1. Introduction 

FYLD is a trading name of FYLD Limited who are registered in England & Wales No. 12481168 (collectively referred to as “we”, “our”, “us”, “FYLD” in this privacy policy). FYLD is the controller and  is responsible for your personal data. 

We are committed to protecting the privacy and security of your personal data. We take care to protect  the privacy of our customers and users of our products and or services that communicate (online or  offline) with us, events, over the phone, websites and social media platforms. 

We have therefore developed this privacy policy to inform you of the personal data we collect, what we  do with your personal data, what we do to keep it secure as well as the rights and choices you have  over your personal data. 

2. The personal data we collect and how we use it 

We only collect personal data that we know we will genuinely use and in accordance with the General  Data Protection Regulation (GDPR). The table below sets out the personal data we collect about you,  the source of and purpose for using that personal data and our ‘lawful basis’ under GDPR for processing  it.

From time to time, we may send you relevant information about our business, products and services by  email, but only if you have consented to receive these marketing communications by signing up for  updates. 

You can change your email marketing subscription anytime by editing your preferences or  unsubscribing altogether via the link at the bottom of any of our email marketing communications or by  contacting us via the details at the end of this policy. 

Otherwise, if you are an existing business customer, we may send you correspondence about our  products and services and again you can simply write to us to cease this at any time. 

3. Who we might share your personal data with
   
   We may share your personal data with other organisations in the following circumstances: 

• If the law or a public authority says we must share the personal data; 

• If it is needed to provide you with the services such as the ShowMe solution – for example to  share data with your utility provider;  

• If we need to share personal data in order to establish, exercise or defend our legal rights (this  includes providing personal data to others for the purposes of preventing fraud and reducing  credit risk); or 

• Any third party vendors where you provide consent.  

Please note that where you are a user of one of our products or services as part of your contract or  employment for another company, your employer may have access to your personal data as a separate  data controller and may use it in accordance with their own privacy policy.

2 

We require all third parties to respect the security of your personal data and to treat it in accordance  with the law. 

Smartlook 

We use Smartlook in order to better understand our users’ needs and to optimise this service and  experience. Smartlook is a technology service that helps us better understand our users experience  (e.g. how much time they spend on which pages, which links they choose to click, what users do and  don’t like, etc.) and this enables us to build and maintain our service with user feedback. Smartlook  collects data on our users’ behavior and their devices (in particular device’s IP address (captured and  stored only in anonymized form), device screen size, device type (unique device identifiers), browser  information, geographic location (country only), preferred language used to display our website). 

Smartlook stores this information in a pseudonymized user profile. Neither Smartlook nor we will ever  use this information to identify individual users or to match it with further data on an individual user. For  further details, please see Smartlook’s privacy policy. 

4. International transfers 
   
   

Service Providers 

We may transfer your personal data to service providers that carry out certain functions on our behalf.  This may involve transferring personal data outside the UK to countries which have laws that do not provide the same level of data protection as the UK law. 

Whenever we transfer your personal data out of the UK to service providers, we ensure a similar degree  of protection is afforded to it by ensuring that the following safeguards are in place: 

• We will only transfer your personal data to countries that have been deemed by the UK to  provide an adequate level of protection for personal data; and/or 

• We may use specific standard contractual terms approved for use in the UK which give the  transferred personal data the same protection as it has in the UK. To obtain a copy of these  contractual safeguards, please contact us using contact details provided in this privacy policy.  

5. Your rights over your personal data 
   
   

• Right to access your personal data 

You have the right to access the personal data that we hold about you in many circumstances, by  making a request. This is sometimes termed ‘Subject Access Request’. If we agree that we are obliged  to provide personal data to you (or someone else on your behalf). 

• Right to Correction of your personal data 

If any of the personal data we hold about you is inaccurate or out of date, you may ask us to correct it. • Right to stop or limit our processing of your personal data 

You have the right to object to us processing your personal data if we are not entitled to use it anymore,  to have your data deleted if we are keeping it too long or have its processing restricted in certain  circumstances. 

