Retail Finance Intelligence Pty Ltd (RFi Group) (ABN 64 121 015 192) respects your privacy and is committed to protecting your personal information that you provide to us. This Privacy Policy explains our policies and practices regarding the use and disclosure of your Personal Information (as defined in Annex A) by RFi Group. Please note that RFi Group reviews and updates this Privacy Policy from time to time as needed without notice. Therefore, you should review the terms of this policy periodically to make sure that you are aware of how RFi Group collects and uses personal information. By using our website, you consent to the collection and use of your personal information by RFi Group as explained below.

1. Privacy Policy

1.1             Retail Finance Intelligence Limited (UK), together with other members of its group listed in Annex B (RFi, we/us/our) are committed to safeguarding the privacy of our clients and users (you/your) and the Personal Information you have entrusted to us. It is important for you to understand what Personal Information we will collect, how we will use it, and who may access it.

1.2             If you are an existing client of ours, further details about how we use your Personal Information may be set out in your client agreement with us.  Further notices highlighting certain uses we wish to make of your Personal Information together with the ability to opt in or out of selected uses may also be provided when we collect Personal Information from you.

1.3             Our websites, which are listed in Annex B (Websites), may contain links to other third party websites.  If you follow a link to any of those third party websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for their policies or processing of your Personal Information.  Please check these policies before you submit any Personal Information to such third party websites. 

1.4  This Privacy Policy is intended to explain our privacy practices and covers the following areas:
(a)  What Personal Information about you we may collect
(b)  How we may use your Personal Information
(c)   Who we may share your Personal Information with
(d)   How we protect your Personal Information
(e)   Contacting us & your rights to prevent marketing and to access and update your Personal Information
(f)    Our Cookies Policy

1.5            All underlined terms or ► symbols can be clicked to provide further detail.

1.6            If you are based in the European Economic Area during your interactions with us (other than solely for travel purposes), the laws in those countries require us to provide you with additional information about our processing activities. We have included this information in Annex C.

2. Information we may collect about you
2.1            We will collect and process all or some of the following Personal Information about you.

a) Information you provide to us

Personal Information that you provide to us, such as when using the subscription or registration forms on any of our Websites, when we communicate at our events or when purchasing a ticket or product from us. This may include your name, email address, and other contact details. It may also include details of the organisation that you work for and your position within that organisation.

b) (b) Information about the products and services you have requested

We will keep records of the products and services you have requested from us.

c) Information you provide to our event organisation partners

When you purchase a ticket to one of our events through our third party service providers such as Eventbrite or Unbounce, they will pass the information that you provide them, such as your name and contact details, to us so that we can administer your attendance at our event.

d) Our correspondence

If you contact us, we will typically keep a record of that correspondence.

e) Survey information

We may also ask you to complete surveys that we use for research purposes.  In such circumstances we shall collect the information provided in the completed survey.

f) Device Information

Such as information about your operating system, browser version, software applications, IP address, security status and other device information in order to improve your experience, to protect against fraud and manage risk.

g) Marketing preference information

Details of your marketing preferences (e.g. communication preferences) and information relevant to selecting appropriate products and services to offer you.

h) Website and communication usage

Details of your visits to the websites and information collected through cookies and other tracking technologies including, but not limited to, your IP address and domain name, traffic data, location data, web logs, other communication data, and the resources that you access.

i) Publically available information

We can also access information from social media activity such as when you ‘like’ the website, share content or follow us on Twitter.  When you sign in to the website using social media you grant permission to the social network to share some of your details with us. Depending on the network this will include basic account information such as name, email address, date of birth and any other details you choose to share according to your particular social media account settings .

We may also collect information about you that is publicly available online, including from your Website, social media profile, and other third parties including (www.facebook.com; www.linkedin.com; www.eventbrite.com; www.twitter.com; www.google.com).

2.2            If you do not provide us with the Personal Information we have requested, we may not be able to provide you with products, services, information or assistance, either partly or wholly, to the extent that they require us to collect, use or disclose Personal Information. 

