Last updated: January 2021
This notice applies across all websites that we own and operate and all services we provide.
When we say ‘personal data’ we mean identifiable information about you, like your name, email, address, telephone number, bank account details, support queries and so on. If you cannot be personally identified (for example, when personal data has been aggregated and anonymised) then this notice doesn’t apply.
We may need to update this notice from time to time. Where a change is significant, we’ll make sure we let you know – usually by sending you an email. You can read the whole notice below.
Who are ‘we’?
When we refer to ‘we’ (or ‘our’ or ‘us’), that means Coda Technology Limited (trading as ‘Coda Pay’) and any of its wholly owned subsidiaries or brands. Our headquarters are in the United Kingdom (UK), but we have a workforce operating from other parts of the world. Address details for Coda Technology’s offices are available on the ‘Contact’ section of our website.
We provide contracting intermediary services. If you want to find out more about what we do, see the ‘About us’ section of our website.
For European Union (EU) data protection purposes, when we act as a controller in relation to your personal data, Coda Technology Limited (company number 10440176) are the representative in the EU.
Our data protection principles
At Coda Technology, we pride ourselves on operating with transparency, integrity and security. Our approach to data protection is built around three key principles, which sit at the heart of our approach to your personal data.
More information is available in the subsequent sections, but this means we will be open and honest about how we process your data, working with you to keep accurate records and ensuring we take the appropriate steps to safeguard your personal data.
How we collect your data
When visiting our website or using our services, we sometimes need to collect personal data. How this is collected can be generally classified as follows:
- Information you provide to us directly: when visiting or using some aspects of our website and/or services we might ask you to give personal data. As an example, we ask for your contact information when you sign up for a free trial, join us on social media, partake in training, contact us with queries or use our technical support service. If you do not want to provide us with personal data, you do not have to, but it might mean you cannot use certain parts of our website or services.
- Information we collect automatically: we sometimes collect certain information about you automatically when visiting our website or using our services. As an example, we may need to collect your IP address and device type (desktop, mobile and so on). We also collect information when you navigate through our website and services, including what pages you looked at and what links you clicked on. This information is useful for us as it helps us get a better understanding of how users are utilising our website and services so that we can continue to provide the best experience possible (e.g., by personalising the content you see). Some of this information will be collected via cookies or similar tracking technologies. More information regarding the types of cookies we use, why, and how you can control them is available upon request.
- Information we get from third parties: most of the information we collect should be obtained directly from you. Occasionally we will need to collect personal data about you from other sources beyond our own website and services, such as publicly available materials or via trusted third parties. Any information gathered from these sources is simply to supplement the personal data we already hold about you, in order to better inform, personalise and improve our services.
Where your personal data is collected, this will only be processed where we need to/have:
- undertake the duties of a contract with you;
- a genuine business need to process this personal data (not overridden by your other rights);
- satisfying a legal obligation; or
- your prior consent to do so.
Where your personal data is not collected, there is a risk that we may not be able to provide to you some or all of our services; this includes – but is not limited to – certain functionality in our systems or website features being unavailable.
If we do not have an existing relationship with you, but you believe that Coda Technology may be holding your personal data (for example an existing customer has entered this into our website or services), then you will need to contact that Coda Technology customer to query your personal data; including – but not limited to – your rights to access, update, amend or delete your personal data.
How your data may be used
We may use your personal data to operate our website and any other services you have requested; this includes our ability to manage the relationship with you. We also use your personal data for other purposes, which may include the following:
- Communicating with you: share information you have requested from us, operating notifications (e.g. security alerts), marketing communications you have signed up to receive and so on;
- Supporting you: assistance with support queries, technical issue resolution (both with our website and services);
- Improving our website and services: tracking usage to optimise the experience;
- Protecting you: ensuring data integrity and no malicious activity;
How your data may be shared
There may be occasions where we need to share your personal data with third parties. We will only disclose your personal data to:
- third party service providers and/or partners that assist and enable Coda Technology to use the personal data – for example, technical support resolution, or a payment provider;
- regulators, law enforcement bodies, government agencies, courts or other third parties where we think it might be necessary to comply with applicable laws or regulations, or to exercise, establish or defend our legal rights. Where possible and appropriate, we will notify you of this type of disclosure;
- other people or entities where we have your prior consent.
Data transfer (outside your country of residence)
When your data gets shared, this may be distributed to, and processed in, countries other than the country in which you reside. For example, payment processing by a third-party software provider.
Please know that where personal data needs to be distributed to a third-party outside of your country of residence, we have in place safeguards (e.g. encryption) to ensure this data remains protected.
If you are in the European Economic Area (EEA), for the avoidance of doubt, the above means that from time-to-time, data may be distributed to a country outside of the EEA. However, measures have been taken to identify – in advance of any such distribution of your data – to ensure that those non-EEA countries have sufficient protection in place. Where third-parties are involved, appropriate additional steps have been taken to preserve the integrity of your personal data, i.e. by entering into the European Commission’s Standard Contractual Clauses with these companies. If you have any queries or require any clarifications, please do reach out to the Coda Technology team using the details listed on the ‘Contact’ page of the website (see final section of this document).
Security is one of our Board’s top priorities, especially with individual’s personal data. At Coda Technology we are dedicated to protecting your personal data and have appropriate technical and internal measures in place to make sure that happens.
The length of time we keep your personal data depends on what it is and whether we have an ongoing business need to retain it. For example, to provide you with a service you have requested.
We will retain your personal data for as long as we have a relationship with you and for a period of time afterwards where we have a continued business need to retain it, in accordance with our data retention policies and practices. Following this short period, we will make sure your data is deleted or anonymised.
Know your rights
At Coda Technology, we believe that your personal data ultimately belongs to you, and that you have certain rights relating to it. When it comes to marketing communications, you can ask us not to send you these at any time – just send us a request to firstname.lastname@example.org to unsubscribe. Furthermore, your rights include:
- knowing what personal data is held about you;
- requesting a copy of the personal data held about you (this is known as a Subject Access Request or ‘SAR’);
- ensuring data is accurate and records are up-to-date;
- requesting your personal data to be deleted
- You can exercise these rights at any time by sending an email to email@example.com. Please email any complaints to this same email address; we will review and investigate your complaint and try to get back to you within a reasonable timeframe.
Contacting the Coda Technology team
We are always happy to hear people.
If you would like to know what personal data we may hold about you, or should you have any general enquiries, feedback or would to discuss our website and/or services in more detail, then do reach out to the Coda Technology team.
our preferred communication method is via email. This helps us ensure your message is assigned to the right people at all times. You can reach us on firstname.lastname@example.org.