1.1 Retail Finance Intelligence Limited (UK), together with other members of its group listed in Annex B (RFi, we/us/our) are committed to safeguarding the privacy of our clients and users (you/your) and the Personal Information you have entrusted to us. It is important for you to understand what Personal Information we will collect, how we will use it, and who may access it.
1.2 If you are an existing client of ours, further details about how we use your Personal Information may be set out in your client agreement with us. Further notices highlighting certain uses we wish to make of your Personal Information together with the ability to opt in or out of selected uses may also be provided when we collect Personal Information from you.
1.3 Our websites, which are listed in Annex B (Websites), may contain links to other third party websites. If you follow a link to any of those third party websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for their policies or processing of your Personal Information. Please check these policies before you submit any Personal Information to such third party websites.
(a) What Personal Information about you we may collect
(b) How we may use your Personal Information
(c) Who we may share your Personal Information with
(d) How we protect your Personal Information
(e) Contacting us & your rights to prevent marketing and to access and update your Personal Information
(f) Our Cookies Policy
1.5 All underlined terms or ► symbols can be clicked to provide further detail.
1.6 If you are based in the European Economic Area during your interactions with us (other than solely for travel purposes), the laws in those countries require us to provide you with additional information about our processing activities. We have included this information in Annex C.
2. Information we may collect about you
2.1 We will collect and process all or some of the following Personal Information about you.
Personal Information that you provide to us, such as when using the subscription or registration forms on any of our Websites, when we communicate at our events or when purchasing a ticket or product from us. This may include your name, email address, and other contact details. It may also include details of the organisation that you work for and your position within that organisation.
We will keep records of the products and services you have requested from us.
When you purchase a ticket to one of our events through our third party service providers such as Eventbrite or Unbounce, they will pass the information that you provide them, such as your name and contact details, to us so that we can administer your attendance at our event.
If you contact us, we will typically keep a record of that correspondence.
We may also ask you to complete surveys that we use for research purposes. In such circumstances we shall collect the information provided in the completed survey.
Such as information about your operating system, browser version, software applications, IP address, security status and other device information in order to improve your experience, to protect against fraud and manage risk.
Details of your marketing preferences (e.g. communication preferences) and information relevant to selecting appropriate products and services to offer you.
Details of your visits to the websites and information collected through cookies and other tracking technologies including, but not limited to, your IP address and domain name, traffic data, location data, web logs, other communication data, and the resources that you access.
We can also access information from social media activity such as when you ‘like’ the website, share content or follow us on Twitter. When you sign in to the website using social media you grant permission to the social network to share some of your details with us. Depending on the network this will include basic account information such as name, email address, date of birth and any other details you choose to share according to your particular social media account settings .
We may also collect information about you that is publicly available online, including from your Website, social media profile, and other third parties including (www.facebook.com; www.linkedin.com; www.eventbrite.com; www.twitter.com; www.google.com).
2.2 If you do not provide us with the Personal Information we have requested, we may not be able to provide you with products, services, information or assistance, either partly or wholly, to the extent that they require us to collect, use or disclose Personal Information.
3. Uses made of your Personal Information
3.1 We may use your Personal Information for one or more of the following purposes.
To administer our services (including organising our events and providing you with our publications), including to carry out our obligations arising from any agreements entered into between you and us such as delivery products or services to you, to assist you with enquiries about your requested products or services, to understand the kinds of goods and services that interest you, and to notify you about changes to our products and services;
To provide you with updates and offers, where you have chosen to receive these. We may also use your information for marketing our own, and our selected business partners’, products and services to you. Where required by law, we will ask for your consent at the time we collect your data to conduct any of these types of marketing. We will provide an option to unsubscribe or opt-out of further communication on any electronic marketing communication sent to you or you may opt out at any time as described in paragraph 6.1 below;
We may analyse the Personal Information we hold in order to better understand your usage patterns, preferences and marketing requirements, as well as to better understand our business and develop our products and services;
To notify you about changes to our services and products;
To ensure that content from our Websites is presented in the most effective manner for you and for your device, which may include passing your data to business partners, suppliers and/or service providers;
We: (i) are subject to negotiations for the sale of our business or part thereof to a third party; (ii) are sold to a third party; or (iii) undergo a re-organisation, we may need to transfer some or all of your Personal Information to the relevant third party (or its advisors) as part of any due diligence process for the purpose of analysing any proposed sale or re-organisation. We may also need to transfer your Personal Information to that re-organised entity or third party after the sale or reorganisation for them to use for the same purposes as set out in this policy; and
We may process your Personal Information to comply with our regulatory requirements or dialogue with regulators as applicable which may include disclosing your Personal Information to third parties, the court service and/or regulators or law enforcement agencies in connection with enquiries, proceedings or investigations by such parties anywhere in the world or where compelled to do so. Where permitted, we will direct any such request to you or notify you before responding unless to do so would be unlawful or prejudice the prevention or detection of a crime.
