Protecting Your Privacy

The Interface Financial Group is taking protection of clients and partners privacy very seriously. We are meeting all privacy compliance requirements in all jurisdictions we are operating in.

digital invoice finance solutions portal screens

Global Privacy Disclosure Statement

Introduction

The Interface Financial Group (“IFG”, “we”, “us”, “our”) collects personal information (or personally identifiable information) about you for the purposes you agree to in this Global Privacy Disclosure Statement (“GPDS”). Protecting your privacy is important to The Interface Financial Group. This GPDS provides information on how your privacy is protected through the management of personal information, and how that information is collected and disseminated. This GPDS covers any applicants for financial services provided by IFG. The terms “we” and “us” used in this document refer to The Interface Financial Group.

Personal Information IFG Collects

IFG will only ask for personal information relevant to our business relationship with you and information required by government legislation and regulation. We do not collect information regarding religious views, ethnicity, political positions, criminal records, personal health information, or sexual preference.

IFG collects information:

We collect personal information about you:

  • to determine whether we should provide a facility which includes the provision of commercial credit to you and if we decide to provide it, to assist in the provision of the facility. This includes the assessment of the application, managing the account, recovering money and dealing with the security you give; or
  • to determine whether we should provide a facility which includes the provision of commercial credit to a company with which you are associated (for example as a director or shareholder) and to assist in the provision of the facility. If a guarantee may be given we are collecting the personal information to determine whether we should accept it and when it is given, we collect the personal information to deal with or enforce our rights under the guarantee and any security which may be given to secure it.
  • The main consequence for you, if all or some of the personal information is not collected by us, is that we may be unable to process your (or the company’s) application, and we may decide not to provide a facility or we may decide to restrict or end a facility.

We may collect personal information about you from someone other than you. The personal information could be collected from the company we have provided or may provide a facility to, a credit reporting agency, brokers and other introducers, and/or public registers.

We usually disclose personal information to a credit reporting agency; government authorities and others as required or authorized by law; your broker or other introducer; our and your legal, financial and other adviser or representative; persons who provide a service to us; insurers and underwriters; financiers and parties to a securitization arrangement; a potential or existing guarantor; a person who owes a debt which we have purchased (or have a security interest in) in connection with a facility we provide and that person’s advisers; and a corporate entity which is related to us. Generally, we do not disclose personal information to a person overseas although we may do so in some circumstances, such as if a related corporate entity, guarantor, or debtor is overseas.

Information we may collect includes:

Contact Information – Name, address, phone, email, date of birth, and/or Social Security Number or Social Insurance Number.

Financial Information – Financial statements, credit reports, tax file number, and information for creditworthiness. Information from general searches relevant to IFG service requested.

IFG may ask for personal information that we are required to collect for legal reasons to meet government laws and regulations; such as the Know Your Customer, Anti-Money Laundering, Counter-Terrorism Financing, and other legal requirements to verify your identity; which could include a copy of your internationally valid identification.

If you do not provide some personal information, IFG may not be able to provide you with the product or service you are seeking.

How Is Personal Information Collected?

Most of the information collected by IFG will come directly from you. This information may be collected through application forms, through telephone conversations, over the internet, or during a personal meeting with you. We collect information from you when you register on our site, fill out a form, use Live Chat, open a Support Ticket, or enter information on our site.

IFG may also collect information from other parties. This may happen with or without your direct consent. Sources of other information include:

  • General searches
  • Credit Reporting agencies
  • Publicly available sources of information
  • Accountant or legal representative
  • Third-party brokers
  • Government agencies

How do we use your information?

We may use the information we collect from you when you register, make a purchase, sign up for our newsletter, respond to a survey or marketing communication, surf the website, or use certain other site features in the following ways:

  • To personalize your experience and to allow us to deliver the type of content and product offerings in which you are most interested.
  • To improve our website in order to better serve you.
  • To allow us to better service you in responding to your customer service requests.
  • To quickly process your transactions.
  • To send periodic emails regarding your order or other products and services.
  • To follow up with you after correspondence (live chat, email, or phone inquiries).

When is Personal Information Collected?

