Cookie Consent

By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyse site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

allow icon
Accept
Deny

Kaldi Privacy Policy

It's great that you want to learn more. We always aim to be as open and honest as we can at Kaldi.

Kaldi Financial Technology Limited (company number 13757407) (also referred to in the policy as "we", "us", "our") are committed to protecting and respecting your privacy.

This privacy policy explains the types of information we collect about you when you visit our website www.kaldiapp.co.uk ("Site"), sign up to our waiting list, use our associated services, or otherwise communicate / engage with us. It also outlines how we use your information and your associated data rights.

We are the data controller for personal data that we collect about you.

This policy covers:

• Personal data we collect about you  
• Lawful basis for processing personal data
• Purposes for which we use your personal data
• Marketing
• Cookies and other technologies
• Links to other websites
• Who we share your personal data with
• Processing your personal data outside the UK and the EEA
• How we protect your personal data
• How long we keep your personal data for
• Your rights
• Changes to this policy
• Contact us

Personal data we collect about you

We collect information from you, including personal data, when you visit our Site, sign up to our waiting list, use our associated services or otherwise communicate/ engage with us. Personal data, or personal information, means any information about an individual from which that person can be identified.

We may collect and process the following personal data from you:

a)   Personal data you give us

You may give us personal data by filling in forms or corresponding with us by social media, post, phone, email or otherwise. This includes personal data you provide when you:

  • sign up to our waiting list;
  • subscribe to our services or publications;
  • request marketing to be sent to you;
  • sign up to attend our upcoming events;
  • create an account on our Site; and
  • give us feedback, make an enquiry or otherwise contact us.

This information includes your name, email address, username, log-in credentials, job title ,marketing preferences, and other identity, contact or profile details. Given the free text nature of some of our forms, completing them may also involve you, at your option, providing us with additional personal data.

If you reach out to us via a third party, for example, if you send us a direct message on a social media platform, we may also collect your name and information related to your social media profile which is visible in the message.

b)   Personal data we receive about you automatically

As you interact with our Site, we will automatically collect certain technical data about your equipment, browsing actions and patterns. This may include internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this Website. We collect this personal data by using cookies and other similar technologies.

For more information about how we process this information, please see our Cookies section below.

c)   Personal data we may receive from other sources

We may receive personal data about you from certain third parties and public sources including:

  • other companies in our group and other affiliates;
  • your employer, our corporate customers or suppliers with which you have a relationship or are an authorised representative/user;
  • social media sites;
  • other publicly available databases such as Companies House.

We may also receive your personal data from third party providers and partners which we work with, including our advertising partners and networks.  For more information about how we process this personal data, please see our Cookies section below.

Lawful basis for processing personal data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal obligation.

Generally, we do not rely on consent as a lawful basis for processing your personal data. However, where we do rely on consent (such as in relation to direct marketing), you have the right to withdraw such consent at any time by contacting us.

Note that we may process your personal data for more than one lawful basis depending on the specific purpose we are using your data.

Purposes for which we will use your personal data

We will use your personal data for the following purposes:

  • to take steps to enter into any contract orcarry out our obligations arising out of a contract with you, such as:
    • provide information or services to you as requested;
    • administer any account you may have with us;
    • manage our relationship with you; and
    • notify you about changes to our services.
  • in our legitimate interests to:
    • provide our services to you as requested;
    • provide the information you request from us, including responding to any queries you have submitted;
    • keep our Site and services safe and secure;
    • improve our Site and our services;
    • analyse your use of the Site, services and interactions with us;
    • ensure content from our Site is presented in the most effective manner for you and your device;
    • provide relevant and tailored content to you;
    • analyse how the Site is used and how you engage with us;
    • manage internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes; and
    • where permitted in our legitimate interest, or with your prior consent where required by law, we will use your personal data for marketing analysis or to provide you with promotional update communications about our products, events, newsletters and services;
  • where required, when you give your consent (for example, for us to send you our marketing communications and deliver certain cookies). Please see "Your rights" section below for further information about how to withdraw your consent.
Marketing

We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.

