1. General Information
For the purposes of the Data Protection Act 1998, the Data Controller in relation to personal data supplied about you is Lee Murphy, who can be contacted at firstname.lastname@example.org.
Data Protection Registration No. Z2264995.
2. What information do we collect?
Your personal data
When we say your "personal data", we mean any information that identifies any person, that you provide to us during your trial period, after you subscribe, or that is contained in any other information that you provide to us (or that you authorise a third party to give to us on your behalf).
Your "personal data" may also be contained in information that we collect about you in connection with your use of the Pandle website and/or Pandle. The financial data that you enter into Pandle, or that is provided to Pandle from your bank, isn't part of the "personal data" discussed here, unless it identifies a person – for more information about your financial data, jump ahead to the next section. When it comes to your personal data, we comply with our obligations under the General Data Protection Regulation and any other applicable data protection legislation.
Information you provide – Your personal data includes the information you provide, or that you authorise someone else to provide, when you sign up for an account or sign up to receive our emails, or when you answer questionnaires, surveys, enter competitions or provide information in your account profile, on the Pandle website, or during a support enquiry about you and/or your organisation. It also includes information you provide when you complete any forms which you submit to us. It also includes information you upload to your Pandle account.
Examples of this personal data include your name, your email address, contact and/or employee names; and any correspondence when you contact us. It could also include your bank account details and bank transaction details (if it identifies a person). It could also include details in any invoices or receipts that you upload (if they identify a person).
We do not collect or process special categories of personal data, as defined under GDPR. Also, we do not knowingly collect or solicit any personal data from anyone under the age of sixteen or knowingly allow such persons to register for Pandle. Pandle is not directed at children under the age of sixteen. In the event that we learn that we have collected personal data from a child under age sixteen without verification of parental consent, we will delete that information as quickly as possible.
Information we collect - We collect information about your website usage, to improve our service and to understand trends to enhance and customise content and advertisements. Some of this data may be "personal data", where it identifies a person. Here's the information that we collect and how we use it:
- We monitor patterns of usage, such as login dates and volumes of data, so we can understand how people are using Pandle to develop and improve our products.
- Certain features in Pandle may collect your precise location information, device motion information, or both, if you grant permission to do so in your device settings. For example, if you use our mileage tracking feature.
- We also monitor patterns of usage so that we can tailor any communications we may send you or advertising you may receive. For example, we may tailor your newsletter with information about product features that you haven't tried yet, instead of features that you use frequently.
- For security reasons and to aid in monitoring patterns of usage, we log your IP address when you use the website. This is your computer's individual identification number that is assigned to your computer when connected to the Internet.
- We monitor traffic information when you visit our site or read our emails, including things like page visits, email clicks, purchases, referring sites, and video viewings. We use this information to improve our website, advertising, promotions, and to understand customer purchasing behaviour.
Information Others Provide to Us - We may receive information from others (e.g. your bank) that you have authorised that third party to provide to us. This could include the initial information to enable us to create your account (e.g. your full name, your email address and your business type) and also your bank transaction data.
In addition to your personal data, we will also hold financial data that you enter into Pandle. Examples of your financial data include your organisation's invoices, expenses, receipts and bank transactions.
You own all of the financial data you enter or upload into Pandle and have ultimate control over who has access to it. For example, if you want to give your accountant access to your financial data, you can switch on their access in Pandle and limit their permissions if you wish. Keep in mind, however, it is your job to safeguard your password and account access. You must also ensure that you have obtained any relevant consents or permissions necessary for you to upload any personal data to Pandle and for it to be used as set out in this policy.
3. What do we use your data for?
Providing Pandle - We use your personal data to enable us to register you and provide you with access to Pandle and the Pandle website. It will also enable us to contact you by email, post, SMS, live chat, social media or telephone where necessary concerning Pandle; to record your personal preferences; to personalise our services to you (such as by pre-populating fields to make it easier for you to provide information when you return to Pandle or the Pandle website). It will also enable us to produce reports you request as part of the services we provide, including regulatory reports and/or other reports. We may also validate your information (and, in some cases, match it against information that has been collected by a third party, for example Companies House) to check that the data we hold about our customers/users is accurate, consistent and current.
Should you choose to use parts of Pandle that involve providing your personal and/or financial data to third parties (for example, if you choose to give your accountant or your bank access to your data), then your personal and/or financial data will be shared in that way. Such personal and / or financial data may include for example, general, financial and transactional data, and information from your account such as accounting balances, bank transactions and invoice, bill, expense and project details. These third parties will use that data in accordance with any consents you have given us or that you may give to us in the future.