3. Uses made of your Personal Information
3.1             We may use your Personal Information for one or more of the following purposes.

a) To provide and manage products and services you have requested

To administer our services (including organising our events and providing you with our publications), including to carry out our obligations arising from any agreements entered into between you and us such as delivery products or services to you, to assist you with enquiries about your requested products or services, to understand the kinds of goods and services that interest you, and to notify you about changes to our products and services;

b) To communicate with you regarding products and services that may be of interest

To provide you with updates and offers, where you have chosen to receive these. We may also use your information for marketing our own, and our selected business partners’, products and services to you. Where required by law, we will ask for your consent at the time we collect your data to conduct any of these types of marketing. We will provide an option to unsubscribe or opt-out of further communication on any electronic marketing communication sent to you or you may opt out at any time as described in paragraph 6.1 below;

c) To understand our clients and to develop and tailor our products and services

We may analyse the Personal Information we hold in order to better understand your usage patterns, preferences and marketing requirements, as well as to better understand our business and develop our products and services;

d) To monitor certain activities

To monitor queries and transactions to ensure service quality, compliance with procedures, terms of use and policies, and to combat fraud;

e) To inform you of changes

To notify you about changes to our services and products;

f) To ensure Website content is relevant

To ensure that content from our Websites is presented in the most effective manner for you and for your device, which may include passing your data to business partners, suppliers and/or service providers;

g) To reorganise or make changes to our business

We: (i) are subject to negotiations for the sale of our business or part thereof to a third party; (ii) are sold to a third party; or (iii) undergo a re-organisation, we may need to transfer some or all of your Personal Information to the relevant third party (or its advisors) as part of any due diligence process for the purpose of analysing any proposed sale or re-organisation. We may also need to transfer your Personal Information to that re-organised entity or third party after the sale or reorganisation for them to use for the same purposes as set out in this policy; and

h) In connection with legal or regulatory obligations

We may process your Personal Information to comply with our regulatory requirements or dialogue with regulators as applicable which may include disclosing your Personal Information to third parties, the court service and/or regulators or law enforcement agencies  in  connection  with  enquiries, proceedings or investigations by such parties anywhere in the world or where compelled to do so.  Where permitted, we will direct any such request to you or notify you before responding unless to do so would be unlawful or prejudice the prevention or detection of a crime.

4. Sharing your Personal Information
4.1            We will only use or disclose your Personal Information for the purpose it was collected and as otherwise identified in this Privacy Policy. In addition to the disclosures mentioned above, we may share your Personal Information as follows.

a) Sharing outside the RFi group

Personal Information may be provided to third parties, including anti-fraud organisations, legal, regulatory or law enforcement authorities in cases of suspected criminal activity or contravention of law, for the detection and prevention of fraud, or when required to satisfy the legal or regulatory requirements of governments, regulatory authorities or other self-regulatory organizations, or to comply with a court order or for the protection of our business or assets (for example, collection of overdue accounts).

b) Sharing within the RFi group

We may share your Personal Information within the RFi group for marketing purposes, for legal and regulatory purposes, to manage business risks, to perform analytics, to ensure we have correct or up to date information about you (such as your current address or date of birth) and to better manage your relationship with us.

c) Business sale or reorganisation

Over time, we may buy new businesses or sell some of our businesses. Accordingly, Personal Information associated with any accounts, products or services of the business being purchased or sold will be reviewed as part of the due diligence process and subsequently transferred as a business asset to the new business owner. We may also transfer Personal Information as part of a corporate reorganisation or other change in corporate control.

d) Sub-contractors and agents

We may use affiliates or other companies to provide services on our behalf such as delivery and logistics, data processing, account administration, fraud prevention and detection, analytics and marketing. In particular, we use Eventbrite, Unbounce, and other event organisation companies to assist in administering our events, ticketing, and payment processing functions. Such companies will be given only the Personal Information needed to perform those services and we do not authorise them to use or disclose Personal Information for their own marketing or other purposes. We have contracts in place holding these companies to the same standards of confidentiality by which we are governed.

4.2            If you are an individual in Australia, we may disclose your Personal Information to entities located outside of Australia for the purposes listed above, including the following: 

a) our related bodies corporate, located in Canada, Singapore and the UK;
b) our affiliates and suppliers, located in Canada, New Zealand, Singapore, UK and the USA;  and
c) other third parties located in the UK and USA.

