1. Definitions and Interpretation
“Case Management Systems” means the systems provided by an Integration Partner which You use to access and order our Services through. and used by You as an integration.
“Consumer” means any person acting for purposes other than their trade, business or profession.
“Data Controller”, “Data Processor”, “processing”, and “data subject” shall have the meanings given to the terms “controller” “processor”, “processing” and “data subject” respectively in Article 4 of the GDPR. “Personal Data” means all such “personal data”, as defined in Article 4 of the GDPR, as is, or is to be, processed by the Data Processor on behalf of the Data Controller.
“Integration Partner” means the provider of your Case Management Systems which You use to access and order our Services through.
“Service(s)” means the supply of services by InfoTrack to you including but not limited to property searches, reports and photographs, company searches, trademarks and domain names searches and other searches from time to time and includes our instructions to a Supplier, on your behalf and the dissemination of the information subsequently provided by the Suppliers.
“Sub-Processor” means any organisation or third party appointed by the Data Processor to process the Personal Data on your behalf for the purposes of providing the Services.
“Supplier” means any organisation or third party who provides data or information of any form to InfoTrack for the purposes of providing the Services.
2. Information About Us
Our Website is owned and operated by InfoTrack Limited, a limited company registered in England and Wales under company number 09474590.
10 John Street, London, United Kingdom, WC1N 2EB
Data Protection Officer:
Level 11, 91 Waterloo Road, London, SE1 8RT
3. What does this Policy cover?
4. What is Personal Data and how does InfoTrack collect it?
Personal Data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’. Personal Data relates to any information about you which enables you to be identified.
Depending on your use of Our Website, we may collect some or all of the following categories of Personal Data:
Identity Data: includes first name, last name, middle name, username (or similar identifier), company name and job title
Contact Data: includes email address, telephone number, postal address
Financial Data: includes bank account and payment card details.
Technical Data: includes iP address, login data, web browser type and version, time zone, location and operating system.
Profile Data: includes your username and password, notification settings and preferences.
Usage Data: includes URL information about how you access and use Our Site, products and services.
Marketing Data: includes your preferences in receiving marketing communications from us
InfoTrack collect the personal data you provide when you:
- apply to become a customer or user of our products or services;
- fill in and return to us a signed client form;
- use our services by logging into our system or ordering products or services from us via Our Website, by telephone, email or in other ways;
- enter personal data into our system about you or other third parties in connection with your use of our products or services;
- store details of products or services you have ordered or information and data contained in the particular products or services you have ordered - for example if you order a title search which includes personal data and we store that search information so you can retrieve it again later on;
- when you contact us as a prospective employee or contractor of InfoTrack.
When you visit Our Website, we may collect any or all of the following technical data:
- Device Identifiers (the internet protocol address used to connect your device to the internet, your log- in information, browser type and version, regional settings, operating system and platform);
- Data about your use of Our Website (the full Uniform Resource Locators (URL), clickstream to, through and from Our Website (including date and time), products you viewed or searches for, time spent on certain pages or screens, interaction data (such as scrolling, clicks and mouse-overs.
You are not obliged to provide personal data to InfoTrack, however please be advised that in many cases, if the personal data we request is not provided, we may not be able to supply the relevant product or service that you have requested from us.
5. How does InfoTrack protect your Personal Data?
InfoTrack employ a variety of physical and technical measures to keep personal data safe to prevent unauthorised access to, use or disclosure of it. Electronic data and databases are stored on secure computer systems and we control who has access to them (using both physical and electronic means). Our staff receive data protection training and we have a set of detailed data protection policies and procedures which personnel are required to follow when handling personal data.
We store personal data in computer storage facilities, paper-based files and other records. We take steps to protect the personal data against loss, unauthorised access, use modification or disclosure, and against other misuse. These steps include password protection and access privileges for accessing our IT system, encryption of data stored and physical access restrictions to paper files. Some of these services, such as hosting our computer file servers, are provided by third parties in the UK and we endeavour to ensure that they also have adequate privacy safeguards in place through the use of contractual measures to protect personal data.
