Privacy policy

Privacy at Incard

Hi, we are Incard, a financial hub for digital entrepreneurs. We are a technology company and we provide a platform through which customers may access a variety of financial products and services offered by our partners, licensed issuers and us. We want to build a long-lasting relationship based on trust with you, so we have prepared a clear and transparent document about how we use your personal information.

Your privacy is important to us, your personal data belongs to you and you have the right to understand and control how it’s used.

We are committed to protecting and respecting your privacy.

We will:

always keep your information safe and private;
never sell your information; and
allow you to manage and review marketing choices at any time.

If you have any queries about this Privacy Policy or how we may collect, store or use your data, please contact us by email at dpo@incard.co.

‍

Who we are

Incard is your Data Controller

Incard is the Data Controller of your data, which means we’re responsible for your personal data processed in relation to your use of the products and services accessible via the Incard Platform.

Incard is a group made up of different companies:

If your company is registered in the UK or you operate as a sole-trader business in the UK, you will be dealing with INCARD LTD;
If your company is registered in one of the EEA member countries or you operate as a sole-trader business in one of the EEA countries you will be dealing with INCARD EUROPE LIMITED.

When you visit our website www.incard.co and/or receive services via the Incard Platform we collect, process, use and are responsible for certain personal data about you.

When we do so,

INCARD LTD is regulated under the applicable laws on the protection of personal data, privacy and electronic communications, including but not limited to The Data Protection Act 2018 (the “DPA 2018”, the United Kingdom General Data Protection Regulation (the “UK GDPR”) and The Privacy and Electronic Communications Regulations (“PECR”).
INCARD EUROPE LIMITED is regulated under the requirements of any applicable laws and legal acts of the Personal Data protection on the level of country where we operate as well as the General Data Protection Regulation of 27 April 2016 (“EU GDPR”).

For the purposes of these laws we are responsible as a ‘Data Controller’ for the processing of your personal data.

When using some of our services and products, like the Visa Card, Incard is an independent Data Controller and our Card Issuer is also an Independent Data Controller which means we process personal data solely for the purposes of providing you with the Incard Card issued by Transact Payments Limited or Transact Payments Malta Limited.

‍

Incard is also your Data Processor in some cases

When using some of our services and products, like the Visa Card, Incard is a ‘Data Processor’ and our Card Issuer is a ‘Data Controller’ which means we process personal data solely for the purposes of providing you with the Incard Card issued by Transact Payments Limited.

Also when we process personal data you provide to us that is related to other individuals (such as your employees or customers), we may be acting as a Data Processor. In this case Incard is a ‘Data Processor’ and you are a ‘Data Controller’, which means we process personal data solely for the purposes of providing you with our Incard Products and Services and based on your instructions.

In particular, when you engage with Incard Products and Services, or those of our partners, Incard will likely be acting as a Data Processor of that data.

Your personal data held in our database will be stored on the servers of our hosting service providers and the hosting services providers of our services providers. Incard Ltd is managing the hosting environment for incard iOS App and incard Web App and is hence a processor of the organisation which uses incard products.

Incard engaged Amazon Web Services Inc. as sub-processor in order to provide certain cloud services. Its servers are located in eu-west-2, Europe (London).

‍

What personal information we collect and how we use it

The types of personal data we collect may vary from person to person. It depends on the relationship we have with you, whether you are simply visiting our site or have an account with us and are using all of our features.

‍

1. For visitors to our Website

What personal information we collect about you

To improve and grow our business, including our website, and to understand our customer’s needs, desires and requirements, we or the third party on our behalf will collect the following information about you:

your first and last name;
your company and/or personal email address;
your company name;
general information about your interest in our products;
information provided when you correspond with us;
any updates to information provided to us;
personal information we collect about you or that we obtain from our third party sources.

‍

How we use your personal information

We use the data collected from you to understand how customers and visitors to our website use the website and interact with it via data analysis.

‍

A word about cookies

We may also receive Website, Device and Technical Information automatically from technologies such as cookies that are installed on our website. The information created and recorded automatically when you visit our Website (please refer to the definition of Automated decision making and the Cookie Policy).