5. Security and retention of your Personal Information
5.1            We use physical, electronic and procedural safeguards to protect against misuse, interference, and unauthorized use, access, modification, destruction, disclosure, loss or theft of your Personal Information in our custody or control.
5.2            We have agreements and controls in place with third party service providers requiring that any information we provide to them must be safeguarded and used only for the purpose of providing the service we have requested the service provider to perform.

Security over the internet
5.3             No data transmission over the Internet or Website can be guaranteed to be secure from intrusion.  However, we maintain commercially reasonable physical, electronic and procedural safeguards to protect your Personal Information in accordance with data protection legislative requirements.
5.4             All information you provide to us is stored on our or our subcontractors’ secure servers and accessed and used subject to our security policies and standards.  Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Websites, you are responsible for keeping this password confidential and for complying with any other security procedures that we notify you of. We ask you not to share a password with anyone.

Retention of  Your Personal Information
5.5            Our retention periods for Personal Information are based on business needs and legal requirements. We retain your Personal Information for as long as is necessary for the processing purpose for which the information was collected, and any other permissible, related purpose. For example, we may retain certain transaction details and correspondence until the time limit for claims arising from the transaction has expired, or to comply with regulatory requirements regarding the retention of such data. When Personal Information is no longer needed, we either irreversibly anonymise the data (and we may further retain and use the anonymised information) or securely destroy the data.

6. Your rights & contacting us
Right to opt out of marketing
6.1            If you prefer not to receive our Direct Marketing (as defined in Annex A) or not have your Personal Information shared among the members of the RFi group for the purpose of marketing, you can have your name deleted from our Direct Marketing lists by clicking the unsubscribe link in the footer of the email that you receive, by visiting our Preference Centre or by contacting us below.

Updating Information
6.2            We will use reasonable endeavours to ensure that your Personal Information is accurate. In order to assist us with this, you should notify us of any changes to the Personal Information that you have provided to us by contacting us as set out in the Contacting Us section below.

Accessing and correcting information
6.3            You may request access to, or correction of, any Personal Information we hold about you at any time by contacting us (see the details below).  We ask that you provide us with as much detail as you can about the Personal Information in question as this will help us to assist you.  Before we provide you with access to, or correction of, your Personal Data, we may require some proof of identity.  Where we hold Personal Information that you are entitled to access, we will try to provide you with suitable means of accessing it (for example, by mailing or emailing it to you). 

6.4            There may be instances where we will not grant you access to the Personal Information we hold in other circumstances permitted by law such as where the request would be likely to have an unreasonable impact on the privacy of others.  If that happens, we will give you written reasons for any refusal. 

6.5            If you believe that Personal Information we hold about you is incorrect, incomplete or inaccurate, then you may request us to amend it (see details below).  We will consider if the information requires amendment.  If we do not agree that there are grounds for amendment then we will add a note to the Personal Information stating that you disagree with it.

6.6            We will deal with any complaint by investigating it, and providing a response to you within a reasonable time, provided that we have all necessary information and have completed any investigation required.  In some cases, we may need to ask you to put your complaint in writing so that we are sure that we understand it, and may also need to ask you for further information or to verify your identity.  We will attempt to confirm as appropriate and necessary with you your understanding of the conduct relevant to the complaint and what you expect as an outcome.  We will treat your complaint confidentially and respond to you within a reasonable time, usually in writing.

6.7            If you are not satisfied with our processing of your Personal Data or our response to any exercise of these rights, please contact us using the details below.  You also have the right to complain to your appropriate data protection authority:

