book a demo

Privacy Policy

Last updated: 5th April 2018

Introduction

At Receipt Bank we take Users’ privacy very seriously. Our aim is to only collect and use your personal data for the purpose of providing the Receipt Bank Products – nothing more.

Receipt Bank is a global company, offering a global service to its users and business partners. This Policy is drafted with reference to both the Data Protection Act 1998 and the EU General Data Protection Regulation (from 25th May 2018) (together the “Data Protection Legislation”). Receipt Bank believes that compliance with the data protection principles outlined in the Data Protection Legislation creates a strong framework to ensure that individuals’ personal data is secured, protected and used appropriately.

This Policy addresses how Receipt Bank uses, transfers and stores the personal data we collect about individuals (“Users”) when they access our website (the “Site”), use any of Receipt Bank’s mobile and tablet applications (the “Apps”) or use any of our services or products (collectively, the “Receipt Bank Products”), or otherwise have their personal data submitted to us.

By visiting the Site, using our Apps and using the Receipt Bank Products and/or agreeing to our Terms and Conditions, Users are accepting the practices and guidelines set out in this document (the “Policy”), so please take a few minutes to read it over carefully.

When we refer to Receipt Bank, “we” or “us” in this Policy, we are referring to Receipt Bank itself together with, as applicable, the Receipt Bank Products.

For the purposes of the Data Protection Legislation, where we are the party that determines the purposes for which and the manner in which any personal data is processed, the data controller of any such personal data is Receipt Bank Limited of 99 Clifton Street, London EC2A 4LG (“Receipt Bank”). However, we may also collect or be provided with certain personal data pursuant to our agreements with our customers and partners who remain the data controller of that personal data – in this case, we act as a data processor of the relevant customer or partner. Where we act as a data processor of any personal data, we will process such personal data in accordance with this Privacy Policy, our Terms and Conditions and the relevant data controller’s instructions.

Two areas that we recommend our Users particularly focus on are the sections titled:

  • “International Data Transfer”; and
  • “Analytics Services”.

If you have questions or concerns regarding this Policy, please contact us here.

Limiting the collection and use of Personal Data

Collecting personal data allows Receipt Bank to offer a more customised, secure, and efficient service to our Users. Here’s a brief description of how we use personal data:

  • To provide, operate, maintain, and improve the Receipt Bank Products.
  • To provide customer service.
  • To communicate upcoming features, developments, and news relating to the Receipt Bank Products.
  • To protect, investigate, and deter against fraudulent, unauthorised, or illegal activity.
  • To provide and deliver any other products and services that Users request.
  • If applicable, to allow accountants and bookkeepers who use the Receipt Bank Products to contact their clients.

We will take all steps reasonably necessary to ensure that personal data is treated securely and in accordance with this Policy and, where it applies, the Data Protection Legislation.

What Information do we collect?

Information provided when Users sign up on the Site or an App. When Users register for a subscription through the Site or an App (or update any information previously given to us), we collect personal details which can include: ‎ names, postal addresses, email addresses, phone numbers, fax numbers, usernames, passwords and demographic information (for example, a User’s occupation).

Information provided through use of the Receipt Bank Products.When using the Receipt Bank Products, Users may provide us with additional personal data that might be contained on any receipts, invoices and other items that they submit to us through the Receipt Bank Products. Users may also provide us with personal data which relates not only to Users themselves, but also certain third party individuals. We will treat such data in accordance with this Policy. Users may also provide us with certain personal data when they report a problem with the Receipt Bank Products or send us any other information either directly on the Site or via the Apps.

Information Users submit to blogs, boards, or discussion forums. If Users choose to participate in commenting on any blogs or posting on our board or forums on the Site, they may submit certain Personal Information to us. Please also note that Personal Information that Users submit in this way can be read, collected, or used by other Users. As Users control what they submit, we are not responsible for the information (including Personal Information) they choose to submit to blogs, discussion boards or forums we host. We urge Users to be very careful when deciding to submit their Personal Information in this fashion.