We may use your personal data to form a view on what services or other offerings we think you may want or need, or what may be of interest to you. You may receive marketing communication from us if you have requested information from us, have consented to marketing or have used our services and you have not opted out of receiving that marketing or where we are otherwise legally permitted to send you marketing.

Cookies

We use cookies and other similar technologies to collect and store certain information about you which includes Personal Data. These technologies include cookies, pixels, web beacons and JavaScript (together "Cookies"), and typically involve storing pieces of information or code transferred to or accessed from your device to store and, sometimes, record information about your interaction with online services from your device.

Cookies and similar technologies enable you to be remembered when using that device to interact with online services and can be used to manage a range of features and content as well as storing searches and presenting personalised content. They allow us to distinguish you from other users of our Services which helps us to provide you with a good experience and also allows us to improve our Services and see how they are performing. Cookies also allow us to keep secure certain areas of our Services.

A number of Cookies and similar technologies we use last only for the duration of your online session and expire when you close your browser. Others are used to remember you when you return to our Services and will last for longer. Some Cookies will also record where you came to our Services from and where you visit once you have left.

We use Cookies and/or other similar technologies, either alone or in combination with each other, to create a unique ID which corresponds to you.

You can choose to disable cookies through browser settings. The effect of disabling cookies depends on which cookies you disable but, in general, the Site may not operate properly if all cookies are switched off.

If you want to disable cookies on our Site, you need to change your website browser settings to reject cookies. How you can do this will depend on the browser you use.

Links to other websites

Our Site may, from time to time, contain links to external websites, plug-ins and applications including social media platforms. This policy does not apply to such third-party services and we are not responsible for the privacy policies or practices or the content of any third party. Please review third-party privacy policies.

Who we share your Personal Data

We may share your personal data with:

  • our group companies and affiliates, who may also process your personal data for the purposes set out in this policy;
  • organisations who process your personal data on our behalf and in accordance with our instructions. This includes supporting our services, in particular data hosting services, fulfilment services, communications providers, fraud detection services, advertising services, marketing services, facilitating feedback on our services and providing IT support services from time to time. These organisations (which may include third party suppliers, agents, sub-contractors and/or other companies in our group) will only use your personal data to the extent necessary to perform their support functions;
  • analytics and search engine providers that assist us in the improvement and optimisation of our Site or services and advertising;
  • other third parties such as professional advisors, including banks, accountants, and lawyers; and

We will also disclose your personal data to third parties in the event that:

  • we sell our business or assets, in which case we will disclose your personal data to the prospective buyer of such business or assets subject to the terms of this privacy policy;
  • such disclosure is required in order: to comply with legal requests, where required or legally permitted to establish, exercise or defend legal rights; in order to enforce or apply our terms of supply and other agreements with you; or to protect our rights, property, or safety, or the rights, property or safety of our customers, or others. This includes exchanging personal data with other companies and organisations for the purposes of fraud protection, credit risk reduction and to prevent cybercrime.

Processing your Personal Data outside the UK and EEA

We are based in the United Kingdom ("UK").

Where we transfer your personal data outside of the UK and European Economic Area("EEA"), we ensure a similar degree of protection is afforded to it by ensuring that at least one of the following safeguards is implemented:

  • We transfer your personal data to countries that have been deemed to provide an adequate level of protection by the UK Secretary of State or the European Commission.
  • We implement certain standard contractual clauses with the recipients of your personal data to safeguard transfers to countries outside of the UK / EEA.

Please contact us if you would like further information about the specific mechanism used by us when transferring your personal data out of the UK / EEA.

How we protect your personal data

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

In order to maintain the security of our systems, protect our staff, record transactions, and, in certain circumstances, to prevent and detect crime or unauthorised activities, we reserve the right to monitor all Internet communications including web and email traffic into and out of our domains.

How long we keep your personal data for

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory and tax, accounting or other requirements.