We collect information from you when you register on our site, fill out a form, use Live Chat, open a Support Ticket, provide us with feedback on our products or services or enter information on our site.

Providing Information to Others

IFG may share your personal information with outside entities. This may be for reasons of providing you with a product/service beyond the capabilities of IFG. Other entities that we may provide your personal information to include:

  • Other financial institutions
  • Credit reporting agencies
  • Debt collection agencies
  • IFG accountants, auditors or lawyers
  • Your personal representatives, such as accountant, financial advisor or attorney

We may monitor and/or record communications between you and IFG for quality control, analytics, verification and training purposes.

We keep your personal data for as long as necessary for the purposes for which it was collected and to provide you with services, to conduct our legitimate business interests or where otherwise required by law. We will retain your data for the lifetime of your account with us and for a period thereafter within the confines of the applicable laws.

We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information unless we provide users with advance notice and gain consent. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or serving our users, so long as those parties agree to keep this information confidential. We may also release or disclose information when its release or disclosure is appropriate to comply with the law, enforce our site policies, or protect ours or others’ rights, property or safety, or under other circumstances as discussed in this GPDS.

However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.

IFG may use your personal contact information to provide you with information and updates concerning current products/services. It is our intent to only provide the information they need to perform their services to us or to provide products/services to you. These organizations must meet the privacy standards that we enact and must comply with the applicable Privacy laws.

How do we protect your information?

Our website is scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to our site as safe as possible.

We use regular Malware Scanning.

Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.

We implement a variety of security measures when a user enters, submits, or accesses their information to maintain the safety of your personal information.

All transactions are processed through a gateway provider and are not stored or processed on our servers.

Disclosure of Personal Information Overseas

IFG may need to disclose information to our internal operations overseas or to service providers located overseas which provide services to IFG on IFG’s behalf. When your personal information is disclosed overseas, IFG is required to ensure that the information is treated in accordance with the policies and standards that apply in your account’s country of origin.

Managing and Accessing Personal Information

IFG takes every precaution to protect your personal information that has been collected from you or from outside sources. The information is protected from misuse, loss or access by unauthorized individuals or entities.

Information is stored in paper form and electronically with appropriate security.

If your personal information should change, notify IFG immediately with the correct information. IFG will also ensure to the best of our ability that information that we retain is correct and current. If you deem that personal information that we maintain is incorrect, please notify us immediately so that we may take corrective action to ensure information is correct and current. In the event that we do not agree that information is inaccurate or out of date we will notify you in writing providing information on why we do not agree and will provide information on what you can do if dissatisfied with the response.

You may contact IFG to request information on what data has been collected and retained by us. Upon request, we will provide any copies of the information that are held by us.

If you request a copy in a particular form (for example, in hard copy) we will, free of charge, take reasonable steps to give you a copy in that form. The latest version of our GPDS is available on our website.

The GPDS contains information about how you may access personal information about you, which we hold and seek the correction of that information. The GPDS also contains information about how you may complain about a legal breach, and how we will deal with the complaint.

The GPDS includes our policy about the management of credit information and credit eligibility information. It contains information about how you may access the credit eligibility information about you that we hold; how you may seek the correction of credit information or credit eligibility information about you that we hold; how you may complain about our failure to comply with any legal requirements for Privacy Protection; and how we will deal with such a complaint.

Credit Reporting

IFG does not generally report information to credit reporting agencies. However, IFG does request credit reports from various credit reporting agencies and uses this information for the determination of creditworthiness. In requesting reports from a credit reporting agency, IFG will use personal information to identify you and possibly information from your application. If you are a guarantor, we may use information from a credit-reporting agency to assess your ability to qualify as a guarantor.

Do we use ‘cookies’?

Yes. Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your Web browser (if you allow) that enables the site’s or service provider’s systems to recognize your browser and capture and remember certain information. For instance, we use cookies to help us remember and process the items in your shopping cart. They are also used to help us understand your preferences based on previous or current site activity, which enables us to provide you with improved services. We also use cookies to help us compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future.

We use cookies to:

  • Understand and save user’s preferences for future visits.
  • Compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future. We may also use trusted third-party services that track this information on our behalf.

