Our Commitment

InfiniteCFO Limited (an England and Wales company with registered company number 09349388) (“InfiniteCFO”) takes your privacy seriously. Please read this Privacy Notice (“Notice”) to learn more about how we collect, use, disclose, process and store your personal information when you access or use our website or Services or contact us in any different way. We gather various types of information, including information that identifies you as an individual (Personal Data). This is explained below.

We are registered with the Information Commissioner’s Office as a data controller in the United Kingdom. InfiniteCFO, including any group of companies, regard the UK Information Commissioner’s Officer as the Lead Authority for the purposes of data protection compliance.

Some of the information we collect about you can be used to identify you. This type of information is defined as “Personal Data” under the UK Data Protection Act 2018, UK GDPR and as applicable pother privacy laws, including as applicable, the EU General Data Protection Regulation (EU) 2016/679 (“GDPR“) as amended or replaced by legislation applicable in the country of domicile of the applicable InfiniteCFO company (“Data Protection Laws”). In this Notice we use the words “Personal Information” to talk about your Personal Data. We do not need your consent to collect and process Personal Information where we have a lawful basis to do so. Where we do not, we rely on your consent.

A. We collect your Personal Information:

  1. when you email, call us or write to us or provide us with information in any other way, including by interacting with us via social media such as Facebook, Twitter, Pinterest, YouTube, Google+ or Disqus or others;
  2. when you visit, or make enquiries, register, send any messages and/or purchase services from us or otherwise when you visit our website (“Website”);
  3. when you visit our Website and cookies are placed on your computer, which cookies are subject to our cookie policy which is available on our Website; and
  4. when you provide information to us in connection with any provision by InfiniteCFO of any services to you or your employer or any other company or business to which you are connected, though whatever means.

B. We process the following kinds of Personal Information if you or your employer or other person lawfully provides it to us:

  1. Information about you, including your name, title, job title, postal address, telephone number(s) and email address(es), and any employment related information as applicable in the provision of the services by us, (including sensitive/special category personal data where relevant and where we have your consent, but only where consent is required).
  2. Information about you which you provide to us through your access to the Website.
  3. Information you or your employer or other company or business provide to us (directly or indirectly) as part of the provision of any of our services.
  4. Information you provide to us during communications you have with us and with our staff, contractors, agents or other persons whether by email, post, telephone, in person or through our Website, for example comments or queries or other information concerning the services we provide.
  5. Financial information if relevant to the services we provide including if applicable, payment details.
  6. Credit and anti-fraud data including credit history, credit score, sanctions and criminal offences, and information received from various anti-fraud databases relating to you or your employer or any company or business engaged by you.
  7. Information about your use of our Website and any other means of communication you use to contact us.

Why do we collect your Personal Information, how do we use it, and what are our lawful grounds for collection and use?

A. We collect and use your Personal Information for the following purposes: To provide our services in accordance with our contractual obligations (and/or in anticipation of them) or where it is in our legitimate interest to do so in order to provide services, including:

  • to provide quotes, to set you or your employer or other business up as a client and to provide the services and understand customer needs and preferences (including keeping records of previous services purchased in the past);
  • to process and to manage any services, and use of our services and including any outsourced services;
  • to provide a demo of the services or contact you about our services or invoicing and to provide any other services to you or your employer or other company or business you are involved with and which they have agreed to receive under any contract that we both enter into together;
  • to communicate with you via email and to answer your questions and enquiries, in accordance with our legitimate interest to provide our services or respond to queries;
  • to update our records and for audit purposes, in accordance with our legitimate interest to provide services;
  • To prevent or detect fraud, KYC and other legal obligations in accordance with our legitimate interest to provide services and/or other services;
  • to comply with requests from law enforcement and regulatory authorities;
  • to use it for such other purposes as we may notify you through our latest Notice.

B. If you do not provide your Personal Information to us, we may be unable to provide our services.

How do we share your Personal Information?

For the purposes specified above, the Personal Information that you provide to us (including any sensitive personal data as appropriate and permitted by you) may be shared with:

  • our employees, officer and directors;
  • insurers and payroll agents;
  • credit or checking agencies;
  • our third party service providers and outsourcers;
  • law enforcement and regulatory authorities where we are required to do so by law;
  • prospective buyers or investors in the event we wish to attract investment or sell all or part of our business;
  • other companies within the InfiniteCFO group of companies, for the purposes of (i) developing our services and enhancing them; (ii) reporting, management control, audit and accounting purposes and (iii) for corporate governance and legal purposes.

The current list of categories of companies which process personal data on our behalf is

Website analytics companies (including Google Analytics); CRM, marketing, and services providers (including but not limited to Salesforce.com, Hubspot, and MailChimp); Cloud storage hosting providers; Social media providers; Bookkeeping, Accounting and Payroll Processing Businesses (including but not limited to EPIC Administration Services Limited and EPIC Administration Private Limited); Your Personal Information may also be shared with other customers of InfiniteCFO following your explicit and informed consent, in case you have been requested by your sales representative to serve as reference for our Services in a specific situation.

Where do we store your Personal information?

We Process your information within our own systems and on third party servers which are located both in the UK, the EEA and also further afield. We only process personal data outside of the UK or EEA where we have adequate legal measures in place to protect your personal data and typically we use the standard International Data Transfer Agreement (IDTA) approved by the ICO for such purposes.

