Please read the following carefully to understand our views and practices regarding personal information and how we will treat it. By using the Blackthorn Finance Services, you are accepting and consenting to the practices described in this Policy.
This Policy explains how your Personal Data is collected, protected, processed, disclosed and shared by Blackthorn Finance Limited, as Data Controller, for the data processing activities described in this policy. This applies to data collected through our website, pilots, development sandboxes or during interactions you may have with us through various mediums e.g., webinars, user groups, events, registered users, job applications etc.
Within this Policy, the terms “Controller”, “Data Subject”, “Personal Data”, “Processor” and “Processing” shall have the meaning given to these terms in the UK Data Protection Act 2018 (DPA), EU General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679 and other applicable data protection legislation. (hereinafter referred to as “Data Protection Law”).
Blackthorn Finance Limited processes all Personal Data in compliance with Data Protection Law. The Data Controller is Blackthorn Finance Limited with an address at 74 Back Church Lane, London, United Kingdom E1 1LX.
2. Collection of Information
Blackthorn Finance Limited has a legitimate interest to Process your Personal Data for the operation of its services as detailed below:
2.1 Information you give us:
This is information you give us about you or third parties by filling in forms or submitting data via Blackthorn Finance Limited’s Services, or by corresponding with us (e.g., by e-mail or chat). It includes information you provide when you register to use, download or subscribe to any Blackthorn Finance Limited’s Services and when you report a problem with any of Blackthorn Finance Services. If you contact us, we may keep a record of that correspondence. The information you give us may include names, addresses, e-mail addresses and phone numbers, ages, usernames and other registration information, personal descriptions and photographs of you or third parties.
2.2 Information we collect about you:
Each time you access or use Blackthorn Finance Services we may automatically collect the following information:
- technical information, including the type of device you use, a unique device identifier, network information, the type of operating system and browser you use, time zone settings, and other device-related information;
- device identification information for fraud prevention purposes (referred to in the application at the time of installation of a device);
- details of your access or use of any of Blackthorn Finance Limited’s Services including, but not limited to traffic data, weblogs and other communication data, whether this is required for our own purposes or otherwise and the resources that you access;
- login details;
- date, time and duration of access including pages viewed; and
- event logs (e.g., changes in passwords).
2.3 Information we receive from other sources:
We work closely with third parties (e.g., business partners, sub-contractors in technical, delivery services, advertising networks, analytics providers and search information providers).
2.3.1 Customer Identification
Financial institutions are required to assist in the fight against money laundering activities and the funding of terrorism by obtaining, verifying, and recording identifying information about all customers. We may therefore legally consult other sources to obtain information about you, any sender, and any recipient.
3. Use of information
3.1 We may use your Data to allow us to further evaluate, improve and promote our business and Blackthorn Finance Limited’s Services and to comply with applicable laws and regulations.
3.2 We may also use your Data on an aggregate or anonymous basis (such that it does not identify any individual clients) for various business purposes, where permissible under applicable laws and regulations.
3.3 We will use your Data for the following purposes:
- to carry out our obligations arising from any contracts entered into between you and us;
- to provide you with the information, products and services that you request from us;
- to notify you about changes to our services;
- to ensure that Blackthorn Finance Limited’s Services content is presented in the most effective manner for you and for your devices;
- to administer Blackthorn Finance Limited’s services and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- as part of our efforts to keep Blackthorn Finance Limited’s Services safe and secure;
- to maintain our own accounts and records; and
- to support and manage our employees, as our use of your information for all of these purposes will be necessary for our legitimate interests of providing Blackthorn Finance Limited’s Services appropriately and efficiently, maintaining accurate records and ensuring our system runs correctly.
- We may also process your personal data where necessary for us to comply with a legal obligation.
3.4 We may associate any category of information with any other category of information and will treat the combined information as personal data in accordance with this Policy for as long as it is combined.
3.5 If we have received your personal data from someone who asked for your consent to share that information with us, we may rely on that consent (to the extent we are allowed to by law), or one of the other grounds noted above.
4. Disclosure of information
4.1 The personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance, or employment. Further details of how your information will be used by us and these fraud prevention agencies, and your Data protection rights, can be found at www.cifas.org.uk/fpn
4.2 We may be required from time to time to disclose or share information with regulatory and law enforcement authorities and judicial bodies if necessary to comply with legal requirements.
4.3 You agree that we may disclose your personal information to ‘Blackthorn FS Group Companies’ to include but not limited to (Blackthorn FS Limited, Blackthorn Finance Limited (HK), Blackthorn B.V., Blackthorn Europe UAB, Blackthorn Finance Inc., Blackthorn Pay Inc., Blackthorn Card Services, Blackthorn Remit Limited, MK Fintech Limited, Swipe International Limited, Stichting Blackthorn, and Stichting Custodian Blackthorn Funds Segregated) and third parties:
4.3.1 if we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or request;
4.3.2 in the event of a novation of the services from Blackthorn Finance Limited to another entity;
4.3.3 if we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets;
4.3.4 if Blackthorn Finance Limited or Blackthorn FS Group companies, substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets, in order to:
- protect against fraud;
- protect the rights, property or safety of Blackthorn Finance Limited, our members or others (which may include exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction).