You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser settings. Since each browser is a little different, look at each browser’s Help Menu to learn the correct way to modify your cookies.

If you turn cookies off, some of the features that make your site experience more efficient may not function properly.

Third-party links

Occasionally, at our discretion, we may include or offer third-party products or services on our website. These third-party sites have separate and independent privacy policies. We, therefore, have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.

Google

Google’s advertising requirements can be summed up by Google’s Advertising Principles. They are put in place to provide a positive experience for users. https://support.google.com/adwordspolicy/answer/1316548?hl=en

We have not enabled Google AdSense on our site but we may do so in the future.

Notification of changes

If we change this GPDS we will post the amended Policy on our website so that you are always aware of how we collect, use and disclose your personal information.

Resolving Concerns

In the event you believe that your privacy has been compromised, that IFG has not acted in protecting information or has not complied with the relevant privacy regulations, please contact us immediately so that the issue is resolved as quickly as possible. We will investigate your concern and where necessary will consult with others, such as a credit reporting agency. IFG will respond in writing with the results from our investigation and/or may provide information to you regarding outside dispute resolution.

If your concern is not satisfactorily resolved, you may contact the appropriate legal entity in your country for further assistance.

Contact Information:

We can be contacted by e-mail at ifgprivacyoffice@interfacefinancial.com or by phone through the main 800 # listed on your country-specific site. You can also mail a letter directly to one of the offices listed below to the attention of the IFG Privacy Office.

United States of America HQ
7910 Woodmont Avenue Suite 1050
Bethesda, MD 20814

Canada HQ
8901 Woodbine Avenue, Suite 207
Markham, ON L3R 9Y4

Australia HQ
Level 32, 8 Exhibition Street
Melbourne VIC 3000

New Zealand HQ
PO Box 5427, Wellesley Street
Auckland 1141, New Zealand

United Kingdom HQ
Riverside Business Centre, Riverside House River Lawn Road
Tonbridge Kent TN9 1EP

Ireland HQ
30 Upper Pembroke Street
Dublin 2, Ireland

 

Addendum – USA

Fair Information Practices

The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe.

Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.

In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:

We will notify you via email
•  Within 7 business days

We will notify the users via in-site notification
•  Within 7 business days

We also agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.

CAN-SPAM Act

The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.

We collect your email address in order to:

  • Send information, respond to inquiries, and/or other requests or questions
  • Market to our mailing list or continue to send emails to our clients after the original transaction has occurred.

To be in accordance with CAN-SPAM, we agree to the following:

  • Not use false or misleading subjects or email addresses.
  • Identify the message as an advertisement in some reasonable way.
  • Include the physical address of our business or site headquarters.
  • Monitor third-party email marketing services for compliance, if one is used.
  • Honor opt-out/unsubscribe requests quickly.
  • Allow users to unsubscribe by using the link at the bottom of each email.

If at any time you would like to unsubscribe from receiving future emails, you can follow the instructions at the bottom of each email, and we will promptly remove you from ALL correspondence.

According to the California Online Privacy Protection Act, we agree to the following:

Users can visit our site anonymously as long as they do not register for an account.

How does our site handle Do Not Track (DNT) signals?

We will honor Do Not Track signals and Do Not Track, plant cookies, or use advertising when a Do Not Track browser mechanism is in place when we can.

Does our site allow third-party behavioral tracking?

It’s also important to note that we do allow third-party behavioral tracking

COPPA (Children Online Privacy Protection Act) does not apply to IFG:

We do not collect information from children under the age of 13 years old or share such information with any third parties.

Addendum – Privacy Notice for California Residents

This Privacy Notice for California Residents supplements the information contained in this GPDS and applies solely to all visitors, users, and others who reside in the State of California (“consumers” or “you”). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and any terms defined in the CCPA have the same meaning when used in this notice.

