We may collect, use, store and transfer different kinds of personal data about you which we have grouped together and defined below:
- Personal Information (Identity Data) - any information that can identify you as a person i.e. name, date of birth, gender
- Contact Information - including billing address, delivery address, email addresses and telephone numbers
- Financial Data - including bank account and payment card details
- Transactional Data - including details about payment to and from you and other details of services you have purchased from us
- Profile Data (on VelaCRM) - including username, historical payments, preferences, feedback and survey responses
- Marketing and Communications Data - your preferences in receiving marketing from us and your communication preferences
- Device Information (Technical Data and Usage Data) - Information on how users interact with a website i.e. analytics of site activity
We do not collect any Special Categories of Personal Data (unless you offer this information) about you (this includes details about your race, ethnicity, religious or political beliefs or sexual orientation). Nor do we collect any information about criminal convictions and offences.
We are committed to maintaining the trust of our clients. We want you to know that Otaara Limited (which includes the brand BankBulb) is not in the business of selling email lists to other companies. However, for your records we provide more detailed information below on when and why we collect your personal information, how we use it, the limited conditions under which we may disclose it to others and how we keep it secure.
1.1 Otaara Limited (which includes the brand BankBulb), (Otaara/BankBulb/we/us/our) are committed to safeguarding the privacy of our customers and users (you/your) who visit our
websites (www.bankbulb.com; www.otaara.com). This privacy statement (the Privacy Statement) sets out our personal information collection and sharing practices for our website and is intended to inform you of the ways in which our website collects personal information, the uses of that personal information and the ways in which we will share any personal information you choose to provide to us.
1.2 Further notices highlighting certain uses we wish to make of your personal information together with the ability to opt in or out of selected uses may also be provided when we collect personal information from you.
1.3 Our website may contain links to other third party websites. If you follow a link to any of those third party websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for their policies or processing of your personal information. Please check these policies before you submit any personal information to such third party websites.
1.4 This Privacy Statement covers the following areas
(a) What personal information about you we collect
(b) How we use your personal information
(c) How we protect your personal information
(d) Contacting us & your rights to prevent marketing and to access and update your personal information
(e) Our Cookies Policy
2. Information we collect about you
2.1 We will collect and process all or some of the following personal information about you:
(a) Information you provide to us ► personal information that you provide to us, such as when using the contact form or any subscription forms on our website, including your name, email address, and other contact details. [If you choose to apply for a job at Otaara and submit a job application via our careers site, we will collect information that you submit via our careers site. Please refer to the terms and conditions on our careers site for information on how we process this information];
(b) Our correspondence ► if you contact us, we will typically keep a record of that correspondence;
(c) Survey information ► if we ask you to complete surveys that we use for research purposes, we shall collect the information provided in the completed survey;
(d) Website and communication usage ► details of your visits to the website and information collected through cookies and other tracking technologies including, but not limited to, your IP address and domain name, your browser version and operating system, traffic data, location data, web logs and other communication data, and the resources that you access.
3. How we use your personal information
3.1 In this section, we set out the purposes for which we use personal information that we collect via our website and, in compliance with our obligations under European law, identify the “legal grounds” on which we rely to process the information.
3.2 Please note that, in addition to the disclosures we have identified below, in some circumstances we will also disclose personal information to service providers, contractors, agents and affiliates of Otaara that perform activities described in this notice on our behalf.
(a) To communicate effectively with you and conduct our business ► to conduct our business, including to respond to your queries, to otherwise communicate with you, or to carry out our obligations arising from any agreements entered into between you and us, which in some circumstances may include passing your data to third parties such as agents or contractors or to our advisors (e.g. legal, financial, business or other advisors).
Use justification: contract performance and legitimate interests (to enable us to perform our obligations and provide our services to you)
(b) To provide you with marketing materials ► to provide you with updates and offers, where you have chosen to receive these. We may also use your information for marketing our own and our selected business partners’ products and services to you by post, email, SMS, phone and fax and, where required by law, we will ask for your consent at the time we collect your data to conduct any of these types of marketing. We will provide an option to unsubscribe or opt-out of further communication on any electronic marketing communication sent to you or you may opt out by contacting us as set out in paragraph 6 below.
