Privacy Policy

Adfin Financial Services Ltd ("Adfin" or "we" or "us" or "our") is committed to protecting and respecting your Privacy. This Privacy Policy (together with our website Terms of Service) sets out the basis on which any personal data we collect from you or that you provide to us, will be processed by us.

Please read the following carefully to understand our practices regarding your personal data and how we will treat it. By visiting, accessing or using our website and/or services (collectively the “Service”), you are accepting the practices described in this Privacy Policy.

Depending on the processing activity, we act either as a data controller (where we decide how personal data is used, e.g. for fraud monitoring and service improvement) or as a data processor (where we handle personal data on our customers’ instructions to facilitate payment services provided by our regulated partners)

How you may get in contact with us

If you have any questions, comments or requests regarding this Privacy Policy, please contact us using the following details:

• Post: Adfin Financial Services Ltd, 12 New Fetter Lane, London EC4A 1JP
• Email: dpo@adfin.com 

We are registered with the Information Commissioner’s Office (registration number ZB761303).

Information we collect

1. Information you give us. 

You may give us information about you by using the Service or by corresponding with us by phone, email or otherwise. The information you give us may include:

• Contact information such as name, business email address, and phone number, etc; 
• Financial information to the extent that it comprises personal data;
• Content and information you input in open text fields, e.g. in “contact us” or other chat forms. This includes the text, files and links you upload to the Service;
• Display name, profile photo, job title, and other details to your profile information; 
• Information about your company, e.g. company name and company phone contacts to the extent that it comprises personal data;
• A summary of any problem you are experiencing, and any other documentation, screenshots or information that would help resolve an issue submitted to our customer support included in the Service.

2. Information we collect about you. 

Each time you visit our website or otherwise engage with the Service we may collect the following information:

• Technical information such as IP address, browser and device details, and connection settings.
• Usage information about how you interact with our platform, including features used and activity within the service.
• Log and diagnostic information such as error reports and support interactions.
• Files and documents you upload to the service, including the information they contain.
• Transaction and behavioural information used to support fraud detection and security.
• Aggregated or anonymised information for reporting and service improvement, which cannot be linked back to you.

3. Information collected from two-factor authentication 

If you choose to enable two-factor authentication for your account, we will collect and process the information necessary to provide this security feature. This may include, for example, your phone number (for SMS-based codes), an email address, a device identifier for authenticator applications, or information relating to a hardware token or other authentication method. 

4. Links to other websites 

From time to time, we may include links on the Service to third-party websites. Please pay attention when you connect to these websites and read their terms and conditions of use and privacy policies carefully. We do not control or monitor such websites or their web content.

This Privacy Policy does not apply to any third-party websites and we are not responsible for the content, privacy policies, or processing of your personal data while you are visiting any third-party websites.

Purpose and legal bases for processing your data

We are required to have a legal basis for collecting and using your personal data. In order to do so, we rely on one or more of the legal bases outlined below. 

The recipients, or categories of recipients of the personal data

We may share your personal information with any member of our group companies (including subsidiaries and affiliates) for the purpose of providing you with the Services.

We may share your personal information with selected third parties, including business partners, suppliers and sub-contractors, for the performance of a contract we enter into with them or you, and/or to provide the Service, e.g. cloud storage providers, accounting software platforms, etc. 

Please note that in order to be provided with payment services through our platform, you must enter directly into an agreement with one of our Partners and your data will be shared with them in order to use their services. 

