1. Who are we?
2. What information do we collect and receive?
Your personal data When we say “personal data”, we mean any information that relates to and identifies a living person. Personal data will be contained in the information that you provide to us or that is provided during your interactions with us or our service, or in the information that you authorise a third party to give to us on your behalf.
The financial data that you enter into Visitor Express, or that is provided to Visitor Express from your bank, isn’t part of the “personal data” discussed here, unless it identifies a person. For more information about your financial data, please see the following section.
When it comes to your personal data, we comply in full with our obligations under the General Data Protection Regulation (GDPR) and other applicable data protection legislation.
Information you provide – Your personal data includes the information you provide to us or that you authorise someone else to provide when you:
sign up for a Visitor Express account; elect to have a Visitor Express account provided to you; sign up to receive our emails or communications; participate in or answer questionnaires or surveys, provide feedback or enter competitions; provide information in your Visitor Express account profile; provide information during a support enquiry about you and/or your organisation; provide information when you complete any forms which you submit to us, e.g. when you authorise us to receive transaction information from your bank; or provide information via an upload or data transfer to your Visitor Express account.
Examples of this personal data include name, email address, contact number, as well as any correspondence sent by you when you contact us. It could also include your bank account details and bank transaction details (if that information identifies a person). It could also include details in any invoices or receipts that you upload (if they identify a person).
Visitor Express has no requirement to collect or process any special categories of personal data, as defined under GDPR and the Data Protection Act 2018, in order to provide the service. In addition, we do not knowingly collect or solicit any personal data from anyone under the age of 16 or knowingly allow such persons to register for Visitor Express. Visitor Express is not directed at children under the age of 16. In the event that we learn that we have collected personal data from a child under age 16 without verification of parental consent, we will delete that information as quickly as possible.
Your financial data
In addition to your own personal data, we may also hold financial data that you enter into Visitor Express in order to make use of our services. Examples of your financial data include your organisation’s invoices, expenses, receipts and bank transactions. You retain complete control of all the financial data you enter and upload into Visitor Express. For example, if you want to give your accountant access to your financial data, you can switch this on in Visitor Express. Likewise, you can also stop a feed of data from your bank or remove an accountant’s access at any time.
It is your responsibility to safeguard your login information and control third party account access. Also, you need to make sure you have made suitable disclosures and, where applicable, have obtained any relevant consents or permissions necessary for you to upload the data of others (such as suppliers and clients) to Visitor Express and for that data to be used as set out in this policy. If, at any time, you want to prevent third party access to your Visitor Express account or stop any transfer of data between your bank and your Visitor Express account, please contact support@ or talk to your accountant.
Information we collect - We collect information about your usage of our service and website to improve our service, understand trends and enhance and customise content and campaigns. Some of this data may be “personal data”, where it relates to an identifiable person. Here’s the information that we collect and how we use it:
we monitor patterns of usage, such as login dates and volumes of data, so we can understand how people are using Visitor Express. We also do this in order to keep Visitor Express secure and to develop and improve our products. we also monitor patterns of usage so that we can tailor any communications we may send to you or advertising that you may receive. For example, we may tailor a newsletter with information about product features that you haven't tried yet, instead of features that you use frequently. We want the content of our communications to be relevant and useful to you. for security reasons and to aid in our monitoring of usage patterns, we log your Internet Protocol (IP) address when you use our website. This is the individual identification number that is assigned to your computer when it’s connected to the internet. we monitor traffic information to our website and emails, including page visits, email clicks, purchases, referring sites, and video viewings. We use this information to improve our website, advertising, promotions, and to understand customer behaviour. Please see section 10 below regarding our policy on cookies.
Information others provide to us
We may receive information from other companies or entities (e.g. your bank) when you have authorised that third party to provide information to us. This could, in certain circumstances, include the initial information to enable us to create your account (e.g. your full name, your email address and your business type), as well as your bank transaction data.
3. What do we use your personal data for?
We collect and use your personal data for a variety of business reasons. However, we need some of the data to enter into and perform our contract with you, maintain the security of our systems and provide you with access to Visitor Express. This data includes your contact details and other information requested during the Visitor Express setup process. If you fail to provide this data, or refuse to do so, we may be unable to provide our service to you.
All the processing we carry out is underpinned by a set of processing conditions. These are the legal bases under which we have the authority to collect, use and store your personal information. The following is a summary of how these could apply to you within the Visitor Express service.
We will process data where it is necessary to enter into a contract with you for the provision of the Visitor Express service or to perform our obligations under that contract. Please note that if you do not agree to provide us with certain requested information it may be difficult for the service to operate as intended or at all. Examples include:
processing and reviewing applications for the Visitor Express service, financial products or additional services; executing your instructions; processing transactions, providing support or advice, resolving any queries or discrepancies and administering any changes; receiving calls or emails to our support team; managing and maintaining our relationships with you and for ongoing customer service; communicating with you about the service and products you receive from us or via the Visitor Express service; and handling any complaints, queries or requests which relate to the Visitor Express service.