4. Sharing your Personal Information
Personal Information may be provided to third parties, including anti-fraud organisations, legal, regulatory or law enforcement authorities in cases of suspected criminal activity or contravention of law, for the detection and prevention of fraud, or when required to satisfy the legal or regulatory requirements of governments, regulatory authorities or other self-regulatory organizations, or to comply with a court order or for the protection of our business or assets (for example, collection of overdue accounts).
We may share your Personal Information within the RFi group for marketing purposes, for legal and regulatory purposes, to manage business risks, to perform analytics, to ensure we have correct or up to date information about you (such as your current address or date of birth) and to better manage your relationship with us.
Over time, we may buy new businesses or sell some of our businesses. Accordingly, Personal Information associated with any accounts, products or services of the business being purchased or sold will be reviewed as part of the due diligence process and subsequently transferred as a business asset to the new business owner. We may also transfer Personal Information as part of a corporate reorganisation or other change in corporate control.
We may use affiliates or other companies to provide services on our behalf such as delivery and logistics, data processing, account administration, fraud prevention and detection, analytics and marketing. In particular, we use Eventbrite, Unbounce, and other event organisation companies to assist in administering our events, ticketing, and payment processing functions. Such companies will be given only the Personal Information needed to perform those services and we do not authorise them to use or disclose Personal Information for their own marketing or other purposes. We have contracts in place holding these companies to the same standards of confidentiality by which we are governed.
4.2 If you are an individual in Australia, we may disclose your Personal Information to entities located outside of Australia for the purposes listed above, including the following:
a) our related bodies corporate, located in Canada, Singapore and the UK;
b) our affiliates and suppliers, located in Canada, New Zealand, Singapore, UK and the USA; and
c) other third parties located in the UK and USA.
5. Security and retention of your Personal Information
5.1 We use physical, electronic and procedural safeguards to protect against misuse, interference, and unauthorized use, access, modification, destruction, disclosure, loss or theft of your Personal Information in our custody or control.
5.2 We have agreements and controls in place with third party service providers requiring that any information we provide to them must be safeguarded and used only for the purpose of providing the service we have requested the service provider to perform.
Security over the internet
5.3 No data transmission over the Internet or Website can be guaranteed to be secure from intrusion. However, we maintain commercially reasonable physical, electronic and procedural safeguards to protect your Personal Information in accordance with data protection legislative requirements.
5.4 All information you provide to us is stored on our or our subcontractors’ secure servers and accessed and used subject to our security policies and standards. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Websites, you are responsible for keeping this password confidential and for complying with any other security procedures that we notify you of. We ask you not to share a password with anyone.
Retention of Your Personal Information
5.5 Our retention periods for Personal Information are based on business needs and legal requirements. We retain your Personal Information for as long as is necessary for the processing purpose for which the information was collected, and any other permissible, related purpose. For example, we may retain certain transaction details and correspondence until the time limit for claims arising from the transaction has expired, or to comply with regulatory requirements regarding the retention of such data. When Personal Information is no longer needed, we either irreversibly anonymise the data (and we may further retain and use the anonymised information) or securely destroy the data.
6. Your rights & contacting us
Right to opt out of marketing
6.1 If you prefer not to receive our Direct Marketing (as defined in Annex A) or not have your Personal Information shared among the members of the RFi group for the purpose of marketing, you can have your name deleted from our Direct Marketing lists by clicking the unsubscribe link in the footer of the email that you receive, by visiting our Preference Centre or by contacting us below.
