This Data Privacy Statement summarizes important information about how Form3 collects, uses and discloses personal data and ensures compliance with the laws and regulations. This Data Privacy Statement relates to your use of our website.
Through our website we may from time to time link to other websites owned and operated by third parties. This website may also gather information about you in accordance with their own separate privacy notices. Please consult their privacy notices, as appropriate.
This website is operated by Back Office Technology Limited (trading as Form3). We are a payment technology provider; for more information about our services, please visit the "About" tab.
We collect, use and are responsible for certain information about you (referred to as "personal data") that we collect through this website. When we do so we are regulated by the General Data Protection Regulation (GDPR) which applies across the EU and UK.
Form3 has adopted the following principles to govern use, collection and disclosure of personal data. These principles have been established to create a uniform standard across all our offices taking account of the laws in the jurisdictions in which we operate.
Form3's core principles provide that personal data must:
The types of data we collect and process fall into one of the following categories:
We collect personal information from you when:
We also collect personal data when you apply for a job vacancy through our website but this information is processed in accordance with our Recruitment Privacy Statement [LINK], which you should review before submitting your application.
The information we collect about you depends on your activity but includes:
Additional information may be processed where it is provided by you, for example in correspondence, in connection with an event or in letting us know what areas you are interested in and when you wish to be contacted by us.
This website is not intended for use by children and we do not knowingly collect of use personal information relating to children.
When we use your personal data that we collect through our website, we must have a lawful basis for doing so. The lawful basis depends on what information we collect and how we use it.
The legal basis we rely on to process the personal data we collect through our website is either:
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.
Our lawful basis for each processing activity is set out in the table below:
|Activity||Personal Data||Our Lawful Basis|
When you register your details with us (either to contact us or sign up to our newsletter or other promotional materials), we take information to allow us to:
||Name, contact information and/or business information||
Legitimate interests: to take steps at your request
Consent: where you have opted into receive direct marketing communications
|To use data analytics to improve our website and for our marketing purposes||Technical and analytical information about how you interact with our website||Legitimate interests: to define the types of customers for our services, keep our website updated and relevant and develop our business.|
If you have previously given your consent for us to contact you for marketing purposes, you can opt-out at any time by contacting us at firstname.lastname@example.org or using the unsubscribe feature on the communication.
Data is collected in our CRM system when you register to receive newsletters or updates, or we otherwise receive your contact details.
You will receive a notice when your details have been added to the CRM database. You can revisit your profile at any time to amend your information or preferences or to provide additional details.
You will also be provided with the option to opt out and/ or be removed from the CRM database with each marketing communication you receive from us.
We may share your personal data with third parties to enable us to effectively run our business, e.g. marketing agencies and website hosts.
Specifically, we share your personal data with Hubspot who run our client relationship management platform.
We only allow our service providers to handle your personal information if we are satisfied they take appropriate measures to protect your personal information. We also impose contractual obligations on service providers relating to ensure they can only use your personal information to provide services to us and to you. We may also share personal information with external auditors, eg in relation to ISO [or Investors in People] accreditation and the audit of our accounts.
We will share personal data with law enforcement or other authorities if required by applicable law.
We may also need to share some personal information with other parties, such as potential buyers of some or all of our business or during a re-structuring. Usually, information will be anonymised but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.
We will not share your personal information with any other third party.
Form3 understands that personal data must be processed in line with individuals' rights, including the right to:
|Access||The right to be provided with a copy of your personal information (the right of access)|
|Rectification||The right to require us to correct any mistakes in your personal information|
|To be forgotten||The right to require us to delete your personal information—in certain situations|
|Restriction of processing||The right to require us to restrict processing of your personal information — in certain circumstances, eg if you contest the accuracy of the data|
|Data portability||The right to receive the personal information you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations|
The right to object:
|Not to be subject to automated individual decision making||The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you|
For further information on each of those rights, including the circumstances in which they apply, see the ICO’s guidance on individuals rights under the GPDR, available here: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/ .
If you have any questions or complaints relating to how the firm has processed your personal data, please contact email@example.com .
It is sometimes necessary for us to share your personal data outside of the UK and EEA, specifically:
These transfers are subject to special rules under UK and European data protection law.
These non-UK/EEA countries may not have the same data protection laws as the UK and EEA. We will, however, ensure the transfer complies with data protection law and all personal data will be kept secure. Our standard practice is to use standard data protection contract clauses that have been approved by the European Commission.
If you have any questions at all about transfer of data between jurisdictions please contact firstname.lastname@example.org .
We will keep your personal data while you have an account with us or while you continue to communicate or opt-in to receive communications from us. Thereafter, we will keep your personal information for as long as is necessary:
We will not retain your personal data for longer than necessary for the purposes set out in this policy. Different retention periods apply for different types of personal information.
When it is no longer necessary to retain your personal information, we will delete or anonymise it.
We have appropriate security measures in place to prevent personal data from being accidentally lost, or used or accessed in an unauthorised way.
We limit access to your personal data to those within Form3 who have a genuine business need to access it. Those processing your personal data will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a data security breach where we are legally required to do so.
This Data Privacy Statement was published on 19 December, 2019 and last updated on 14 August, 2020.
We may change this Data Privacy Statement from time to time, when we do we will inform you via email and the updates will be posted on this page.