‍

2. For customers and users of our Service

What personal information we collect about you

To open and operate your incard account, we, or third parties on our behalf, may collect and use any of the following:

Customer identity information: first and last name, username or similar identifier, title, date of birth, nationality, citizenship, name of the document, issuing country, number, expiration date, personal identification code, gender and identity verification data (selfie taken during the verification process);
Customer contact information: company and/or personal email address, telephone number, company name, company’s industry, trade details, billing address, document type (e.g. utility bill);
Personal information provided by the Customer: e.g. data from communications with us, feedback data, contact details provided to us;
Customer publicly available relevant data: e.g. information about being a politically exposed person (PEP) and checks in public sanction lists;
Customer account information: username, password, passcode;
Customer payment information: payer name, date of birth, address, banking and identity document details for transactions performed, beneficiary name, date of birth, address, banking and identity document details for transactions performed, reason for the payment;
Customer Card information: masked PAN, expiration date, CVC/CVV, PIN, card balance;
Customer marketing information: general information about interest in our products and services, information provided when corresponding with us, any updates to information provided to us;
Customer Website, Device and Technical Information (device signature): including but not limited to information about the date, time and activity in incard platform, IP address and domain name, software and hardware attributes as well as general geographic location (e.g. city, state, country);
Personal information provided by natural persons who have participated in our product and market research initiatives;
Evidence and records of legal basis (including consents), for example in cases where we are required or have elected to obtain a consent or a written release or another legal basis prior to Processing certain Personal Data;

‍

How we use your personal information

We collect your personal information to:

To register you as a customer and complete our due diligence in accordance with regulatory requirements;
To manage our contract with you and to notify you of any changes;
To comply with audit and accounting matters;
For record keeping, in accordance with regulatory requirements;
To improve the platform and the services that we supply;
To recommend and send communications to you about services, and/or digital content that you may be interested in. More details about marketing are set out in the Schedule 1.

‍

Source of personal information

We collect personal data from you when you:

Fill in any forms, such as customer onboarding web app;
Correspond with us;
Open and use the incard app;
Open an account or use any of our services;
Take part in online discussions, surveys or promotions;
Speak with a member of our customer support team (either on the phone, through the website or through the app); or
Contact us for other reasons.

We also collect personal data from a number of different third parties, including our service partners (please referring to Schedule 2 - Data collect from and/or share to Parties).

‍

Information we need to provide Services to you

We need certain types of personal information (please referring to Schedule 3 - Types of personal information) for the purpose of providing services to you and perform contractual and other legal and regulatory obligations that we have (please referring to Schedule 4 - Using personal information by legal reason(s)). If you do not provide us with such personal information, or if you ask us to delete it, you may no longer be able to access our services.

‍

3. For prospective customers and people who contact us with enquiries

What personal information we collect about you

In order to improve and grow our business, including our website, and to understand our customer’s needs, desires and requirements, we or the third party on our behalf will collect the following information about you:

Your first and last name;
Your company and/or personal email address;
Your company name;
Your website or social media link;
Your job title;
Your company’s industry, trade details and regulated status;
General information about your interest in our products and Services;
Information provided when you correspond with us;
Any updates to information provided to us;
Evidence and records of legal basis (including consents), for example in cases where we are required or have elected to obtain a consent or a written release or another legal basis prior to Processing certain Personal Data;
Customer marketing information: general information about interest in our products and services, information provided when corresponding with us, any updates to information provided to us;
Customer Website, Device and Technical Information (device signature): including but not limited to information about the date, time and activity in incard platform, IP address and domain name, software and hardware attributes as well as general geographic location (e.g. city, state, country);

How we use your personal information

We collect your personal information to:

Register you interests in our services;
Identity Verification and pre-checks;
To pursue our (or a third party's) necessary legitimate interests, provided that this legitimate interest does not override your rights, freedoms or fundamental interests;
To perform a legal obligation by which we are bound;
For business development and marketing purposes, to contact you via email with information about our products and Services which either you request, or which we feel will be of interest to you (including newsletters).