Information We Collect

We collect information that identifies, relates to, describes, references is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months:

Category

Examples

Collected

A. Identifiers.A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.YES
B. Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.YES
C. Protected classification characteristics under California or federal law.Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth, and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).YES
D. Commercial information.Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.NO
E. Biometric Information.Genetic, physiological, behavioral, and biological characteristics or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns and sleep, health, or exercise data.YES
F. Internet or other similar network activity.Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.NO
G. Geolocation data.Physical location or movements.YES
H. Sensory data.Audio, electronic, visual, thermal, olfactory, or similar information.NO
I. Professional or employment-related information.Current or past job history or performance evaluations.NO
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).Education records directly related to a student maintained by an educational institution or party acting on its behalfs, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.NO
K. Inferences are drawn from other personal information.Profile reflection a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.NO

 

Personal information does not include:

  • Publicly available information from government records.
  • De-identified or aggregated consumer information.
  • Information excluded from CCPA’s scope, like:
    • health or medical information covered by the Health Insurance Portability and Accountability Act of 1966 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
    • personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

We obtain the categories of personal information listed above from the following categories of sources:

  • Directly from you. For example, from documents that you provide to us related to the services for which they engage us.
  • Indirectly from our you. For example, from observing your actions on our website.
  • From third parties that interact with us in connection with the services we perform. For example, credit reporting agencies and government agencies.

For more information on how we collect information, see “How is Personal Information Collected” in this GPDS.

Use of Personal Information

We may use or disclose the personal information we collect for one or more of the following business purposes:

  • To fulfill or meet the reason you provided the information. For example, if you provide your personal information to purchase a product or service, we will use that information to process your transaction.
  • To provide you with support and to respond to your inquiries. For example, if you share your name and contact information to ask a question about our products and services, we will use that personal information to respond to that inquiry.
  • To help maintain the safety, security, and integrity of our website, products and services, databases and other technology assets, and business.
  • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
  • As described to you when collecting your personal information or as otherwise set forth in the CCPA.
  • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred.
  • We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

Sharing Personal Information

We may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.

In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose:

Category A: Identifiers.

Category B: California Customer Records personal information categories.

Category C: Protected classification characteristics under California or federal law.

Category E: Biometric information

We disclose your personal information for a business purpose to the following categories of third parties including:

  • Our affiliates
  • Other financial institutions
  • Credit reporting agencies
  • Debt collection agencies
  • Our accountants, auditors or lawyers
  • Third parties to whom you or your agents authorize us to disclose your personal information in connection with products or services we provide to you such as your accountant, financial advisor or attorney

In the preceding twelve (12) months, we have not sold any personal information.

Your Rights and Choices

The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.

Access to Specific Information and Data Portability Rights. You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request which you may submit at, we will disclose to you:

  • The categories of personal information we collected about you.
  • The categories of sources for the personal information we collected about you.
  • Our business or commercial purpose for collecting or selling that personal information.
  • The categories of third parties with whom we share that personal information.
  • The specific pieces of personal information we collected about you (also called a data portability request).
  • If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
    • sales, identifying the personal information categories that each category of recipient purchased; and
    • disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

Deletion Request Rights. You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service providers to:

  • Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  • Debug products to identify and repair errors that impair existing intended functionality.
  • Exercise free speech, ensure the right of another consumer to exercise their free speech rights or exercise another right provided for by law.
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code §1546 seq.).
  • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  • Comply with a legal obligation, including in connection with a current or potential legal claim.
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Exercising Access, Data Portability, and Deletion Rights. To exercise the access, data portability, and deletion rights described, please submit a verifiable request to us by:

Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

Response Timing and Format. Within 10 business days after receipt of a verifiable information request, we will confirm that we are in receipt of the request. We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. We will deliver our written response to the account that you have with us or to an email that you provide to us. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of goods or services.
  • Suggest that you receive a different price or rate for goods or services or a different level or quality of goods or services.

Changes to the Privacy Notice for California Residents

We reserve the right to amend this privacy notice for California residents at our discretion at any time. Any changes will be posted on this page with an updated revision date. Your continued use of our website following the posting of the changes constitutes your acceptance of such changes.

Updated June 5, 2020.

Addendum – Canada

IFG follows all PIPA requirements as mandated by each province or territory.

To request your own personal information under PIPA, you must make the request in writing to our Privacy Office. The contact information has been listed at the bottom of this document.