Information we get from others. We may get personal data about Users from other sources. As an example of how we might get personal data other than via the Apps or the Site – we might collect certain information Users have uploaded to their accounting software when any Receipt Bank Product is integrated with that software. We may add this to information we get from this Site or the Apps or otherwise through Users’ use of the Receipt Bank Products.

Information automatically collected through the Site and the Apps.Each time Users visit the Site or use the Apps we may automatically collect the following information:

  • Technical Information – this includes the type of mobile or tablet device Users use, a unique device identifier (for example, a device's IMEI number, the MAC address of the device's wireless network interface, or the mobile phone number used on a device), network information, operating system, the browser, and time zone settings.
  • Content Information– this includes information stored on Users’ devices such as contact information, friends lists, login information, photos, videos or other digital content.
  • Usage Information – this includes: web traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise; the resources that Users access; the website(s) visited before browsing to the Site, pages viewed, how long spent on a page, access times; and other information about use of and actions on our Site.

Testimonials and Feedback. Receipt Bank does not post any personal data relating to its Users along with testimonials, unless we have been given permission to do so by the User. We get in touch with our Users to confirm that they are happy for their personal data to be posted on our Site before anything is posted to request their permission to do so. Users may submit or ask us to withdraw a testimonial by contacting us here.

Cookies

We may log and collect certain personal data using "Cookies". Cookies are small data files stored on Users’ hard drives by a website. We may use both session Cookies (which expire once Users close their web browser) and persistent Cookies (which stay on Users’ computers or devices until they delete them) to provide Users with a more personal and interactive experience on our Site and the Apps. This type of information is collected to distinguish different Users of the Apps or the Site. This helps us to provide Users with a good experience when they use the Apps or browse the Site. It also allows us to improve the Apps and the Site to make them more useful and to tailor each User's experience to meet their special interests and needs.

Please note that the Cookies that we may use include both Cookies we place and those which are placed by our third party partners – these are commonly referred to as “third party Cookies”. Third party Cookies are Cookies that are set by a domain other than the one being visited by the User – for example, if an individual visits the Site and a company other than Receipt Bank sets a cookie through the Site, this would be a third party cookie.

Some of the Cookies we place are essential to allow us to provide certain aspects of the Site and the Apps – for example, some are necessary to enable Users to log into certain secure areas. Users will typically be able to remove and reject Cookies from our Site or the Apps by changing their settings. Many browsers and devices are set to accept Cookies until you change your settings. If Users remove or reject our Cookies, it could affect how our Site or the Apps works for them.

Analytics Services

We may use third party analytics services (“Analytics Services”), to help analyse how Users use our Site and the Apps. The information generated by the Cookies or other technologies about Users use of the Receipt Bank Products (the “Analytics Information”) is transmitted to the Analytics Services. The Analytics Services use Analytics Information to compile reports on User activity. The Analytics Services may also transfer the Analytics Information to third parties where required to do so by law, or where such third parties process Analytics Information on their behalf. Each Analytics Service’s ability to use and share Analytics Information is restricted by such Analytics Service’s particular Terms of Use and Privacy Policy. By using the Receipt Bank Products, Users consent to the processing of their personal data by Analytics Services in the manner and for the purposes set out above. For a full list of Analytics Services we use, please contact us at support@receipt-bank.com.

How Personal Information is secured

Personal data on Receipt Bank is protected by an email address and password login. Users are responsible for keeping their password secret, and should be careful to log out of their accounts after they have finished any given session, especially if they are using a public computer. The security of personal data is important to us. When Users enter sensitive information on our registration forms (such as their name, mailing address, or credit card information), we encrypt that information using secure socket layer technology.

Only employees or service providers that need to access personal data (such as customer service representatives or our data processing teams) will have access to personal data. Receipt Bank takes reasonable steps to ensure that it keeps all employees informed and reminded of privacy and security practices.