a)  If you are in Australia, your data protection authority is:
Office of the Australian Information Commissioner
GPO Box 5218 
Sydney NSW 2001
Telephone: 1300 363 992
Fax: 61 2 9284 9666
Website: https://www.oaic.gov.au/
b)  If you are in Canada, your data protection authority is:
Office of the Privacy Commissioner of Canada
30, Victoria Street
Gatineau, Quebec
K1A 1H3
Telephone: (819) 994-5444
Website: https://www.priv.gc.ca/en/
c)  If you are in Hong Kong, your data protection authority is:
Office of the Privacy Commissioner for Personal Data
Room 1303, 13/F, Sunlight Tower, 
248 Queen's Road East
Wanchai
Hong Kong
Telephone: 2827 2827
Fax: 2877 7026
https://www.pcpd.org.hk/
d)  If you are in Malaysia, your data protection authority is:
Personal Data Protection Commissioner (“PDP Commissioner”)
Aras 6, Kompleks Kementerian Komunikasi dan Multimedia
Lot 4G9, Persiaran Perdana, Presint 4
Pusat Pentadbiran Kerajaan Persekutuan
62100 Putrajaya
Malaysia
Website: https://daftar.pdp.gov.my/
e)  If you are in Mexico, your data protection authority is:
National Institute of Transparency, Access to Information and Personal Data Protection 
(Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales)
Av. Insurgentes Sur # 3211
Col. Insurgentes Cuicuilco
Coyoacán
C.P. 04530
Delegación Coyoacán
México D.F.
Telephone: 800 835 4324
Website: http://inicio.inai.org.mx/
f)  If you are in New Zealand, your data protection authority is:
Office of the New Zealand Privacy Commissioner
8/109 Featherston Street, 
Wellington Central, 
Wellington 6011, 
New Zealand
Telephone: 0800 803 909
Website: https://www.privacy.org.nz/
g)  If you are in the Philippines, your data protection authority is:
The National Privacy Commission
5th Floor, Delegation Building
PICC Complex,
Roxas Boulevard, Manila
Metro Manila
Telephone: 5659623
Website: https://www.privacy.gov.ph/askpriva/
h)  If you are in Singapore, your data protection authority is:

Personal Data Protection Commission
10 Pasir Panjang Road, 
#03-01 Mapletree Business City 
Singapore 117438
Telephone: 65 6377 3131
Fax: 65 6577 3888
Website: https://www.pdpc.gov.sg/

i)  If you are in the UK, your data protection authority is: Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113
Fax: 01625 524510 
Website: https://ico.org.uk/

 

j)  If you are in the European Union, your data protection authority is listed below:

Austria
Österreichische Datenschutzbehörde Barichgasse
40-42 1030 Wien
Tel. +43 1 52152 2550
email: dsb@dsb.gv.at
Website: http://www.dsb.gv.at/

Belgium Autorité de la protection des données - Gegevensbeschermingsautoriteit (APD-GBA)
Rue de la Presse 35 – Drukpersstraat 35
1000 Bruxelles - Brussel
Tel. +32 2 274 48 00
Fax +32 2 274 48 35
email: contact@apd-gba.be
Website: https://www.autoriteprotectiondonnees.be/

Bulgaria
Commission for Personal Data Protection
2, Prof. Tsvetan Lazarov blvd.
Sofia 1592
Tel. + 359 2 915 3580
Fax +359 2 915 3525
email: kzld@cpdp.bg
Website: https://www.cpdp.bg/

Croatia Croatian Personal Data Protection Agency
Selska Cesta 136
10000 Zagreb
Tel. +385 1 4609 000
Fax +385 1 4609 099
email: azop@azop.hr
Website: http://www.azop.hr/

Cyprus
Commissioner for Personal Data Protection
1 Iasonos Street, 1082 Nicosia
P.O. Box 23378, CY-1682 Nicosia
Tel. +357 22 818 456
Fax +357 22 304 565
email: commissioner@dataprotection.gov.cy
Website: http://www.dataprotection.gov.cy/

Czech Republic
Office for Personal Data Protection
Pplk. Sochora 27
170 00 Prague 7
Tel. +420 234 665 111
Fax +420 234 665 444
email: posta@uoou.cz
Website: http://www.uoou.cz/

Denmark
Datatilsynet
Carl Jacobsens Vej 35
2500 Valby
Tel. +45 33 1932 00
Fax +45 33 19 32 18
email: dt@datatilsynet.dk
Website: http://www.datatilsynet.dk/

Estonia
Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon)
Tatari 39
10134 Tallinn
Tel. +372 6828 712
email: info@aki.ee
Website: http://www.aki.ee/

Finland
Office of the Data Protection Ombudsman
P.O. Box 800 FI-00531 Helsinki
Tel. +358 29 56 66700
Fax +358 29 56 66735
email: tietosuoja@om.fi
Website: http://www.tietosuoja.fi/en/

France
Commission Nationale de l'Informatique et des Libertés - CNIL
3 Place de Fontenoy
TSA 80715 – 75334 Paris, Cedex 07
Tel. +33 1 53 73 22 22
Fax +33 1 53 73 22 00
contact: https://www.cnil.fr/en/contact-cnil
Website: http://www.cnil.fr/