Source of personal information

We collect personal data from you when you:

Fill in any forms;
Correspond with us;
Register to open an account with us;
Take part in online discussions, surveys or promotions;
Speak with a member of our customer support team (either on the phone, through the website or through the app); or
Contact us for other reasons.

We also collect personal data from a number of different third parties, including our service partners (please referring to Schedule 2 - Data collect from and/or share to Parties).

‍

4. For our suppliers and employees of our suppliers who work for us

How we use your personal information

We will collect, use and store the personal information mentioned in Schedule 3:

For the reason(s) mentioned in Schedule 4; and
When it is in the necessarily base that aims to provide our services to you.

‍

Source of personal information

We collect and obtain your personal information from yourself, our partners and vendors, and third party sites. Depends on the relationship between you and us, we collect different kinds of your personal information as necessarily. For example, our website may contain links to third-party websites. If you click and follow those links, then these will take you to the third-party website. Those third-party websites may collect personal information from you and you will need to check their privacy notices to understand how your personal information is collected and used by them.

‍

Information we need to provide Services to you

We need certain types of your personal information to provide a service to you, to fulfil the contractual, legal and legislative obligations that we have. If you do not provide us with the necessary information or you request to delete it, we cannot provide services to you and you may no longer to access the services.

‍

Keeping your information up to date

It is important that you keep your personal information up to date. If any of your personal information changes, please contact us as soon as possible to let us know. If you do not do this, then we may be prevented from supplying the services to you.

We will use reasonable efforts to ensure that your personal data is accurate, complete and up-to-date. Please ensure you notify us without undue delay of any changes to the personal data that you have provided to us by updating your details on the Incard Platform or by contacting us in our in-app chat or at the details provided in this Privacy Policy.

‍

We may share anonymised data

Sometimes we may anonymise personal information so that you can no longer be identified from it and use this for our own purposes. In addition, sometimes we may use some of your personal information together with other people’s personal information to give us statistical information for our own purposes. Because this is grouped together with other personal information and you are not identifiable from that combined data we are able to use this.‍

We may transfer your personal data outside the UK and the EEA

If any transfer of personal information by us will mean that your personal information is transferred outside of the EEA, then we will ensure that safeguards are in place to ensure that a similar degree of protection is given to your personal information as is given to it within the EEA and that the transfer is made in compliance with data protection laws (including, where relevant, any exceptions to the general rules on transferring personal information outside of the EEA that are available to us – these are known as ‘derogations’ under data protection laws). We may need to transfer personal information outside of the EEA to other organisations within our group or to the third parties listed in Schedule 2 who may be located outside of the EEA.

If any transfer of personal information by us will mean that your personal information is transferred outside of the EEA, then we will ensure that safeguards are in place to ensure that a similar degree of protection is given to your personal information as is given to it within the EEA and that the transfer is made in compliance with data protection laws (including, where relevant, any exceptions to the general rules on transferring personal information outside of the EEA that are available to us – these are known as ‘derogations’ under data protection laws). We may need to transfer personal information outside of the EEA to other organisations within our group or to the third parties listed in Schedule 2 who may be located outside of the EEA.
The list of entities to whom we share anonymised data may include:
- Other companies in our Group (who may might act as joint data controllers or as data processors on our behalf) and who provide the services related to the contract between us and used for reporting.
- Third parties who are not part of our Group. These may include:
  - Suppliers: such as IT support services, payment providers, administration providers, marketing agencies, search engines who are based in the UK or EEA;
  - Government bodies and regulatory bodies: such as HMRC, fraud prevention agencies, FCA, DNB who are based in the UK or EEA;
  - Our advisors: such as lawyers, accountants, auditors, insurance companies who are based in the UK or EEA;
  - Our bankers who are based in the UK or EEA;
  - Credit Reference Agencies who are based in the UK or EEA;
  - Email platforms who are based in the UK or EEA.
  - any organisations that propose to purchase our business and assets, in which case we may disclose your personal information to the potential purchaser.
- Depending on the circumstances, the organisations or people who we share your personal information with will be acting as either Data Processors or Data Controllers. Where we share your personal information with a Data Processor, we will ensure that we have in place contracts that set out the responsibilities and obligations of us and them, including in respect of security of personal information.
- We do not sell or trade any of the personal information that you have provided to us.
The safeguards set out in data protection laws for transferring personal information outside of the EEA include:
- Where the transfer is to a country or territory that the EU Commission has approved as ensuring an adequate level of protection;
- Where personal information is transferred to another organisation within our group, under an agreement covering this situation, which is known as 'binding corporate rules';
- Having in place a standard set of clauses that have been approved by the EU Commission;
- Compliance with an approved code of conduct by a relevant data protection supervisory authority:
  - Information Commissioner’s Office (ICO) in the UK;
  - EU GDPR Enforcing agents in the EU.
- Certification with an approved certification mechanism;
- Where the EU Commission has approved specific arrangements in respect of certain countries, such as the US Privacy Shield, in relation to organisations that have signed up to it in the USA.

