Platform Usage Privacy Policy

Purpose

PROJECT OFFSET LIMITED (“The Company”) are committed to protecting your Personal Information when you use our website, apps, products and services. We recognise that when you choose to provide us with information about yourself, you trust us to treat it in a responsible manner.

The purpose of this Privacy Policy is to inform you about how the Company may use your Personal Information.

In order to optimise the provision of our services to you and to facilitate some of our marketing efforts, we collect certain specific information about you.
This Privacy Policy explains the following:

• what information we may collect about you;
• how we will use information we collect about you;
• whether the Company will disclose your details to anyone else;
• where we might send your information;
• the use of cookies on the Company’s websites; and
• how you can reject cookies.

The Company uses all Personal Information that you provide to us or that we collect from you in accordance with all applicable laws, including those concerning the protection of Personal Information such as the EU General Data Protection Regulation.

Definitions

In this privacy policy, the following definitions are used:

GDPRthe General Data Protection Regulation (“GDPR”) is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). It also addresses the transfer of personal data outside the EU and EEA areas. The primary aim of the “GDPR” is to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

Data Protection Lawall legislation and regulations in force from time to time regulating the use of personal data and the privacy of electronic communications including, but not limited to, EU Regulation 2016/679 (the“GDPR”), the Data Protection Act 2018, and any successor legislation or other directly applicable EU regulation relating to data protection and privacy for as long as, and to the extent that, EU law has legal effect in the UK).

Encryption or encrypted dataThe most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it. Unencrypted data is called plain text.

ICOInformation Commissioner's Office. The supervisory authority for data protection in the UK.

Personal Dataany information relating to an identifiable person who can be directly or indirectly identified from that information, for example, a person’s name, identification number, location, online identifier. It can also include pseudonymised data. The terms Personal Data and Personal Information are used interchangeably within this policy.
Personal Data Breach : a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Special Categories of Personal Datathis data needs more protection because it is sensitive. It includes data which relates to an individual’s health, sexual orientation, race, ethnic origin, political opinion, religion, and trade union membership. It also includes genetic and biometric data (where used for ID purposes).

Privacy Policy Scope

This Privacy Policy applies only to the actions of the Company and use of the Company’s apps and websites.

The apps and websites may contain hyperlinks to websites owned and operated by third parties. These third party websites have their own privacy policies, and are also likely to use cookies. We recommend that you review these policies which will govern the use of Personal Information which you submit when visiting these websites and which may also be collected by cookies. We do not accept any liability for such third party websites and your use of such websites is at your own risk.

Please review the Company’s Terms and Conditions of Use for the services you subscribe to in conjunction with this policy. This can be found in your COCO+ Fuelcard customer agreement, or COCO+ Travel Management Terms and Conditions, depending on what services you take from us.

The Collection and Use of Data
How do we collect information

This Policy relates to the Company’s use of any Personal Information collected from you via the following services:

• PROJECT OFFSET LIMITED’s websites;
• smartphone applications;
• social media;
• messaging services; and
• any official email address or SMS number

What information do we collect

When you participate in, access or sign up to any of the Company’s services, activities or online content (including on social media and messaging applications), such as newsletters, promotions, live chats, message boards, web and mobile notifications or votes, we may receive Personal Information about you.
This may include:

• your name
• email address
• employer
• passport number
• date of birth
• postal address
• telephone or mobile number
• IP address (numbers that can uniquely identify a specific computer or other network device on the internet)
• location data
• information collected about your use of PROJECT OFFSET LIMITED's services

We do not collect any Special Categories of Personal Data.

How will we use the information?

Depending on your use of our site, we will use your personal information for a number of purposes including:

• To provide our services, activities or online content, or communicating information about them (e.g. relating to upcoming promotions or new product launches) or dealing with your requests and enquiries.
• To provide you with better ways of accessing information from this website.
• For service administration, which means that we may contact you for reasons related to the service, activity or online content you have signed up for.
• To contact you about any submission you have made.
• To use IP addresses and device identifiers to identify the location of users, blocking disruptive use, establishing the number of visits from different countries, tailoring the content of our sites, apps or other services based on browsing behaviours, and determining the country from which you are accessing the services.
• For analysis and research so that we may improve the services we offer.

We collect and use the Personal Information about you for the purposes described above, because we have a legitimate business interest to do so that is not overridden by your right to have your Personal Information adequately protected. You do not have to provide us with any of the Personal Information described above, but if you chose not to do so, you may not be able to receive certain Company services, access certain parts of our website or receive information from us that you have requested.