We may also disclose your personal information to third parties:

• In the event that we sell or buy any business or assets, we may disclose your personal information to the prospective seller or buyer of such business or assets;
• If our assets, or substantially all of our assets are acquired by a third party, personal information held by us about you may be one of the transferred assets;
• If we are under a duty to disclose or share your personal information to comply with any legal obligation, to enforce or apply our Terms of Service or other agreements, or to protect our rights, property or safety, or the rights, property or safety of our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and law enforcement, e.g. with CIFAS and to any regulators who may request it

Security of processing

We have implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk and to protect your personal data against accidental or unlawful destruction, loss, alteration, or unauthorised disclosure or access. These include the following:

• User authentication and access controls to prevent unauthorised access to personal data
• Encryption of data in transit and at rest
• Incident management processes to enable us to quickly respond to an incident where personal data may be compromised
• Regular security audits

1. Unfortunately, the transmission of information via the internet is not completely secure. Although we will work hard to protect your personal information, we cannot guarantee the security of your information transmitted to the Service and use of the Service is at your own risk. 

2. Depending on where you live, you may have a legal right to receive written notice of a data privacy or security breach. If you have any reason to believe that your interactions with the Service are no longer secure, please notify us immediately at dpo@adfin.com

Transfers of personal data to any third countries or international organisations

The personal data that we collect or receive about you may be transferred to and processed by recipients that are located inside or outside the United Kingdom. We will take all necessary measures to ensure that transfers out of the UK are adequately protected as required by applicable data protection law. 

With regards to data transfers to countries not providing an adequate level of data protection, we rely on appropriate safeguards, such as standard data protection clauses adopted by a relevant regulator or supervisory authority, approved codes of conduct together with binding and enforceable commitments of the recipient, or approved certification mechanisms together with binding and enforceable commitments of the recipient. You can ask for a copy of such appropriate safeguards by contacting us at dpo@adfin.com.

Retention periods for the personal data

We only keep your information for as long as is necessary for us to use your information for the purposes described above in this Privacy Policy. However, please be advised that we may retain some of your information after you cease to use the Service, for instance, for our lawful record-keeping purposes and where this is necessary to meet our legal obligations, such as retaining the information for tax and accounting purposes.

When determining the relevant retention periods, we will take into account factors including: 

• Our contractual obligations and rights concerning the information involved;
• Legal obligations under applicable law to retain data for a certain period of time; 
• Our legitimate interests where we have carried out a balancing test;
• Statute of limitations under applicable law(s);
• (Potential) disputes;
• If you have made a request to have your information deleted; and 
• Guidelines issued by relevant data protection authorities.

After such time, we will either securely erase or anonymise your information where we no longer have a legitimate reason for keeping it. If this is not possible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible.

After termination of your account, we may continue to use anonymised data (which does not identify individual users) which is aggregated with anonymised data of other users. We use this aggregated anonymised data for data analysis, profiling and research purposes, for example to gain insights about our users. We may also keep your email address to ensure that you no longer receive any communications from us and information such as your name, financial details and latest address for fraud prevention purposes and for the exercise or defence of legal claims.

Use of automated decision making and AI tools

We use automated decision making and AI tools in order to enhance our data processing and to automate certain parts of the Service. These include the following:

• To assist with customer service queries
• In order to extract structured data from documents you upload or from third-party tools you share with us (for example when you upload invoices or make use of our Adfin Bridge service to extract data from your accounting system) 
• When we monitor the payments provided by our Partners in order to detect and prevent financial crime
• Finance administration automation: Adfin uses AI tools to help automate financial administration tasks. This may include, for example, generating and sending payment reminders, scheduling follow-ups, sending customer communications, responding to queries, reconciling transactions, and orchestrating related workflows. These systems process company information, configuration data, customer details, communications, invoice data, and payment information strictly for the purpose of providing and improving these automated services.

You have the right to object to decisions made solely through automated processing where these may significantly affect you. In such cases, you can request that we carry out a manual review. We may also use personal data to help train and improve our machine learning models. If you have any questions or concerns, please contact us at dpo@adfin.com 

The rights available to you in respect of the processing

By law, you have a number of rights regarding your personal information (see below). Please contact us at dpo@adfin.com to exercise any of your rights. Further information and advice about your rights can be obtained from the data protection regulator in your country. 

Your rights: