Privacy Policy

PRIVACY POLICY

Apron Payments Ltd ("Apron" or "we" or "us" or "our") is committed to protecting and respecting your privacy.

This Privacy Policy (together with our Terms of Service) sets out the basis on which any personal data we collect from you or that you provide to us, will be processed by us. Apron Payments Limited of 4th Floor, 30 Churchill Place, London, United Kingdom, E14 5RE is the data controller of information processed under this Privacy Policy.

Please read the following carefully to understand our practices regarding your personal data and how we will treat it. By visiting, accessing or using our website https://app.getapron.com, our mobile app and/or services (collectively the “Service”), you are accepting the practices described in this Privacy Policy. If you have any questions about this Privacy Policy, please contact us at dpo@getapron.com.

INFORMATION WE MAY COLLECT FROM YOU
We may collect and process the following information about you:
1. Information you give us
  You may give us information about you by using the Service or by corresponding with us by phone, email or otherwise. The information you give us may include:
  1. contact information such as name, business email address, and phone number, etc;
  2. financial information to the extent that it comprises personal data;
  3. content and information you input in open text fields, e.g. in “contact us” or other chat forms. This includes the text, files and links you upload to the Service;
  4. display name, profile photo, job title, and other details to your profile information;
  5. information about your company, e.g. company name and company phone contacts to the extent that it comprises personal data;
  6. a summary of any problem you are experiencing, and any other documentation, screenshots or information that would help resolve an issue submitted to our customer support included in the Service.
2. Information we collect about you
  1. Each time you visit our website, our mobile app or otherwise engage with the Service we may collect the following information:
    1. name, address and date of birth from accounting applications for the purpose of initiating and executing payments;
    2. technical information, including the Internet protocol (IP) address used to connect your device to the internet, browser type and version, connection type and settings, time zone settings, browser plug-in types and versions, operating system and platform, full Uniform Resource Locators (URL) clickstream to, through and from our website (including date and time);
    3. the date and time of the creation of your account;
    4. content you viewed or searched for, page response times, length of visits to certain pages, information in relation to the features you use and page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page;
    5. the type, size and filenames of attachments you upload to the Service and how you interact with others on the Service; and
    6. device identifiers, download errors and crash data and any phone number used to call our customer service number.
  2. We may also collect anonymous and aggregated information about your visits and interactions, including page response times and download errors, which we use for statistical reporting about the Service. This information can no longer be associated with you.
3. Information collected from two-factor authentication
  If you opt to enable two-factor authentication for your account, we will collect your phone number and use it to provide you with a code via SMS, which you can use to enter your account.
4. Links to other websites
  1. From time to time, we may include links on the Service to third-party websites. Please pay attention when you connect to these websites and read their terms and conditions of use and privacy policies carefully. We do not control or monitor such websites or their web content. This Privacy Policy does not apply to any third-party websites and we are not responsible for the content, privacy policies, or processing of your personal data while you are visiting any third-party websites.
  2. The Service may include social media features and widgets, such as the Facebook Like button, the Share This button or interactive mini-programs that run on the Service. These features may collect your IP address and which page you are visiting on the Service, and may set a cookie or other identifier to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on the Service. Your interactions with these features are governed by the privacy statement of the company providing it, and we are not responsible for processing your personal data by these third parties.
PURPOSES FOR WHICH WE PROCESS PERSONAL INFORMATION AND LAWFUL BASES
We use the information we hold about you to provide the Service to you and improve the Service, administer your account and communicate with you, and to use the information on an anonymous basis for research, profiling and analytical purposes.
We ensure we have appropriate legal bases on which to collect, use and share information about you. If you have any questions about the lawful bases upon which we collect and use your personal data, you can contact dpo@getapron.com.
We use information held about you in the following ways:
1. To provide a requested service or carry out a contract with youWe may use this information:
  1. to carry out our obligations arising from any contract entered into between and us;
  2. to provide you with the information, products and services that you request from us;
  3. to allow you to participate in interactive features of our Service, when you choose to do so;
  4. to provide customer support;
  5. to notify you about changes to our Service; and
  6. to manage your account.
2. Where we have a legitimate interestWe may use this information:
  1. to administer the Service (including record keeping) and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
  2. to guide the development of the content; and
  3. to improve the Service to ensure that content is presented most effectively for you and your device and to measure the efficiency of the Service.