We may use third parties to assist us in providing Pandle from time to time, and in those cases may pass on your personal and/or financial data to them. In such cases we will only share your data with third parties that we trust, and where there are assurances in place as to how they will protect the data.
As an example, we use Plaid Financial Ltd as a third party, should you wish to connect your bank account to Pandle.
Improving Pandle - We will also use and analyse your personal data and financial data so that we can administer, support, improve and develop our business, customer service and the features of the Pandle website and Pandle generally. We may use third parties to assist us in doing these things from time to time, and in those cases may pass on your personal and/or financial data to them. We will only share your data with third parties that we trust, and where there are assurances in place as to how they will protect the data.
Providing Insights - We monitor anonymous, aggregated information about account and financial data so that we can produce insights about small businesses finance. For example, based on an anonymous, aggregate data analysis, we may produce a white paper that reports how most small businesses are not paid on time. We may share these insights with customers, on our blog or other promotional material, use them internally to improve our product and communications, or share with other interested third parties. Just to be clear - we will never identify you or your business in such communications or white papers and will never report data in such a way that your business could be identified.
Contacting you for Marketing Purposes - We may use your personal data to contact you by email, post, SMS, live chat, social media and/or telephone to let you know about our other Pandle services, content, offers or product ranges which may be of interest to you. We may also use your financial data to enable us to tailor these notifications (in order to make sure what we are sending you is relevant). We will only use your data in this way where you have provided consent, we have legitimate business reasons for doing so, or where we are otherwise entitled by law to do so. If you would like us to stop providing you with such notifications, simply click the ‘unsubscribe’ link at the bottom of the emails or contact us using the contact details below. Please note, this may take up to one working day to take effect. To stop receiving emails from Pandle itself (for example, a reminder that your subscription is expiring), you should cancel your Pandle account.
We may contact you if the specific arrangement we have in place with a third party which impacts you is changing and / or coming to an end and to let you know what will take place next.
Cookies - We may further use, or permit selected third parties to use, your personal data to enable us to track and analyse Pandle website traffic and visitor trends, improve your browsing experience and to personalise and enhance the content and advertising we display.
Legal Requirements – We may use your personal data to comply with any legal obligations to which we are subject.
We shall periodically check that the personal data we store for you is accurate. If you would like to update the personal data we hold about you, please login to your Pandle account or contact us at email@example.com
4. Why do we use your personal data?
We collect and use your personal data for a variety of reasons. We need some data to enter into and perform our contract with you and provide you with access to Pandle – for example your contact details and other information requested during the Pandle setup process. If you fail to provide such data we will be unable to provide our service to you.
Other information we collect because we have legitimate business interests, for example, in:
- Ensuring that we can onboard you as a customer and manage your account;
- Understanding how our customers use our products, services and websites;
- Understanding and responding to customer feedback;
- Researching and analysing the services our customers want;
- Improving our product and better understanding how our customers use it.
In some circumstances we may process your personal data because it is required for compliance with a legal or regulatory obligation.
5. Who do we share your information with?
You have the option within your account to share your data with people that you trust – for example, you can switch on account access for your accountant to see your financial data. We will not share your financial data with a third party unless you authorise it (by choosing to do so within Pandle, or as detailed in this policy).
We will share your personal and financial data with third parties in certain circumstances:
- We may pass aggregate information on the usage of the Pandle website and Pandle, where relevant, to maintain, improve and manage the Pandle website and Pandle, but this will not include your personal data.
We may also share your personal and financial data with third parties:
- in the event that we, our business, or substantially all of its assets are acquired by a third party (in which case personal information about customers will be one of the transferred assets);
- if we are under a duty to disclose or share your personal or financial data in order to comply with any legal obligation; to cooperate with law enforcement officials in the investigation of unlawful activities of Pandle website users or relating to Pandle users; or in order to enforce or apply any contract with you; or to protect our rights, property, or safety of our employees, customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
We also utilise a number of carefully selected third parties to help provide our services to you. Examples of these functions include email, providing marketing assistance and data analysis, data management, handling credit card transactions and providing customer service. In choosing to work with any such third parties, we will always ensure that the security policies and confidentiality arrangements of those third parties adhere to the same requirements we ourselves impose and expect, as a minimum. No ownership rights to the data will be transferred to any third party.
