Privacy Policy

Effective: May 20, 2021

Purpose

This Privacy Policy (“Policy”) applies to personal information received by Vera Finance Technology International, a British company (“Vera”), and its subsidiaries. This Policy governs your visit to our website, social media pages, and other online or wireless offerings that post a link to this Policy (hereinafter collectively referred to as “Websites”), as well as your use of our services.

Vera is the entity that determines the collection and use of personal information. As such we are the “controller” or “covered business” for purposes of privacy laws and regulations. This Policy provides you with notice about how we collect and use your personal information, as well as what rights you have and how to exercise those rights.

For this Policy, we will refer to Vera interchangeably as Vera, we, our, or us, and users and visitors to our Websites as “you” and “your.”

Specific Information about this Policy

This Policy is described in a concise, transparent, intelligible, and easily-accessible form. It is set forth in a series of specific components describing how the Policy operates and how it meets certain privacy rights.

This Policy describes what personal information (as we describe further below) we collect about you, how your personal information may be used and shared (if at all), and how your personal information will be stored, and how you can access, modify, and if needed, request deletion of your personal information.

Changes to this Privacy Notice

We reserve the right to revise this Policy at any time. We will notify you of any material changes to the Policy by providing a link to the new Policy on our Websites. Therefore, we encourage you to periodically read this Policy to check for any revisions. We recommend that you store a copy of this Policy and any future versions that may apply to you from time to time for your records.

Definitions

“Personal Information” means information relating to an identified or identifiable individual or under the current FADP legal entity, such as Personal Information that we obtain about you when you interact with us via one of our Internet Properties. Personal Information does not include any data that is anonymized or data that cannot identify you in any way.

The types of Personal Information we may collect include:

    Personal contact information, such as name, postal address, title, telephone number, and email address. The following Personal Information is, for example, collected when you register for our newsletter: first name* and e-mail-address*. All information marked with * are mandatory.

    Social media account information and other information you may share or make public when interacting with us on social media. The following Personal Information is, for example, collected, when you like, comment or share our content: contact information, IP address, and liked/commented/shared content.

    Internet Protocol (IP) address associated with a computing device that you use to access our Websites as well as date and time of access, name and URL of the data accessed, the website from which access is made to our domain, your computer’s operating system and the browser you use, the country from which access to our website is made, and the name of your Internet provider.

Inferences drawn from the Personal Information listed above, in combination with other information collected during your visit to our Websites, which may be used to create a profile or summary about your commercial preferences, including your browsing habits while you visit our Websites (see "Tracking-Tools" below).

How we collect your Personal Information

We may collect Personal Information about you that you voluntarily agree to provide when you visit our Websites. Such collection may occur when: (1) you communicate with us via email or other channels; (2) you sign up for or request that we send you newsletters, alerts, or other materials; (3) you apply for a job with us; (4) you sign up for an event with us; (5) you respond to our communications or requests for information and (6) you visit our Websites (so-called log files).

Third-Party Sources: We may receive information about you from other sources, such as social media platforms or our business affiliates when you interact with us on those sources or platforms, or access our social media content. In some cases, we may collect information from third parties as directed by you.  In order to obtain complete information about Third-Party Sources, we request that you consult the privacy policies of any third-party services.

Cookies and Web beacons: We, our subsidiaries, and our service providers use various technologies to collect information about you, including cookies and web beacons (i.e., pixel tags). Cookies are small data files stored in the device memory of your computing device that help us to, among other things, improve your experience while using our Websites, see which areas and features of our Websites are popular, and count visits. Web beacons are clear, electronic images that may be used on our Websites or in our emails and help deliver cookies, count visits, understand usage and campaign effectiveness, and determine if an email has been opened and acted upon. For information on which cookies are used for tracking purposes see below under "Tracking-Tools".

How we use your Personal Information

We use your Personal Information for various specific purposes, including to:

    Respond to your inquiries or requests for information. In these cases, we process your Personal Information for the performance of a contract or to take steps prior to entering into a contract according to art. 6 para. 1 lit. b GDPR or based on our legitimate interest (answering your inquiry) according to art. 6 para. 1 lit. f GDPR.

    Provide you with services, and send service-related communications. In these cases, we process your Personal Information for the performance of a contract or to take steps prior to entering into a contract according to art. 6 para. 1 lit. b GDPR.

    Send you newsletters, updates, event information, marketing communications, and other information that may interest you. In these cases, we process the Personal Information based on your consent according to art. 6 para. 1 lit. a GDPR.

    Conduct data analytics studies to review and better understand how our Websites are being used. In these cases, we have a legitimate interest according to art. 6 para. 1 lit. f GDPR.

    Enable the use of the Websites (connection establishment), to ensure the long-term security and stability of the system and to optimise the Websites, and for internal statistical purposes. However, such information will not be linked to or stored with Personal Information. Only in the case of an attack on the network infrastructure of our Websites or in case of suspicion of other unauthorised or improper use of the Websites, the IP address will be evaluated for clarification and defence and, if necessary, used in criminal proceedings for identification and to bring legal action against the users concerned under civil and criminal law. In this case, we have a legitimate interest according to art. 6 para. 1 lit. f GDPR.

