We comply with data protection legislation such as the Data Protection Act 1998 and EU General Data Protection Regulation (GDPR). This regulates the processing of personal data relating to You and grants You various rights in respect of Your personal data.
If You disagree with the practices described in this policy, You should (a) take the necessary steps to remove cookies from Your computer after leaving Our App, and (b) discontinue Your use of our Services and Products.
Who we are?
Cache is a trading name for Cache London Ltd and related entities. The registered office of Cache London Ltd is located at 20-22 Wenlock Road, London, England, N1 7GU. Cache London Ltd is a company registered in England and Wales. Our company registration number is 11927493. Our Information Commissioners Office reference number is A8474028.
Data Controller and Data Protection Officer
Cache London Ltd is the data controller responsible for your personal data. You can contact the data controller by writing to Cache London Ltd, Privacy Team, 20-22 Wenlock Road, London, N1 7GU, England or sending an email to firstname.lastname@example.org.
How we collect or obtain Your information:
when You provide it to us (e.g. when you download Our App, use our Services or Products, placing an order on Our App, signing up to any page or feature within Our App, registering Your profile, by contacting us or collected to further our legitimate interests as a business);
from Your use of Our App, using cookies; and
occasionally, from third parties.
Personal data we collect:
Personal data means any information that can be used to identify you (either on its own, or when aggregated with other data). It does not include data where your identity has been removed completely or anonymised.
Your personal data may be ‘processed’. This means any operation We perform on your personal data, such as collection, organising, storing, updating, using, disclosing and deleting. When You become a Cache customer, we may process different kinds of personal data, which are as follows:
Date of birth;
Proof of address;
ID documents such as your passport/State ID/Driver’s License;
Bank account details;
Telephone recordings (e.g. for customer service);
Bank account and payment card data;
Other personal data;
Security questions needed for the use of our Services and Products;
Information required to carry out Anti-Money Laundering (AML) and Know Your Customer (KYC) checks, and at times credit checks;
Tax identifier and/or tax residence number or code;
Source of Funds;
The amount of monies you transfer or withdraw and corresponding currency;
Your purchase and selection of Products and Services;
Information about your social media and other third party data;
Information about Your computer; and
Any information you provide to us on a feedback or enquiry form or when you contact us.
Our legal bases for which we will process your personal data
Below we have set out a description of the purposes of our processing of your personal data, and which legal bases we rely on to do so.
Identity data – When you register with us/create an account with Us and confirm your identity, name, email address, gender, date of birth, mobile number, age, citizenship and residency with a valid form of ID such as your passport/State ID/ Driver’s License and a Proof of Address documents such as utility bill, bank statement or local government statement your consent will be obtained. Should consent not be given you will be unable to use our Products or Services. We also have a legal obligation to perform Anti-Money Laundering (AML) and Know-Your-Customer (KYC) checks and other due diligence on all our customers.
Financial data – Your source of funds, Know-Your-Customer and Anti-money Laundering checks will be required to detect and prevent identity fraud or theft and other financial fraud and crime before can use our products and services to protect out platform and You as user. This is necessary for our legitimate interests (to prevent Cache products being used for fraud or other financial crime) and necessary to comply with legal obligations (we are required by law to inform you of certain changes).
Transactional data – To process orders and services You place on Our App; adding funding cards to your Cache account or transfer/withdraw monies from your Cache account to your bank or vice versa, your payment card and/or bank account details will be processed. Additionally, to further process your payment transactions, so that we can: Process your payment request and authorise or decline your transaction to enter into such contract. This is necessary to comply with our legal obligations and performance of our contract.
Technical data - To run our business, provide administration and IT services, network security, and in the context of a business reorganisation or group restructuring exercise to further our legitimate interest.
Marketing and communications data - Strictly by your consent to provide you with marketing emails relating to the Cache Products and Services and those of our partners. You can unsubscribe at any time.
Contact data – Your name, email address and contact number will be processed to further our legitimate interest should we need to contact you in respect of any account queries we have and to manage the operation of your Cache Account.
Third-party service data – We have a duty to detect and prevent fraud or theft, money laundering, counter terrorist financing or any other financial crime or misuse of Services/Products. It is necessary to comply with our legal obligation (we have a legal obligation to detect and prevent fraud, other financial crimes and any misuse of the Cache product or service. Collect and recover money owed to us - Necessary for our legitimate interests (to recover fees/ debts due to us) or any other legal dispute that may arise.