Because transmission of information over the internet is often insecure, we do not accept responsibility for the security of information you send to or receive from us over the internet, or for any unauthorised access or use of that information by others over the internet.
InfoTrack shall ensure that all personnel who access and/or process any of the personal data are contractually obliged to keep Personal Data confidential.
6. The purposes for which we collect, use and disclose Personal Data
- enter into, or perform, a contract with you e.g. to fulfil any orders you place through Our Website or over the telephone;
- perform the services you have asked us to provide;
- comply with a legal duty;
- protect your vital interests;
- remember your preferences (e.g. where you are a Supplier, if you ask not to receive marketing material, we’ll keep a record of this), or
- for our own (or a third party’s) lawful interests, provided your rights don’t override
For the purposes connected with providing our products and services to you, we may share your data with third parties but we will not use or share your personal data for any other purpose without first obtaining your consent, unless required by law.
In any event we will only use your personal data for the purposes for which it is collected, or purposes which are very similar.
- to set up your account with us, which (where you are a Consumer) may include confirming your identity and obtaining a credit or reference check from a third party;
- to provide the products or services you have requested from us;
- to answer enquiries you make;
- for payment processing;
- to administer our databases for client services, marketing, credit control and financial accounting purposes;
- to comply with legal requirements regarding collection and retention of information concerning the products and services that we provide; and
We may disclose your personal data (or the personal data of third parties that you may provide to us) to third party service providers who assist us in providing the services you request, including public authorities and providers of information services. This shall include as specifically set out on the Privacy Notice- Consent for Digital Identity Verification
We may also disclose your personal data to third parties who work with us in our business to promote, market or improve the services that we provide, including:
- providers of customer relations management database services and marketing database services;
- marketing consultants, promotion companies and website hosts; and
- consultants and professional advisers.
We may also combine your personal data with information available from other sources, including the entities mentioned above, to help us provide better services to you.
We may share your personal data within the InfoTrack Group of Companies, including InfoTrack and Perfect Portal (UK) Limited in connection with the fulfilment of the contract between us only.
You can withdraw your consent at any time to our processing of your personal data for any purpose at any time, by contacting us by email or at the postal address set out above. By submitting an Order, you understand that we use Sub-Processors for the purpose of providing the Services and by submitting the Order you give consent to use Sub-Processors for the purpose of providing the Services.
In the event we engage another Sub-Processor after you have placed your order for Services and before this order for Services is completed, we will give you prior written notice. If you object to any new Sub-Processor you may, despite anything to the contrary in the Terms, terminate the Agreement and your right to access and use the Services without penalty on written notice provided your notice is received by the effective date of our notice.
InfoTrack will only use suppliers that meet the requirements of the Data Protection legislation.
7. How we use Credit Reference Agencies
For some of the services we provide to you that require credit and identity checks such as our Bank Account Verification Search, we will use a Credit Reference Agency (CRA) to help us to deliver you with the best services.
If you use these services, from time to time we will also search information that the CRA has. The personal data we may exchange with the CRA is:
- Name, address and date of birth
- Credit application
- Details of any shared credit
- Financial situation and history
- Public information, from sources such as Companies House and the electoral register.
This data will then be used to:
- Make sure what you have told is factually correct
- Help detect and prevent financial crime
- Help meet obligations under anti-money laundering rules and guidance
When we use the CRA, this is called a credit search and the CRA will make note of this on your credit file. This is visible to lenders and other companies who perform a credit check on you in the future.
Please follow the link below for further information on how the Credit Reference Agency, Equifax, uses your data and your data protection rights.
Where you are a Supplier, and as an existing customer, we may wish to send you details regarding:
- new services and products offered by us;
- details of meetings, events and seminars that may be of interest to InfoTrack customers and clients;
- our newsletters and other marketing
We may contact you inviting you to opt-in to receiving this information. This means that you will be given the choice as to whether you want to receive these messages and will be able to select how you want to receive them (email, telephone or post).