Please keep in mind that information requested may be withheld if it meets any of the criteria below, as per PIPA requirements:

  • information that could threaten the life or security of another individual
  • information that would reveal personal information about another individual
  • information that would reveal the identity of someone who provided an opinion about another individual in confidence, when that person does not consent to reveal their identity

Addendum – European Union

The General Data Protection Regulation is an EU regulation that expands the protection of personal data of citizens in the European Economic Area (“EEA”).

Legal bases for processing

If you are an individual in the EEA, we collect and process information about you only where we have legal bases for doing so under applicable EU laws. The legal bases depend on the financial services offered by IFG you use and how you use them. This means we collect and use your information only where:

  • We need it to provide you the financial services we offer, including to operate and process such services, provide customer support, personalize your experiences and protect the safety and security of the services;
  • It satisfies our legitimate business interest (which is not overridden by your data protection interests), such as to improve our website to better serve you, to correspond with you regarding our order or other products and services and to follow up with you after any correspondence, to market and promote our services and to protect our legal rights and interests;
  • You give us consent to do so for a specific purpose; or
  • We need to process your data for legal reasons to comply with government laws and regulations.

If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your information because we have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the services we provide.

How long will the data be stored?

We will keep your personal data for as long as necessary for the purposes for which it was collected and to provide you with services, to conduct our legitimate business interests, resolve current disputes, for the establishment of defense of potential disputes, to enforce our agreements or where otherwise required by law. We will retain your data for the lifetime of your account with us and for a period thereafter within the confines of the applicable laws. After such time, the personal data will be blocked or erased in accordance with legal requirements.

International transfers of information we collect

Information you submit to us via the registration form on our website will be stored and processed in the United States through Amazon Web Services (“AWS”) and other third-party service providers. Because your personal information will be transferred to the US which is not subject to an adequacy decision by the European Commission, we take steps to protect it. To support these transfers, we rely on the self-certification by AWS and, if applicable, our other third-party service providers of compliance with the EU-U.S. Privacy Shield as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from the EU to the United States and other appropriate legal mechanisms to safeguard the transfer including EU approved standard contractual data protection clauses. We also rely on derogations for specific situations as set forth in Article 49 of the General Data Protection Regulation. When relying on derogations, we collect and transfer to the U.S. personal data only with your consent, to perform a contract with you, or to fulfill a compelling legitimate interest in a manner that does not outweigh your rights and freedoms.

Opt-Out

We provide you the opportunity to opt-out of having your information used for certain purposes or to unsubscribe from receiving future emails, when we ask for the information. If at any time you would like to unsubscribe from receiving future emails, you can follow the instructions at the bottom of each email, and we will promptly remove you from ALL correspondence.

Your rights in relation to personal information and how to exercise them

Under certain circumstances EEA users have the following rights:

  • Request access to your personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific reasons, including legal reasons or in connection with current or potential legal claims, which will be notified to you, if applicable, at the time of your request.
  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which overrides your data protection interests.
  • Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
  • Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  • Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

If you wish to exercise any of the rights set out above, please visit us at Personal Data Requests or contact us. For more information about how to contact us, see “Managing and Accessing Personal Information” and “Contact Information” in this GPDS.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

What we may need from you. We may need to request specific information from you to help us confirm your identity and the right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Addendum – Australia

IFG Network Australia Pty Ltd (“we”, “us”, “our”) collects personal information about you for the purposes you agree to in this Privacy Disclosure and Consent. When you sign below, you agree we can, consistent with Australia’s privacy and credit reporting laws, collect, use and disclose personal information about you for those purposes, including information in connection with a Credit Reporting Body (“CRB”).*

*A CRB can disclose any credit reporting information, other than repayment history information and credit reporting information which is derived from repayment history information, to us, at our request, for a commercial credit related purpose.

If you consent to the disclosure of personal information (other than credit eligibility information) to a person (other than a CRB) who is not in Australia, sub-clause 8.1 of Schedule 1 to the relevant privacy regulations will not apply to the disclosure, and you will be deemed as consented to that disclosure.