Get Started
background gradient background gradient background gradient
Privacy Policy

INTRODUCTION

Welcome to the privacy policy of the Rimbal Group (“Privacy Policy”).

The Rimbal Group respects your privacy and is committed to protecting your personal data. This Privacy Policy will inform you about how we look after your personal data, your privacy rights and how the law protects you.

IMPORTANT INFORMATION

It is important that you read this Privacy Policy, together with any other Privacy Policy or fair processing notice that we may provide on specific occasions when we are collecting or processing personal data about you, so that you are fully aware of how and why we are using your data. This Privacy Policy supplements any other privacy notices or policies and is not intended to override them and relates to:

  • Visitors to rimbal.com, validpath.co.uk and all related subdomains (together making up the “Websites”);
  • Software applications and third-party clients who use our application programming interfaces (“APIs”); and
  • End users who use our Websites, APIs, mobile applications and any other services, products, tools, features or content made available by the Rimbal Group.

By using the Websites, APIs or any other services, products, tools, features or content as made available by the Rimbal Group you hereby:

  • Acknowledge and confirm that you are at least eighteen (18) years old;
  • Consent to the use of your personal data as described in this Privacy Policy; and
  • Consent that if you provide any personal information on behalf of someone else that you have their consent to use and provide their personal information.

This Privacy Policy may change from time to time and if it does, the up-to-date version will be available on the Rimbal Group Websites (historic versions can be obtained by contacting us). By continuing to use the Rimbal Group websites, you are agreeing to any updated versions of the Rimbal Group Privacy Policy or other privacy policies indicated on any specific Rimbal Group website.

WHO WE ARE

The Rimbal Group

This Privacy Policy is issued on behalf of the Rimbal Group. The Rimbal Group consists of the parent company, Rimbal Holdings Limited (with registered company number 11013618 and registered office at Unit 8, 8 Shepherd Market, London, United Kingdom, W1J 7JY) together with a number of subsidiaries (as defined in section 1159 of the UK Companies Act 2006) that include Rimbal Systems Limited, ValidPath Limited, Preference Financial Services Limited and Rimbal Limited and other subsidiaries (“Rimbal Group”).

This Privacy Policy applies to all of those subsidiaries and affiliated companies, irrespective of location or jurisdiction. In particular, the data controller (as referred to below) is a subsidiary of Rimbal Holdings Limited.

Data Controller

Rimbal Systems Limited is the data controller (as defined under European Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) for the Rimbal Group. Rimbal Systems Limited is registered as a data controller with the UK Information Commissioner’s Office (“ICO”) with registration number is ZA870604 and is the entity that is responsible for processing your data on behalf of the Rimbal Group. Accordingly, “we”, “us” or “our” in this Privacy Policy, refers to Rimbal Systems Limited. Where specifically not in relation to the obligations of the data controller under GDPR, “we”, “us” or “our” may also refer to any of the subsidiaries or propositions of the Rimbal Group.

Rimbal Systems Limited (“Rimbal Systems”) is registered with company number 12140269 and registered office address at address Unit 8, 8 Shepherd Market, London, United Kingdom, W1J 7JY.

Data Processor Function within the Rimbal Group

You may engage with a company within the Rimbal Group (such as ValidPath Limited) who may ask you to provide data and information via the Websites. In this instance, Rimbal Systems acts as a data processor and will process your personal data in accordance with this Privacy Policy the company you are engaging with within the Rimbal Group will act as Data Controller and control your personal data in accordance with this Privacy Policy (unless other stipulated).

HOW WE COLLECT YOUR DATA

We may obtain information in several ways which could include:

  • Information you give to us: You may give us information about you when you use our Websites or APIs or by communicating with us by email, telephone or otherwise;
  • Information we record about you: Each time you visit our Websites, APIs or systems we may automatically record information through the use of cookies, web beacons and other anonymous online identifiers;
  • Information that we receive from other parties including other companies in the Rimbal Group or third parties who provide services to you or us;
  • Information that we learn about you through our relationship with you; and
  • Information that we gather from publicly available sources.

THE CATEGORIES OF DATA WE MAY COLLECT

The types of personal information and data that we may collect may include (but is not limited to):

  • Identity Data that includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
  • Contact Data that includes residential address, delivery address, email address and telephone numbers.
  • Financial Data that includes financial transactions, financial accounts and projection information.
  • Transaction Data that includes details about payments to and from you and other details of products and services you have purchased from us.
  • Technical Data that includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, screen resolution, and other technology on the devices you use to access this website.
  • Profile Data that includes your username and password, purchases or orders made by you, your preferences, feedback and survey responses.
  • Usage Data that includes information about how you use our website, products and services.
  • Marketing and Communications Data that includes your communication preferences.

