Privacy Policy

Fractal Labs Limited (“we”, “our”, “us”, “Fractal Labs”) are committed to protecting and respecting your privacy. We are registered in England and Wales under company number 8972946 and have our registered office at Flat A, 123 Southgate Road, London N1 3JY and our trading address at WeWork Waterhouse Square, 138 Holborn, London EC1N 2SW.

This policy and any other documents referred to herein (“Privacy Policy”) applies to the use of our website or application (our “Platform”) and sets out the basis on which we process the personal data we collect from the users of our Platform (“you”) (whether or not you register with us for an account or if you are referred to us by one of our partners). Please read the following carefully to understand our practices regarding your personal data and how we will treat it.

If you register for an account with us, or otherwise use our services, you agree to us processing your personal data in the manner set out in this Privacy Policy.

Capitalised terms shall have the meaning given in the Terms unless otherwise defined herein. The terms “transaction information” and “consolidated information” shall have the meaning given to them in the Terms.

We are a data controller and are responsible for the collection, use, disclosure, retention and protection of your personal data (which has the meaning as set out in the Data Protection Act 1998 and, following 25 May 2018, the General Data Protection Regulation (the “Data Protection Laws”)). For the purposes of the Data Protection Laws, we are registered with the Information Commissioner's Office under number ZA149049.

1. Personal data we may collect from you

We may collect and process the following personal data about you:

    • Registration Information: Information that you provide by filling in forms on our Platform, including at the time of registering to use our Platform, subscribing to our service, posting material or requesting further services. We may also ask you for information when you enter any competition or promotion sponsored by Fractal Labs, and when you report a problem with our Platform. This information includes your name, e-mail address, telephone number, your photo, postal address, username and password to access the Platform.
    • Correspondence Information: If you contact us, we may keep a record of that correspondence.
    • Survey Information: Information which you provide to us by completing surveys or polls, and which we use for research purposes. You do not have to respond to these surveys.
    • Platform Transaction Data: Details (including value, date, identity of payee) of transactions you carry out through our Platform. All payments made through our Platform are administered by a third party payment processor and we do not have access to any debit or credit card numbers or information. However, we will gather the details of the transactions carried out through our Platform, such as value of payments and frequency of payments, but without viewing your billing information directly. Please note that any payments made will be subject to the payment provider's own user terms and privacy policy - you will be given the opportunity to read these before providing them with your data and completing the transaction.
    • Fractal Data, which includes:
      • transaction information: Information concerning your transactions, including the value of transactions and the payee, which we obtain from your bank account(s) as part of the account information service we provide to you or to a Partner;
      • consolidated information: your transaction information, whether or not in its original form, and which we provide to you or, if you are a Referred User, to a Partner to enable the Partner to provide its services to you.
      • Other Data: may include your accounting information from third party sources with which you have a relationships, including cloud-based accounting service providers.  This information may include a description of your account; your bank account number, sort code and IBAN, roll number; bank account fees, charges and interest and rewards; details of your bank account transactions, standing orders and direct debits; the identity of merchants and transaction counterparties and related invoices.
    • Fractal report and budget information: data charts and tables which we create in relation to Fractal Data and to provide you with forward-looking budgets.
    • Session Information: Details of your visits to our Platform including, but not limited to, Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise, and the resources that you access.
    • Cookie Information:  Cookies are small files which are downloaded to your device when accessing our Platform. Most web browsers automatically accept cookies. We use the following categories of cookie:
      • Strictly necessary cookies. These are cookies that are required for the operation of our Platform. They include, for example, cookies that enable you to log into secure areas of our Platform, use a shopping cart or make use of e-billing services.
      • Analytical/ performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our Platform when they are using it. This helps us to improve the way our Platform works, for example, by ensuring that users are finding what they are looking for easily.
      • Functionality cookies. These are used to recognise you when you return to our Platform. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
      • Targeting cookies. These cookies record your visit to our Platform, the pages you have visited and the links you have followed. We will use this information to make our Platform more relevant to your interests. We may also share this information with third parties for this purpose.

Cookie

Name

Cookie type

Purpose

App State

FL_Local

Strictly necessary

This cookie stores the current state of the application, e.g. the selected company.

Authentication

Auth

Strictly necessary

This cookie is used to authenticate the client.

Session ID

sessid

Strictly necessary

This cookie contains a session id and is used for audit logging.