4.4 External parties
We may enter into agreements with external parties, including but not limited to business partners, service providers who perform functions on our behalf (including external consultants and professional advisers such as lawyers, auditors and accountants), outsourced IT providers, analytics and search engine providers, necessary for our activity. Such third-party outsourcing may include solutions such as software as a service, cloud computing, external hosting, deployment management, technical service provision or similar solutions. Under these agreements, we may share your information with these external parties, to the extent that the use of your information for these purposes is necessary for our legitimate interests or for the legitimate interests of those external parties.
4.4.1 Key suppliers
In order to help us provide you with the best service, we share your personal data with a few key suppliers and correspondent banking service providers to process your information on our behalf. These key suppliers and service providers are (but not limited to):
IT, payment, and card delivery services:
- Sum & Substance Limited (‘SumSub’)
- Veriphy Limited
- Decta Limited
- Akurateco Limited
- Paysafe Limited
- Blackthorn Card Services Limited
- Cratech OU
- Paysafe Limited
- PPRO Financial
- VFX International PLC
Banking and financial-services partners and payments networks:
- VISA and Mastercard
- Swipe International Limited
- Our Correspondent Banking Network
4.4.2 Other third parties
As mentioned above, we may share your personal information with other third parties where it is necessary to provide you with our services and to manage our relationship with you. These include:
- Analytics providers and search information providers to help us improve our website or app.
- Customer-service providers, survey providers and developer, to help us provide our services to you.
- Communications service providers, to help us send you emails, push notifications and text messages.
4.5 Transfer of personal data outside the UK and Europe
4.5.1 These external parties may be located anywhere in the world and may require the transfer of information to countries which do not have data protection laws as strict as those in the UK. The Customer may, upon request obtain a list of concerned countries. Such list may change from time to time.
4.5.2 The aforementioned solutions provided by external parties will be governed by applicable law relevant to the jurisdiction in which they are carried out or where the third-party provider may be located. This may lead to additional obligations and responsibilities including, but not limited to, the disclosure of information.
4.5.3 The Company has put in place policies and internal risk procedures to ensure that the necessary steps are taken to assess and manage any risks that arise from such outsourcing. Amongst other things, the Company ensures that security measures are in place to maintain the confidentiality and integrity of its information and data.
4.6 Individuals wishing to access or correct the information that we hold about them can do so by contacting our Data Protection Officer at Blackthorn Finance Limited, 74 Back Church Lane, London, United Kingdom E1 1LX.
5. Storage of information
5.1 Your Data may be transferred to, and stored at, a destination within and outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the UK or EEA who work for us, our affiliates, or for one of our affiliates or partners. These staff may be engaged in the fulfilment of your request, order or reservation, the processing of your details and the provision of support services. By submitting your personal data or using Blackthorn Finance Limited’s Services, you agree to this transfer, storing or processing.
5.2 We utilise standard contract clauses approved by the European Commission, adopt other means under European Union law, and obtain your consent to legitimise data transfers from the EEA to destinations outside the EEA. Blackthorn Finance Limited will take all steps reasonably necessary to ensure that your personal information is treated securely and in accordance with this Policy.
5.3 All information you provide to us is stored on our secure servers. We use and our third-party suppliers use, encrypted transport layer security technology in our transactions.
5.4 We will hold your information for as long as is necessary to comply with our statutory and contractual obligations and in accordance with our legitimate interests as a data controller.
5.5 We will not retain your personal information for longer than is necessary for the practices described in this policy. The following criteria are used to determine data retention periods for your personal data:
5.5.1 Retention in case of queries – we may retain your personal information as long as necessary to deal with you queries.
5.5.2 Retention in accordance with legal and regulatory requirements – We may retain your personal information for 7 years after the account or service has been closed or has come to an end based on your legal and regulatory requirements. This information may also be used to defend any legal claims.
6. Protection of information
6.1 We maintain physical and electronic safeguards that comply with applicable legal standards to secure the confidentiality of your information, including personal information from unauthorised access and use, alteration and destruction.
6.2 We maintain strict security systems designed to prevent unauthorised access to your personal data by anyone, including our staff.
6.3 We will strive at all times to ensure that your personal data will be protected against unauthorised or accidental access, processing or erasure. We maintain this commitment to data security by implementing appropriate physical, electronic and managerial measures to safeguard and secure your personal data.
6.4 Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your Data transmitted to Blackthorn Finance Limited’s Services; any transmission is at your own risk. Once we have received your Data, we will use strict procedures and security features to try to prevent unauthorised access.