6.2 We will use reasonable endeavours to ensure that your Personal Information is accurate. In order to assist us with this, you should notify us of any changes to the Personal Information that you have provided to us by contacting us as set out in the Contacting Us section below.
Accessing and correcting information
6.3 You may request access to, or correction of, any Personal Information we hold about you at any time by contacting us (see the details below). We ask that you provide us with as much detail as you can about the Personal Information in question as this will help us to assist you. Before we provide you with access to, or correction of, your Personal Data, we may require some proof of identity. Where we hold Personal Information that you are entitled to access, we will try to provide you with suitable means of accessing it (for example, by mailing or emailing it to you).
6.4 There may be instances where we will not grant you access to the Personal Information we hold in other circumstances permitted by law such as where the request would be likely to have an unreasonable impact on the privacy of others. If that happens, we will give you written reasons for any refusal.
6.5 If you believe that Personal Information we hold about you is incorrect, incomplete or inaccurate, then you may request us to amend it (see details below). We will consider if the information requires amendment. If we do not agree that there are grounds for amendment then we will add a note to the Personal Information stating that you disagree with it.
6.6 We will deal with any complaint by investigating it, and providing a response to you within a reasonable time, provided that we have all necessary information and have completed any investigation required. In some cases, we may need to ask you to put your complaint in writing so that we are sure that we understand it, and may also need to ask you for further information or to verify your identity. We will attempt to confirm as appropriate and necessary with you your understanding of the conduct relevant to the complaint and what you expect as an outcome. We will treat your complaint confidentially and respond to you within a reasonable time, usually in writing.
6.7 If you are not satisfied with our processing of your Personal Data or our response to any exercise of these rights, please contact us using the details below. You also have the right to complain to your appropriate data protection authority:
Personal Data Protection Commission
10 Pasir Panjang Road,
#03-01 Mapletree Business City
Telephone: 65 6377 3131
Fax: 65 6577 3888
Belgium Autorité de la protection des données - Gegevensbeschermingsautoriteit (APD-GBA)
Rue de la Presse 35 – Drukpersstraat 35
1000 Bruxelles - Brussel
Tel. +32 2 274 48 00
Fax +32 2 274 48 35
Commissioner for Personal Data Protection
1 Iasonos Street, 1082 Nicosia
P.O. Box 23378, CY-1682 Nicosia
Tel. +357 22 818 456
Fax +357 22 304 565
Commission Nationale de l'Informatique et des Libertés - CNIL
3 Place de Fontenoy
TSA 80715 – 75334 Paris, Cedex 07
Tel. +33 1 53 73 22 22
Fax +33 1 53 73 22 00
Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
Graurheindorfer Straße 153, 53117 Bonn
Tel.: +49 228 997799 0
Fax: +49 228 997799 5550
Hungarian National Authority for Data Protection and Freedom of Information
Szilágyi Erzsébet fasor 22/C
Tel. +36 1 3911 400
Office of the Information and Data Protection Commissioner
Second Floor, Airways House
High Street, Sliema SLM 1549
Tel. +356 2328 7100
Fax +356 2328 7198
P.O. Box 93374
2509 AJ Den Haag/The Hague
Tel. +31 70 888 8500
Fax +31 70 888 8501
Urząd Ochrony Danych Osobowych (Personal Data Protection Office)
ul. Stawki 2
Tel. +48 22 531 03 00
Fax +48 22 531 03 01
email: email@example.com; firstname.lastname@example.org
The National Supervisory Authority for Personal Data Processing
B-dul Magheru 28-30
Sector 1, BUCUREŞTI
Tel. +40 31 805 9211
Fax +40 31 805 9602
Office for Personal Data Protection of the Slovak Republic
820 07 Bratislava 27
Tel.: + 421 2 32 31 32 14
Fax: + 421 2 32 31 32 34
104 20 Stockholm
Tel. +46 8 657 6100
Fax +46 8 652 8652
Data Protection Authority, Principality of Liechtenstein
Principality of Liechtenstein
Tel. +423 236 6090
6.8 If you have any questions or concerns about our privacy practices, the privacy of your Personal Information or you want to change your privacy preferences, please let us know.