Session ID

JSESSIONID

Strictly necessary

This is a session management cookie.

CSRF Prevention

CSRFToken

Strictly necessary

This is a session token that defends users to the site against Cross Site Request Forgery.

Company ID

companyid_

Functionality

This is a context token that the system uses to identify the current company from the user’s portfolio of companies.

Hubspot Tracking

__hstc

Analytical/ Performance

The main cookie for tracking visitors. It contains the domain, utk (see below), initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).

Hubspot Tracking

hubspotutk

Analytical/ Performance

This cookie is used for to keep track of a visitor's identity. This cookie is passed to HubSpot on form submission and used when de-duplicating contacts.

Hubspot Session

__hssc

Analytical/ Performance

This cookie keeps track of sessions. This is used to determine if Hbbspot should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp.

Hubspot Session

__hssrc

Analytical/ Performance

Hubspot session cookie to support browser restart.

Hubspot Tracking

__hs_opt_out

Analytical/ Performance

This cookie is used by the Hubspot opt-in privacy policy to remember not to ask the user to accept cookies again.

Hubspot Tracking

hsPagesViewedThisSession

Analytical/ Performance

This cookie is used to keep track of page views in a session.

Internationalisation

i18next

Functionality

This cookie is used for language detection.

Intercom Session

intercom-id-

intercom-lou-

intercom-session-

Targeting

These cookies are used to provide customer support with Intercom messages.

MixPanel Tracking

mp_
_ga

_mkto_trk

_vwo_uuid

Analytical/ Performance

We used these cookies to analyse how our platform is used to continually improve our product delivery.

KissMetrics Tracking

kvcd

km_ai

km_lv

km_ni

km_vs

Analytical/ Performance

We used these cookies to analyse how our platform is used to continually improve our product delivery.

In addition, we may aggregate and anonymise the categories of personal data listed above to create information which is not personal data (“Non-Personal Data”).  Such Non-Personal Data is not personal data for the purposes of the Data Protection Laws and you hereby acknowledge and accept that we may retain Non-Personal Data indefinitely and use Non-Personal Data for any purpose.

2. Where we store your personal data

The personal data that we collect from you will be stored on our secure servers within the European Economic Area (“EEA”). It may be also processed by staff operating outside of the EEA who work for us or for one of our suppliers. Such staff maybe engaged in, among other things, the operation of our Platform, the provision of services or provided through our app provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

Any transaction information and consolidated information will be encrypted. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Platform, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

The transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data while in transit and to our Platform and any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

3. The way we use your personal data

We use information held about you in the following ways:

    • We use Correspondence Information and Survey Information to ensure that content from our Platform is presented in the most effective manner for you and for your computer or mobile. The legal basis for such processing is our legitimate interest.
    • We use Registration Information to:
      • enable you to use our Platform and to carry out our obligations arising from any contracts entered into between you and us, or between us and the organisation which has provided you with access to our Platform; and
      • notify you about changes to our service and other service-related announcements, billing-related matters, changes to our Platform or policies, or other service or administrative-related matters.  

The legal basis for such processing is for the performance of the contract between you and us.

    • We use Platform Transaction Information to enable us to analyse your transactions on our Platform and provide you with insights and alerts.  The legal basis for such processing is for the performance of the contract between you and us.
    • We use transaction information and consolidated information to provide you with the account information service and to provide you with insights and alerts.  The legal basis for such processing is for the performance of the contract between you and us.
    • We use Other Data to enable us to analyse your financial information on our Platform and provide you with insights and alerts.   The legal basis for such processing is for the performance of the contract between you and us.
    • If you are a Referred User we shall share the consolidated information and the Other Data with the Partner to the extent set out in the Terms. Any further processing of the consolidated information and the Other Data by the Partner shall be governed by the Partner’s privacy policy.
    • We use your Session Information to administer our site and for internal operations, including security, troubleshooting, data analysis, continuity, testing, research, statistical purposes. The legal basis for such processing is our legitimate interest.
    • We may use Registration Information to provide you with information regarding products or services, as set out in section 4 below. The legal basis for such processing (and disclosing to third parties, where relevant) is that you have consented for us to do so.

4. Marketing

If you are an existing customer, we may contact you by electronic means with marketing information about goods and services similar to those which were the subject of a previous sale to you (“Similar Services”).

