SourceCards Privacy and Data Protection Statement
SourceCards takes your privacy seriously and although we need to collect and store information about you for regulatory reasons and to be able to provide our Services to you, we will not pass your data to any third parties except to our partners providing the service to you, and then on the understanding that it may only be used in delivering that service.
We will need to use your information to contact you about payments and other services and update you on system and service changes.
We may contact you with other offers, including offers from our suppliers and partners unless you opt out by contacting us at email@example.com
Our staff, contractors, Sponsors and other partners and their staff are required to adhere to these terms.
If you have any questions in relation to this policy, or as to how we process your personal data, please contact us at firstname.lastname@example.org
1. Collection of your personal information
When you apply for your SourceCards Account, we require you to submit your personal identity information to us including information such as your name, photograph, address, date of birth, copies of identity documentation, (such as passport, driving license or other ID). This is required for regulatory purposes so we and our partners can comply with the law. We will also collect your email address in order to advise you of transactions and changes to the service.
In addition to this, in order to provide the SourceCards Platform service including services such as grants, discounts and cash back, we will save additional information such as your address, your background (for example “ex armed forces”), grants you have received, your SourceCards Visa debit card numbers, transaction and other relevant information.
The information you provide to us or that we hold on you is either manually or electronically stored in our databases. We may employ agents and contractors and utilise partners (including Contis) to deliver the services that you access using our website and the SourceCards Platform. These agents and contractors may have access to the personal information that you submit to us, but they may not use it for any purpose apart from delivering the SourceCards service.
We will only use your personal information to provide you with our services, to fulfil your requests for information or to analyse your personal information in relation to market research that we conduct. We will only process data that is adequate, relevant and not excessive for those purposes. Where we send you information for any purpose, it may be sent by e-mail, SMS, post or on the SourceCards Platform.
2.1 Your personal and transactional information may be used for the following purposes:
- To use your email to advise you about your transactions, your account balances, and any other information about the SourceCards service and our terms of business.
- We may contact you occasionally to inform you of new products and services we will be providing.
- To carry out internal market statistical and market research, in which your identity will not be published.
- To provide you with information about our products, suppliers, discounts and other deals and the availability of grants.
- We may use your personal information internally to administer our services and website and help us improve our services.
2.2 We and our contractors and partners providing the SourceCards service, will not pass your personal information to any third party, except in the following circumstances:
- For the purposes of opening or renewing a new SourceCards account;
- In order to comply with regulatory and legal requirements and on the written instructions of relevant government agencies;
- In order to provide suppliers with appropriate information for them to fulfil orders made by you to them (e.g. your address for deliveries etc);
- For the provision of discounts and grants, where you, or a sponsor on your behalf, has applied for them;
- In order to provide proof of your identify, if you request it;
- Within aggregated data where your personal information is hidden but the data is used to compile reports and statistical analysis to be provided to sponsors, suppliers and donors; or
- To Sponsors and their associated staff and employees who you specifically authorise to view your accounts and transaction, as described in the additional terms of business.
3. Storage and management of your data.
SourceCards and Contis implement reasonable measures consistent with its obligations under applicable data protection laws in relation to its data storage and processing facilities to manage your transactions and hold your data, compliant with the Financial Conduct Authority regulations.
SourceCards and its partners will take every reasonable measure to ensure that your data remains safe, including arranging periodic audits of the security and integrity of its installations. However, SourceCards cannot guarantee that it will not be subjected to cyber-attacks and other illegal activity and will not be liable for loss in the event of such attacks.
SourceCards will ensure that your personal data is only held on its central installations and will not be kept on individual storage devices.
SourceCards will ensure that its staff and partners are aware of the Privacy and Data protection policy.
Your personal data will be retained until your last use of our SourceCards account and normally for a period of three years thereafter, unless longer retention is required by applicable law or where we have a legitimate and lawful purpose to do so. However, we will not retain beyond this period any of your personal data that is no longer required for the purposes set out in this policy. The retention of your personal data will be subject to periodic review.
We may keep an anonymised form of your personal data, which will no longer refer to you, for statistical purposes without time limits, to the extent that we have a legitimate and lawful interest in doing so.
4. International transfer of personal data
We may transfer your personal data to a third party in countries outside the country in which it was originally collected for further processing in accordance with the purposes set out in this policy. In these circumstances we will, as required by applicable law, ensure that your privacy rights are adequately protected by appropriate technical, organisation, contractual or other lawful means.
5. Your rights under data protection law
Data protection law provides data subjects with numerous rights, including the right to: access, rectify, erase, restrict, transport, and object to the processing of, their personal data. Data subjects also have the right to lodge a complaint with the relevant data protection authority if they believe that their personal data is not being processed in accordance with applicable data protection law.
Right to make subject access request (SAR). Data subjects may, where permitted by applicable law, request copies of their personal data. If you would like to make a SAR, i.e. a request for copies of the personal data we hold about you, you may do so by writing to The Managing Director, SourceCards Limited 193 Praed Street London W2 1RH, or attaching a letter to an email and sending it to email@example.com. The request should make clear that a SAR is being made. You may also be required to submit a proof of your identity and a fee.
Right to rectification. You may request that we rectify any inaccurate and/or complete any incomplete personal data.
Right to withdraw consent. You may, as permitted by applicable law, withdraw your consent to the processing of your personal data at any time. Such withdrawal will not affect the lawfulness of processing based on your previous consent. Please note that if you withdraw your consent, you may not be able to benefit certain service features for which the processing of your personal data is essential.
Right to object to processing. You may, as permitted by applicable law, request that we stop processing your personal data.
Right to erasure. You may request that we erase your personal data and we will comply, unless there is a lawful reason for not doing so. For example, there may be an overriding legitimate ground for keeping your personal data, such as, a legal obligation that we have to comply with, or if retention is necessary for us to comply with our legal obligations.