Administrative and business purposes – Pertaining to the following:
a. Improving Our App and business, including personalising Our App and Services/Products for You and other customers. This is necessary for our legitimate interest of better understanding our customers’ and potential customers’ preferences and tailoring Our App, products and services to their needs, preferences and desires.
b. Providing You information about our Services and Products via direct marketing communications which may be of interest to you. This may be necessary to further our legitimate interests as a business.
d. Providing You with offers relating to our services which are similar to the services which You purchased from us or were in negotiations to purchase from us (provided that You did not opt-out from receiving such communications either at the time or subsequently). This is necessary for our legitimate interest of direct marketing and advertising our services.
e. Protecting our business and our business interests, including for the purposes of credit and background checks, fraud and website misuse prevention and debt recovery. This is necessary for our legitimate interests of preventing criminal activity such as fraud or money laundering, for ensuring that Our App and services are not misused. Where we carry out credit and background checks, we will only carry out such checks to the extent that we are permitted or authorised by law to do so and to the minimum extent necessary.
f. Communicating with our business advisors and legal representatives. This is necessary for our legitimate interests of obtaining legal or professional business advice. In such circumstances, we will only share Your personal data where it is necessary to do so, to the minimum extent necessary, subject to appropriate confidentiality restrictions and on an anonymised basis wherever possible.
g. Sharing Your personal data with third parties, including service providers and data processors, which are either related to or associated with the running of our business (including to third parties within our corporate group from time to time), such as our insurers, accountants, affiliates, agents, suppliers, independent contractors, email providers, and IT or web development service providers. We will share Your personal data with these third parties where it is necessary for our legitimate interest of running and managing our business effectively, fulfilling our contractual obligations (e.g. to our insurers) or for our own direct marketing purposes. Where You purchase Services/Products from us or request that we take steps to do so, we may also need to share Your personal data with such third parties in order to perform a contract which we have entered into with You or to take steps, at Your request, to enter into a contract with You. Where we share Your personal data with such third parties, we will do so strictly on a need-to-know basis, subject to appropriate confidentiality restrictions, on an anonymised basis as far as possible and only to the extent strictly necessary for any of these purposes.
i. Processing or passing on Your personal data to other entities related to Cache and operating under that trading name to provide You with additional value added services, such as giving You access to special discounts with our merchant partners and enable you to convert your funds to benefit from value added products.
j. Ensuring physical, network and information security and integrity. This is necessary for our legitimate interest of ensuring that our IT systems and networks are secure and uncompromised, including, for example, preventing malware, viruses, bugs or other harmful code, preventing unauthorised access to our systems, and any form of attack on, or damage to, our IT systems and networks.
k. In connection with disclosure requests and in the case of a business or share sale or sale or purchase of a business and/or assets, whether actual or potential. This is necessary for our legitimate interests of selling and/or ensuring and promoting the success of our business. Where we share Your personal data with a prospective purchaser or seller, we will do so on a strictly need-to-know basis, subject to appropriate confidentiality restrictions, on an anonymised basis as far as possible and only to the extent strictly necessary for any of these purposes.
Advertising and analytical purposes
Providing statistical information to third parties such as but not limited to Google Analytics. This is necessary for our and third parties’ legitimate interests of processing personal data for research purposes, including market research, better understanding our respective customers, and tailoring our respective products and services to their needs. Your personal data will only be shared with such parties on an anonymised basis.
Displaying advertisements to You and analysing the information we receive in relation to those advertisements. This is necessary for our own and for third parties’ legitimate interests in direct marketing and advertising our and their products and services respectively, and for market research purposes.
Legal and enforcement of legal rights
Enforcing our legal rights. This is necessary for our legitimate interest of protecting our business and enforcing our contractual and other legal rights.
Indicating possible criminal acts or threats to public security to a competent authority. This is necessary for our legitimate interest of preventing crime, for compliance with a legal obligation to which we are subject, in the general public interest or for the legitimate interests of governmental bodies and competent authorities that prevent crime.
In connection with any legal or potential legal dispute or proceedings. This is necessary for our legitimate interest of resolving disputes and making such disclosures as are required by law or which we consider, acting reasonably, are required by law.
Complying with laws, regulations and other legal requirements. We may need to use and process Your personal data in order to comply with legal obligations to which we are subject. For example, we may require Your personal data pursuant to a statutory obligation to conduct anti-money-laundering checks or to disclose Your information to a court following receipt of a court order or subpoena. We may also need Your personal data to comply with ongoing legal obligations, such as tax laws and regulations to which we are subject (where You have placed an order for services with us for example).
The processing of Your personal data to comply with legal obligations to which we are subject applies to legal obligations of other countries where they have been integrated into the legal framework of the United Kingdom, for example in the form of an international agreement which the United Kingdom has signed. Where the legal obligations of another country have not been so integrated, we will process Your information to comply with such obligations where it is in our legitimate interest to do so.