We will provide you with information regarding our products and services other than Similar Services, and enable our selected third parties to contact you regarding their products and services, only to the extent you have requested us to do so or you have consented for us to do the same.  

At any time you can opt-out of receiving future marketing communications from us by following the directions contained in the e-mail to unsubscribe, or by contacting us on the details below unsubscribe@fractal-labs.com.

Our Platform may, from time to time, contain links to and from the websites of our partner networks and affiliates (including third party payment providers as described above). If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

5. Disclosure of your personal data

We may disclose your personal data to:

    • The organisation which has provided you with access to our Platform (such as your employer or place of work) and its representatives, and third parties with whom you have decided to share content and commentary from our Platform. This shall include the Fractal Data (comprising the transaction information, consolidated information and Other Data). The legal basis for disclosing your personal data is for the performance of the contract between you and us.
    • Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006 or our business partners, suppliers and sub-contractors, in each case to enable us to provide the Platform and related services to you.  The legal basis for disclosing your personal data is for the performance of the contract between you and us.
    • To a prospective seller or buyer of all, or substantially all, of the shares or assets of Fractal Labs, in the event of a merger, acquisition or reorganisation, together with the professional advisors of such seller or buyer.   The legal basis for disclosing your personal data is our legitimate interest.
    • To  law enforcement authorities and organisations concerned with fraud prevention and credit risk and to our professional advisors, in order to enforce any agreement between us (or any of our rights thereunder); or to protect our rights, property, or safety, or that of our customers, or others; or to comply with a legal obligation. For these purposes, we may need to transfer your personal data outside of the EEA. The legal basis for disclosing your personal data is our legitimate interest and, in some cases, to comply with a legal obligation.

6. Retention of your personal data

We retain your personal data as long as it is necessary and relevant for our operations (including, where necessary, for providing our services to other users with whom your account has been associated). Please refer to the table below for more information in respect to each category of personal data. All deleted personal data is disposed of in a secure manner.

Category of personal data

Duration of retention

Reason for retention

Registration Information

We shall retain your Registration Information for as long as you use the Platform. In practice, this means that we will retain this information for twenty (20) business days following the date on which the termination of the Terms becomes effective, unless we have a good reason to retain it on a temporary basis.

We need to retain your Registration Information to provide the Platform to you.

In certain circumstances we may need to extend the retention period in the event of unpaid invoices, to resolve disputes, enforce our Terms, or as may be required by law or regulation.

Correspondence Information

We shall retain your Survey Information for as long as it takes to process and respond to you, but in any event for no longer than you use the Platform.  In practice, this means that we will retain this information for no longer than twenty (20) business days following the date on which the termination of the Terms becomes effective, unless we have a good reason to retain it on a temporary basis.  

We need to retain your Correspondence Information in order to respond to your enquiries.

In certain circumstances we may need to extend the retention period in the event of unpaid invoices, to resolve disputes, enforce our Terms, or as may be required by law or regulation.

Survey Information

We shall retain your Survey Information for as long as it takes to process and analyse the results, but in any event for no longer than you use the Platform.  In practice, this means that we will retain this information for twenty (20) business days following the date on which the termination of the Terms becomes effective, unless we have a good reason to retain it on a temporary basis.  

We need to retain you Survey Information so that we can better understand our customers’ usage of the Platform and how we can improve it.

Transaction Information/consolidated information

We shall retain your Transaction Information/consolidated information for as long as you use the Platform. In practice, this means that we will retain this information for twenty (20) business days following the date on which the termination of the Terms becomes effective, unless we have a good reason to retain it on a temporary basis.

We need to retain your Transaction Information/consolidated information to provide the Platform to you.

In certain circumstances we may need to extend the retention period in the event of unpaid invoices, to resolve disputes, enforce our Terms, or as may be required by law or regulation.

Other Data

We shall retain your Other Data for as long as you use the Platform. In practice, this means that we will retain this information for twenty (20) business days following the date on which the termination of the Terms becomes effective, unless we have a good reason to retain it on a temporary basis.

We need to retain your Other Data to provide the Platform to you.

In certain circumstances we may need to extend the retention period in the event of unpaid invoices, to resolve disputes, enforce our Terms, or as may be required by law or regulation.

Fractal report and budget information

We shall retain your Fractal report and budget information for as long as you use the Platform. In practice, this means that we will retain this information for twenty (20) business days following the date on which the termination of the Terms becomes effective, unless we have a good reason to retain it on a temporary basis.