We seek to use reasonable organisational, technical and administrative measures to protect personal data within our organisation. Unfortunately, no transmission or storage system can be guaranteed to be completely secure, and transmission of information via the internet is not completely secure. If a User has any reason to believe that their interaction with us is no longer secure (for example, if they feel that the security of their account might have been compromised), they should notify us of this problem immediately by contacting us here.

We note that retention time can also impact the security of personal data and should be considered. In compliance with our obligations under the Data Protection Legislation, we only retain Users’ personal data for so long as necessary to meet the purposes for which it was collected.

Sharing of Personal Information

Receipt Bank does not use Users' personal data to introduce them to third parties.

However, we may share certain personal data as follows:

  • Users’ accountants and bookkeepers. If a User is using any Receipt Bank Product that has been made available to them by a service provider who has signed as one of our partners (e.g., their accountant or bookkeeper), then all personal data uploaded by such Users will be available to that partner and its authorised employees and agents who have access to the relevant partner dashboard site.
  • Other third parties. We may share Users’ personal data with our third party service providers who need it to do work for us. For example:
    • As described above, we may share information with Analytics Services that assist us in the improvement and optimisation of our Site and Apps.
    • As described below, we may make available Users’ personal data to our third party data processing team who are based outside the EEA.
  • Corporate restructuring. We may share personal data when we do a business deal, or negotiate a business deal, involving the sale or transfer of all or a part of our business or assets. These deals can include any merger, financing, acquisition, or bankruptcy transaction or proceeding.
  • Other disclosures. We may share personal data for legal, protection, and safety purposes, in accordance with this Policy:
    • We may share personal data to comply with laws or to allow us to enforce the terms of this Policy and/or our then current Terms and Conditions.
    • We may share information to respond to lawful requests and legal processes.
    • We may share personal data to protect the rights and property of Receipt Bank, our agents, customers, and others. This includes enforcing our agreements, policies and Terms and Conditions.
    • We may share personal data in an emergency. This includes protecting the safety of our employees and agents, our customers, or any person.
    • We may share personal data with those who need it to do work for us.
    • For information on how we may also share Anonymous Data, see the section titled “Anonymous Data”.

International Data Transfer

All the personal data Receipt Bank stores about its Users is stored on servers based in the European Economic Area (“EEA”) by Amazon Web Services. If the location of our servers change in the future, we will update this Policy.

Users should note that, although their personal data is stored in the EEA, Receipt Bank’s data extraction team, certain members of which are based outside the EEA, receive access to the content uploaded via the Receipt Bank Products. Members of our data extraction team are not given access to any personal data beyond any data which is outlined on any submitted items themselves – for example, they may be able to see a User’s name or address that is present on an invoice, but they will not have access to any other information about that User. Receipt Bank imposes strict contractual obligations on its data extraction team to ensure data on any submitted items is secure, protected and treated in accordance with this Policy.

As a modern company, Receipt Bank uses various cloud-based systems and tools, including certain customer relationship management and marketing automation services (“Tools”) to allow us to provide the Receipt Bank Products to our Users quickly and efficiently. For example, to help us manage our client relationships, we use software provided by internationally renowned companies such as Salesforce (NYSE:CRM) and HubSpot (NYSE:HUBS). As part of our use of the Tools, certain limited client and User profile information is sent to the providers of the Tools, some of whom are based outside the EEA. Where Users' personal data is sent by Receipt Bank to Tool providers based outside the EEA, we ensure such transfers are conducted in accordance with Receipt Bank’s obligations under the Data Protection Legislation.

By accepting this Policy, Users’ agree to the transfer of their personal data outside the EEA in accordance with the practices described in this Policy. We will take all steps reasonably necessary to ensure that such personal data is treated securely and in accordance with this Policy.

Legal basis of our processing

The Data Protection Legislation requires that we have a clear legal basis for processing your personal data. To be open and transparent with you in respect of our use of your personal data, here are the legal bases for our processing:

 

Category(ies) of personal data involved

Purpose/use

Legal basis for processing

  • Information provided when Users sign up on the Site or an App.
  • Information provided through use of the Receipt Bank Products. 
  • Information Users submit to blogs, boards, or discussion forums.
  • Information we get from others.
  • Information automatically collected through the Site and the Apps.
  • Technical Information.
  • Content Information.
  • Usage Information.
  • Testimonials and Feedback.