In some circumstances you can ask us to delete your personal data (see your rights below). In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

Your rights

You have the right under certain circumstances to:

  • access a copy of your personal data held by us;
  • object to processing of your personal data;
  • request correction of your personal data if it is inaccurate or incomplete;
  • request erasure of your personal data in certain circumstances;
  • restrict our use of your personal data in certain circumstances;
  • object to the use of your personal data for automated decision-making;
  • request that your provided personal data be provided to a third party; and
  • withdraw consent (only if you have provided your consent and wish to withdraw it). If you withdraw your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legal reason for continuing to use the data.

We do not undertake solely automated decision-making which has a legal or similarly significant effect on you.

If you would like to exercise any of these rights you can contact us using the details below. We may ask you for further information in order to confirm your identity before we provide the information requested or otherwise comply with your request.

You can change your preferences and object to receiving further marketing at any time by selecting the "unsubscribe" link at the end of all our marketing and promotional update communications to you, or by sending us an email to the email address below.

If you have any concerns about this policy please contact us using the details below.

If your request or concern is not satisfactorily resolved by us, you have the right to make a complaint with your relevant data protection authority. In the UK, this is the Information Commissioner's Office. You can visit their website at ww.ico.org.uk

Changes to this policy

Any changes we make to our privacy policy in future will be posted on this page. This policy was last updated on 19.09.2024.

Contact us

Questions, comments and requests regarding this privacy policy should be addressed to our Data Protection Officer at:

support@kaldiapp.co.uk

Version 2.0

Annex 1 TPL Privacy Policy

TPL Privacy Policy

This policy explains when and why we collect personal information about you, how we use it, the conditions under which we may disclose it to others and how we keep it secure.

TPL is committed to safeguarding the privacy of your information. By “your data”, "your personal data”, and “your information” we mean any personal data about you which you or third parties provide to us.

 We may change this Policy from time to time so please check this page regularly to ensure that you’re happy with any changes.

Who are we?

Transact Payments Limited (“TPL”, “we”, “our” or “us”) is the issuer of your wallet and is the Data Controller for the personal data which you provide to us to enable us to issue and maintain the wallet services. TPL is an e-money institution, authorised and regulated by the Gibraltar Financial Services Commission. Our registered office address is 6.20 World Trade Center, 6 Bayside Road, Gibraltar, GX11 1AA and our registered company number is 108217.

Payload Ltd is the Program Manager for your wallet program and is the Data Controller for any personal data which you provide which is not related to our provision of the payments services. Payload Ltd, incorporated and registered in England and Wales with company number 14606631 and registered office at Epworth House, 25 City Road, London, England, EC1Y 1AA.

How do we collect your personal data?

We collect information from you when you apply online or via a mobile application for a payments wallet which is issued by us. We also collect information when you use your wallet to make transactions. We may also process information from Program Manager, other third party payment partners and service providers. We also obtain information from third parties (such as fraud prevention agencies) who may check your personal data against any information listed on an Electoral Register and/or other databases. When we process your personal data we rely on legal bases in accordance with data protection law and this privacy policy. For more information see: On what legal basis do we process your personal data?

On what legal basis do we process your personal data?

Contract

Your provision of your personal data and our processing of that data is necessary for each of us to carry out our obligations under the contract (known as the Customer Agreement or Customer Terms & Conditions or similar) which we enter into when you sign up for our payment services. At times, the processing may be necessary so that we can take certain steps, or at your request, prior to entering into that contract, such as verifying your details or eligibility for the payment services. If you fail to provide the personal data which we request, we cannot enter into a contract to provide payment services to you or will take steps to terminate any contract which we have entered into with you.

Legal/Regulatory 

We may also process your personal data to comply with our legal or regulatory obligations.

Legitimate Interests 

We, or a third party, may have a legitimate interest to process your personal data, for example:

  • To analyse and improve the security of our business;
  • To anonymise personal data and subsequently use anonymized information.
What type of personal data is collected from you?

When you apply for a wallet, we, or our partners or service providers, collect the following information from you: full name, physical address, email address, mobile phone number, phone number, date of birth, gender, login details, IP address, identity and address verification documents.