We need to retain your Fractal report and budget information to provide the Platform to you.

In certain circumstances we may need to extend the retention period in the event of unpaid invoices, to resolve disputes, enforce our Terms, or as may be required by law or regulation.

App State (FL_Local)

It is deleted at the end of the browser session.

This cookie will remain for the duration of your browsing session to enable to perform certain essential functions of the service.

Authentication (Auth)

It is deleted at the end of the browser session.

This cookie will remain for the duration of your browsing session to enable us to authenticate users and prevent fraudulent use of user accounts.

Session ID (sessid)

It is deleted at the end of the browser session.

This cookie will remain for the duration of your browsing session to enable us to authenticate users and prevent fraudulent use of user accounts.

Session ID (JSESSIONID)

It is deleted at the end of the browser session.

This cookie will remain for the duration of your browsing session to enable us to authenticate users and prevent fraudulent use of user accounts.

CSRF Prevention (CSRFToken)

It is deleted at the end of the browser session.

This cookie will remain for the duration of your browsing session to authenticate users and block unauthorised requests from other sites.

Company ID (companyid_)_

It is deleted at the end of the browser session.

The cookie will remain for the duration of your browsing session to enable to perform certain essential functions of the service.

Hubspot Tracking (__hstc)

2 years

This cookie tracks visitors. It contains the domain, utk (see below), initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).

Hubspot Tracking (hubspotutk)

10 years

This cookie is used for to keep track of a visitor’s identity. This cookie is passed to HubSpot on form submission and used when de-duplicating contacts.

Hubspot Session (__hssc)

30 minutes

This cookie keeps track of sessions. This is used to determine if Hubspot should

increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp.

Hubspot Session  (__hssrc)

It is deleted at the end of the browser session.

This session cookie is used to support browser restart.

Hubspot Tracking (__hs_opt_out)

2 years

This cookie is used by the Hubspot opt-in privacy policy to remember not to ask the user to accept cookies again.

Hubspot Tracking (hsPagesViewedThisSession)

It is deleted at the end of the browser session.

This cookie is used to keep track of page views in a session.

Internationalisation (i18next)

It is deleted at the end of the browser session.

This cookie is used for language detection.

Intercom Session (intercom-id-),  (intercom-lou-), (intercom-session-)

It is deleted at the end of the browser session.

These cookies are used to provide customer support with Intercom messages.

MixPanel Tracking (mp_), (_ga), (_mkto_trk), (_vwo_uuid)

It is deleted at the end of the browser session.

These cookies are used to analyse how our platform is used to continually improve our product delivery.

KissMetrics Tracking (kvcd), (km_ai), (km_lv), (km_ni), (km_vs)

It is deleted at the end of the browser session.

These cookies are used to analyse how our platform is used to continually improve our product delivery.

 

7. Accessing your personal data and your rights

As a result of us collecting and processing your personal data, you have the following legal rights:

    • To access personal data we hold about you.
    • To request that we make any changes to your personal data if it is inaccurate or incomplete.
    • To request your personal data is erased where we do not have a compelling reason to continue to process such data in certain circumstances.
    • To receive your personal data provided to us as a data controller in a structured, commonly used and machine-readable format where our processing of the data is carried out by automated means and is based on: (i) your consent; or (ii) our necessity for performance of a contract to which you are a party to; or (iii) steps taken at your request prior to entering into a contract with us.
    • To object to, or restrict, our processing of your personal data in certain circumstances.
    • If we use your personal data for direct marketing, you can ask us to stop and we will comply with your request.
    • If we use your personal data on the basis of having a legitimate interest, you can object to our use of it for those purposes, giving an explanation of your particular situation, and we will consider your objection.
    • To object to, and not be subject to a decision which is based solely on, automated processing (including profiling), which produces legal effects or could significantly affect you.

You may at any time request information about the personal data we hold about you by emailing us at privacy@fractal-labs.com.

8. Changes to our Privacy Policy

Any changes we may make to our Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by e-mail.  We recommend you regularly check this Privacy Policy to identify any changes.

9. Contact

If you have any questions or comments regarding this Privacy Policy, or if you want to exercise any of your rights, including as set out in section 6 above, or you wish to withdraw your consent where we have stated we are processing your personal data based on your consent, please contact us at privacy@fractal-labs.com.