Disclosure of Your personal data to third parties: only to the extent necessary to run our business and our Services to You, to fulfil any contracts we enter into with You, where required by law or to enforce our legal rights
Sharing of Your personal data to be used by third parties: To improve Your experience when using Our App we make use of third party providers and need to sometimes share anonymized parts of your personal data. This includes but is not limited to anti-money laundering and credit checks as well as improving recommendations when you use our experience platform.
Your rights in relation to Your personal data
to access Your personal data and to be informed about its use
to correct Your personal data
to have Your personal data deleted
to restrict the use of Your personal data
to object to the use of Your personal data
to complain to a supervisory authority
to withdraw Your consent to the use of Your personal data
Information received from third parties
Information we obtain from third parties will generally be Your name and contact details, but also any additional information they provide to us.
We may also obtain personal data about You from certain publicly accessible sources, such as the electoral register, credit check and anti-money laundering agencies, online customer databases, business directories, media publications, social media websites and other publicly accessible sources.
You already have the information;
providing You with the information would prove impossible or would involve a disproportionate effort;
we are under UK, an EU or EU member state law obligation to obtain or disclose the information which provides appropriate measures to protect Your legitimate interests; or
we are obliged to keep the information confidential as a result of an obligation of professional secrecy regulated by UK, EU or EU member state law.
if we intend to use Your personal data to communicate with You, at the point when we first communicate with You;
if we envisage that we will disclose Your personal data to a third party, when we disclose Your personal data to that third party (at the latest); and
in any other circumstances, within a reasonable period after obtaining Your personal data (and in any event within one month at the latest), taking into account the specific circumstances in which we use Your personal data.
How long we retain Your personal data
In general, we will retain Your information for no longer than necessary, taking into account the following:
the purpose(s) for which we are processing Your personal data, such as whether it is necessary to continue to store that information in order to continue to perform our obligations under a contract with You or for our legitimate interests;
whether we have any legal obligation to continue to process Your information, such as any record-keeping obligations imposed by applicable law; and
whether we have any legal basis to continue to process Your personal data, such as Your consent.
Where You order Services from us, we will retain Your information for six years from the end of the financial year in which You purchased those services from us, in accordance with our legal obligations to keep records for tax purposes. Cache is also obligated under the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017 to retain your personal data for a period of five years. This applies even if you do not complete your registration as a Cache customer.
How we secure Your personal data
We take appropriate technical and organisational measures to secure Your personal data and to protect it against unauthorised or unlawful use or processing as well as against the accidental loss or destruction of, or damage to, Your personal data, including:
Only sharing and providing access to Your personal data to the minimum extent necessary, subject to confidentiality restrictions where appropriate, and on an anonymised basis wherever possible;
Using secure servers to store Your personal data;
Verifying the identity of any individual who requests access to personal data prior to granting them access to personal data;
Using Auth 2; Auth 2 is a secure, third-party, delegated authorization framework that allows authenticated access to assets without sharing login credentials. For reference, Auth 2 is used by Amazon, Facebook and Google.
Using TLS 2.0 Encryption 256 Bits. This is the cryptographic protocol that encrypts data and part of the network that ensures that the communication and information sharing between the user and the application is authenticated and safe, and it is standard on all software systems for example by AWS Cloud.
Using LOPC + PCI compliant cache, which uses the payment card industry data security standard, intended to protect users’ payment card information. We do not store the data related to the user’s card unless given explicit permission to do so.
Using Blockchain Ledger ensures the maximum security measure for users and ensures that the digital source where data is encoded is protected. This data cannot be modified and is stored immutably.
Using Secure Sockets Layer (SSL) software or other similar encryption technologies to encrypt any payment transactions You make on or via Our App; and
Only transferring Your personal data via closed system or encrypted data transfers.
Transmission of information (including personal data) over the internet is not entirely secure, and if You submit any information to us over the internet (whether by email, via Our App or any other means), You do so entirely at Your own risk. We cannot be responsible for any costs, expenses, loss of profits, harm to reputation, damages, liabilities or any other form of loss or damage suffered by You as a result of Your decision to transmit information to us by such means.
Cookies are data files which are sent from a website to a browser to record information about users of a website.
We use Google Analytics on Our App to understand how You engage and interact with it. For information on how Google Analytics collects and processes data using cookies, please visit www.google.com/policies/privacy/partners/. You can opt out of Google Analytics tracking by visiting: http://tools.google.com/dlpage/gaoptout
We may use web beacons in our marketing emails and/or on Our App. Some (but not all) browsers enable You to restrict the use of web beacons by either preventing them from sending information back to their source (e.g. when You choose browser settings which block cookies and trackers) or by not accessing the images containing them (e.g. if You select a “do not display images (in emails)” setting in Your email server).
