Privacy Policy

We respect your privacy  

Facctum Solutions Limited respects your right to privacy and is committed to safeguarding the personal data of our customers and website visitors. This policy sets out how we collect, process, and look after your personal information (including when you use our website at https://www.facctum.com/ and when we provide you with our services). We will only collect and use personal data in ways that are described here, and in a manner that is consistent with our obligations and your rights under the law. 

It is important that you read this policy so that you are fully aware of how and why we are using your data. If you are using our website, your acceptance of this policy is deemed to occur upon your first use of the site. This policy supplements (and its terms apply in addition to) any other terms of use or other terms and conditions agreed between you and us from time to time. 

You must not provide us with your personal information if you are under the age of 16 without the consent of your parent or someone who has parental authority for you. This website is not intended for children, and we do not knowingly collect or process the personal information of children. 

We adhere to the retained EU law version of the General Data Protection Regulation ((EU) 2016/679) (UK GDPR), and the Data Protection Act 2018.   

"Personal information" or “personal data” is any information we hold about a living individual, which is identifiable as being about that individual. This includes information such as your name, email address, identification number, or any other type of information that can reasonably identify an individual, either directly or indirectly, such as electronic location data, and other online identifiers. It does not include data where the identity has been removed (anonymous data). 

You may contact us in writing at our email address: privacy@facctum.com or at Lynton House, 7-12 Tavistock Square London WC1H 9LT, United Kingdom, for further information about this Privacy Policy, including if you have any questions about this Privacy Policy or about the use of your personal data or you want to exercise your privacy rights.   

  

Who we are 

Our website and services are operated by Facctum Solutions Limited, a company registered in England and Wales under number 13598462 whose registered office is at Lynton House, 7-12 Tavistock Square, London, United Kingdom, WC1H 9LT, VAT Number GB401325455 (“we/us/our”). 

This policy applies where we are acting as a data controller with respect to your personal data; in other words, it applies where we determine the purposes and means of the processing of that personal data. 

Our Data Protection Officer is Gaurav Singh (gaurav.singh@facctum.com) and they are responsible for overseeing questions in relation to this  Privacy Policy. If you have any questions about this Policy, including any requests to exercise your legal rights, please contact the DPO using the details set out in the section above. The name and contact details of our UK-based representative and our EU-based representative for data protection purposes are as follows:  

 

UK Representative Details:

Grant Marshall  

Email: grant.marshall@facctum.com


EU Representative Details:
Gaurav Singh 
Email: gaurav.singh@facctum.com  


What personal information is collected?  

Facctum Solutions Limited will, from time to time, receive and store personal information that you submit to our website, provide to us directly, or give to us in other forms.  You may provide basic information such as your name, job title, company/organisation name, phone number, country, and email address to enable us to send you information, provide updates and process your product or service order. 

We may collect additional information at other times, including but not limited to details about payments to and from you and details of purchases, or when you provide feedback, when you provide information about your personal or business affairs, change your communications or email preferences, respond to surveys and/or promotions, provide financial or credit card information, or communicate with our customer support, and usage data about how you use our site and our products/services. Additionally, we may also collect any other information you provide while interacting with us, including information contained in any enquiry you submit to us or contained in or relating to any communication that you send to us regarding our services or your requirements.  

We also collect, use, and share aggregated data such as statistical or demographic data. Aggregated data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this policy.  

In the course of providing services on behalf of our clients, we may hold information about criminal convictions and offences. We will only collect information about criminal convictions if it is appropriate and where we are legally able to do so (such as for the prevention of fraud, suspicion of terrorist financing or money laundering, or where the personal data is manifestly made public by the data subject).   


How we collect your personal information  

Facctum Solutions Limited collects personal information from and about you in a variety of ways, including when you interact with us electronically (including when you correspond with us by, phone or email, contacting or requesting a demo from our website) or in person, when you access our website and when we engage in business activities with you. This includes personal data you provide when you request marketing to be sent to you, enter a promotion or survey, fill in our forms and apply for our products/services, and give us feedback or communicate with us.

When you come to and interact with our website (https://facctum.com/), we may automatically collect certain technical information about your equipment, browsing actions, and patterns such as browser type, operating system, website visited immediately before coming to our site, etc. This information is used in an aggregated manner to analyse how people use our site, such that we can improve our service. We collect this personal data by using cookies and other similar technologies. 

We may receive personal information about you from third parties and public sources. If we do, we will protect it as set out in this Privacy Policy. We may share personal information with the following third parties: 

  1. Zoho 

  2. AWS  

Where appropriate, we may collect information about criminal convictions as part of our sanctions screening services and we may be notified of such information by third parties (such as banks) in the course of performing our services.  

By providing us with personal information, you consent to the supply of that information subject to the terms of this Privacy Policy. If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on their behalf and has agreed that you can give consent on his/her behalf to the processing of their data and receive on their behalf any data protection notice. 