Germany
Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
Graurheindorfer Straße 153, 53117 Bonn
Tel.: +49 228 997799 0
Fax: +49 228 997799 5550
email: poststelle@bfdi.bund.de
Website: http://www.bfdi.bund.de/

Greece
Hellenic Data Protection Authority
Kifisias Av. 1-3, PC 11523
Ampelokipi Athens
Tel. +30 210 6475 600
Fax +30 210 6475 628
email: contact@dpa.gr
Website: http://www.dpa.gr/

Hungary
Hungarian National Authority for Data Protection and Freedom of Information
Szilágyi Erzsébet fasor 22/C
H-1125 Budapest
Tel. +36 1 3911 400
email: privacy@naih.hu
Website: http://www.naih.hu/

Ireland
Data Protection Commission
21 Fitzwilliam Square
Dublin 2
D02 RD28
Ireland
Tel. +353 76 110 4800
email: info@dataprotection.ie
Website: http://www.dataprotection.ie/

Italy
Garante per la protezione dei dati personali
Piazza Venezia, 11
00187 Roma
Tel. +39 06 69677 1
Fax +39 06 69677 785
email: protocollo@gpdp.it
Website: http://www.garanteprivacy.it/

Latvia
Data State Inspectorate
Blaumana str. 11/13-15
1011 Riga
Tel. +371 6722 3131
Fax +371 6722 3556
email: info@dvi.gov.lv
Website: http://www.dvi.gov.lv/

Lithuania
State Data Protection Inspectorate
L. Sapiegos str. 17
LT-10312 Vilnius
Tel. +370 5 271 2804 / +370 5 279 1445
Fax +370 5 261 9494
email: ada@ada.lt
Website: http://www.ada.lt/

Luxembourg
Commission Nationale pour la Protection des Données
15, Boulevard du Jazz
L-4370 Belvaux
Tel. +352 2610 60 1
Fax +352 2610 60 6099
email: info@cnpd.lu
Website: http://www.cnpd.lu/

Malta
Office of the Information and Data Protection Commissioner
Second Floor, Airways House
High Street, Sliema SLM 1549
Tel. +356 2328 7100
Fax +356 2328 7198
email: idpc.info@idpc.org.mt
Website: http://www.idpc.org.mt/

Netherlands
Autoriteit Persoonsgegevens
Bezuidenhoutseweg 30
P.O. Box 93374
2509 AJ Den Haag/The Hague
Tel. +31 70 888 8500
Fax +31 70 888 8501
Website: https://autoriteitpersoonsgegevens.nl/nl

Poland
Urząd Ochrony Danych Osobowych (Personal Data Protection Office)
ul. Stawki 2
00-193 Warsaw
Tel. +48 22 531 03 00
Fax +48 22 531 03 01
email: kancelaria@uodo.gov.pl; zwme@uodo.gov.pl
Website: https://uodo.gov.pl/

Portugal
Comissão Nacional de Protecção de Dados - CNPD
Av. D. Carlos I, 134, 1º
1200-651 Lisboa
Tel. +351 21 392 84 00
Fax +351 21 397 68 32
email: geral@cnpd.pt
Website: http://www.cnpd.pt/

Romania
The National Supervisory Authority for Personal Data Processing
B-dul Magheru 28-30
Sector 1, BUCUREŞTI
Tel. +40 31 805 9211
Fax +40 31 805 9602
email: anspdcp@dataprotection.ro
Website: http://www.dataprotection.ro/
Slovakia
Office for Personal Data Protection of the Slovak Republic
Hraničná 12
820 07 Bratislava 27
Tel.: + 421 2 32 31 32 14
Fax: + 421 2 32 31 32 34
email: statny.dozor@pdp.gov.sk
Website: http://www.dataprotection.gov.sk/

Slovenia
Information Commissioner of the Republic of Slovenia
Dunajska 22
1000 Ljubljana
Tel. +386 1 230 9730
Fax +386 1 230 9778
email: gp.ip@ip-rs.si
Website: https://www.ip-rs.si/

