Data Controller is Bridge Global Payments LLP., having its registered seat and address of management at 13 John Prince’s Street, London, W1G 0JR, United Kingdom, registered with Companies House with
registration number UIC OC433480 and represented by Ognjen Vuković(“Bridge”, “Administrator”, “Data Controller”)
In the event you have questions about the privacy of Inline service or you want to contact us about a data privacy issue or to enquire about data privacy rights, you may contact us via the following e-mail: [email protected]
“Inline” means Bridge Global Payments LLP, having its registered seat and address of management at 13 John Prince’s Street, London, W1G 0JR, United Kingdom, registered with Companies House with registration number UIC OC433480 and represented by Ognjen Vuković.
“Controller” means a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
“ Data Protection and Privacy Legal Framework“ means the General Data Protection Regulation (EU) 2016/679 (“GDPR”) or the Data Protection Act (UK) 2018 and the DPPEC (Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit)) Regulations
“Personal Data” means any information relating to an identified or identifiable natural person (data subject). A person is identifiable if they "can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller
“Third parties” means any other persons, organisations and authorities, besides Inline and the User.
“Website” means inlinecheckout.com
BASIC PRINCIPLES FOR THE PROCESSING OF PERSONAL DATA
Lawfulness, Fairness and Transparency
We process personal data lawfully, fairly and in a transparent manner in relation to the Users and justify the processing based on one of the lawful bases set out in the Data Protection and Privacy Legal Framework.
We provide the data subject with fair processing information before we process their data.
We collect and use data only for specified, explicit and legitimate purposes and do not use it in any additional ways that are incompatible with those purposes.
We process personal data collected for specific, explicit and legitimate purposes and do not further process them in a manner that is incompatible with those purposes.
We do not use the Users’ personal data for any purposes other than those notified to them in a privacy notice when the personal data was first collected (or obtained by a third party).
Personal data that we process is appropriate, adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.
We keep processed personal date up to date by taking all reasonable measures to ensure the timely erasure or correction of inaccurate personal data, taking into account the purposes for which they are being processed
The personal data processed by us are stored for no longer than is necessary for the purposes for which it is processed
Integrity and Confidentiality
The personal data stored by us is protected from unauthorised or unlawful processing as well as loss, destruction or damage using appropriate technical and organisational measures including data security practices such as encryption, appropriate training, and selection of staff and physical security measures
In addition to being responsible for compliance with the Data Protection and Privacy Legal Framework, we are able to demonstrate compliance by implementing appropriate technical and organisational measures, including documented data governance, data mapping, written policies, staff training, audits/reviews and records of processing. We ensure that adequate resources are in place and secure support from stakeholders, including senior management, for ongoing compliance with the Data Protection and Privacy Legal Framework
WHAT PERSONAL DATA WE PROCESS
We collect your personal information so that we can provide our services as well as continually improve them. Your Personal Data is used to communicate with you, sending of promotional material, customer retention and is not shared with third parties.
Personal details required for opening Inline account
We receive and store any information you provide in connection with Inline’s services, which includes your name, surname, card details and email address.
Collection of unique identifiers
In order to provide our services and provide you with any of the products offered on the site, we use
ON WHAT BASIS DO WE COLLECT AND PROCESS YOUR PERSONAL DATA
We process data when you explicitly consent to the processing of personal data, or the processing is necessary for the performance of a contract to which you are a party or for taking steps on your own initiative prior to the conclusion of a contract (such a step is the simple use of the site without having to make a purchase request).
The processing of the data is also necessary for the purposes of our legitimate interest, namely: when without processing a certain type of data we could not provide our services and enter into a contract for providing each of the services on the website, serving our customers and bringing value to our users.
Taking into consideration the above grounds for collecting and processing personal data, should you not wish to provide Inline with the personal data that is needed to enter into a contractual relationship, Inline will not be able to provide you with the services and products at inlinecheckout.com
PURPOSES OF PROCESSING OF PERSONAL DATA
We process your personal data in order to provide and improve services on the website. These purposes include:
Purchase and providing of software-as-a-service (SaaS)
We use your personal information to handle your order, provide our products and services, make payments, and communicate with you in relation to the licensed SaaS, and in certain cases after your explicit consent, to send promotional offers, bulletin, news, etc.