3. Where we have a legal obligationWe may use this information:
  1. as part of our efforts to keep the Service safe and secure;
  2. to protect against fraud, e.g. when we need to check your personal information against the CIFAS database, which is a cross-industry fraud database; and
  3. in any other case where we are under a duty to process your personal information, to comply with any legal obligation.
4. We will only use your information for the above purposes. We will not use such information for any other purpose.
5. If you do not provide the necessary personal information or withdraw your consent for processing your personal information where consent is relied on, where this information is necessary for us to provide the Service to you, we will not be able to provide you with the Service.
SECURITY
1. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk and to protect your personal data against accidental or unlawful destruction, loss, alteration, or unauthorised disclosure or access. We may use third-party products and services to secure or store your information.
2. Where you have chosen a password, which enables you to access our Service, you are responsible for keeping this password confidential. You should not share this password with anyone.
3. Unfortunately, the transmission of information via internet is not completely secure. Although we will work hard to protect your personal information, we cannot guarantee the security of your information transmitted to the Service; use of the Service is at your own risk.
4. Depending on where you live, you may have a legal right to receive written notice of a data privacy or security breach. If you have any reason to believe that your interactions with the Service are no longer secure, please notify us immediately at dpo@getapron.com.
DISCLOSURE OF YOUR INFORMATION
1. We may share your personal information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries.
2. We may share your personal information with selected third parties, including business partners, suppliers and sub-contractors, for the performance of a contract we enter into with them or you, and/or to provide the Service, e.g. cloud storage providers, accounting software platforms, etc. This might include third parties that help us initiate and execute payments, e.g. Railsr, Yapily, Currency Cloud, Checkout, Intercom etc.
3. If you choose to share your information with third parties, the Service may allow you to share certain personal or other information of yours with those third parties to provide the Service to you and others.
4. We may also disclose your personal information to third parties:
  1. in the event that we sell or buy any business or assets, we may disclose your personal information to the prospective seller or buyer of such business or assets;
  2. if our assets, or substantially all of our assets are acquired by a third party, personal information held by us about you may be one of the transferred assets;
  3. if we are under a duty to disclose or share your personal information to comply with any legal obligation, to enforce or apply our Terms of Service or other agreements, or to protect our rights, property or safety, or the rights, property or safety of our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and law enforcement, e.g. with CIFAS.
INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION
1. The personal data that we collect or receive about you may be transferred to and processed by recipients that are located inside or outside the United Kingdom. We will take all necessary measures to ensure that transfers out of the UK are adequately protected as required by applicable data protection law.
2. With regards to data transfers to countries not providing an adequate level of data protection, we rely on appropriate safeguards, such as standard data protection clauses adopted a relevant regulator or supervisory authority, approved codes of conduct together with binding and enforceable commitments of the recipient, or approved certification mechanisms together with binding and enforceable commitments of the recipient. You can ask for a copy of such appropriate safeguards by contacting us at info@getapron.com
HOW LONG WE KEEP INFORMATION FOR
1. We only keep your information for as long as is necessary for us to use your information for the purposes described above in section 2 of this Privacy Policy. However, please be advised that we may retain some of your information after you cease to use the Service, for instance, for our lawful record-keeping purposes and where this is necessary to meet our legal obligations, such as retaining the information for tax and accounting purposes.
2. When determining the relevant retention periods, we will take into account factors including:
  1. our contractual obligations and rights concerning the information involved;
  2. legal obligations under applicable law to retain data for a certain period of time;
  3. our legitimate interests where we have carried out a balancing test;
  4. statute of limitations under applicable law(s);
  5. (potential) disputes;
  6. if you have made a request to have your information deleted; and
  7. guidelines issued by relevant data protection authorities.
3. After such time, we will either securely erase or anonymise your information where we no longer have a legitimate reason for keeping it. If this is not possible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible.
4. After termination of your account, we may continue to use anonymised data (which does not identify individual users) which is aggregated with anonymised data of other users. We use this aggregated anonymised data for data analysis, profiling and research purposes, for example to gain insights about our users. We may also keep your email address to ensure that you no longer receive any communications from us and information such as your name, financial details and latest address for fraud prevention purposes and for the exercise or defence of legal claims.

