PRIVACY AND COOKIE NOTICE
Last Updated: 26 October 2021
Welcome to our privacy and cookie notice (Privacy Notice).
vHelp is a digital payment service for reimbursing expenses to volunteers and others not on an organisation’s payroll, provided by VeeLoop Ltd (”We”, “our” or “vHelp”) are committed to protecting your information and respecting your right to privacy. This Privacy Notice will inform you how we look after your personal data when you visit our website www.vhelp.co.uk and use our app and related services (vHelp Platform) and tell you about your privacy rights and how the law protects you.
This Privacy Notice aims to give you information on how vHelp collects and processes your personal data through your use of the vHelp Platform, including any data you may provide directly through the vHelp Website.
Our digital payment service enables volunteers to collect payment for purchases they make for vulnerable people or to be reimbursed for expenses incurred during approved activities. It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes, for example you change your email address.
We review this Privacy Notice regularly, and it is your responsibility to check regularly to see whether this Privacy Notice has changed. If you do not agree to any change to this Privacy Notice, then you must immediately stop using our services. In the event we make any significant changes to this Privacy Notice we will use our best endeavours to inform you of such changes in advance by email.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. If there are any terms of this Privacy Notice that you do not agree with, please do not use our services.
For the purposes of data protection law, the data controller is VeeLoop Ltd of 320d High Road, Benfleet, Essex, SS7 5HB. Our ICO registration number is ZA257303.
Our nominated Data Protection Officer (DPO) is Patricia Salume, one of our co-founders, and you may contact our DPO to find out more about the way we treat and use personal data via email at firstname.lastname@example.org.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). The ICO’s address:Information Commissioner’s Office
Wilmslow – Cheshire - SK9 5AF
We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
WHO IS THE PRIVACY NOTICE FOR?
This Privacy Notice describes the way we treat and use personal data that we collect about any adult that uses vHelp.
WHAT PERSONAL DATA DO WE COLLECT AND USE?
We will collect and process the following data about you:
|Data Type||Example||From Whom||Notes||Grounds For Processing|
|Identity data||Full name||All users||
|Contact Data||Email and address||All users||
|Payment data||Credit, debit card or bank account details||All users including organisations||These details allow us to process payment for services provided to you (e.g. so you can reimburse a volunteer for shopping that a volunteer has collected and delivered to you). If you are a volunteer, we use your bank details to reimburse you. Please note that whilst we capture this information, your card details will be stored securely by a third party and we will not keep a copy of this information.||
|Transaction data||Transaction dates, amounts, receipts||Service users and volunteers||Transactions carried out whilst using the vHelp service.||Business purposes|
|Information we receive from other sources||All users||We are working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, analytics providers, search information providers). We may receive personal data about you, provided the third party has the right to share such data with us.||Business purposes|
We automatically collect certain information when you visit, use or navigate the vHelp Platform. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use the vHelp Platform and other technical information. This information is primarily needed to maintain the security and operation of the vHelp Platform, and for our internal analytics and reporting purposes.
We will only use personal data when the law allows us to. We process your personal data for these purposes in reliance on our legitimate business interests (Business Purposes), in order to enter into or perform a contract with you (Contractual), with your consent (Consent), and/or for compliance with our legal obligations (Legal Obligations). The specific processing grounds we rely on are set out in the table above.
IF YOU DO NOT PROVIDE US WITH YOUR PERSONAL DATA
If we need to process the data you provide us with about yourself to fulfil our service and you fail to provide that data when requested, we will not be able to fulfil your request. We will of course notify you if this is the case at the time.
WILL YOUR PERSONAL DATA BE SHARED WITH ANYONE?
We only share and disclose your personal data in the following situations:
- Compliance with Legal Obligations. We may disclose your personal data where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements).
- Vital Interests. We may disclose your personal data where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved.
- Third-Party Service Providers. We may share your personal data with third-party vendors, service providers, contractors or agents who perform services and require access to such information to do that work. They will only have access to your personal data to the extent that they need to perform those services. They are required to keep your personal data confidential and may not use it other than as we ask them to and always in accordance with this Privacy Notice.
Selected third parties include:
- Payment processing providers such Stripe Inc., based outside the EU.
- Data compliance and data governance service providers like Privasee, based in the UK.
- Cloud computing providers such as Amazon Web Service, Inc (AWS), with servers based in the EU.
- Customer service and relationship management solutions such as Hubspot, based outside the EU.
- Website Hosting providers such as Go Daddy Inc., (“GoDaddy”) based outside the EU.
- File Storage providers such as Google Drive and OneDrive, based outside the EU.
- Analytics providers such as Google analytics, based outside the EU and Hotjar, based in the EU.
- Online communication services like Google Meet (based outside EU), Zoom (based outside EU) and Slack (based outside EU).