Provide, troubleshoot, and improve Inline’s services. We use your personal information to provide functionality, analyse performance, correct errors, and improve usability and site and product performance.
Recommendations and personalisation
In some cases we may use your personal information to recommend features, products, and services that may be of interest to you, identify your preferences, and personalize your site/ product experience.
Implementation of statutory obligations
In some cases, we have a legal obligation to collect and process your personal data.
To communicate with you
We may use your personal information to communicate with you in relation to the products and services we provide through various channels (e.g., by phone and e-mail).
Prevention of fraud and credit risks. We process personal information to prevent and detect fraud and abuse to protect the security of our clients.
Purposes for which we seek your consent
We may also request your consent to process your personal data for a particular purpose that we are reporting to you. When you agree to process your personal information for a particular purpose, you may withdraw your consent at any time and we will terminate its processing. However, this does not apply if the processing is necessary for another legitimate purpose.
Categories of persons to whom we disclose user personal information
We can share personal information of our users with third parties who are Data Processors. Data Processors are persons who process personal data on behalf of Inline on the basis of a written agreement. They are not allowed to process the personal data they have been provided with for purposes other than the performance of the work assigned to them by Inline. Data Processors are required to follow all of the instructions as prescribed by Inline. Inline takes the necessary steps to ensure that the engaged processors strictly adhere to Inline's personal data protection policies and instructions and that they have taken appropriate technical and organisational measures to protect personal data.
Examples of Data Processors
● Providers of web-based data storage services;
● Service providers for deploying and/or maintaining information systems that are sometimes required to access personal data processed in the respective systems for the purpose of providing the services;
● Payment Service Providers may be Data Processors in some events;
Inline may share personal information of Users with lawyers, account houses, or other consultant service providers in case of dispute or for optimisation purposes;
Inline can share personal information of its Users with banks and payment institutions. In connection with the servicing of consumer payments made by bank transfer or through a payment institution, it is necessary to exchange data between Inline and the respective bank or a payment institution.
Third persons in connection with the transformation (e.g. merger or acquisition) or transfer of an enterprise
In the event of an Inline transformation, as well as in the event of transfer of assets in accordance with the applicable law, it is possible that the personal data of the Users administered by Inline may be provided to a third person who is the legal successor.
WHAT METHODS WE USE TO PROTECT YOUR PERSONAL INFORMATION
We work hard to protect the security of your information during the transmission by using a Secure Sockets Layer (SSL) certificate that encrypts the information you enter. In addition, we maintain physical, technical and procedural guarantees regarding the collection, storage and disclosure of your personal information. Our security procedures mean that we can sometimes ask for a proof of identity before disclosing personal information to you. Devices that store your personal data offer security features to protect against unauthorised access and data loss. It is important to protect yourself against unauthorized access to your computers and devices.
HOW LONG DO WE STORE YOUR PERSONAL DATA?
Inline makes efforts to ensure that processed user data is updated (and corrected if necessary) and that unnecessary data is not being stored.
GENERAL INFORMATION ON THE RIGHTS OF INDIVIDUALS
Inline takes actions at the request of an individual to exercise the rights under this section only if it is able to identify the person concerned
In the event you have questions about the privacy of Inline or you want to contact us about a privacy issue or your privacy rights, you may contact us at the following e-mail: [email protected]
Only persons who can be identified by Inline are able to exercise their rights under this section. If the purposes for which Inline processes personal data do not require or no longer require the identification of an individual, Inline is under no obligation to maintain, obtain or process additional information to identify the person for the sole purpose of taking action at the request of that person.
Inline notifies individuals of the action taken within one month of receiving a request under this section, and in certain cases this period may be extended by up to two months
Inline provides individuals with information on the actions taken in connection with their requests for exercising rights under this Section without undue delay and in any event within one month of receipt of the request.