Please note - you will retain complete discretion to terminate your account with Visitor Express where we/you consider that it does not meet your needs or expectations.
When you elect to use the Visitor Express service, we are required by law to collect and process certain personal information about you. Please be aware that, should you refuse to provide us with certain mandatory information, it may not be possible for you to access the service. Examples include:
confirming your identity and protecting against fraud as part of a model for secure access; performing checks on the service and monitoring transactions and location data for the purpose of preventing and detecting crime and to comply with laws relating to money laundering, fraud, terrorist financing, bribery and corruption; sharing information with police, law enforcement, tax authorities or other government and fraud prevention agencies where we have a legal obligation to do so, including reporting suspicious activity and complying with production and court orders; delivering mandatory communications to users of the service, providing service messages, publishing revised disclosures or terms and conditions; investigating and resolving complaints where we may need to exercise or defend our legal rights; conducting investigations into suspected criminal acts, breaches of conduct and corporate policies; processing applications for products and services available from or through Visitor Express, including making decisions about whether to agree to approve any application; performing assessments and analysing customer information for the purposes of managing, improving and fixing data quality; and providing assurance that we have effective processes to identify, manage, monitor and report on the risks Visitor Express might be exposed to (e.g. security, fraud and client confidentiality).
We will process your personal data within Visitor Express where it is in our legitimate interests do so, and without prejudicing your interests or fundamental rights and freedoms. Examples include:
delivering service insights and personalised recommendations to you which help to maximise your use of Visitor Express and its products and services, or those products and services from our parent company and trusted third parties; providing you with updates about the Visitor Express service and its functionality, including new features and services; analysing your personal data and financial data so that we can administer, support, improve and develop our business, customer service and features of the Visitor Express service; We may use third parties to assist us in performing these activities from time to time and, in those cases, we may pass on your personal and/or financial data to them. We will only share your data with third parties that we trust, and when there are assurances in place as to how they will protect the data. improving your experience of the Visitor Express service by: gathering feedback from you on your use of and interactions within our service; assessing your use of our service; tracking your interactions with our service to tailor the content; and recording and monitoring communications to our telephone and online helplines. taking action if we need to defend our legal rights under our Terms of Service if you misuse the service or act in a way which contravenes laws, regulations or our Terms of Service; utilising available support functions for the management of the service. This may include budgeting, advice from our legal and accounting teams and technology support from relevant expert areas and third parties; tracking and analysing your use of our service to prepare reports on its performance; sharing anonymous or aggregate data in order to get you the best deals available on associated products and services; validating your information (and, in some cases, matching it against information that has been collected by a third party, for example Companies House) to check that the data we hold is accurate, consistent and current; monitoring anonymous, aggregated information about accounting and financial data so that we can produce insights about small business finance. For example, based on an anonymous, aggregate data analysis, we may produce a white paper that reports on how most small businesses are not paid on time; performing research and trend analysis to optimise your experience of the service; developing and enhancing our data models to improve the accuracy of the service and your insights; engaging our users by: gathering your feedback on the service; reporting at an aggregate level on the user experience and service performance; engaging and communicating with our users on social media and via SMS/email; and providing you with detailed information on your account activity. using your personal information in an anonymised and aggregated form to create content to include in: infographics, industry reports and media campaigns; blog posts and videos on the Visitor Express service; emails that inform users about the success and performance of the service; and posts from social media accounts owned and operated by Visitor Express.
4. Who do we share your information with?
Elective third party access to Visitor Express data
Should you choose to use parts of Visitor Express that permit the sharing of your personal and/or financial data with third parties (for example, if you choose to give your accountant or your bank access to your data), then your personal and/or financial data will be shared in that way. Such personal or financial data may include, for example, general, financial and transactional data and information from your account such as accounting ledger balances, bank transactions and invoices, bills, expenses and project details. These third parties will use that data in accordance with any permissions and consents you have given us or that you may give to us in the future.
Supplier and third party arrangements
As part of the service, we may need to share your personal information outside Visitor Express. There are limited circumstances in which we would do this and we will always have a compelling business reason to do so. Examples of when we will share your information include:
when we have your permission to do so; when you ask us to share your information as part of the service or a connected product you are interested in so that we can tailor your experience; when you instruct us to share your information with your bank and to add accounts from other providers to the Visitor Express service; when part of the service, or a product you are interested in, is supported or provided by a third party outside Visitor Express; when we are under a duty to disclose or share your personal or financial data in order to comply with any legal or regulatory obligation; to cooperate with law enforcement officials, judicial bodies, government entities, tax authorities or regulatory bodies in the investigation of unlawful activities of Visitor Express users or relating to Visitor Express users; or in order to enforce or apply any contract with you; or to protect our rights, property, or the safety of our employees, customers or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction; sharing with third parties and other financial services companies to help prevent, detect and prosecute unlawful acts and fraudulent behaviour; sharing with suppliers, sub-contractors and advisors who support the operation of the service, provide information for an insight, or manage connected products; sharing with third parties in the event that we, our business, or substantially all of its assets are acquired by a third party (in which case, personal information about customers will be one of the transferred assets); we may pass aggregate information on the usage of the Visitor Express service, where relevant, to maintain, improve and manage the Visitor Express service, but this will not include your personal data.
