers that we engage are bound by confidentiality obligations and other restrictions with respect to their use and collection of your information.

This Privacy Policy does not apply to, and we are not responsible for, third-party cookies, web beacons, or other tracking technologies, which are covered by such third parties’ privacy policies. For more information, we encourage you to check the privacy policies of these third parties to learn about their privacy practices. For more information about targeted advertising specifically, please visit http://www.aboutads.info/choices.

Examples of our third-party service providers to help deliver our Services or to connect to our Services include:

Google:

We use Google Analytics to understand how our Services perform and how you use them. To understand more about Google Analytics and update your preferences in relation to Google’s analytics tools please see here
https://support.google.com/analytics/answer/6004245?hl=en-GB

and to opt out of Google Analytics please click here

https://tools.google.com/dlpage/gaoptout

To learn more about how Google processes your data, please visit https://www.google.com/policies/privacy/

Facebook:

We use Facebook Pixel to improve our retargeting and marketing. To learn more about how Facebook uses your data please visit https://en-gb.facebook.com/help/325807937506242/ or log on to you Facebook account and access your settings.

To understand more about Facebook advertising please see here https://www.facebook.com/about/ads.

BugSnag and Crashlytics:

We use Bugsnag and Crashlytics monitoring apps to monitor errors that impact customers and report diagnostic data to us so we can improve our Service and help to make sure they work when you need to use them.

Please visit https://docs.bugsnag.com/legal/privacy-policy/ to learn more about how Bugsnag processes your data and https://fabric.io/terms to learn more about how Crashlytics processes your data.

These third party service providers make use of cookies to implement their services.

Marketing

We may use your personal information to send you updates (by email, text message, telephone or post) about our services, including exclusive offers, promotions or new services. Where we have your consent or it is in our legitimate interests to do so, we may do this by post, email, telephone, text message (SMS) or automated call.

We will help third party merchants to deliver relevant advertising content to you where you have agreed to receive this, however we will always treat your personal information with the utmost respect and never sell or share it with other organisations for marketing purposes.

If you have given your consent to receive marketing communications, or it is in our legitimate interests to send them because you are not a consumer or you are a consumer that has previously purchased similar services from us, you always have the right to opt out of receiving further promotional communications by:

contacting us at support@cheddar.me; or
updating your marketing preferences in the app; or
using the ‘unsubscribe’ link in emails.

We may ask you to confirm or update your marketing preferences if there are changes in the law, regulation, or the structure of our business.

Please note that we may also send you other communications in relation to your use of the services or in order to respond to queries you have raised, such communications are service communications and are not a form of marketing.

Your rights

You have the following rights, which you can exercise free of charge:

Access - The right to be provided with a copy of your personal information (the right of access)

Rectification - The right to require us to correct any mistakes in your personal information

To be forgotten - The right to require us to delete your personal information—in certain situations

Restriction of processing - The right to require us to restrict processing of your personal information—in certain circumstances, e.g. if you contest the accuracy of the data

Data portability - The right to receive the personal information you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations

To object - The right to object:—at any time to your personal information being processed for direct marketing (including profiling);—in certain other situations to our continued processing of your personal information, e.g. processing carried out for the purpose of our legitimate interests.

Not to be subject to automated individual decision making
- The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you

For further information on each of those rights, including the circumstances in which they apply, please contact us or see the guidance provided by the UK Information Commissioner’sOffice (ICO) on individuals’ rights.

If you would like to exercise any of those rights, please:

● email, call or write to us — see contact details at the start of this policy;
● let us have enough information to identify you e.g. your full name, email address and account information;
● let us have proof of your identity (i.e a copy of your driving licence or passport); and
● let us know what right you want to exercise and the information to which your request relates.

Keeping your personal information secure

We have appropriate security measures to prevent personal information from being accidentally lost, or used or accessed unlawfully. We limit access to your personal information to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

All data that we receive from your banks or building societies will be stored in encrypted databases using encrypted tokens.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Deactivating Your Account

If you wish to deactivate your Cheddar account, you can do so at any time by logging into your Cheddar account on the app and visiting the support section.

If you would like to have your account closed permanently, please contact us at cheddar.me/support.

How to complain

We hope that we can resolve any queries or concerns you may raise about our use of your personal information.

Applicable data protection laws also give you the right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at

https://ico.org.uk/make-a-complaint/your-personal-information-concerns/

or telephone: + 44 303 1231113.

Changes to this privacy policy

We change this Privacy Policy from time to time by posting a revised version and updating the “Effective Date” above. The revised version will be effective at the time we post it. We will provide you with reasonable prior notice of substantial changes in how we use your information, including by email, if you have provided an email address. If you disagree with these changes, you can cancel your account at any time. Your continued use of our Services constitutes your consent to any amendment of this Privacy Policy.