Privacy Policy B2B Portal

ABOUT US

www.ismybillfair.com (the “Portal”) is owned and operated by Nineteen21 Limited, a company incorporated in England and Wales under company number 10640637 whose registered office address is at Acre House, 11-15 William Road, London, NW1 3ER (“we”, “us”, “our”).

We are committed to protecting and respecting your privacy and this Privacy Policy (the “Policy”) (together with our Terms and Conditions) and any other documents referred to in it) sets out how we process the personal data of each visitor and customer (resident in the European Union) to the Portal, where such personal data is provided to us through the Portal or via email communication. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

By clicking the “I Accept” box where indicated, submitting your personal data to us, and using the services you are accepting the practices described in this Policy.

For the purpose of the Data Protection Act 1998, the data controller is Nineteen21 Limited with registration number ZA293312.

If you have any questions about this Policy, please contact Privacy@ismybillfair.com. We may amend this Policy at any time. Any changes we may make will be posted on this page, so please check back frequently. Your continued use of the Portal and our services after posting will constitute your acceptance of, and agreement to, any changes.

WHAT IS PERSONALLY IDENTIFIABLE INFORMATION (PII) / PERSONAL DATA?

Personal data or PII means any information relating to a person who can be identified either directly or indirectly by that information; it may include name, address, email address, phone number, IP address and location data (“Personal Data”).

INFORMATION WE MAY COLLECT FROM YOU

We may collect and process the following information about you:

  • Information you provide to us - You may provide us with information by filling in forms on the Portal or by corresponding with us by e-mail or otherwise. The personal information you provide may include your name, address, e-mail address and phone number.
  • Information we collect about you - When you visit the Portal we may automatically collect information about your computer or device, including your IP address and information about how you use the Portal.
  • Information we receive from other sources - We may also receive information about you from the organisation on whose behalf you access the Portal (the “Provider”).

PURPOSES FOR WHICH WE PROCESS PERSONAL DATA

We will only process your Personal Data, in accordance with applicable law, for the following purposes:

  • creating and maintaining your account, if you become an authorised user;
  • handling and fulfilling requests, if you request services from us. This may also include processing of information that we receive from third parties, for example, email address data to verify your correct email address;
  • to allow you to participate in interactive features of our services, when you choose to do so;
  • resolving any disputes, if you lawfully exercise your rights or if you wish to dispute any part of our service offering;
  • ensuring the security of your account and our business, preventing or detecting fraud or abuses of our website, for example, by requesting verification information in order to reset your account password (if applicable);
  • developing and improving our databases and services, for example, by reviewing visits to the Portal and its various subpages and demand for specific data and services;
  • to administer the Portal and for internal business administration and operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
  • to notify you about changes to our services and to send you service emails relating to the activities you have asked us to undertake on your behalf;
  • as part of our efforts to keep the Portal safe and secure; and
  • to comply with applicable law, for example, in response to a request from a court or regulatory body, where such request is made in accordance with the law.

Your consent, as the “Data Subject”, to the processing as specified in this Policy is the primary legal ground for our processing of your Personal Data. However, there may be circumstances where we may also rely on other valid legal grounds for the processing of your Personal Data, such as:

  • your request for services, necessitating steps including processing of your Personal Data to be taken prior to entering into contract with you and any processing that is necessary for the performance of such contract;
  • legitimate interests we pursue as a business, except where such interests are overridden by your interests and fundamental rights; and
  • compliance with any legal obligation to which we are subject, such as, for example, the processing for the purposes of complying with applicable law.

DISCLOSURE OF YOUR INFORMATION

There are circumstances where we wish to disclose or are compelled to disclose your Personal Data to third parties. This will only take place in accordance with the applicable law and for the purposes listed above. These scenarios include disclosure to:

  • our subsidiaries, branches or associated offices;
  • the Provider, in connection with your use of the Portal and any agreement we may have in place with them (including our Portal Terms and Conditions);
  • our outsourced service providers or suppliers to facilitate the provision of our services to you, for example, the disclosure to our data centre provider for the safe keeping of your Personal Data, webhosting provider through which your Personal Data may be collected;
  • third party service providers and consultants in order to protect the security or integrity of our business, including our databases and systems and for business continuity reasons;
  • another legal entity, on a temporary or permanent basis, for the purposes of a joint venture, collaboration, financing, sale, merger, reorganisation, change of legal form, dissolution or similar event. In the case of a merger or sale, your Personal Data will be permanently transferred to a successor company;
  • public authorities where we are required by law to do so;
  • if required, in order to receive legal advice; and
  • any other third party where you have provided your consent.