How we will retain and delete your personal data

We will only hold your personal data for as long as you are an incard customer or as long as necessary.
We may keep your personal data after you stop being a customer. The reasons we may do this are:
- To respond to a question or complaint, or to show whether we gave you fair treatment
- To establish, exercise or defend our legal claims
- To study customer data as part of our own research when this will not cause harm to your privacy and personal data protection rights
- To comply with legal rules that apply to us about keeping records or information in which case we will retain your data for a minimum of five years after your account has been terminated or longer depending on domestic laws.
  - We may also keep your data if certain laws that incard is subject to stipulate that we cannot delete it for legal, regulatory or technical reasons.
  - We have set out the details of our retention periods for different types of data. You can find them in Schedule 3.

Your rights under data protection laws

Under data protection laws, you have certain rights in relation to your personal information, as follows:
- Right to request access: (this is often called ‘subject access’). This is the right to obtain from us a copy of the personal information that we hold about you. We must also provide you with certain other information in response to these requests to help you understand how your personal information is being used.
- Right to correction: this is the right to request that any incorrect personal data is corrected and that any incomplete personal data is completed.
- Right to erasure: (this is often called the 'right to be forgotten').This right only applies in certain circumstances. Where it does apply, you have the right to request us to erase all of your personal information.
- Right to restrict processing: this right only applies in certain circumstances. Where it does apply, you have the right to request us to restrict the processing of your personal information.
- Right to data portability: this right allows you to request us to transfer your personal information to someone else.
- Right to object: you have the right to object to us processing your personal information for direct marketing purposes. You also have the right to object to us processing personal information where our legal reason for doing so is the Legitimate Interests Reason (see Schedule 4) and there is something about your particular situation that means that you want to object to us processing your personal information. In certain circumstances, you have the right to object to processing where such processing consists of profiling (including profiling for direct marketing).
In addition to the rights set out in point 1, where we rely on consent as the legal reason for using your personal information, you have the right to withdraw your consent. Further details about this are set out in Schedule 3.
If you want to exercise any of the above rights in relation to your personal information, please contact us using the details set out at the beginning of this notice. If you do make a request, then please note:
- we may need certain information from you so that we can verify your identity;
- we do not charge a fee for exercising your rights unless your request is unfounded or excessive; and
- if your request is unfounded or excessive, then we may refuse to deal with your request.
For further data on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individual rights under the GDPR rights or the Guidance from the European Data Protection Supervisor (EDPS) for your rights and EU GDPR. Alternatively, you may be advised to contact our DPO at dpo@incard.co.
Please note that your specific rights may vary depending on the country you are established in.

How do we protect your personal data?

incard understands the importance of safeguarding and maintaining your personal information. We will treat any personal data we process with the greatest care and security. This section explains some of the safeguards we have in place.