6.9 To manage your email preferences, please visit our Preference Centre. You may also get in touch by clicking here to fill in our form to contact our privacy team, or by contacting them using the details below:
Retail Finance Intelligence Limited (UK)
7th Floor, 21 Mincing Lane,
London, EC3R 7AG
7. Cookies Policy
ANNEX A: Definitions
Direct Marketing is our communication with you such as mail, telemarketing or email, using your contact information, to inform you about products and services that we think may be of interest and value to you. This does not include communications regarding products or services that you currently have (or which you have requested), including improved ways to use the products, or additional features of the products as well as transactional information.
Personal Information Personal Information is information or an opinion about an identifiable individual or an individual who is reasonably identifiable. It includes information that you have provided to us or was collected by us from other sources. It may include details such as your name and address, age and gender, personal financial records, identification numbers including your Social Insurance Number and personal references, to the extent permitted by local laws.
ANNEX B: RFi Group Members and Websites
RFi Group Members:
RFi Group Holdngs Limited (Canada)
145 King Street West
Contact: Chloe James
Retail Finance Intelligence Limited (UK)
7th Floor, 21 Mincing Lane,
London, EC3R 7AG
Contact: Victoria Bateman
RFi Pte Ltd (Singapore)
109 North Bridge Rd,
Contact: Eleanor Page
Retail Finance Intelligence Pty Ltd (Australia)
175 Pitt Street
Sydney NSW 2000
Contact: Julien Wilson
ANNEX C: European Appendix
This Appendix applies if you are based in the European Economic Area (the EEA) during your interactions with us (other than solely for travel purposes).
It sets out the additional information that we are required to provide you under European data protection law (EU DP Law), including information about rights that you have in relation to your Personal Information that we handle.
1. Our legal bases for using, disclosing and processing your Personal Information
Purpose for which we process your Personal Information
To provide and manage products and services you have requested
To communicate with you regarding products and services that may be of interest
To understand our clients and to develop and tailor our products and services
To monitor certain activities
To inform you of changes
To ensure website content is relevant
To reorganise or make changes to our business
In connection with legal or regulatory obligations
2. Use bases
These are the principal legal grounds that justify our use of your information
Contract performance: where your information is necessary to enter into or perform our contract with you.
Legal obligation: where we need to use your information to comply with our legal obligations.
Legitimate interests: where we use your information to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights.
Legal claims: where your information is necessary for us to defend, prosecute or make a claim against you, us or a third party.
3. Export outside the EEA
3.1 Your Personal Information may be accessed by staff, suppliers or other persons in, transferred to, and/or stored at, a destination outside the EEA in which data protection laws may be of a lower standard than in the EEA.
3.2 Where we transfer Personal Information from inside the EEA to outside the EEA, we may be required to take specific additional measures to safeguard the relevant Personal Information. Certain countries outside the EEA have been approved by the European Commission as providing essentially equivalent protections to EEA data protection laws and therefore no additional safeguards are required to export Personal Information to these jurisdictions. In countries which have not had these approvals (see the full list here http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm), we will establish legal grounds justifying such transfer, such as EU Commission-approved model contractual clauses, or other legal grounds permitted by applicable EU DP Law.
4. Your additional rights
(a) require us to provide you with further details on the use we make of your information;
(b) require us to provide you with a copy of information that you have provided to us;
(d) require us to transmit the Personal Information that you provided to use to a third party electronically;
(e) require us to delete any Personal Information we no longer have a lawful ground to use;
(f) where processing is based on consent, withdraw your consent so that we stop that particular processing;
(g) object to any processing based on the legitimate interests ground unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights;
(i) restrict how we use your information whilst a complaint is being investigated.
4.2 Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege). If you exercise any of these rights we will check your entitlement and respond in most cases within a month.
5. Contacting Us
Retail Finance Intelligence Limited (UK)
Attention: Eleena Broadfoot
7th Floor, 21 Mincing Lane,
London, EC3R 7AG