INTERNATIONAL TRANSFER OF PERSONAL DATA

We may transfer your Personal Data to a third party in countries outside the country in which it was originally collected for further processing in accordance with the purposes set out above. In particular, your Personal Data may be transferred throughout our group and to our outsourced service providers located abroad. In these circumstances we will, as required by applicable law, ensure that your privacy rights are adequately protected by appropriate technical, organisation, contractual or other lawful means. Please contact Privacy@ismybillfair.com for a copy of the safeguards which we have put in place to protect your Personal Data and privacy rights in these circumstances.

RETENTION OF PERSONAL DATA

Your Personal Data will be retained until your last use of our services and normally for a period of three years thereafter, unless longer retention is required by applicable local law or where we have a legitimate and lawful purpose to do so. However, we will not retain beyond this period any of your Personal Data that is no longer required for the purposes set out in this Policy. The retention of your Personal Data will be subject to periodic review.

We may keep an anonymised form of your Personal Data, which will no longer refer to you, for statistical purposes without time limits, to the extent that we have a legitimate and lawful interest in doing so.

Please contact us at Privacy@ismybillfair.com if you would further details about our data retention periods.

DATA SUBJECT RIGHTS

Data protection law provides Data Subjects with numerous rights, including the right to: access, rectify, erase, restrict, transport, and object to the processing of, their Personal Data. Data Subjects also have the right to lodge a complaint with the relevant data protection authority if they believe that their Personal Data is not being processed in accordance with applicable data protection law.

Right to make subject access request (SAR). Data Subjects may, where permitted by applicable law, request copies of their Personal Data. If you would like to make a SAR, i.e. a request for copies of the Personal Data we hold about you, you may do so by writing to Privacy@ismybillfair.com. The request should make clear that a SAR is being made. You may also be required to submit a proof of your identity and a fee.

Right to rectification. You may request that we rectify any inaccurate and/or complete any incomplete Personal Data.

Right to withdraw consent. You may, as permitted by applicable law, withdraw your consent to the processing of your Personal Data at any time. Such withdrawal will not affect the lawfulness of processing based on your previous consent. Please note that if you withdraw your consent, you may not be able to benefit certain service features for which the processing of your Personal Data is essential.

Right to object to processing, including automated processing and profiling. You may, as permitted by applicable law, request that we stop processing your Personal Data. In relation to automated processing and profiling, you may object to the processing and you will have the right to obtain human intervention.

Right to erasure. You may request that we erase your Personal Data and we will comply, unless there is a lawful reason for not doing so. For example, there may be an overriding legitimate ground for keeping your Personal Data, such as, a legal obligation that we have to comply with, or if retention is necessary for us to comply with our legal obligations.

Right to data portability. In certain circumstances, you may request that we provide your Personal Data to you in a structured, commonly used and machine readable format and have it transferred to another provider of the same or similar services. We will comply with such transfer as far as it is technically feasible. Please note that a transfer to another provider does not imply erasure of your Personal Data which may still be required for legitimate and lawful purposes.

Your right to lodge a complaint with the supervisory authority. We suggest that you contact us about any questions or if you have a complaint in relation to how we process your Personal Data. However, you do have the right to contact the relevant supervisory authority directly. To contact the Information Commissioner’s Office in the United Kingdom, please visit the ICO website for instructions.

LINKS

The Portal may, from time to time, contain links to and from the websites of our partner networks, advertisers, affiliates and other third parties. If you follow a link to any of these websites, please note that these websites may have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal information to these websites.

HERE IS SOME TEXT