Privacy Policy 01/05/2018

CFT Group Ltd (Company number 09995879) (CFT Group, we, us or our) provides the products and services offered on the CFT Group website (cftgroup.co.uk) the Duesday website (duesday.com) and/or mobile application Duesday (Platform).

For the purposes of the Data Protection Act 1998 (Act), we are the data controller.

​We have adopted this policy to ensure that we have standards in place to protect the data that we collect about individuals that is necessary and incidental to:

  • providing the products and services that we offer; and
  • the normal day-to-day operations of our business.

By publishing this policy we aim to make it easy for our users, customers and the public to understand what data we collect and store, why we do so, how we receive and/or obtain that information, and the rights an individual has with respect to their data in our possession. If you have any queries or concerns regarding these practices, please contact us by emailing hello@duesday.com

Please note that by visiting and using our websites and/or mobile application you are agreeing to the use of your personal information as described in this Privacy Policy.

Who and what this policy applies to

We handle data in our own right and also for and on behalf of our customers and users.

Our policy does not apply to information we collect about businesses or companies; however it does apply to information about the people in those businesses or companies which we store.

The policy applies to all forms of information, physical and digital, whether collected or stored electronically or in hardcopy.

If, at any time, an individual provides data or other information about someone other than himself or herself, the individual warrants that they have that person’s consent to provide such information for the purpose specified.

CFT Group and Duesday is not available to children (persons under the age of 18 years).

The information we collect and how we use it

1. Here’s why we collect the following personal information from you:

  • Full Name;
    • To identify you as the correct payer of bills
    • To greet you and personalise your profile

 

  • Email address;
    • To uniquely identify your account with us
    • To send you e-alerts when there is activity on your account
    • To send you our newsletters from time to time containing news regarding activity and content on Duesday, unless you indicate that you do not wish to receive these emails at the time you enter your details. If you wish to stop receiving these newsletters, or e-alerts, you can do so at any time
    • To ask for your feedback. Any responses to such requests will be treated anonymous and purely on a voluntary basis
    • To reply to any correspondence, you send to us; and for any other reasonable purposes related to Duesday, CFT Group or your account.


  • Mobile number;
    • To send you a security pin code for second factor authentication
    • To send you alerts when there is activity on your account
    • To reply to any correspondence, you send to us; and for any other reasonable purposes related to Duesday, CFT Group or your account.

 

  • Address;
    • To send you a welcome letter
    • To identify you as the correct payer of bills
    • To comply with our anti-money-laundering obligations
    • To generate anonymised regional usage reports

 

  • Passport, Driving License and/or Utility Bill
    • To comply with our anti-money-laundering obligations

 

  • Date of birth and registered gender
    • To comply with our anti-money-laundering obligations
    • To generate anonymised demographic usage reports

 

  • Any personal information you choose to include in your ‘My Profile’ page (e.g. your photo)
    • To populate your profile. Your name and photo is viewable by other users you are sharing bills with
    • To facilitate interaction between community members
    • To comply with our anti-money-laundering obligations


In order to comply with our anti-money-laundering obligations we may send this data to a third-party provider to verify your personal details. These details are not publicly accessible.


2. Here’s why we collect the following financial information from you:

  • Credit/debit card information
    • To generate a secure payment token so you can pay your bills with Duesday

The secure payment token is stored in an encrypted digital vault

We do not store card details other than the first six and the last four digits of the card number and the card’s expiry date


  • Bank account and sort code
    • To create a Direct Debit mandate so you can pay your bills with Duesday

Your bank details are securely stored in an encrypted digital vault


  • Billing address
    • To authenticate your payment details so you can pay your bills with Duesday
       

3. And finally, we also collect the following statistical and device information. This isn’t personal to you, it’s more about the way Duesday is used by everyone so that we can keep making it better:


  • Statistical Information
    Information about online and offline preferences, habits, movements, trends, decisions, associations, memberships, finances, purchases and other information for statistical purposes;


  • Device Information
    Information, such as the hardware model, operating system version, advertising identifier, unique application identifiers, unique device identifiers, browser type, language, wireless network, IP address and mobile network information;

How else do we use your personal information?

We may use your personal information to investigate a complaint made by another Duesday user or a breach of Duesday’s Terms of Use and to prevent and detect criminal activity, fraud and misuse of or damage to Duesday, CFT Group or the service made available through it and to prosecute those responsible.