You may also have the right to object to processing of your personal data where we are relying on a  legitimate interest (or those of a third party) as the legal basis for that particular use of your personal data. In some cases, we may demonstrate that we have compelling legitimate grounds to process your  personal data which override your right to object. 

• Right to object to direct marketing 

You also have the absolute right to object any time to the processing of your personal data for direct  marketing purposes. 

• Right to transfer 

Request the transfer of your personal data to you or to a third party. We will provide to you, or a third  party you have chosen, your personal data in a structured, commonly used, machine-readable format.  Note that this right only applies to automated information which you initially provided consent for us to  use or where we used the information to perform a contract with you. 

• Right to withdraw consent  

You have the right to withdraw consent at any time where we are relying on consent to process your  personal data. However, this will not affect the lawfulness of any processing carried out before you  withdraw your consent. If you withdraw your consent, we may not be able to provide certain products  or services to you. We will advise you if this is the case at the time you withdraw your consent. 

• Rights in relation to automated decision-making 

You have the right to not be subject to a decision based solely on automated processing. Processing is  “automated” where it is carried out without human intervention and where it produces legal effects or  significantly affects you. 

• For more information about your privacy rights 

The Information Commissioner’s Office (ICO) regulates data protection and privacy matters in the UK.  They make a lot of information accessible to consumers on their website and they ensure that the  registered details of all data controllers such as ourselves are available publicly. 

You can make a complaint to the ICO at any time about the way we use your personal data. However,  we hope that you would consider raising any issue or complaint you have with us first. Your satisfaction  is extremely important to us, and we will always do our very best to solve any problems you may have. 

If you would like to exercise any of these above rights, please contact us via the details listed at the  very end of this policy. 

No fee usually required  

You will not have to pay a fee to access your personal data (or to exercise any of the other rights).  However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.  Alternatively, we could refuse to comply with your request in these circumstances. 

What we may need from you 

We may need to request specific information from you to help us confirm your identity and ensure your  right to access your personal data (or to exercise any of your other rights). This is a security measure  to ensure that personal data is not disclosed to any person who has no right to receive it. We may also  contact you to ask you for further information in relation to your request to speed up our response. 

Time limit to respond 

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than  a month if your request is particularly complex or you have made a number of requests. In this case,  we will notify you and keep you updated. 

6. How long we keep your personal data for 
   
   

We retain a record of your personal data in order to provide you with a high quality and consistent  service. We will only retain your personal data for as long as reasonably necessary to fulfil the purposes  we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or  reporting requirements. We may retain your personal data for a longer period in the event of a complaint  or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. 

To determine the appropriate retention period for personal data, we consider the amount, nature and  sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your  personal data, the purposes for which we process your personal data and whether we can achieve  those purposes through other means, and the applicable legal, regulatory, tax, accounting or other  requirements. 

7. Your data and Social Networks 
   
   

When using our website, you may be able to share information through social networks like Facebook  and X. For example, when you ‘like’, ‘share’ or review our services. When doing this, your personal data  may be visible to the providers of those social networks and/or their other users. Please remember it is  your responsibility to set appropriate privacy settings on your social network accounts, so you are  comfortable with how your personal data is used and shared on them. 

8. Security 
   
   

Data security is of great importance to FYLD and to protect your personal data we have put in place  suitable physical, electronic and managerial procedures to safeguard and secure your collected  personal data. 

We take security measures to protect your personal data including: 

(a) Physical & Managerial Security Procedures 

• Limiting access to our buildings to those that we believe are entitled to be there (by use of  passes, key card access and other related technologies); 

• Implementing access controls to our information technology 

• We use appropriate procedures and technical security measures (including strict encryption,  anonymisation and archiving techniques) to safeguard your information across all our computer  systems, networks, offices and stores. 

• Never asking you to disclose your own passwords, 

• Advising you never to enter your account number or password into an email or after following  a link from an email. 