To keep your personal data safe and prevent unauthorised access, use, or disclosure, we employ a range of physical and technical safeguards. Electronic data and databases are stored on secure computer systems, with physical and electronic access to information controlled. Our employees are trained in data protection and information security. When our employees handle your personal data, they must adhere to our rigorous security and data protection standards.
While we take all reasonable precautions to protect your personal data from unauthorised access, we cannot guarantee that it will be secure during transfer to our app, website, or other services by you. For all of our app, web, and payment-processing services, we employ HTTPS (HTTP Safe), where the communication protocol is secured by Transport Layer Security (TLS) for secure communication over networks.
Although we take all reasonable precautions to protect your personal data from unauthorised access, we cannot guarantee that it will be secure when transferred to our app, website or other services by you. For all our application, website and payment processing services, we use HTTPS (HTTP Safe), where the communication protocol is secured by Transport Layer Security (TLS) for secure communication over networks.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, changed, shared or accessed in a way it shouldn’t be. We will employ adequate technical and organisational security measures to protect your personal data. These methods include:
- The pseudonymisation and encryption of personal data, where possible.
- Ensuring the ongoing confidentiality, integrity, availability and resilience of processing systems and services via role-based access controls, confidentiality undertakings of our staff, etc.
- The ability to restore the availability and access to personal data quickly in the event of or technical incident.
- A process for regularly testing, assessing and evaluating the effectiveness of our technical and organisational measures.
We will also limit access to your personal data to employees, agents, contractors and other third parties who have a strict need to see it in order to perform their business functions. They will only process your personal data on a ‘need-to-know’ basis, pursuant to our instructions and they will keep your personal data confidential.
We have put in place procedures to deal with any suspected personal data breach and will let you and any applicable regulator know of a breach when we have to by law.

How to contact us and How to complain?

incard has appointed a specified person as the data protection officer (“the DPO”) who you can contact at dpo@incard.co or at INCARD LTD, 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ.
You also have the right to complain to the regulator. The supervisory authority in the UK is the Information Commissioner’s Office (ICO). You can find out how to report a concern on their website – https://ico.org.uk/.
In European Union, you can contact the EDPS to report the concern – https://edps.europa.eu/data-protection/our-role-supervisor/complaints_en
The supervisory authorities in the EEA are:
- The European Data Protection Board (EDPB)
- The European Data Protection Supervisor (EDPS) that is the European Union’s (EU) independent data protection authority
- EU national data protection authorities (“EU GDPR Enforcing agents”) - https://edpb.europa.eu/about-edpb/about-edpb/members_en

Our Key Partners

The Currency Cloud Limited (and its subsidiaries) and Transact Payments Limited (TPL) and Transact Payments Malta Limited (TPML) are also data controllers:
- In addition to the above ways in which we process and share your personal data, Incard also shares this data with companies who are central in allowing us to offer our products and services to customers.
- The Currency Cloud Limited (and its subsidiaries) becomes Data Controller in relation to your personal data shared with them for the purpose of issuing and storing Electronic Money. This means that if you would like to exercise any of the rights afforded to you by the personal data protection laws applicable to your case, these companies must be contacted separately from Incard.
- TPL and TPML are independent Data Controllers in relation to your personal data shared with them for the purpose of issuing a Debit Card(s) and the usage of it. This means that if you would like to exercise any of the rights afforded to you by the personal data protection laws applicable to your case, these companies must be contacted separately from Incard.
Who is The Currency Cloud Limited and why they handle my data
The Currency Cloud Limited, also known as ‘CurrencyCloud’ is a global payment platform. CurrencyCloud is authorised by the FCA under the Electronic Money Regulations 2011 (register reference 900199) for the issuing of Electronic Money.
The e-Money into your Incard account(s) is issued by CurrencyCloud and its subsidiaries (subject to the Jurisdiction that your account established in). CurrencyCloud is a Data Controller in relation to the issuing and storing of the Electronic Money. The processing of your personal data is necessary for the performance of your contract for the issue and operation of account and is necessary for compliance with legal and regulatory obligations applicable to Currencycloud. You should read the Terms and Conditions of Currencycloud before using our services. For information regarding how Currencycloud process personal data, please see their Privacy Notice. You may contact them through dpo@currencycloud.com.
Who are TPL and TPML and why they handle my data
Transact Payments Limited is an e-money institution, authorised and regulated by the Gibraltar Financial Services Commission. Transact Payments Malta Limited is an e-money institution, authorised and regulated by the Malta Financial Services Authority.
Your Debit Card(s) is issued by TPL if you are resident in the United Kingdom. Your Debit Card(s) is issued by TPML if you are resident in the European Economic Area. TPL/TPML (as the case may be) is an independent Data Controller in relation to the issuing and usage of the Debit Card(s). The processing of your personal data is necessary for the performance of your contract for the issue and operation of the account and is necessary for compliance with legal and regulatory obligations applicable to TPL/TPML. You must read and accept the TPL/TPML Cardholder Terms and Conditions before using our services. For information regarding how TPL/TPML processes personal data, please see their Privacy Policy which is provided to you when you sign up for a Debit Card. You may contact them through dpo@transactpaymentsltd.com.