Disclosing your Personal Information to Third Parties

Vera does not sell your Personal Information to third parties

However, various third-party service providers are explicitly mentioned in this Policy. We may share your Personal Information to our subsidiaries or non-related third-party service providers that perform services on our behalf, such as the web-hosting companies Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, WA 98109-5210, and the information technology providers Atlassian Pty Ltd c/o Atlassian, Inc., 350 Bush Street, Floor 13, San Francisco, CA 94104, GitHub, Inc., 88 Colin P. Kelly Jr. Street, San Francisco, CA 94107. In many instances, these activities are for the purpose of completing a service request or inquiry from you, or to inform a previous user about new services which may be of interest. In these cases, we process your Personal Information for the performance of a contract or to take steps prior to entering into a contract according to art. 6 para. 1 lit. b GDPR, or based on our legitimate interest according to art. 6 para. 1 lit. f GDPR.

Data Sharing and Cross-Border Transfers

We may share your Personal Information within the Vera group, when necessary to conduct the business activities related to your relationship with us. In some instances, that sharing requires us to transfer your Personal Information to one or more of our affiliates outside of United Kingdom, including to the United States, where your Personal Information is stored.

For the sake of completeness, we would like to point out that the U.S. authorities may take surveillance measures under U.S. law that allow general storage of all data transferred from the European Union or United Kingdom to the United States. This is done without distinction, limitation or exception, on the basis of the objective pursued and without objective criteria that would allow limiting the access of the U.S. authorities to Personal Information and their subsequent use to specific, strictly limited purposes that justify access to such data. In addition, we would like to point out that there are no legal remedies in the U.S. for data subjects from EU Member States or United Kingdom that would allow them to obtain access to the data concerning them and to obtain its correction or deletion, and that there is no effective legal protection against general access rights of the U.S. authorities. We expressly draw the data subject's attention to this legal and factual situation so that he or she can make an informed decision about consenting to the use of his or her data.

When we transfer your Personal Information to another country, we ensure that our affiliate is able to provide the same adequate protection of that data as we provide, through internal standard contractual clauses or binding corporate rules between the Vera group.

In addition, we may share your Personal Information with a third party in order to complete our business commitment to you or to comply with a legal obligation associated with our relationship, as necessary to administer that relationship with you or in relation to our Websites. In those situations, Vera conducts the same evaluation of adequacy to ensure that your Personal Information is protected. We will ensure by contract that the third party will not be permitted to process your Personal Information for any other purposes and in any other manner than we would be permitted.

Vera will not share or sell your Personal Information with a third party for any purpose other than to comply with a legal obligation, as necessary to facilitate or complete our business relationship with you or in relation with the optimization of the Websites. We do not sell your Personal Information to third parties for marketing purposes; our agreements with such third parties expressly prohibits them from using your Personal Information for marketing/promotional purposes.

Links to other Websites and Third-Party content

We may provide links to or embed content hosted by third-party websites, services, and applications that operate outside the control of Vera. Third-party services may include an activity feed, social media buttons, and widgets. This Policy does not address the privacy, security, or other practices of third parties that provide such content. We encourage you to review the privacy policies of those third parties before providing any information to us through them.

Children’s Online Privacy

Vera’s Websites are not intended for children under the age of 13. Vera does not target our Websites to children under 13 or knowingly collect information from children under the age of 13. Similarly, we do not normally collect Personal Information about children between the ages of 13 and 18; the exception to this normal rule would be if the parent or legal guardian of a child between 13 and 18 contractually provides us with consent to collect and process a child’s Personal Information.

Please contact us if you believe we have inadvertently collected Personal Information from a child under 18 without proper consent. This will allow us to delete such information as soon as possible.

Your Choices

    Withdrawal of Consent: You may withdraw your consent for us to collect, use, and disclose your Personal Information at any time with effect for the future by unsubscribing to any email

    Disabling Cookies: You may choose to disable our cookies via your internet browsers and computing devices. Most browsers and computing devices include settings that allow you to clear or decline cookies. The following pages explain how to configure the processing of cookies for the most common browsers:

    Microsoft Windows Internet Explorer

    Microsoft Windows Internet Explorer Mobile

    Mozilla Firefox

    Google Chrome for Desktop

    Google Chrome for Mobile

    Apple Safari for Desktop

    Apple Safari for Mobile

    Disabling Web Beacons: In order to prevent the use of Web Beacons, please set your email programme so that no HTML is displayed in messages, if this is not already the case by default. On the following pages you will find explanations on how to make this setting for the most common email programmes (Microsoft Outlook or Email for Mac (“Download remote content in messages”)).

Your Rights and Obligations

Your duty to inform us of changes

It is important that the Personal Information we hold about you is accurate and current. Please keep us informed if your Personal Information changes during the period in which our relationship is active.