When you use your wallet to make transactions, we store that transactional and financial information. This includes the date, amount, currency, card number, card name, account balances and name of the merchant, creditor or supplier (for example a supermarket or retailer). We also collect information relating to the payments which are made to/from your account. If we are required by law to process additional personal data (for example, if we suspect that there may be fraud related to the use of your wallet or the payment services linked to it), we will also process that extra personal data.

How is your personal data used?

We use your personal data to: 

  • Set up your account, including processing your application for a wallet, creating your account and verifying your identity.
  • Maintain and administer your account, including processing your financial payments, processing the correspondence between us, monitoring your account for fraud and providing a secure internet environment for the transmission of our services.
  • Comply with our regulatory requirements, including anti-money laundering obligations.
  • Improve our services, including creating anonymous data from your personal data for analytical use, including for the purposes of training, testing and system development.
Who do we share your information with?

When we use third party service partners, we have a contract in place that requires them to keep your information secure and confidential.

 We may receive and pass your information to the following categories of entity:  

  • identity verification agencies to undertake required verification, regulatory and fraud prevention checks;
  • information security services organisations, web application hosting providers, mail support providers, network backup service providers and software/platform developers;
  • document destruction providers;
  • Mastercard, Visa, digital payment service partners or any third party providers  involved in processing the financial transactions that you make;
  • anyone to whom we lawfully transfer or may transfer our rights and duties under this agreement;
  • any third party as a result of any restructure, sale or acquisition of TPL or any associated entity, provided that any recipient uses your information for the same purposes as it was originally supplied to us and/or used by us;
  • regulatory and law enforcement authorities, whether they are outside or inside of the United Kingdom (UK) or European Economic Area (EEA), where the law requires us to do so.
Sending personal data overseas

To deliver services to you, it is sometimes necessary for us to share your personal information outside the UK/Gibraltar e.g.: 

  • with service providers located outside these areas;
  • if you are based outside these areas;
  • where there is an international dimension to the services we are providing to you.

 These transfers are subject to special rules under Gibraltar data protection law.

These countries do not have the same data protection laws as Gibraltar. We will, however, ensure the transfer complies with data protection law and all personal information will be secure. We will send your data to countries where the Gibraltar Government has made a ruling of adequacy, meaning that they have ruled that the legislative framework in the country provides an adequate level of data protection for your personal information. You can find out more about adequacy regulations here and here.

Where we send your data to a country where no adequacy decision has been made, our standard practice is to use standard data protection contract clauses that have been approved by the United Kingdom government and/or the European Commission. You can obtain a copy of the European Commission’s document here and the UK’s document here

If you would like further information, please contact our Data Protection Officer on the details below.

How long do we store your personal data?

We will store your information for a period of five years after our business relationship ends in order that we can comply with our obligations under applicable legislation such as anti-money laundering and anti-fraud regulations. If any applicable legislation or changes to this require us to retain your data for a longer or shorter period of time, we shall retain it for that period. We will not retain your data for longer than is necessary.

Your rights regarding your personal data?

You have certain rights regarding the personal data which we process: 

  • You may request a copy of some or all of it.
  • You may ask us to rectify any data which we hold which you believe to be inaccurate.
  • You may ask us to erase your personal data (where applicable).
  • You may ask us to restrict the processing of your personal data.
  • You may object to the processing of your personal data (where applicable).
  • You may ask for the right to data portability.
  • If you would like us to carry out any of the above, please email your request to the Data Protection Officer at dpo@transactpay.com

 

How is your information protected?

We recognise the importance of protecting and managing your personal data. Any personal data we process will be treated with appropriate care and security. 

These are some of the security measures we have in place:

  • We use a variety of physical and technical measures to keep your personal data safe. 
  • We have detailed information and security policies to ensure the confidentiality, integrity, and availability of information.
  • Your data is stored securely on computer systems with control over access on a limited basis.  
  • Our staff receives data protection and information security training on a regular basis.
  • We use encryption to protect data at rest and anonymization where applicable. 
  • We have adequate security controls to protect our IT infrastructure and staff computers including but not limited to Identity and Access Management, Firewalls, VPN, Antivirus, Advanced Email Threat Protection and more. 
  • We conduct regular audits such as PCI-DSS to ensure we are following adequate security controls to protect your data.