Data aggregation

The Company may collect, use and share aggregated data.
Aggregated data could be derived from your Personal Information but is not considered Personal Data under the “GDPR” on the basis that it does not directly or indirectly reveal your identity. The Company may share this anonymous data with third-parties.

For the avoidance of doubt, if the aggregated or combined data we hold on you can directly or indirectly identify you, the Company treats the data as Personal Data which will be used in accordance with this Policy.

Sharing information with third parties

We may send your personal information to other affiliates and third parties to help us process your personal information for the purposes set out in this policy. These third parties may include:

• Service providers based in the UK who provide IT and system administration services.
• Professional advisers based in the UK acting as processors including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
• HM Revenue and Customs, regulators and other authorities acting a joint controllers based in the UK.
• Third party suppliers of fuel card services acting as joint controllers and provide fuel cards and fuel card services.
• Third party suppliers of travel services acting as joint controllers.
We may disclose personal information to third parties when we reasonably believe we are required by law, and in order to investigate, prevent, or take action regarding suspected or actual unlawful or otherwise prohibited activities, including, but not limited to, fraud.

Where do we send your information

The Company may be required to transfer personal data to a country/countries around the world including ( Europe , US ). We will, where the country to which your data is transferred has not been found to provide an adequate level of protection, put in place appropriate safeguards to ensure your Personal Information is protected.

Keeping Data Secure
Third Party Websites

Our website links to third party sites which we do not operate or endorse. These websites may use cookies and collect your personal information in accordance with their own privacy policies. This privacy policy does not apply to third party websites and we are not responsible for third party websites.

How do we protect your information?

We take appropriate measures to ensure that any personal information which you disclose to us is kept secure, accurate and up to date and kept only for so long as is necessary for the purposes for which it is used. The security measures taken may include, but are not limited to, data encryption in transit and at rest. The Company has an Information Security Management System in place to guard against unauthorised access to, alteration, disclosure, or destruction of the Company’s data, this includes your Personal Information.

What are your rights?

Under the “GDPR”, you have the following rights, which the Company will always work to uphold:

  • Right to access - for a copy of the Personal Information we hold about you, and details about how we are processing your Personal Information. If we provide you with access to the information we hold about you, we will not charge you for this, unless your request is “manifestly unfounded or excessive”. Where we are legally permitted to do so, we may refuse your request. If we refuse your request, we will tell you the reasons why.
  • Right to correct - to have any inaccuracies in your Personal Information corrected.
  • Right to erase - to have your Personal Information erased, or for our use of it to be restricted (for example, if your preferences change, or if you don’t want us to send you the information you have requested).
  • Right to restrict use - the right to “block” PROJECT OFFSET LIMITED from using your data or limit the way in which we can use it;
  • Right to data portability - if we are processing your Personal Information by automated means and on the basis of your consent (see “How do we use it?”, above), for us to provide your personal information to you in a structured, commonly-used and machine-readable format. You can also ask us to provide your personal information directly to a third party in this format, and, if technically feasible, we will do so;
  • Right to object - the right to object to our use of your data including where we use it for our legitimate interests.

Right to opt out

You can request that we stop sending you marketing materials at any time. Electronic communications typically include an unsubscribe link that allows you to manage your communication preferences including the ability to unsubscribe from all future marketing. If for any reason that has not been successful please contact us using the details provided below.

  • How to contact us

This Website Privacy Policy should tell you everything you need to know, but you can always contact us to ask any questions or if you wish to exercise any of your rights in relation to your Personal Information, using the contact information below:

Email address: privacy@mycoco.io

Postal address: HERE, 470 Bath Road, Bristol, BS4 3AP, UK

You have the right to make a complaint to the supervisory authority if you are unhappy with how we’ve handled your Personal Information. In the UK, the supervisory authority is the Information Commissioner’s Office (http://www.ico.org.uk).

Policy Governance

Responsibility for the Website Privacy Policy rests with Phil Brown. Duties include, but are not limited to:

Ensuring that all staff in scope and appropriate external parties have read and confirmed their acceptance of the latest version of this policy
Monitoring for legal, regulatory or industry best practice developments in relation to this policy
Coordinate with senior management, IT, and legal counsel to communicate and review issues related to this policy
Review and update this policy at least every 12 months, in order that it remains fit for purpose Exceptions to this policy shall be allowed only if previously approved by Senior Management.

This policy has been approved by senior management and is effective from 01-Apr-2022.

[yith_wcwl_wishlist]