YOUR RIGHTS

By law, you have a number of rights regarding your personal information (see below). Please contact us at dpo@getapron.com to exercise any of your rights. Further information and advice about your rights can be obtained from the data protection regulator in your country.

Please note that we do not carry out automated decision-making in relation to the Service. If we intend to carry out automated decision-making, including profiling, in relation to the Service in the future, we will update this Privacy Policy to reflect such processing and provide you with meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.

Right	What does this mean?
1. The right to object to processing	You have the right to object to certain types of processing, including processing for direct marketing (if applicable).
2. The right to be informed	You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this Privacy Policy.
3. The right of access	You have the right to obtain access to your information (if we’re processing it), and certain other information (similar to that provided in this Privacy Policy).This is so you’re aware and can check that we’re using your information following data protection laws.
4. The right to rectification	You are entitled to have your information corrected if it’s inaccurate or incomplete.
5. The right to erasure	This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there’s no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.
6. The right to restrict processing	You have the right to block or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.
7. The right to data portability	You have the right to obtain and reuse your personal information for your own purposes across different services. For example, if you decide to switch to a new provider, this enables you to move, copy or transfer your information easily between our IT systems and theirs safely and securely, without affecting its usability.
8. The right to lodge a complaint	You have the right to lodge a complaint about how we handle or process your personal information with your national data protection regulator.
9. The right to withdraw consent	If you have given your consent to anything we do with your personal information, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal information with your consent up to that point is unlawful).

We usually act on requests and provide information free of charge, but may charge a reasonable fee to cover our administrative costs of providing the information for:

baseless or excessive/repeated requests, or
further copies of the same information.

Alternatively, we may be entitled to refuse to act on the request.Please consider your request responsibly before submitting it. We’ll respond as soon as we can. Generally, this will be within one month from when we receive your request, but, if the request is going to take longer to deal with, we’ll come back to you and let you know.

CHILDREN'S RIGHTSThe Service is intended for users who are 18 years old or older. We do not knowingly collect personal information from children. If we become aware that we have inadvertently received personal information from a child, we will delete such information from our records.
CHANGES TO OUR PRIVACY POLICYAny changes we may make to our Privacy Policy in the future will be posted on the Service and, where appropriate, notified to you by email. Please check back frequently for any updates or changes to our Privacy Policy. The changes will go into effect on the "Last updated" date shown in the revised Privacy Policy. By continuing to use the Service, you are accepting the revised Privacy Policy.
CONTACT
If you have any questions, comments or requests regarding this Privacy Policy, please contact us using the following details:
1. Email: dpo@getapron.com
2. Post: 4th Floor, 30 Churchill Place, London, United Kingdom, E14 5RE.
YOUR RIGHT TO LOG A COMPLAINT WITH THE ICO
If you are not satisfied with our response to a complaint you have made, or think we are not complying with data protection laws, you can make a complaint to the UK data protection regulator, who can be contacted as set out below:
1. Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
2. Phone number: 0303 123 1113
3. Website: https://ico.org.uk/make-a-complaint/ or https://ico.org.uk/for-the-public/raising-concerns

Last updated: 20 March 2024