6.5 It is your responsibility to ensure that all of your users accessing Blackthorn Finance Limited’s Services are aware of your security obligations in doing so. We may require your users to provide certain security credentials and/or to answer certain questions (e.g. a memorable word) in order to validate such users and grant access to Blackthorn Finance Limited’s Services. You are responsible for ensuring that all users possess valid security credentials.
7.1 We will process your Data for the purposes of handling the whole recruitment process, assessing your application through to successful hiring. We keep all your Data confidential in full compliance with applicable privacy laws. We will not share your Data with third parties outside of Blackthorn Finance Limited, with the exception of:
- service providers such as HR Management services.
- agents, advisors, and other third parties providing services to support our business operations, such as recruitment agencies, background screening agencies, and law firms.
- governmental, judicial, regulatory, and other bodies and authorities where required by applicable law.
7.2 Under European data protection laws, at least one of the following legal bases will apply when we use your Data:
- Contractual duty: we need the information to process your application and enter into an employment (or other) contract with you (e.g. get references and vet the information you give us in your CV).
- Legal duty: law or regulation states we must collect the information to see if we can enter into an employment (or other) contract with you (e.g. ensure you have the right to work in the UK).
- Legitimate interest: we need to use your Data for our (or a third party’s) legitimate interests in a way expected and which does not override your privacy rights (e.g. run our recruitment process).
- Public interest: we need the information to perform a specific task in the public interest set out in law (e.g. run criminal background checks).
- Vital individual interest: we need to use your information to protect your life, and cannot ask for your permission
- We have your consent.
7.3 If your application for employment is unsuccessful, we will generally hold your Data for six months after the end of the recruitment process.
7.3.1 If you have consented to keeping your Data on file in case of future suitable employment opportunities, Blackthorn Finance Limited will hold your Personal Data for a further six months after the end of the relevant recruitment period, or until you withdraw your consent earlier.
7.3.2 At the end of this period, we will delete or destroy your Data, unless you have already withdrawn your consent to our processing of your Data, in which case it will be deleted or destroyed upon withdrawal of consent.
7.3.3 However, this is subject to the following:
- Any minimum statutory or other legal, tax, health and safety, reporting or accounting requirements for particular data or records.
- The retention of some types of personal information for up to six years to protect against legal risk (e.g., if it might be relevant to a possible legal claim).
7.4 Your Data will not be kept longer than required for the recruitment process needs, unless Blackthorn Finance Limited needs to keep the data (for example, in case of confirmed employment) on the history of the employee (in which case, the data will be deleted as per legal retention period applicable to HR files).
8. Your rights
8.1 You have the right to be informed about the processing of your personal information. You can contact us if you believe the personal information we have for you is incorrect, if you believe that we are not entitled to use your personal information in accordance with this Policy if you want to restrict our processing of your personal data or if you would like to us to erase personal information that we hold about you. You have the right to move, copy or transfer your personal information (“data portability”) in a machine-readable format. For any of these, please email or write to us using the contact details within this Policy.
8.2 You have the right to object to the processing of your personal information if it is being used because:
- we deem it necessary for our legitimate interests,
- we use it to enable us to perform a task in the public interest or exercise official authority,
- we use it to send you direct marketing materials, or
- we use it for scientific, historical, research, or statistical purposes.
8.3 If you notify us that you object, using the contact details at the end of this Policy, we will respond within thirty (30) calendar days (subject to any extensions to which we are lawfully entitled). If your objection relates to us processing your personal information because we deem it necessary for your legitimate interests, we must act on your objection by ceasing the activity in question unless:
- we think that we have a compelling legitimate ground for processing which overrides your interests; or
- we are processing your information for the establishment, exercise or defense of a legal claim.
8.4 Blackthorn Finance Limited’s Services may, from time to time, contain links to and from the websites of our partners, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal information to these websites.
8.5 Data Protection Legislation gives you the right to review personal information that we keep about you. You can request an overview of the personal information that we keep about you free of charge by emailing or writing to us using the contact details at the end of this Policy. We may ask you to verify your identity and for more information about your request. We will seek to act on your request within thirty (30) days (subject to any extensions to which we are lawfully entitled).
8.6 You are free at any time to withdraw the consent for the processing of your personal data. The consequence might be that we can’t proceed with certain activity.
9. Your rights
We reserve the right, in our sole discretion, to modify this Policy at any time by posting such changes via the www.blackthorn.finance website or through our App. Please check back regularly to see any updates or changes to this Policy.
If you have any questions or specific requests, please contact the Data Protection Officer at the address referenced in the introduction or alternatively via e-mail at email@example.com
If you wish to raise a complaint on how we have handled your personal data, you can contact us to have the matter investigated.
If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law you can complain to the Information Commissioner’s Office at the following web address: https://www.ico.org.uk.