Your rights in relation to Your personal data
You have the following rights in relation to Your personal data, which You can exercise by writing to the following address: Cache London Ltd – Privacy Team, 20-22 Wenlock Road, London, England, N1 7GU 2NX or sending an email to email@example.com.
to request access to Your personal data and information related to our use and processing of Your personal data;
to request the correction or deletion of Your personal data;
to request that we restrict our use of Your personal data;
to receive personal data which You have provided to us in a structured, commonly used and machine-readable format (e.g. a CSV file) and the right to have that personal data transferred to another data controller (including a third-party data controller);
to object to the processing of Your personal data for certain purposes (for further information, see the section below entitled ‘Your right to object to the processing of Your personal data for certain purposes’); and
to withdraw Your consent to our use of Your personal data at any time where we rely on Your consent to use or process that personal data. If You withdraw Your consent, this will not affect the lawfulness of our use and processing of Your personal data on the basis of Your consent before the point in time when You withdraw Your consent.
You also have the right to lodge a complaint with a supervisory authority, which, for the purposes of the UK, is the Information Commissioner’s Office (ICO), the contact details of which are available here: https://ico.org.uk/global/contact-us/
Further information on Your rights in relation to Your personal data as an individual
For further information about Your rights in relation to Your personal data, including certain limitations which apply to some of those rights, please visit the following pages on the ICO’s website:
You can also find out further information about Your rights, as well as information on any limitations which apply to those rights, by reading the underlying legislation contained in Articles 12 to 22 and 34 of the General Data Protection Regulation (GDPR), which is available here: http://ec.europa.eu/justice/data-protection/reform/files/regulation_oj_en.pdf
Verifying Your identity where You request access to personal data
Where You request access to personal data, we are required by law to use all reasonable measures to verify Your identity before doing so. Where we possess appropriate information about You on file, we will attempt to verify Your identity using that information. If it is not possible to identity You from such information, or if we have insufficient information about You, we may require original or certified copies of certain documentation in order to be able to verify Your identity before we are able to provide You with access to Your personal data.
These steps are necessary to verify Your identity in order to reduce the risk of identity fraud or identity theft by persons other than Yourself asking for access to Your personal data.
Your right to object to the processing of Your personal data for certain purposes
You have the following rights in relation to Your personal data, which You may exercise in the same way as You may exercise the rights in the preceding section (Your rights in relation to Your personal data):
to object to us using or processing Your personal data where we use or process it in order to carry out a task in the public interest or for our legitimate interests, including ‘profiling’ (i.e. predicting Your behaviour based on Your personal data) based on any of these purposes; and
to object to us using or processing Your personal data for direct marketing purposes (including any automated evaluation we make about You or any of Your characteristics as a person, to the extent that it is related to such direct marketing).
You may also exercise Your right to object to us using or processing Your personal data for direct marketing purposes by:
clicking the unsubscribe link contained at the bottom of any marketing email we send to You and following the instructions which appear in Your browser following Your clicking on that link; or
sending an email to firstname.lastname@example.org asking that we stop sending You marketing communications or by including the words “OPT OUT”.
Whenever You object to direct marketing from us by a different communication method to that of the marketing communications You have received from us, You must provide us with Your name and sufficient information to enable us to identify You in relation to the communications You have received.
Consequences of not providing Your personal data to us
Where You wish to purchase a service(s) or a product(s) from us, we require Your personal data in order to enter into a contract with You or to use our free services. We may also require Your personal data pursuant to a statutory obligation (in order to be able to send You an invoice for products and services You wish to order from us, for example).
If You do not provide Your personal data, we will not be able to enter into a contract with You or to provide You with those services.
Where we intend to use Your personal data for a new purpose other than the purpose(s) for which we originally collected it, we will provide You with information about that purpose and any other relevant information before we use Your personal data for that new purpose and obtain Your consent if required.
Changes to Your information
Please inform us of any changes to any information (including personal data) which we hold about You so we can keep the information we hold about You accurate and up-to-date.
Because we care about the safety and privacy of children online, we comply with the Children’s Online Privacy Protection Act of 1998 (COPPA). COPPA and its accompanying regulations protect the privacy of children using the internet. We do not knowingly contact or collect personal data from children under the age of 13. The website is not intended to solicit information of any kind from children under the age of 13.
It is possible that we may receive information pertaining to children under the age of 13 by fraud or deception. If we are notified of this, as soon as we verify the information, we will immediately obtain the appropriate parental consent to use that information or, if we are unable to obtain such parental consent, we will delete the information from our servers. If You would like to notify us of our receipt of information about children under the age of 13, please do so by sending an email to email@example.com.