How long do we retain your Personal Information?

We will keep your Personal Information only for so long as is necessary and for the purpose for which it was originally collected and/or whilst we have a lawful basis to do so. Depending on the record types and our relationship with you, retention periods range from a short period which may be days or weeks or months but up to seven years or for the period during which our services are provided, which ever is the longer period of time. If you would like more detailed information about our retention policy, please contact us at [email protected].

How do we protect your data?

We aim to keep your Personal Information secure. In order to prevent unauthorised access or disclosure, we use appropriate physical, technical and organisational measures to keep the Personal Information we collect secure. Our service providers are required to do the same. Unfortunately, transmission of information via the internet is not completely secure. Although we will do our best to protect your Personal Information once we receive it, we cannot guarantee the security of your Personal Information transmitted to our Website or otherwise; any transmission is at your own risk. Once we have received your Personal Information, we will use strict procedures and security features to try to prevent unauthorised access or loss in accordance with Data Protection Laws.

Your rights

You have a right to access your Personal Information to check that the information we hold about you is accurate and that it is being processed lawfully, and to request that it is corrected if you think it is inaccurate (see “How you can access and update your Personal Information” below). You have the rights to: (i) ask us to restrict the processing of your data (meaning that we could store it but not use it); (ii) object to how we use your data; and (iii) request that we delete your data. Our response will depend on the circumstances and our legal obligations, including our obligations and rights under Data Protection Laws and our lawful basis for obtaining and processing your Personal Information. You also have the right to ask us to “port” (transfer in an electronic format) personal data to another service provider if it is stored electronically, we received it from you, and if we are processing it on the grounds of your consent. For more information about your rights please see: https://ico.org.uk/your-datamatters/ or enquire of your local Supervisory Authority.

How can you access and update your Personal Information?

The accuracy of your Personal Information is important to us. You have the right to get information held about you by us corrected if it is inaccurate. If you have any concerns about the accuracy of your Personal Information, or if you would like us to remove the Personal Information we hold about you, please let us know at [email protected]. You can request full details of Personal Information we hold about you, including a copy of it by contacting us at [email protected]. Please include a description of the information you would like to see, together with proof of your identity (a copy of your driving licence or passport and a recent utility bill). Please confirm in your email to us that you consent to us using your identity documents in order to check your identity, since in some cases it is possible that identity documents could reveal racial or ethnic origin or religion. We will delete your identification information after we have completed responding to your request and you have confirmed that you are satisfied with our answers.

Complaints to the ICO or other Supervisory Authority

If you are unhappy with the way that we treat your Personal Information please contact us at [email protected] and we will work with you to resolve your issue. You also have the right to contact the UK data protection authority, the Information Commissioner’s Office (“ICO”). You can contact the ICO through its website: https://ico.org.uk/global/contact-us/. You can also call the ICO helpline from the UK on 0303 123 1113, or +44 1625 545 700 if calling from outside of the UK.

Changes to this Privacy Notice

Any changes we may make to our Notice in the future will be posted on our Website.

Use of our Website

When you use our Website, we collect Personal Data that you chose to provide to us. For example, on our page “Contact Us” or when registering for a webinar, event, or downloading a resource, you provide us with contact information. This information may be used to contact you regarding your request or interest in our Services. We will only subscribe you to our newsletter if you choose to do so. We also collect certain information related to your device, such as your device’s IP address and referring Website. For further information, please see the section below headed “Cookies and other Tracking Technologies”. For most information we collect via our website, excluding first party cookies, we do so on the basis of your unambiguous consent. First party cookies, which are necessary for the functioning and security of our website, are placed based on our legitimate interest to provide a functioning and secure website.

Cookies and other Tracking Technologies

We use cookies and other tracking technologies on our Website and for our Services in accordance with our cookie policy. We may also use clear gifs in HTML-based emails sent to users to track which emails are opened by recipients. We use this information to improve marketing effectiveness, enable accurate reporting and make our Website and Services better for our users. All cookies and other tracking technologies are used to administer and improve our Website and to analyze use of the Website for marketing and advertising purposes and trend monitoring. More detail on the types of cookies that we use, can be found in our cookie policy.

Meeting InfiniteCFO at events

When you meet InfiniteCFO representatives at events, we may ask you to provide us with your Personal Data to follow up on conversations. These data will likely include your name, the name of your organisation and function and contact details, and can be collected by taking your business card, writing down the information or collecting it via automated means offered by the conference organiser. Your Personal Data will be used after the event to reach out to you and will be stored in our CRM to monitor the outcomes of any event.

Questions regarding this Privacy Notice

Individuals may address their privacy related concerns by contacting InfiniteCFO at [email protected]. Every privacy-related complaint will be acknowledged, recorded and investigated, and the results of the investigation will be provided. If a complaint is found to be justified, appropriate measures will be taken. If you are in the European Union and therefore subject to the General Data Protection Regulation and have an unresolved privacy or personal data collection, use, or disclosure concern that we have not addressed satisfactorily, please be aware you can address your concern to your local Data Protection Authority, who may decide to further investigate the matter. We will always fully cooperate with any
regulatory request.