If you publicly post about Duesday or CFT Group, or communicate directly with us, on a social media website, we may collect and process the data contained in such posts or in your public profile for the purpose of addressing any customer service requests you may have and to monitor and influence public opinion of Duesday or CFT Group.

How your data is stored

The data we collect from you will be stored in the European Economic Area (EEA) with and by our hosting provider Amazon Web Services (AWS).

Data may also be processed by third parties and/or staff operating outside the EEA who work for us or for one of our third-party partners. Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing.

We will retain data for the period necessary to fulfil the purposes outlined in this policy unless a longer retention period is required or permitted by law.

Information sharing and disclosure

We share your personal information with selected third parties for the purpose of managing and administering the accounts and services provided to you through Duesday. We may further share and disclose this information with

  • other services that we own and/or operate,
  • third parties that are contracted to Duesday and CFT Group for in order to better integrate those services with Duesday and CFT Group and
  • authentication providers (such as AU10TIX, Onfido, GB Group, Trulio) to comply with our anti-money-laundering obligations


Transfer of business:

  • If there is a change (or prospective change) in the ownership of CFT Group or any of its assets, we may have to disclose personal information to the new (or prospective) owner. If we do so, we will require them to keep it confidential and use it in accordance with the terms of our Privacy Policy.


Legal requests:

  • Apart from the use and sharing of your personal information in the limited circumstances already described, the only ways we may share your information are if we need to disclose personal information to protect our and our licensors’ rights and property or to comply with any applicable law or valid legal process.

Aggregated Information

We may share non-personal aggregated statistics data about the usage of our website and products with third parties. Just to be clear, this information does not identify users in any personal capacity; it just gives generalised information about the way Duesday is used.

Cookies

We may store information about you using cookies. A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your device if you agree. Cookies contain information that is transferred to your device’s hard drive. You block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies.

If you want to delete any cookies that are already on your computer, please refer to the instructions for your file management software to locate the file or directory that stores cookies. Information on deleting or controlling cookies is available at www.allaboutcookies.org. Please note that by deleting our cookies or disabling future cookies you may not be able to access certain areas or features of our site.

We use Google Analytics and Mouseflow to better understand how our sites are used so that we can make them easier to understand and navigate. To opt out of using Google Analytics across all websites visit https://tools.google.com/dlpage/gaoptout. To opt out of using Mouseflow across all websites visit https://mouseflow.com/opt-out/.

We use data from Google's Interest-based advertising or 3rd-party audience data (such as age, gender and interests) with Google Analytics for marketing purposes.

By using our websites and products, you are agreeing to the use of the cookies listed above.

Links

Our websites and products contain links (sometimes posted by us, and sometimes by users) to third party websites that are not subject to this Privacy Policy. Read our Terms of Use for further information on these links. We recommend that you read the privacy policy of any such websites that you visit.

How do we protect personal information?

As required by the UK Data Protection laws, we follow strict security procedures in the storage and disclosure of information which you have given to us, to prevent unauthorised access. In particular, we use SHA256 to encrypt your password. Transport Layer Security (TLS V1.1 and above) encrypts the information you provide as it travels through the Internet. Encryption creates billions of code combinations to protect each transaction made on the website, so your password or information cannot be viewed by anyone else using the internet. Despite using this technology, we cannot guarantee the security of the information that you disclose to us. You accept the inherent risks of providing information and dealing on-line and will not hold us responsible for any breach of security unless this is due to our negligence or wilful default.

If you have any concerns about security, please email us at hello@duesday.com.

Editing your personal information and unsubscribing from Duesday emails

You can click the unsubscribe link included in an email or edit your settings in the profile section of our Duesday app to stop receiving e-alerts or newsletters from us. You can also access and edit personal information provided in the profile section of our Duesday app.

Your right to see your personal information

Under the Data Protection Act you have the right to see the personal information that we hold about you, whether collected through your use of Duesday or through any communications that you have had with us. If you have any queries about your right or wish to make such a request please contact us by email at hello@duesday.com or by post addressed to the
Duesday Data Protection Officer, 2 Pike Street, Liskeard, Cornwall, PL14 3HS

You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by choosing certain options on the forms we use to collect your data. You can also exercise the right at any time by contacting us at the address provided above.

Changes to this policy

We may make any change to this Privacy Policy at any time by sending you an email with the modified terms or by posting a copy of them on duesday.com. Any changes will take effect seven (7) days after the date of our email or the date on which we post the modified terms on CFT Group, whichever is the earlier. Your continued use of our websites and products after that period means that you agree to be bound by the modified terms.

You can find out more in our T&Cs.