(b) Website Application and Hosting Security Procedures 

• HTTPS – This website is secured via Hyper Text Transfer Protocol Secure (HTTPS). It means  all communications between your browser and this website are securely encrypted. This means  that even if somebody managed to intercept the connection, they would not be able to decrypt  any of the data which passes between you and the website. 

• Secure Payments via PayPal – All transactions taken and processed on this website are  handled separately by PayPal. 

• Secure Update Process – Inline with the security processes of our website development  partner agency, this website application’s code-base is administered and updated via a  password and FTP free process. All code-changes are deployed via a secure process that does  not rely on the storage and visible access of passwords. 

• Two Factor Authentication – Where possible, the administration interface to this website  application and any personal data herein, is secured behind a two factor authentication login to  all staff who have access to it. Additionally, our website development agency can only access  the same interface via their secure Google GSuite accounts and hold no password records for  accessing the platform at super-admin level. 

• Web Application Maintenance – Our organisation, working in collaboration with our website  development agency, regularly monitor the security of this website and consistently update the  core CMS platform and supporting extensions and plugins. 

• PCI-DSS Compliant Server – Our website application is hosted and operations on a PCI-DSS  compliant server independently certified by Security Metrics. The Payment Card Industry Data  Security Standard (PCI DSS) applies to companies of any size that accept credit card  payments. 

• Cloudflare – Our website’s DNS is managed through CloudFlare who provide our content  delivery network (CDN), DdoS attack mitigation, Internet security and distributed domain name  server services. 

9. Cookies used by our website 

• What are Cookies? 

Cookies are small pieces of data, stored in text files, that are stored on your computer or other device  when a website is loaded within your chosen browser (“Cookie”). They are widely used to ‘remember’  you and your preferences, either for a single visit (through a ’session cookie’) or for multiple repeat visits  (using a ‘persistent cookie’). They ensure a consistent and efficient experience for visitors, and perform  essential functions such as allowing users to register and remain logged in. Cookies may be set by the  site that you are visiting (known as ‘first party cookies’), or by other websites who serve up content on  that site (‘third party cookies’). 

• What is Cookie Control? 

You may notice that our website utilises a third-party Cookie preference tool called ‘Cookie Control’.  Cookie Control is a mechanism for controlling user consent and the use of cookies on this website  application. 

When (as the user) you consent to one of the optional cookie categories, Cookie Control will place a  cookie to remember that decision. The name of the cookie will be the name of the category specified  within the Cookie Control widget itself. That cookie will be removed when you (the user) revokes consent  to that category. 

• What are ‘Strictly Necessary Cookies’? 

These are the cookies that are essential for this website to perform its basic functions. These include  those required to allow registered users to authenticate and perform account related functions, as well  as to save the contents of virtual ‘carts’ on sites that have an e-commerce functionality. 

Strictly Necessary Cookies are highlighted with a double asterisk (**) in the tables below: • Cookies set by WordPress

6 

• Cookies set by Google Analytics

7 

• Cookies set by CloudFlare 

• Miscellaneous Cookies 

• How to change your Cookie preferences
  The most popular web browsers typically provide additional tools to users for controlling or restricting  cookies on their device. To find out more about cookies, including how to see what cookies have been  set, visit www.aboutcookies.org or www.allaboutcookies.org. 

Find out how to manage cookies on popular browsers: 

• Google Chrome 

• Microsoft Edge 

• Mozilla Firefox 

• Microsoft Internet Explorer 

• Opera 

• Apple Safari 

To find information relating to other browsers, visit the browser developer’s website. 

To opt out of being tracked by Google Analytics across all websites, visit  http://tools.google.com/dlpage/gaoptout. 

10. How to contact us 

If you would like to exercise one of your rights as set out earlier in this policy, or you have a question or  a complaint about this policy, the way your personal data is processed, please contact us by one of the  following means: 

By email: privacy@fyld.ai 

By post: 5 New Street Square, London, United Kingdom, EC4A 3TW 

Thank you for taking the time to read our Privacy Policy. 

FYLD Limited 

This privacy policy was last updated on 19th October 2024

9