Spain
Agencia Española de Protección de Datos (AEPD)
C/Jorge Juan, 6
28001 Madrid
Tel. +34 91 266 3517
Fax +34 91 455 5699
email: internacional@aepd.es
Website: https://www.aepd.es/

Sweden
Datainspektionen
Drottninggatan 29
5th Floor
Box 8114
104 20 Stockholm
Tel. +46 8 657 6100
Fax +46 8 652 8652
email: datainspektionen@datainspektionen.se
Website: http://www.datainspektionen.se/

Iceland
Persónuvernd
Rauðarárstígur 10
105 Reykjavík
Tel: +354 510 9600
Website: https://www.personuvernd.is or https://www.dpa.is

Liechtenstein
Data Protection Authority, Principality of Liechtenstein
Städtle 38
9490 Vaduz
Principality of Liechtenstein
Tel. +423 236 6090
email: info.dss@llv.li
Website: https://www.datenschutzstelle.li

Norway
Datatilsynet
Tollbugata 3
0152 Oslo
Tel +47 22 39 69 00
email: postkasse@datatilsynet.no
Website: www.datatilsynet.no

Contacting us

6.8    If you have any questions or concerns about our privacy practices, the privacy of your Personal Information or you want to change your privacy preferences, please let us know.

6.9   To manage your email preferences, please visit our Preference Centre. You may also get in touch by clicking here to fill in our form to contact our privacy team, or by contacting them using the details below:

Retail Finance Intelligence Limited (UK)
Minster Building,
7th Floor, 21 Mincing Lane,
London, EC3R 7AG
United Kingdom
privacy@rfigroup.com

7. Cookies Policy
7.1             We use cookies on the Websites.  To find out more about how we use cookies, please see our Cookies Policy

8. Changes to our Privacy Policy or Cookies Policy
8.1             We may change the content of our Websites and how we use cookies and consequently, our Privacy Policy and our Cookie Policy may change from time to time in the future.  If we change this Privacy Policy or our Cookies Policy, we will update the date it was last changed below.  If these changes are material, we will indicate this clearly on our Website.

8.2            This Privacy Policy was last updated in September 2020.

ANNEX A: Definitions
Direct Marketing
is our communication with you such as mail, telemarketing or email, using your contact information, to inform you about products and services that we think may be of interest and value to you. This does not include communications regarding products or services that you currently have (or which you have requested), including improved ways to use the products, or additional features of the products as well as transactional information.

Personal Information Personal Information is information or an opinion about an identifiable individual or an individual who is reasonably identifiable. It includes information that you have provided to us or was collected by us from other sources. It may include details such as your name and address, age and gender, personal financial records, identification numbers including your Social Insurance Number and personal references, to the extent permitted by local laws.

ANNEX B: RFi Group Members and Websites

RFi Group Members:

RFi Group Holdngs Limited (Canada)

145 King Street West

Suite 1710

Toronto, Ontario

M5H 1J8

Contact: Chloe James

Retail Finance Intelligence Limited (UK)

Minster Building,

7th Floor, 21 Mincing Lane,

London, EC3R 7AG

United Kingdom

Contact: Victoria Bateman

RFi Pte Ltd (Singapore)

109 North Bridge Rd,

#05-21,

Singapore 179097

Contact: Eleanor Page

Retail Finance Intelligence Pty Ltd (Australia)

Level 16

175 Pitt Street

Sydney NSW 2000      

Contact: Julien Wilson

RFi Websites:

www.rfigroup.com;

ANNEX C: European Appendix
This Appendix applies if you are based in the European Economic Area (the EEA) during your interactions with us (other than solely for travel purposes).

It sets out the additional information that we are required to provide you under European data protection law (EU DP Law), including information about rights that you have in relation to your Personal Information that we handle.

1.  Our legal bases for using, disclosing and processing your Personal Information
1.1            Under EU DP Law, we are required to inform you of the legal basis for the purposes which we use, disclose or otherwise process your Personal Information. Below we set out the legal bases for the purposes for which we use, disclose or otherwise process of your Personal Information for each of the purposes mentioned in section 3 of the Privacy Policy. You can find an explanation of each of the legal bases in section 2 of this Annex below.