We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity.

HOW WE MAY USE YOUR INFORMATION

We may use your personal information and/or data to:

  • Provide you with products and/or services;
  • Administer, operate, facilitate and manage your relationship with us which may include sharing such information within the Rimbal Group as well as disclosing it to third parties
  • Contact you or your designated representative(s) or colleagues by post, telephone, electronic mail, etc., in connection with your relationship;
  • Provide you with information relating to our products and services; and
  • Facilitate our internal business operations, including assessing and managing risk and fulfilling our legal and regulatory requirements.

If your relationship with us ends, we will continue to treat your personal information, to the extent we retain it, as described in this Privacy Policy.

Automated decision-making and profiling

‘Automated Decision Making’ refers to a decision which is taken solely on the basis of automated processing of your personal data. This means processing using, for example, software code or an algorithm, which does not require human intervention. Profiling means using automated processes with or without human intervention to analyse your personal data in order to evaluate your behaviour or to predict things about you. We may use automated decision-making or profiling as part of offering the Websites, APIs, mobile applications and any other services, products, tools or features made available by the Rimbal Group to you.

WHY WE MAY COLLECT DATA ABOUT YOU

There are many reasons why we may legitimately collect and process your personal information and data including:

  • Consent: We can collect and process your data with your consent.
  • Contractual obligations: We may process your information where it is necessary to either enter into a contract with you for the provision of our products or services or to perform our obligations under that contract or to provide you with information or guidance in relation to our products or services that are offered by us.
  • Legal compliance: If the law or any applicable regulator requires us to, we may need to collect and process your data and also provide this to any such regulator
  • Legitimate interest: We may process your information in the day-to-day running of our business, to manage our business and financial affairs and to protect our customers, employees and general interests. In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.

Not providing personal data when requested

Where we need to collect personal data by law or under the terms of an agreement or contract that we have with you or may have with you and you fail to provide that data when requested, we may not be able to provide you with products or services or perform under the agreement or contract that we have or may have with you. If this is the case, we may have to cancel a product or service or agreement we have with you and you will be notified at the time.

STORAGE OF YOUR PERSONAL DATA (INCLUDING OUTSIDE OF THE “EEA”)

The data and information that we collect and process may be transferred to, and stored at, a destination outside of the UK. We will only do so on the basis that anyone to whom we transfer it to, protects it in the same way that we would and such entity or person or other third party is subject to the appropriate safeguards.

In the event that we transfer information to countries outside of the EEA, we will only do so where:

  • The European Commission has decided that the country or the organisation, entity or individual to whom we are transferring to or sharing your data and/or information with, will protect your information adequately;
  • The transfer has been authorised by the relevant data protection authority; and/or
  • We have entered into a contract with the organisation, entity or individual with whom we are sharing your data and/or information (on such terms as approved by the European Commission), to ensure your information is adequately protected.

DATA SECURITY

We will take all steps reasonably necessary to ensure that your information and/or data is treated securely and in accordance with this Privacy Policy. We follow strict security procedures as to how your information and/or data is stored and used, and who sees it. We use strict procedures and security features to prevent unauthorised access. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Third Party links

The Rimbal Group Websites may include links to third-party affiliates, websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements, notices or policies. Please always check the privacy policies of any sites we link to.

DATA RETENTION

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Retention periods may be changed from time to time based on business or legal and regulatory requirements. Details of retention periods for different aspects of your personal data is available on request.

YOUR LEGAL RIGHTS

You have the right to:

  • Access: You have the right to get access to the information and/or data that we hold about you;
  • Automated Decision-Making: You have the right not to be subject to a decision which is based solely on automated processing where that decision produces legal effects concerning you or otherwise significantly affects you;
  • Erasure: You have a right to withdraw consent to the processing of your personal data and request that we delete your information and/or data;
  • Marketing: You have a right to object to direct marketing;
  • Portability: You have a right to data and/or information portability;
  • Rectification: You have a right to rectification of any inaccurate information and/or data and to update incomplete information and/or data that we hold about you;
  • Restriction: You have a right to request that we restrict the processing of your information and/or data; and
  • Lodge complaints: You have a right to lodge a complaint with the regulator. If you wish to raise a complaint on how we have handled your information, you can contact us. We would hope to be able to address any concerns you may have, but you can always contact the Information Commissioner’s Office (ICO).

If you wish to exercise any of the rights set out above, please contact us.