To provide, operate, maintain, and improve the Receipt Bank Products.

Contractual necessity – without being able to process your personal data as described in this Policy, we would not be able to perform the contract with you that is formed under our Terms and Conditions.



  • Information provided when Users sign up on the Site or an App.
  • Information provided through use of the Receipt Bank Products. 
  • Information Users submit to blogs, boards, or discussion forums.
  • Information we get from others.
  • Information automatically collected through the Site and the Apps.
  • Technical Information.
  • Usage Information.
  • Testimonials and Feedback.

To provide customer service

Contractual necessity (see above).

  • Information provided when Users sign up on the Site or an App.
  • Information Users submit to blogs, boards, or discussion forums.
  • Information we get from others.
  • Information automatically collected through the Site and the Apps.
  • Testimonials and Feedback.

To communicate upcoming features, developments, and news relating to the Receipt Bank Products.

Consent – you have authorised us to contact you for certain specified purposes.

  • Information provided when Users sign up on the Site or an App.
  • Information provided through use of the Receipt Bank Products. 
  • Information Users submit to blogs, boards, or discussion forums.
  • Information we get from others.
  • Information automatically collected through the Site and the Apps.
  • Technical Information.
  • Content Information.
  • Usage Information.

To protect, investigate, and deter against fraudulent, unauthorised, or illegal activity.

Legitimate interests – Receipt Bank has a legitimate interest in ensuring that we can protect and secure the Services and our Products.

  • Information provided when Users sign up on the Site or an App.
  • Information provided through use of the Receipt Bank Products. 
  • Information Users submit to blogs, boards, or discussion forums.
  • Information we get from others.
  • Information automatically collected through the Site and the Apps.
  • Technical Information.
  • Content Information.
  • Usage Information.
  • Testimonials and Feedback.

To provide and deliver any other products and services that Users request.

Contractual necessity (see above).

  • Information provided when Users sign up on the Site or an App.
  • Information provided through use of the Receipt Bank Products. 
  • Information we get from others.
  • Information automatically collected through the Site and the Apps.
  • Technical Information.

To allow accountants and bookkeepers who use the Receipt Bank Products to contact their clients.

Contractual necessity (see above).

Automated Decision Making and Profiling.

We do not use your personal data for the purposes of automated decision-making or profiling as those terms’ meanings apply in the context of the Data Protection Legislation. However, we may do so in order to fulfil obligations imposed by law, in which case we will inform you of any such processing and provide you with an opportunity to object.

Anonymous Data

When we use the term “Anonymous Data”, we are referring to data and information that does not permit an individual person to be identified or identifiable, either alone or when combined with any other information available to a third party – this could include data derived from personal data which is aggregated and compiled in anonymous form, Analytics Information and information collected from Cookies.

We may create Anonymous Data records from the personal data we receive about our Users and other individuals whose personal data is submitted to us. We make personal data into Anonymous Data by excluding information (such as a User’s name) that makes the data personally identifiable to them. We use this Anonymous Data to analyse requests and usage patterns so that we may enhance the Receipt Bank Products and improve Site navigation and the functionality of the Apps.

We may use Anonymous Data for a number of purposes, which could include disclosing that Anonymous Data to third parties.

Users choices about privacy

Users may always opt not to disclose certain personal data, but that may mean that they will not be able to access certain Receipt Bank Products. For example, a User's name and email address are necessary to complete the registration process.

If Users have a complaint about this Policy, please send it via email to here. Users’ complaints will be filed and reviewed by a qualified member of the Receipt Bank team. If required, Users will receive a response to their message as soon as possible.