While we take all reasonable steps to ensure that your personal data will be kept secure from unauthorised access, we cannot guarantee it will be secure during transmission by you to the applicable mobile app, website or other services over the internet. However, once we receive your information, we make appropriate efforts to ensure its security on our systems.   

Complaints

We hope that our Data Protection Officer can resolve any query or concern you may raise about our use of your personal information. 

The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in Gibraltar is the Gibraltar Regulatory Authority. Their contact details are as follows:

Gibraltar Regulatory Authority, 2nd floor, Eurotowers 4, 1 Europort Road, Gibraltar.

(+350) 20074636/(+350) 20072166   info@gra.gi

Other websites

Our website may contain links to other websites. This privacy policy applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website.

Changes to our Privacy Policy

We keep our Privacy Policy under review and we regularly update it to keep up with business demands and privacy regulation. We will inform you about any such changes. This Privacy Policy was last updated on 12th September 2024.

How to contact us

If you have any questions about our Privacy Policy or the personal information which we hold about you or, please send an email to our Data Protection Officer at dpo@transactpay.com.

Still got questions?

Ask us anything

Mauris imperdiet diam sit a molestie congue mauris nam?

Morbi arcu purus aliquam diam pharetra aliquam mi eu. Auctor ullamcorper erat auctor purus. Sed a pharetra dignissim interdum. At sit tincidunt adipiscing feugiat ac velit. Ut ligula cum phasellus sed. Nibh urna eu nulla morbi libero diam dolor. Tempor facilisi viverra euismod eget.

Mauris imperdiet diam sit a molestie congue mauris nam?

Morbi arcu purus aliquam diam pharetra aliquam mi eu. Auctor ullamcorper erat auctor purus. Sed a pharetra dignissim interdum. At sit tincidunt adipiscing feugiat ac velit. Ut ligula cum phasellus sed. Nibh urna eu nulla morbi libero diam dolor. Tempor facilisi viverra euismod eget.

Mauris imperdiet diam sit a molestie congue mauris nam?

Morbi arcu purus aliquam diam pharetra aliquam mi eu. Auctor ullamcorper erat auctor purus. Sed a pharetra dignissim interdum. At sit tincidunt adipiscing feugiat ac velit. Ut ligula cum phasellus sed. Nibh urna eu nulla morbi libero diam dolor. Tempor facilisi viverra euismod eget.

Mauris imperdiet diam sit a molestie congue mauris nam?

Morbi arcu purus aliquam diam pharetra aliquam mi eu. Auctor ullamcorper erat auctor purus. Sed a pharetra dignissim interdum. At sit tincidunt adipiscing feugiat ac velit. Ut ligula cum phasellus sed. Nibh urna eu nulla morbi libero diam dolor. Tempor facilisi viverra euismod eget.

Mauris imperdiet diam sit a molestie congue mauris nam?

Morbi arcu purus aliquam diam pharetra aliquam mi eu. Auctor ullamcorper erat auctor purus. Sed a pharetra dignissim interdum. At sit tincidunt adipiscing feugiat ac velit. Ut ligula cum phasellus sed. Nibh urna eu nulla morbi libero diam dolor. Tempor facilisi viverra euismod eget.

Mauris imperdiet diam sit a molestie congue mauris nam?

Morbi arcu purus aliquam diam pharetra aliquam mi eu. Auctor ullamcorper erat auctor purus. Sed a pharetra dignissim interdum. At sit tincidunt adipiscing feugiat ac velit. Ut ligula cum phasellus sed. Nibh urna eu nulla morbi libero diam dolor. Tempor facilisi viverra euismod eget.

Check out all our FAQs here
Or drop us a line, we'd love to chat.
info@kaldiapp.co.uk