‍

How to withdraw your consent or Opt-out of Processing?

You can withdraw your consent to our processing of your data at any time. Please contact us if you want to do so at support@incard.co.

This will only affect the way we use data when our basis for processing your data is your consent. See the section ‘Your Rights’ and more specifically your right to restricting use of your data.

You may also opt out of some forms of data processing we are conducting, such as:

Marketing, including email, phone and SMS marketing.
Social media and targeted marketing, including retargeting and curated audiences.
Non-essential cookie collection on Our Website. You may be unable to opt out of ‘necessary’ cookies as discussed above.
Non-essential profiling and automated decision-making, including those activities undertaken for marketing purposes.

If you withdraw your consent and/or opt-out, we may not be able to provide certain products or services to you. If this is so, we will tell you. You then have the option to give us your consent again if you want to access our products or services.

‍

Schedule 1 - Key Definitions

Data Protection Laws: the Data Protection Act 2018 (UK) and the General Data Protection Regulation ((EU) 2016/679) (the GDPR) and such other laws as may be applicable from time to time, including any replacements.

GDPR: the General Data Protection Regulation ((EU) 2016/679).

Data Controller: under UK data protection law, this is the organisation or person responsible for deciding how personal information is collected and stored and how it is used.

Data Processor: a Data Controller may appoint another organisation or person to carry out certain tasks in relation to the personal information on behalf of, and on the written instructions of, the Data Controller. (This might be the hosting of a site containing personal data, for example, or providing an email-marketing service that facilitates mass distribution of marketing material to a Data Controller’s customer base.)

Personal Information: in this privacy notice, we refer to your personal data as ‘personal information’. ‘Personal information’ means any information from which a living individual can be identified. It does not apply to information that has been anonymised.

Special Information: certain very sensitive personal information requires extra protection under data protection law. Sensitive data includes information relating to health, racial and ethnic origin, political opinions, religious and similar beliefs, trade union membership, sex life and sexual orientation and also includes genetic information and biometric information.

Automated Decision Making: A decision is automatically made without any human involvement. Under data protection laws, this includes profiling. ‘Profiling’ is the automated processing of personal data to evaluate or analyse certain personal aspects of a person (such as their behaviour, characteristics, interests and preferences). Data protection laws place restrictions upon us if we carry out any automated decision making (including profiling) that produces a legal effect or similarly significant effect on you. We do not carry out any automated decision making (including profiling) that produces a legal effect or similarly significant effect on you. If we do decide to do this then we will notify you and we will inform you of the legal reason we are able to do this.

Marketing: You may receive marketing from us about similar goods and services, where either you have consented to this, or we have another legal reason by which we can contact you for marketing purposes. However, we will give you the opportunity to manage how or if we market to you. In any email that we send to you, we provide a link to either unsubscribe or opt out, or to change your marketing preferences. If you have an account with us, you can login to your account and manage your preferences there too. To change your marketing preferences, and/or to request that we stop processing your personal information for marketing purposes, you can always contact us on the details set out at the beginning of this notice. If you do request that we stop marketing to you, this will not prevent us from sending communications to you that are not to do with marketing (for example in relation to services that you have purchased from us). We do not pass your personal information on to any third parties for marketing purposes.