How we use your personal information  

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances: 

  1. Performance of a contract: Where we need to perform the contract we are about to enter into or have entered into with you; 

  2. Legitimate interests: Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; 

  3. Legal obligation: Where we need to comply with a legal obligation (we will identify the relevant legal obligation when we rely on this legal basis); or 

  4. Consent: Where you have consented. We rely on consent only where we have obtained your active agreement to use your personal data for a specified purpose, for example, if you subscribe to an email newsletter. 

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in this policy. 

Legitimate Interest  means the interest of our business in conducting and managing our business to enable us to give you the best service and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us. 

Specifically, Facctum Solutions Limited may use personal information about you for the following purposes:  

  1. To register you as a new customer, contract with you, and provide you with products and services during the usual course of our business activities (on the basis of performance of a contract with you);   

  2. To process your orders, including managing payments and collecting money owed to us (on the basis of performance of a contract with you and it being necessary for our legitimate interests);  

  3. To administer and protect our business and website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data), including enforcing our contracts and policies, investigating complaints and preventing illegal activity (being necessary to comply with a legal obligation and for our legitimate interests (for example, for running our business, providing administration and IT services, and network security));   

  4. To manage, research, and develop our products and services (being necessary for our legitimate interests (to develop our services and grow our business));   

  5. To provide you with information about our products and services (on the basis of performance of a contract with you, complying with our legal obligations, and it being necessary for our legitimate interests to keep our records updated and to study how customers use our services);   

  6. To communicate with you by a variety of measures including, but not limited to, by telephone, email, SMS or mail, and to respond to your enquiries and manage our relationship with you, including notifying you about changes to our terms or policies and asking you to leave a review (on the basis of performance of a contract with you, complying with our legal obligations, and it being necessary for our legitimate interests to keep our records updated and to study how customers use our services);   

  7. To use data analytics to improve our site, services, customer relationships and experiences and to measure the effectiveness of our communications and marketing (being necessary for our legitimate interests (to define types of customers for our services, to keep our site updated and relevant, and to develop our business and to inform our marketing strategy));   

  8. To deliver relevant website content (for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy));  

  9. To send you relevant marketing communications and make suggestions and recommendations to you about products or services that may be of interest to you (being necessary for our legitimate interests (to develop our services and grow our business) OR consent, having obtained your prior consent to receiving direct marketing communications);   

  10. To investigate any complaints; and 

  11. Otherwise carrying out our business activities in circumstances where you ought reasonably to have an expectation that we will process your personal data for a particular purpose. 

We will use information about criminal convictions and offences only where necessary to carry out our obligations in connection with the services we provide.  

Where we need to collect personal data by law, or under the terms of a contract we have with you and you withhold or fail to provide your personal information when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, it may not be possible for us to provide you with our products and services) or for you to fully access our website. In this case, we may have to cancel a contract you have with us but we will notify you if this is the case at the time. 

We will only use your personal data for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.  


Marketing  

You will receive marketing communications from us if you have requested information from us or purchased products or services from us and you have not opted out of receiving the marketing. 

We may also analyse your personal data to form a view which products, services, and offers may be of interest to you so that we can then send you relevant the marketing communications.  

We will get your express consent before we share your personal data with any third party for their own direct marketing purposes. 

You can ask us to stop sending you marketing communications at any time by following the opt-out/unsubscribe links within any marketing communication sent to you or by contacting us at privacy@facctum.com. If you opt out of receiving marketing communications, you will still receive service-related communications that are essential for administrative or customer service purposes, for example, relating to order confirmations and updates to our terms and conditions. 

 

Disclosure of your personal information  

Facctum Solutions Limited may disclose your personal information to any of our employees, officers, insurers, professional advisers, agents, suppliers, government bodies, or subcontractors as far as reasonably necessary for the purposes set out in this privacy policy.  

If we do disclose your personal information to a third party, we will protect it in accordance with this privacy policy. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. 

We may disclose your personal information in some limited circumstances if we are legally required to share it, including to comply with a legal requirement, such as a law, regulation, court order, subpoena, warrant, if we are involved in legal proceedings or in response to a law enforcement agency or government authority request.  

If there is a change of control in our business or a sale, merger or transfer of business assets, we reserve the right to transfer to the extent permissible at law our user databases, together with any personal information and non-personal information contained in those databases. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy. 

 

Hosting and international data transfers 

Information that we collect will, from time to time be stored, processed in, or transferred between parties or sites located in the United Kingdom and/or the European Union.

We and our other group companies have offices and/or facilities in the United Kingdom and in India. We share your personal data within Facctum. This will involve transferring your data outside the UK to our overseas offices in India. Whenever we transfer your personal data out of the UK to countries which have laws that do not provide the same level of data protection as the UK law, we always ensure that a similar degree of protection is afforded to it by implementing the following safeguards:

Standard Contractual Clauses (SCCs): We use standard data protection clauses adopted or approved for use in the UK, namely the International Data Transfer Addendum to the European Commission’s standard contractual clauses for international data transfers. A copy can be obtained from Facctum Solutions Limited’s Data Protection Officer (privacy@facctum.com).