Inline notifies the individuals concerned of their rights
If Inline does not take action at the request of an individual, Inline shall notify such person without delay within one month of receipt of the request about the reasons for not acting and of the possibility of filing a complaint with the Information Commissioner’s Office and seeking legal protection.
In certain cases, Inline may request additional information to verify the identity of the individuals
If Inline has reasonable concerns about the identity of the individual submitting a claim under this section, Inline may request the provision of additional information necessary to verify the identity of the individual.
The actions taken by Inline regarding claims for exercising rights under this section are completely free to individuals unless their claims are manifestly unfounded or excessive. When a person's claim is manifestly unfounded or excessive, Inline is entitled, in its sole discretion: (a) to refuse to execute the request; or (b) require the payment of a reasonable fee, determined on the basis of the administrative costs necessary to provide the requested information or to take the requested action.
RIGHTS OF THE USERS
Right of access
The Users have the right to obtain from Inline information on whether personal data relating to them is being processed. If so, users have the right to access the relevant data.
• Data subjects may request a copy of all personal data we hold
• Time limit of one month to respond from date or receipt of request
• Where the request is made by electronic means, unless otherwise requested, Personal Data is to be provided in commonly used electronic format
• Information we need to provide includes: purpose of the processing, categories of data, details of disclosure to recipients outside the EEA, data retention period, right to rectification/erasure/restriction of processing, and right to complain to the ICO
Right to rectification
In the event that personal data processed by Inline is inaccurate or out of date, users are entitled to make a request to Inline to correct them.
Right to erasure (‘right to be forgotten’)
Users have the right to request from Inline the deletion of personal data related to them in the following cases:
● Personal Data are no longer needed for the purposes for which they were collected or processed
● The User has withdrawn his/her consent on which the processing of personal data is based and there is no other legal basis for the processing of the data
● The user has objected to the processing of personal data based on the legitimate interest of Inline, unless there are other legitimate grounds for the processing that take precedence over the interests, rights and freedoms of the user or the processing of data is necessary for the establishment, the exercise or protection of legal claims
● The User has objected to the processing of personal data for direct marketing purposes and there are no other legitimate grounds for processing this data
● Personal Data relating to the User has been tampered with
Right to restriction of processing
The User has the right to request Inline to restrict the processing of personal data related to them in the following cases:
● The accuracy of Personal Data is contested by the User for a period that allows Inline to verify the accuracy of Personal Data
● The processing is unlawful and the User opposes the erasure of the personal data and requests the restriction of their use instead
● Inline no longer needs the personal data for the purposes of the processing, but they are required by the user for the establishment, exercise or defence of legal claim
● The user has objected to the processing of personal data based on the legitimate interest of Inline, pending verification that Inline's legitimate grounds have an advantage over Inline's interests
Right to data portability
The User has the right to obtain from Inline the Personal Data provided by them in a structured, widely used and machine readable format, as well as to transfer this data to another Controller without hindering Inline, insofar as:
● Inline processes such Personal Data for the purpose of concluding or executing a contract with the consumer or on the basis of an agreement of the latter; and
● The processing of relevant Personal Data is done in an automated manner.
The User has the right to request Inline to transfer their Personal data directly to another Controller when this is technically feasible.
Right to object
The User is entitled, at any time and on grounds relating to its particular situation, to object to the processing of Personal Data relating to them when Inline processes their data to protect their legitimate interests.
In certain cases, this right is unconditional and Inline will always discontinue the processing of Personal Data upon consumer objection.
Depending on the nature of the objection and the circumstances exposed by the User, Inline will conduct an internal review of the objection and will rule thereon in accordance with this section by: (a) informing the User that it will cease processing of his/her personal data; or (b) reasonably refuses to discontinue the processing of his/her personal data, provided there is a legitimate reason for doing so.
Right of appeal to a supervisory authority
The ICO is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
Users have the right to file complaints or alerts with the Information Commissioner’s Office (ICO) if they believe Inline has breached privacy laws or infringed their rights. Instructions for submitting complaints are found on the ICO’s website: https://www.ico.org.uk