Your rights in connection with Personal Information

Under certain circumstances, under applicable privacy laws, you have the right to:

  1. Request access to your Personal Information. This enables you to receive a copy of the Personal Information we hold about you and to check that we are processing it lawfully.
  2. Request correction of the Personal Information. This enables you to request that we correct errors in your Personal Information.
  3. Object to processing of your Personal Information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation that causes you to object to processing on this ground.
  4. Request the restriction of processing of your Personal Information. This enables you to ask us to suspend the processing of Personal Information about you, for example, if you want us to establish its accuracy or reason for processing it.
  5. Request the transfer of your Personal Information to another party, which we may be able to do if it is feasible to do so (e.g., if such a transfer can be accomplished technically) or if it is appropriate to do so (e.g., if the other entity is willing to accept your Personal Information directly from us).
  6. Right to file a complaint with the competent data protection authority at any time.
  7. A final right you have is to request erasure of your Personal Information. This right enables you to ask us to delete or remove Personal Information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Information where you have exercised your right to object to processing. However, you should be aware there are specific exemptions under which Vera will NOT honor a request for erasure:

    Where we have an ongoing legal obligation to retain your Personal Information because of a regulatory requirement (e.g., securities laws, KYC);

    Where retaining the information is necessary for us, our affiliates, or our service provider(s) to complete the transaction for which we collected the Personal Information, to provide a good or service that you requested, to take actions reasonably anticipated within the context of our ongoing business relationship with you, or to otherwise perform our contract with you; and

    Where the continued use of your Personal Information is necessary in order to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.

If you want to review, verify, correct, or request erasure of your Personal Information, object to the processing of your Personal Information, revoke your consent or request that we transfer a copy of your Personal Information to another party, please contact our data protection manager in writing.

Information for European Economic Area and British Residents

We will only retain your Personal Information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Details of retention periods for different aspects of your Personal Information are available in our retention policy, which is available from our Data Protection Manager. To determine the appropriate retention period for Personal Information, we consider the amount, nature, and sensitivity of the Personal Information, the potential risk of harm from unauthorized use or disclosure of your Personal Information, the purposes for which we process your Personal Information and whether we can achieve those purposes through other means, and the applicable legal requirements. In some circumstances, we may anonymize your Personal Information so that it can no longer be associated with you, in which case we may use such information without further notice to you. When permitted or it is appropriate to do so, we will securely destroy your Personal Information in accordance with applicable laws and regulations. There may be specific statutory data retention obligations. British law requires, for example, that business communication, concluded contracts and booking receipts must be stored for up to 10 years.

Information for California Consumers

This portion of our Policy advises California residents of rights provided under the California Consumer Privacy Act (the “CCPA”) that relate to our collection, use, and disclosure of Personal Information.

Subject to certain limitations, you have the right to request to know more about the Personal Information (and categories of information) we collect, use, and disclose, and to request the deletion of your Personal Information.

You also have the right to opt-out of the disclosure of Personal Information to third parties for their direct marketing purposes. Vera does not disclose Personal Information to third parties for direct marketing purposes. California law (California Civil Code Section 1798.83) “Shine the Light Law” permits residents of California to opt out of our disclosures of your Personal Information to third parties for marketing purposes at any time. Vera will not disclose your personally identifiable information to third parties for marketing without giving you notice and getting your consent. Please note this opt-out doesn’t prohibit disclosures for non-marketing purposes.

Some website browsers may be able to send a do not track signal to websites. Our Website does not respond to do not track signals or similar mechanisms and requests. If you block cookies through your browser, you will block cookies, as noted above.

Information for Canadian Residents

Individuals covered by PIPEDA, or any of the six provincial privacy laws that have been declared “substantially similar” to PIPEDA, must obtain an individual’s consent when they collect, use, or share the individual’s Personal Information, and individuals have a right to access their Personal Information held by an organization and to challenge its accuracy, if need be. Vera can only use Personal Information for the purpose(s) for which it was collected. Individuals should also be assured that their Personal Information will be protected by appropriate safeguards.

Information and Privacy Security

Vera uses a variety of physical, administrative, and technological safeguards designed to protect your Personal Information against loss, misuse, and unauthorized access or disclosure and follows the applicable legal and regulatory requirements for safeguarding such information. We have dedicated information security programs and work hard to continuously enhance our technical and operational security measures. Our measures consider the sensitivity of the information we collect, use, and store, and the current state of technology. Our security measures include data encryption, firewalls, data use and access limitations for our personnel and subcontractors and physical access controls to our facilities and cloud-based data storage servers.

Please be aware that, despite our best efforts, no security measures are perfect. As a result, we cannot guarantee or warrant the security of any submitted Information. In the event of a security breach that involves your Personal Information, Vera will notify the appropriate officials and notify you if you have reason to believe that your data has been compromised.

Affirmative Consent and Withdrawal Right

I have read the above information presented by Vera about this Policy. I hereby give affirmative consent to Vera to collect and use my Personal Information in connection with its Websites.