Binding Corporate Rules (BCRs): We require all our group companies to follow binding corporate rules when processing your personal data. A copy can be obtained from Facctum Solutions Limited’s Data Protection Officer (privacy@facctum.com).

We may transfer your personal data to service providers in India that carry out certain functions on our behalf. This may involve transferring personal data outside the UK to countries which have laws that do not provide the same level of data protection as the UK law. Whenever we transfer your personal data out of the UK to these parties, we ensure a similar degree of protection is afforded to it by ensuring that the following safeguards are in place:

Standard Contractual Clauses (SCCs): We use standard data protection clauses adopted or approved for use in the UK, namely the International Data Transfer Addendum to the European Commission’s standard contractual clauses for international data transfers. A copy can be obtained from Facctum Solutions Limited’s Data Protection Officer (privacy@facctum.com).


Security of your personal information 

Facctum Solutions Limited is committed to ensuring that the information you provide to us is secure. To prevent unauthorised access or disclosure, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure information and protect it from misuse, interference, loss and unauthorised access, use, modification, and disclosure. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. 

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. 

Where we employ data processors to process personal information on our behalf, we only do so on the basis that such data processors comply with the requirements under the GDPR and that they have adequate technical measures in place to protect personal information against unauthorised use, loss, and theft. 

Unfortunately, the transmission and exchange of information via the internet is not completely secure and is carried out at your own risk. We cannot guarantee the security of any information that you transmit to us or receive from us. Although we do our best to take measures to safeguard against unauthorised disclosures of information and the protection of your personal data, we cannot guarantee the security of your information transmitted to us over the internet and you acknowledge that any transmission is at your own risk. 


Data retention  

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation with respect to our relationship with you.  

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting, or other requirements.  

By law we have to keep basic information about our customers (including contact, identity, financial and transaction data) for six years after they cease being customers for tax purposes.  

In some circumstances you can ask us to delete your data: see the section below for further information.  


Your rights under the GDPR 

You have certain rights under data protection laws in relation to your personal data.

You have the following rights:  

  1. Right of Access: Request access to your personal information commonly known as a “subject access request” (we will provide you with a free copy of it to enable you to check that we are lawfully processing it). 

  2. Right to Rectification: Request to correct your personal information if it is inaccurate or incomplete. 

  3. Right to Erasure: Request erasure of your personal information (also known as “the right to be forgotten”). 

  4. Right to Restrict Processing: Request we restrict processing of your personal information. 

  5. Right to Data Portability: Request the transfer of your personal information to you or to a third party. 

  6. Right to Object: Object to your personal information being processed where we are relying on a legitimate interest. 

  7. Right to Withdraw Consent: Withdraw consent at any time where we are relying on consent to process your personal data. 

  8. Rights Related to Automated Decision-Making and Profiling: Object against automated decision-making and profiling. 

Please contact us at any time to exercise your rights above at privacy@facctum.com or Lynton House, 7-12 Tavistock Square London WC1H 9LT, United Kingdom.   

We may ask you to verify your identity and ensure your right to access your personal data before acting on any of your requests. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. You will not have to pay a fee to access your personal data (or to exercise any of the other rights set out above). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we could refuse to comply with your request in these circumstances. 

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. 


Complaints about privacy 

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance. If you have any complaints about our privacy practices, please feel free to send in details of your complaints to privacy@facctum.com. We take complaints very seriously and will respond shortly after receiving written notice of your complaint. 


Changes to Privacy Policy 

We keep our privacy policy under regular review. Please be aware that we may change this Privacy Policy in the future. We may modify this Policy at any time, in our sole discretion and all modifications will be effective immediately upon our posting of the modifications on our website or notice board. Please check back from time to time to review our Privacy Policy. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us, for example, a new address or email address. 


Cookies

We use cookies on our website to enhance your browsing experience and analyse site usage. Cookies are very small files that a website uses to identify you when you come back to the site and to store details about your use of the site. We use strictly necessary, analytics, functionality, and targeting cookies. Some cookies expire at the end of your browsing session, while others may remain on your device for up to 2 years.

When you first visit our site, you'll see a banner allowing you to accept or reject cookies. You can also choose to reject cookies by changing your browser settings. However, this may prevent you from taking full advantage of our website. 

We work with third-party providers such as Google Analytics, LinkedIn, and Facebook, who may also set cookies on our website. For more information about the cookies we use, how to change your cookie preferences, and a full list of our cookie providers, please refer to our cookie policy at https://www.facctum.com/cookie-policy.


Third-party sites

Our site may contain links to other websites not owned or controlled by us. These links are meant for your convenience only. Clicking on those links may allow third parties to collect or share data about you. We are not responsible for the privacy practices of other such websites. We encourage our users to be aware when they leave our website, and to read the privacy statements of every website that collects personally identifiable information.