We will always take steps to ensure that the safety and security of your information is maintained. We will implement and maintain technical and organisational measures over each transfer of personal information and mandate that our partners and third parties do the same. No ownership rights to the data will be transferred to any third party, unless otherwise notified.
Transferring information overseas
We will, from time to time, have to transfer your information to third parties or organisations in other countries. This will only happen on the basis that any party to which we pass your information will protect it in the same way that we would and in accordance with applicable laws.
In the event that we transfer information to countries outside of the European Economic Area (which includes countries in the European Union as well as Iceland, Liechtenstein and Norway), we will only do so when:
the European Commission has decided that the country or the organisation we are sharing your information with will protect your information adequately; the transfer has been authorised by the relevant data protection authority; and we have entered into a valid contract with the third party or organisation with which we are sharing your information (on terms approved by the European Commission) to ensure your information is adequately protected.
For a full list of sub-processors and details of the safeguards in place in respect of data transfers outside the EEA, please see here.
Additionally, you may grant third party access to your personal or financial data by enabling the Visitor Express API for that third party. At all times, this access is controlled by you. Visitor Express is not responsible for the privacy practices employed by any third party given access by you to your personal or financial data by the Visitor Express API. Use of the Visitor Express API is governed by the Visitor Express API Terms.
5. How long do we store your data for?
We only store your data for as long as is necessary for the purposes of processing that are set out in this policy. When you cancel your account with Visitor Express, you can either delete your data immediately or we will automatically delete your data after one year. If your free trial expires or your account is suspended due to non-payment, we will keep it available to you for two years. After two years of inactivity it will be automatically deleted and will not be recoverable.
If you are signed up to marketing communications, cancelling your Visitor Express account will not automatically cancel your marketing preferences. If you would like to unsubscribe, please email firstname.lastname@example.org, otherwise we will delete your email address from our system after two years of inactivity.
To ensure the integrity of our systems and your data, we utilise various technologies to continually take secure, encrypted backups. All data, including deleted data, remains archived within these backups, which are maintained according to our defined two-year data retention policy, after which they are deleted.
6. You can export your account data at any time
You can export a copy of your data whenever you like - this will include some elements of your personal data and that of your clients, contacts and suppliers, your financial transactions, invoices, and expenses. We recommend that you use the export functionality to keep a backup of your data. While we regularly back up your data (see our security page), we can’t restore backups on an individual basis. (Find out more about exporting your Visitor Express data). You can also ask us for a copy of your personal data that we hold - see section 9 below for more information.
7. You can delete your data at any time
You have the option to delete all of your data at any time, using the “Delete Account” option in the settings area of Visitor Express. Using this option cancels and deletes your Visitor Express account and all associated data. You can also use the “Reset Data” option to reset your Visitor Express account after loading test data during your free trial. Using this option immediately deletes all data previously entered into your account. If you’re unsure whether or not to delete any data in Visitor Express then please do check with your accountant.
Deleting your data removes it from our active servers immediately; however, we retain archived database backups for two years, after which they are permanently deleted.
We highly recommend that you export your data before cancelling, since many countries (including the UK) require you to retain your business records going back many years, even if you have finished trading. Visitor Express is under no obligation to retain data on your behalf if you are no longer subscribed to the Visitor Express service.
If your free trial expires or your account is suspended due to non-payment, your account will be automatically deleted after two years of inactivity. We retain historical details about your payments to Visitor Express for accounting purposes because we are required by law to do so.
8. We don’t store your credit card details
9. What are your rights?
If you want to manage or disable cookies for the Visitor Express website or any other site, you can do so by changing your browser settings. Please bear in mind that disabling functional cookies may impair the availability and/or functionality of the Visitor Express service. We suggest consulting the “Help” section of your browser or taking a look at the About Cookies website which offers guidance for all modern browsers.
11. Security and data storage
We take security and privacy seriously. We will endeavour to take all reasonable steps to keep your personal and financial data secure once it has been transferred to our systems. We adopt appropriate, industry-standard data collection, storage and processing practices and security measures to protect against unauthorised access, alteration, disclosure or destruction. For further details of the security measures we have implemented, please see here.
Where we utilise third parties to help provide our services, we will always ensure that, as a minimum, the security policies and confidentiality arrangements of those third parties adhere to the same requirements that we impose and expect.
Where we have given you (or where you have chosen) a password that enables you to access certain parts of the Visitor Express website or Visitor Express itself, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
We shall periodically check that the personal data we store for you is accurate. If you would like to update the personal data we hold about you, please log in to your Visitor Express account or contact us at email@example.com with your request.
Please note that the internet is not a secure medium and although we will do our best to protect your data, we cannot guarantee the security of any data transmitted to Visitor Express. Any such transmission is at your own risk.
13. Getting in touch
Visitor Express Privacy Officer Withycombe Crowthorne Berkshire RG45 7NDv