Purpose for which we process your Personal Information

Reference to Privacy Policy

Legal basis

 

To provide and manage products and services you have requested

3.2(a)

  • contract performance
  • legitimate interests (to enable us to perform our obligations and provide our products and services to you, to assist you with your enquiries, to understand the products and services that interest you, and to notify you about changes to our services)

To communicate with you regarding products and services that may be of interest

3.2(b)

  • legitimate interests (to keep you updated with news in relation to our products and services)
  • consent, but only where we do not rely on our legitimate interests

To understand our clients and to develop and tailor our products and services

3.2(c)

  • legitimate interests (to ensure the quality and legality of our services and to allow us to improve our services)

To monitor certain activities

3.2(d)

  • contract performance
  • legal obligations
  • legal claims
  • legitimate interests (to ensure that the quality and legality of our services)

To inform you of changes

3.2(e)

  • legitimate interests (to notify you about changes to our service)

To ensure website content is relevant

3.2(f)

  • legitimate interests (to allow us to provide you with the content and services on the Websites)

To reorganise or make changes to our business

3.2(g)

  • legitimate interests (in order to allow us to change or transfer our business)

In connection with legal or regulatory obligations

3.2(h)

  • legal obligations
  • legal claims
  • legitimate interests (to cooperate with law enforcement and regulatory authorities)

2. Use bases
These are the principal legal grounds that justify our use of your information

Consent: where you have consented to our use of your information (you will have been presented with consent language in relation to any such use and may withdraw your consent by visiting our Preference Centre or contacting us as set out in the Contacting Us section of the main Privacy Policy. If you do so, we may be unable to provide you with access to all or some of the Website and you may be wholly or partly unable to participate in some services, marketing campaigns or promotions.

Contract performance: where your information is necessary to enter into or perform our contract with you.

Legal obligation: where we need to use your information to comply with our legal obligations.

Legitimate interests: where we use your information to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights.

Legal claims: where your information is necessary for us to defend, prosecute or make a claim against you, us or a third party.

3.  Export outside the EEA
3.1             Your Personal Information may be accessed by staff, suppliers or other persons in, transferred to, and/or stored at, a destination outside the EEA in which data protection laws may be of a lower standard than in the EEA.
3.2            Where we transfer Personal Information from inside the EEA to outside the EEA, we may be required to take specific additional measures to safeguard the relevant Personal Information.  Certain countries outside the EEA have been approved by the European Commission as providing essentially equivalent protections to EEA data protection laws and therefore no additional safeguards are required to export Personal Information to these jurisdictions. In countries which have not had these approvals (see the full list here http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm), we will establish legal grounds justifying such transfer, such as EU Commission-approved model contractual clauses, or other legal grounds permitted by applicable EU DP Law.
3.3             Please contact us as set out in the Contact Us section of the main Privacy Policy if you would like to see a copy of the specific safeguards applied to the export of your Personal Information.

4.   Your additional rights
4.1             Under EU DP Law, you may have the following additional rights in relation to your Personal Information to those set out in the main Privacy Policy. Under certain conditions, you may have the right to:
(a)        require us to provide you with further details on the use we make of your information;
(b)        require us to provide you with a copy of information that you have provided to us;
(c)        require us to update any inaccuracies in the Personal Information we hold (please see paragraph 6.2 to 6.4 of the main Privacy Policy);
(d)        require us to transmit the Personal Information that you provided to use to a third party electronically;
(e)        require us to delete any Personal Information we no longer have a lawful ground to use;
(f)         where processing is based on consent, withdraw your consent so that we stop that particular processing;
(g)        object to any processing based on the legitimate interests ground unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights;
(h)        object to Direct Marketing (please see paragraph 6.1 of the main Privacy Policy); and
(i)         restrict how we use your information whilst a complaint is being investigated.

4.2             Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege). If you exercise any of these rights we will check your entitlement and respond in most cases within a month.

4.3              If you are not satisfied with our use of your Personal Information or our response to any exercise of these rights you have the right to complain to the relevant data protection authority as indicated in section 6.7 of the main Privacy Policy.

5. Contacting Us

If you have any questions in relation to this Privacy Policy, please contact RFi’s EU Representative using the following contact details:
Retail Finance Intelligence Limited (UK)
Attention: Eleena Broadfoot
Minster Building,
7th Floor, 21 Mincing Lane,
London, EC3R 7AG
United Kingdom
privacy@rfigroup.com