Use justification: consent and legitimate interest (to keep you updated with news in relation to our products and services)
(c) For research and development purposes ► to analyse your personal information in order to better understand your and our other clients’ services and marketing requirements and to better understand our business and develop our products and services.
Use justification: legitimate interests (to allow us to improve our services)
(d) To monitor certain activities ► to monitor queries and transactions to ensure service quality, compliance with procedures and to combat
Use justifications: legal obligations, legal claims and legitimate interests (to ensure that the quality and legality of our services)
(e) To inform you of changes ► to notify you about changes to our services and
Use justification: legitimate interests (to notify you about changes to our service)
(f) To ensure website content is relevant ► to ensure that content from our website is presented in the most effective manner for you and for your device, which may include passing your data to business partners, suppliers and/or service providers.
Use justification: contract performance, legitimate interests (to allow us to provide you with the content and services on the websites)
(g) To reorganize or make changes to our business ► if we: (i) are subject to negotiations for the sale of our business or part thereof to a third party; (ii) are sold to a third party; or (iii) undergo a re-organization, we may need to transfer some or all of your personal information to the relevant third party (or its advisors) as part of any due diligence process for the purpose of analyzing any proposed sale or re-organization. We may also need to transfer your personal information to that re-organization entity or third party after the sale or reorganization for them to use for the same purposes as set out in this policy.
Use justification: legitimate interests (in order to allow us to change our business)
(h) Memberships ► If you have purchased and set up a company membership on BankBulb, we will keep your details and may need to contact you.
Use justification: so that we can fulfil the service that your company or you have paid for. This information includes email addresses of individuals who have been appointed page admins,employee names and email addresses as well as company decision makers involved in choosing to sign up with BankBulb.
(i) In connection with legal or regulatory obligations ► We process your personal information to comply with our regulatory requirements or as part of dialogue with our regulators as applicable which may include disclosing your personal information to third parties, the court service, regulators and/or law enforcement agencies in connection with enquiries, proceedings or investigations by such parties anywhere in the world or where compelled to do so. Where permitted, we will direct any such request to you or notify you before responding unless to do so would prejudice the prevention or detection of a crime.
Use justification: legal obligations, legal claims, legitimate interests (to cooperate with law enforcement and regulatory authorities)
3.3. EU General Data Protection Regulation (GDPR): See section 8 (below).
4. Transmission, storage and security of your personal information
4.1 Payment information
Registration forms that include credit cards numbers are destroyed after performance of the corresponding obligation.
Online payment is secured: SSL protocol.
4.2 No data transmission over the Internet or website can be guaranteed to be secure from intrusion. However, we maintain commercially reasonable physical, electronic and procedural safeguards to protect your personal information in accordance with data protection legislative requirements.
4.3 All information you provide to us is stored on our or our subcontractors’ secure servers and accessed and used subject to our security policies and standards. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential and for complying with any other security procedures that we notify you of. We ask you not to share a password with anyone.
4.4 We will retain your personal information for as long as is necessary for the processing purpose(s) for which it was collected and any other permitted linked purpose (for example where we are required to retain personal information for longer than the purpose for which we originally collected it in order to comply with certain regulatory requirements). Our retention periods are based on business needs and your information that is no longer needed is either irreversibly anonymized (and the anonymized information is retained) or securely destroyed in accordance with our internal retention policy.
4.5 No data transmission over the Internet or website can be guaranteed to be secure from intrusion. However, we maintain commercially reasonable physical, electronic and procedural safeguards to protect your personal information in accordance with data protection legislative requirements.
4.6 All information you provide to us is stored on our or our subcontractors’ secure servers and accessed and used subject to our security policies and standards. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential and for complying with any other security procedures that we notify you of. We ask you not to share a password with anyone.