You may opt-out of receiving direct marketing or the disclosure of your personal data for the purpose of direct marketing by:
- contacting our Data Privacy Officer at DPO@infotrack.co.uk;
- by using any unsubscribe facility contained in email communications that you receive from us;
- writing to us InfoTrack Limited, Level 11, 91 Waterloo Road, London, SE1 8RT
The information we hold is never used for marketing purposes and is never marketed, rented or sold to any third parties.
9. Where we store your Personal Data
The data that we collect from you will be transferred, stored and processed using Amazon Web Servers (AWS) which are held at a destination within the European Economic Area (“EEA”). AWS servers offer the highest level of security and are ISO 27001 compliant. If we transfer any data outside the EEA we will take steps to make sure adequate levels of privacy protection, in line with UK Data Protection legislation, are in place. This shall include as specifically set out on the Privacy Notice- Consent for Digital Identity Verification
The data we collect will be stored and kept for as long as is necessary.
The duration of processing is limited to the duration in which we provide the Services to you.
If you wish to opt out of communications from us or withdraw your consent, your data will be deleted without undue delay. We continually review the personal data we hold and delete what is no longer required.
10. How to access your Personal Data
We want to ensure you remain in control of your personal data. Part of this is making sure you understand your legal rights which are as follows:
- the right to erasure of personal data (although this will not apply where it is necessary for us to continue to use the data for a lawful reason);
- the right to have inaccurate data rectified;
- the right to object to your data being used for marketing or profiling;
- where technically feasible, you have the right to see any personal data you have provided to us which we process automatically on the basis of your consent to a performance of a This information will be provided in a common electronic format;
- the right to make a subject access request (“SAR”) at any time to find out more about the personal data which InfoTrack holds about you (and obtain a copy of it). InfoTrack will usually respond to SAR’s within one month of receipt (however this may be extended by up to two months in the case of complex and/or numerous requests, and in such cases you shall be informed of the need for the extension).
- Your right to be notified immediately if InfoTrack become aware of any form of personal data breach, including any unauthorised or unlawful processing, loss of, damage to, or destruction of any of the personal data
InfoTrack will, on one months’ prior written notice, submit to audits and inspections and provide you with any information reasonably required in order to assess and verify compliance with the provisions of this Agreement and both Parties’ compliance with the requirements of the GDPR.
If you would like further information on your rights or you wish to exercise them please write to us at DPO@infotrack.co.uk or InfoTrack Limited, Level 11, 91 Waterloo Road, London, SE1 8RT.
Please bear in mind that there are exceptions to the rights above and, though we will always try to respond to your satisfaction, there may be situations where we are unable to do so. If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you should contact the UK Information Commissioner’s Office, which oversees data protection compliance in the UK. Details of how to do this can be found at www.ico.org.uk
11. How to contact us or make a complaint
Jon Buckle - InfoTrack Data Privacy Officer
- post: InfoTrack Limited, Level 11, 91 Waterloo Road, London, SE1 8RT
We will acknowledge and investigate any complaint about the way we manage personal data as soon as practicable. We will take reasonable steps to remedy any failure to comply with our privacy obligations. We are not responsible for the privacy policies or privacy practices of the organisations we provide links to from Our website. We suggest that you check the privacy policies and practices of those organisations.
Cookies are text files containing small amounts of information and are placed on your electronic device. They are set when you visit a website that utilises cookies and may be used to keep track of the pages you have visited within any given site and are sent back to the originating website on each subsequent visit. We also use third-party cookies which are those cookies from a domain different than the domain of the website being visited including for advertising and marketing reasons. Cookies are important in helping us to provide a quicker and more efficient user experience, tailored to your individual needs.
Each cookie is unique to your web browser and only the server it is stored upon has the ability to retrieve and read the contents of that individual cookie. It will contain anonymous information including a unique identifier, the site name, and a combination of digits. A cookie will be allocated each time you use Our website. The cookie does not identify you as a user in our data collection process. It does identify your Internet Server Provider.
InfoTrack acting as an agent of TrueLayer, which is providing the regulated Account Information Service, and is Authorised and Regulated by the Financial Conduct Authority under the Payment Services Regulations 2017 and the Electronic Money Regulations 2011 (Firm Reference Number: 901096)