Schedule 2 - Data collect from and/or share to Parties

Depending on the circumstances, the organisations or people who we share your personal information with will be acting as either Data Processors or Data Controllers. When we share your personal information with a Data Processor, we will ensure that we have in place contracts that set out the responsibilities and obligations of us and them, including in respect of security of personal information.

We do not sell or trade any of the personal information that you have provided to us.

The list of Parties we collect data from and/or share to (1)

Type of Third Party

Description

Collect

Member of the incard Group

Our affiliated companies and subsidiaries

Card Issuer

Providing the Visa Card service

Payment Processing Partners and Vendors

Financial services providers, including card issuers, payment processors and banking partners to facilitate payment transactions. These third parties may be part of Open Banking, which means they may be able to send information they hold about your account and transactions to us (based on your consent).

Support tools and operational partners

These include analytics, search engine service providers, customer experience support platforms to optimise and improve our services, as well as subcontractors we may use to supplement our customer support resources.

Hosting and IT Service Provider

IT vendors, including cloud storage providers, to securely store your personal data.

Incard Card Manufacturers and Delivery Providers

Card manufacturing, personalisation and delivery companies.

Identity and other information verification providers

We work with third parties to verify the information you provide to us, for example your identity and address.

Social networks and other online platforms providers

Social media sites, for the purposes of conducting market research, marketing campaigns, targeted and retargeted marketing and understanding the success of our marketing activities.These social media sites may check if you hold an account with them and, based on the characteristics they have about you, provide targeted advertising to you (for example, to show you tailored advertisements on their social media platforms, depending on your potential interest in Tide Products and Services).

Public Data Sources

Companies House, LinkedIn and other public data sources.

Marketing, Business Development and Sales Partners

Third parties that help us generate sales and marketing leads, and create and deliver our marketing activities.

Insurers and Professional Advisors

Data Services Third Parties

Such as data analytics and insight firms, for example to test the quality of our data, to improve the effectiveness of our crime prevention controls, etc.

Government and regulatory organisations

Government, law enforcement agencies, authorities and regulatory bodies when Tide has to comply with its legal obligations.

Schedule 3 - Types of personal information

The types of personal information we collect about you may differ from person to person, depending on who you are and the relationship between us. We do not collect information from you relating to criminal convictions or offences.

Where we rely on consent for a specific purpose as the legal reason for processing your personal information, you have the right under data protection law to withdraw your consent at any time. If you do wish to withdraw your consent, please contact us using the details set out in this notice. If we receive a request from you withdrawing your consent to a specific purpose, we will stop processing your personal information for that purpose, unless we have another legal reason for processing your personal information – in which case, we will confirm that reason to you.

Under data protection laws, we can only use your personal information for the purposes we have told you about, unless we consider that the new purpose is compatible with the purpose(s) we told you about. If we want to use your personal information for a different purpose that we do not think is compatible with the purpose(s) we told you about, then we will contact you to explain this and what legal reason is in place to allow us to do this.

General personal information

General Category

Types of Personal Data in that category

Retention Periods

Identity information

This is information relating to your identity such as your name (including any previous names and any titles that you use), gender, marital status and date of birth

At least five years from the date terminated the services save that involve any suspicious activities.

Contact information

This is information relating to your contact details such as email address, addresses, telephone numbers

At least five years from the date terminated the services save that involve any suspicious activities.

Account information

This is information relating to your account with us (including username and password)

It is no longer than 1 years after termination of the service, save that it is involved in any suspicious activities.

Payment information

This is information relating to the methods by which you provide payment to us such as [bank account details, credit or debit card details] and details of any payments (including amounts and dates) that are made between us

At least five years from the last of the transactions save that it is involved in any suspicious activities.

Transaction information

This is information relating to transactions between us such as details of the goods, services and/or digital content provided to you and any returns details

At least five years from the last of the transactions save that it is involved in any suspicious activities.

Survey information

This is information that we have collected from you or that you have provided to us in respect of surveys and feedback

It is no longer 2 years after the survey was completed.