Export outside the EEA
4.8 Where we transfer personal information from inside the European Economic Area (the EEA) to outside the EEA, we are required to take specific measures to safeguard the relevant personal information. Certain countries outside the EEA have been approved by the European Commission as providing essentially equivalent protections to EEA data protection laws and therefore no additional safeguards are required to export personal information to these jurisdictions. In countries which are not subject to this approval (see the full list here), we will establish legal grounds justifying such transfer, such as [MMC Binding Corporate Rules], model contractual clauses, or other legal grounds permitted by applicable legal requirements.
4.9 Please contact us as set out in paragraph 5.7 below if you would like to see a copy of the specific safeguards applied to the export of your personal information.
4.10 We will retain your personal information for as long as is necessary for the processing purpose(s) for which it was collected and any other permitted linked purpose (for example where we are required to retain personal information for longer than the purpose for which we originally collected it in order to comply with certain regulatory requirements). Our retention periods are based on business needs and your information that is no longer needed is either irreversibly anonymized (and the anonymized information is retained) or securely destroyed in accordance with our internal retention policy.
5. Your rights & contacting us
5.1 You have the right to ask us not to process your personal information for marketing purposes. You can exercise the right at any time by clicking the “unsubscribe” option on any electronic marketing communication sent to you or by emailing us at firstname.lastname@example.org or by contacting us as set out in paragraph 6 below.
5.2 We will use reasonable endeavours to ensure that your personal information is accurate. In order to assist us with this, you should notify us of any changes to the personal information that you have provided to us by contacting us at email@example.com.
5.3 If you have any questions in relation to our use of your personal information, you should first contact us as per paragraph 5.7 below. Under certain conditions, you have the right to require us to:
(a) provide you with further details on the use we make of your information;
(b) provide you with a copy of information that you have provided to us;
(c) update any inaccuracies in the personal information we hold (please see paragraph 2);
(d) delete any personal information the we no longer have a lawful ground to use;
(e) object to any processing that Otaara justifies on the “legitimate interests” ground unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights;
(f) object to direct marketing (including any profiling for such purposes); and
(g) restrict how we use your information whilst we consider your inquiry
Where processing is based on consent, you have the right to withdraw your consent by contacting us at firstname.lastname@example.org.
5.4 Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege). If you exercise any of these rights we will check your entitlement and respond in most cases within a month.
5.5 If you are not satisfied with our use of your personal information or our response to any exercise of these rights you have the right to complain to the data protection regulator in your country.
6. Cookies policy
7. Changes to our Privacy Statement and/or Cookies Policy
8. General Data Protection Regulation (GDPR)
GDPR data protection law from the EU came into effect on May 25th 2018.
It changes how companies use your personal data. We want to let you know how and why we collect data.
- Website subscribers. If you have set up a personal user profile on BankBulb, we will store and use the personal details you have provided in order to administer the account and let you manage log ins. If you wish, delete the profile completely under ‘the right to be forgotten’.
- Memberships. If you have purchased and set up a company membership on BankBulb, we will keep your details and contact you so that we can fulfil the service that you have paid for. This information includes email addresses of individuals who have been appointed page admins as well as company decision makers involved in choosing to sign up with BankBulb.
We only hold a limited amount of personal data so that we can provide the services that you have paid for or signed up for. We may also hold personal data in the form of work email addresses on the basis of legitimate interest.
The UK government says the law sets out a number of exemptions from GDPR, which include added protections for journalists, who handle people’s personal information. While UK law is being finalised we are working to make sure that we comply with GDPR provisions. That means that our journalists may contact you regarding a story and may store some personal data. But this data won’t be used for any other purpose.
As a B2B organisation, we may contact you where our products, events or information is relevant to you professionally. In these situations we will only do so in a way that is proportionate, has a minimal privacy impact, and would not – we hope – strike you as surprising. For example, we might be heading for a trip to your city and decide to reach out to production companies or agencies to arrange meetings. This can also be considered a legitimate interest. Of course, if you want us to stop contacting you, let us know at email@example.com or firstname.lastname@example.org.