The data that we collect from you is currently stored on secure UK servers using Google Cloud.
You may grant third party access to your personal or financial data by enabling the Pandle API for that third party. At all times, this access is controlled by you. Pandle is not responsible for the privacy practices employed by any third party given access by you to your personal or financial data by the Pandle API.
6. How long do we store your data for?
We only store your data for as long as necessary for the purposes of processing set out in this policy. When you cancel your account with Pandle, you can either delete your data immediately, or we will automatically delete your data after a period of 8 years after the last date of inactivity in your account. We hold your data for 8 years as you may require it for Anti-Money Laundering purposes or in the event of an investigation from the tax authorities.
If you are signed up to marketing communications, cancelling your Pandle account will cancel your marketing communication also.
To ensure the integrity of our systems and your data, we utilise various technologies to continually take secure, encrypted backups. Data remains archived within these backups and these are maintained according to our defined two-year data retention policy, after which they are removed.
7. You can export your data at any time
You can export a copy of your data whenever you like - this will include your personal data and that of your clients, contacts and suppliers, your financial transactions, invoices, and expenses. We recommend that you use the export functionality to keep a backup of your data. While we regularly back up your data, we can't restore backups on an individual basis.
You can also ask us for a copy of your personal data that we hold at any time, see section 10 below.
8. You can delete your data at any time
You have the option to delete all of your data at any time, using the "Cancel My Account" option in the profile settings in the main menu of Pandle. You can use this option to reset Pandle after loading test data during your free trial. After you delete your data you will have the option to restore it within 7 days. After this time your data will be lost permanently.
We highly recommend that you export your data before cancelling, since many countries require you retain your business records going back many years, even if you have finished trading.
If your free trial expires, your Pandle subscription will convert to the free version of Pandle. We will retain historical details about your payments to Pandle for accounting purposes because we need to do so by law.
9. We don't store your credit card details
If you are using Pandle Pro, once your free trial is over, you need to provide payment details to start your subscription and continue using Pandle. This information is passed directly to our payment service provider (Stripe - https://stripe.com) over an encrypted link and is never stored on our system. We handle ongoing billing by passing a token to Stripe that identifies your account.
10. What are your rights?
- Access to your personal data: You can ask us to confirm if we are processing your personal data and you may request a copy of your personal data by contacting our support team at firstname.lastname@example.org
- Right to change or withdraw your consent: Where you have given us consent to make use of your personal data for any of the purposes outlined in this policy, you may withdraw that consent by contacting us using the details located at section 14 of this policy.
- Right to Rectification: You may ask us to update out of date or inaccurate information we hold about you. To do so, please log on to your Pandle account and update your information
- Right to Erasure: In certain circumstances you may ask us to erase your Personal Data. If you would like us to erase the personal data we hold about you, please cancel your Pandle account
- Right to Data Portability: In certain circumstances you may ask us to provide you with the personal data that we hold about you in a structured, commonly used, machine readable form, or ask for us to send such personal data to another data controller. You can use the export functions within Pandle or contact via the details in section 14.
- Right to object: In certain circumstances you may object to our processing of your personal data. Please get in touch
- Right to restrict processing: You can ask us to restrict the processing of personal data we hold about you in certain circumstances. Please get in touch
- Make a complaint: You may make a complaint about our data processing activities to a supervisory authority. In the UK this is the Information Commissioner's Office (ICO). Further details can be found on their website at https://ico.org.uk.
If you want to manage or disable cookies for the Pandle website or any other site, you can do it by changing your browser settings. We suggest consulting the Help section of your browser or taking a look at the About Cookies website which offers guidance for all modern browsers.
12. Security and data storage
We take security and privacy seriously. We will endeavour to take all reasonable steps to keep your personal and financial data secure once it has been transferred to our systems. We adopt appropriate, industry standard data collection, storage and processing practices and security measures to protect against unauthorised access, alteration, disclosure or destruction. For further details of the some of the security measures we have implemented, please see here
Where we utilise third parties to help provide our services, we will always ensure that the security policies and confidentiality arrangements of those third parties adhere to the same requirements we ourselves impose and expect, as a minimum.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of the Pandle website or Pandle itself, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Please note that the internet is not a secure medium and although we will do our best to protect your data, we cannot guarantee the security of any data transmitted to the Pandle website or through Pandle itself. Any transmission is at your own risk.
14. Getting in touch