- Business Transfers. We may share or transfer your personal data in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
With your Consent. We may disclose your personal data for any other purpose with your Consent.
We may disclose aggregated, anonymous information (i.e. information from which you cannot be personally identified), or insights based on such anonymous information, to selected third parties, including (without limitation) analytics and search engine providers to assist us in the improvement and optimisation of our services. In such circumstances we do not disclose any information which can identify you personally.
- Business Purposes. In order to enforce or apply our Terms and Conditions and other agreements; or to protect the rights, property, or safety of vHelp, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
WHERE DO WE STORE YOUR INFORMATION?
All personal data we process is processed by our staff and contractors who are based both in the UK and outside the European Economic Area (EEA).
Some of our external third parties such as Go Daddy and AWS are based outside the EEA so their processing of your personal data will involve a transfer of data outside the EEA.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in the UK/Europe.
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
Please contact us at email@example.com if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
We have implemented appropriate technical and organizational security measures designed to protect the security of any information about you that we process. However, please also remember that we cannot guarantee that the internet itself is 100% secure. Although we will do our best to protect your personal data, transmission of personal data to and from the vHelp platform is at your own risk. You should only access our services within a secure environment.
HOW LONG DO WE KEEP YOUR INFORMATION FOR?
We will only retain personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
In some circumstances you can ask us to delete your data. See below for further information.
We do not currently share your details with any third parties for marketing purposes, but if we would like to do so in the future, we will first get your Consent.
WHAT ARE YOUR RIGHTS?
You have certain rights in relation to the personal data that we hold about you. Details of these rights and how to exercise them are shown below. Please note we will require evidence of your identity before we are able to respond to your request. This is a security measure to ensure that your personal data is not disclosed to a person who does not have the right to receive it. We may also contact you to ask you for further information in relation to your request to speed up your response. To exercise or discuss any of your rights please contact us at: firstname.lastname@example.org
- Right of Access. You have the right at any time to ask us for a copy of the personal data that we hold about you and to check that we are lawfully processing it. Where we have good reason, and where data protection law permits, we can refuse your request for a copy of your personal data, or certain elements of the request. If we refuse your request or any element of it, we will provide you with our reasons for doing so.
- Right of Correction or Completion. If personal data we hold about you is not accurate or is out of date and requires amendment or correction you have a right to have the data rectified or completed.
- Right of Erasure. In certain circumstances, you have the right to request that the personal data we hold about you is erased e.g. if the information is no longer necessary for the purposes for which it was collected or processed or our processing of the personal data is based on your consent and there are no other legal grounds on which we may process the personal data.
Right to Object to or Restrict Processing. In certain circumstances, you have the right to object to our processing of your personal data. For example, if we are processing your personal data on the basis of our legitimate interests and there are no compelling legitimate grounds for our processing which override your rights and interests.
You may also have the right to restrict our use of your personal data, such as in circumstances where you have challenged the accuracy of the personal data and during the period where we are verifying its accuracy.
Right of Data Portability. In certain instances, you have a right to receive your personal data that we hold about you in a structured, commonly used and machine-readable format. In such circumstances, you can ask us to transmit your personal data to you or directly to a third-party organisation.
While we are happy for such requests to be made, we are not able to guarantee technical compatibility with a third-party organisation’s systems. We are also unable to comply with requests that relate to personal information of others without their consent.
If we are relying on Consent to process your personal data, you have the right to withdraw your Consent at any time. Please note however that this will not affect the lawfulness of the processing before its withdrawal.
CHANGE OF PURPOSE
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please email us at email@example.com
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
The vHelp Website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave the vHelp Website, we encourage you to read the Privacy Notice of every website you visit.
A cookie is a small text file that a website or application saves on your computer or mobile device when you visit the site.
We use the following cookies:
- Strictly necessary cookies. These are cookies that are required for the operation of our platform. They include, for example, cookies that enable you to login to secure areas or make use of e-billing services.
- Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our platform when they are using it. This helps us to improve the way our platform works, for example, by ensuring that users are finding what they are looking for easily.
Enabling these cookies is not strictly necessary for the vHelp Platform to work but it will provide you with a better browsing experience. You can delete or block these cookies, but if you do that some features of the platform may not work as intended. The cookie-related information is not used to identify you personally and the pattern data is fully under our control. These cookies are not used for any purpose other than those described here.
|csrftoken||Necessary - Used to help protect a site against at particular type of software attack on web forms.|
|_gat_gtag_UA_104156229_2||Google uses this cookie to distinguish users|
|__ga||Google Analytics cookie|
|_gid||Google Analytics cookie|
|_hjid||HotJar performance cookie|
|_hjIncludedInSample||HotJar performance cookie|
You can control and/or delete cookies as you wish - for details, see aboutcookies.org. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some services and functionalities may not work.
If you have any questions, we are happy to answer!