Changes to this Privacy Policy

Receipt Bank may amend or change this Policy at its sole discretion at any time. The use of the personal data we collect at any given point is subject to the Policy in effect at the time of collection. Users should periodically check the Policy to make sure they understand the current Policy. Whenwe do make changes to the Policy, we will change the Last Updated date at the top of this document.

Receipt Bank will notify Users by sending an email to the email address they have registered with their account, or by posting a prominent notice on the Site or the Apps, before we implement any material changes regarding our privacy practices or this Policy.

Email communications

Although we do not use Users’ personal data to send them marketing emails, we may still send non- marketing emails. Non-marketing emails include emails about Users’ accounts and our business dealings with them - for example, if any part of the Receipt Bank Products is temporarily disrupted or suspended or if there are any upcoming features or developments to the Receipt Bank Products we need to communicate. In addition, please note that all Users will receive an automatic welcome email necessary to complete their registration process.

If Users do not wish to receive these communications, they have the option of deactivating their account. Users may request that their account be deleted or deactivated from Receipt Bank by sending an email here.

Your rights and Privacy Protection Measures

The Data Protection Legislation gives you certain rights in respect of your personal data (these are listed below). Receipt Bank has put in place policies and procedures to ensure that it respects those rights. If you wish to exercise any of these rights, please contact us at and make clear: (i) what personal data is concerned; and (ii) which of the rights below you would like to enforce.

  • Opt-out. Users may contact us at any time to opt out of: (i) direct marketing communications (if applicable); (ii) automated decision making and/or profiling (if applicable); (iii) any new processing or your personal data we carry out beyond the original purpose for which we collected (which will be as described in this Policy); or (iv) the transfer of your personal data outside the EEA. Please note that your use of some of the Services may be ineffective upon opt-out – for example, if you opt out of the transfer of your personal data to parties outside the EEA, we will not be able to provide you with the vital services that our data extraction teams provide.
  • Access. You may access the personal data we hold about you at any time by contacting us directly at support@receiptbank.com.
  • Amend. You can also contact us to update or correct any inaccuracies in your personal data.
  • Move. Your personal data is portable – i.e., you to have the flexibility to move your personal data to other service providers as you wish. This means that we are required to keep that personal data in a commonly-used, interoperable format to facilitate this transfer between providers. Please note that this right extends only to your personal data, it does not cover all information provided to or extracted from Transactions uploaded to our Services.
  • Erase and forget. In certain situations, for example when the personal data we hold about you is no longer relevant or is incorrect, you can request that we erase such personal data.

Please let us know if you have any concerns about the operation of this Privacy Policy. If we are unable to resolve any issue you have a right to lodge a complaint with our supervisory authority. In the United Kingdom this is the Information Commissioner’s Office.

Third party sites

Our Site may contain links to and from the websites of our partner networks, advertisers and affiliates. If Users follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Users should please check these policies before they submit any personal data to these websites. The links to third party websites or locations are for convenience only and do not signify our endorsement of such third parties or their products, content, or websites. If Users disclose information to others, or authorise us to do the same under this Policy, the use and disclosure restrictions contained in this Policy will not apply to any third party. We do not control the privacy policies of third parties, and Users are subject to the privacy policies of those third parties where applicable.

Children's Privacy Protection

Our Services are developed, marketed and intended for use by businesses only. We do not knowingly engage in any data collection, processing or storage of Users under 18. Our communication, marketing, and sales activities are never aimed at children. In the event that we identify a User who is under-age, we will take all the reasonable measures to prevent this person from continuing their interaction with the Service, and delete the information. If you are 18 or under, please do not access or use our Services without parental consent and supervision. If you are a parent or a legal guardian or concerned third party of a child under 18 who interacted with the Services, please alert us via support@receiptbank.com.

Sensitive information

We ask that Users not send us, and that Users not disclose, any sensitive personal data about themselves or anyone else (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the Receipt Bank Products or otherwise to us.

Conditions of use

Users use of the Site, the Apps, and the Receipt Bank Products is subject to this Policy and Receipt Bank’s Terms and Conditions.