Marketing information

This is information relating to your marketing and communications preferences

It is no longer than 1 years after termination.

Website, Device and Technical Information

This is information about your use of our website and technical data which we collect (including your IP address, the type of browser you are using and the version, the operating system you are using, details about the time zone and location settings on the device and other information we receive about your device)

At least five years from the date terminated the services or from the last of the transactions saved that involve any suspicious activities.

Special Information

Type of Special Information

Retention Periods

Data used by

Race, Ethnic origin, Politics, Religion, Trade union membership, Genetics, Health, Sex life, Sexual orientation.

N/A

List given for information only.Neither incard nor any of its partners collect this type of data.

“Biometric identifiers” or “Biometric information” processed solely to identify a human being.

When the initial purpose for collecting or obtaining such identifiers or information has been satisfied or within 3 years of the individual’s last interaction with Veriff’s Clients, whichever occurs first.

Veriff LTD is the third party vendor providing verification service to the Users on behalf of Incard Limited and Incard Europe Limited. Incard Limited and Incard Europe Limited have the liability to supervise Veriff LTD to ensure their data collection, processing and security procedures and controls compliance with the applicable laws and regulations. Please refer to Veriff’s Privacy Policy: https://www.veriff.com/privacy-policy.

Schedule 4 - Using personal information by legal reason(s)

We have explained below the different purposes for which we use your personal information and, in each case, the legal reason(s) allowing us to use your personal information. Please also note the following:

if we use the Legitimate Interests Reason as the legal reason for which we can use your personal information, we have also explained what that legitimate interest is; and
for some of the purposes, we may have listed more than one legal reason on which we can use your personal information, because the legal reason may be different in different circumstances. If you need confirmation of the specific legal reason that we are relying on to use your personal data for that purpose, please contact us using the contact details set out at the start of this privacy notice.

Legal reasons to use personal information

Purpose

Legal Reason (s) for using the personal information

Identity customer

Contract Reason
Legitimate Interests Reason (in order to offer you services and/or digital content which helps us to develop our business)

To process your order, which includes taking payment from you, advising you of any updates in relation to your order or any enforcement action against you to recover payment

Contract Reason
Legitimate Interests Reason (in order to recover money that you owe us)

To manage our contract with you and to notify you of any changes

Contract Reason
Legal Obligation Reason

To comply with audit and accounting matters

Legal Obligation Reason

For record keeping, including in relation to any guarantees or warranties provided as part of the sale of services and/or digital content

Contract Reason
Legal Obligation Reason

To improve the services, and/or digital content that we supply

Legitimate Interests Reason (in order to improve the goods, services, and/or digital content for future customers and to grow our business)

To recommend and send communications to you about services, and/or digital content that you may be interested in.

Legitimate Interests Reason (in order to grow our business)
Consent Reason

To ensure the smooth running and correct operation of our website www.incard.co

Legitimate Interests Reason (to ensure our website runs correctly)

To understand how customers and visitors to our website use the website and interact with it via data analysis

Legitimate Interests Reason (to improve and grow our business, including our website, and to understand our customer’s needs, desires and requirements)

Freedom, speed and flexibility with your money is now within reach.

Privacy Policy

Sample description

Freedom, speed and flexibility with your money is now within reach.

Join our waitlist

Privacy at Incard

Who we are

Incard is your Data Controller

Incard is also your Data Processor in some cases

What personal information we collect and how we use it

1. For visitors to our Website

What personal information we collect about you

How we use your personal information

A word about cookies

2. For customers and users of our Service

What personal information we collect about you

How we use your personal information

Source of personal information

Information we need to provide Services to you

3. For prospective customers and people who contact us with enquiries

What personal information we collect about you

How we use your personal information

Source of personal information

4. For our suppliers and employees of our suppliers who work for us

How we use your personal information

Source of personal information

Information we need to provide Services to you

Keeping your information up to date

We may share anonymised data

How to withdraw your consent or Opt-out of Processing?

Schedule 1 - Key Definitions