A cookie is a small file containing letters and numbers that we store on your browser or computer’s hard drive with your consent. These cookies hold information that is transferred to your computer’s hard drive.

Our website uses cookies to distinguish your browsing from that of others, facilitating a better user experience and enabling us to improve our website. By continuing to browse our site, you agree to our use of cookies.

Below, you’ll find the types of cookies we use on our website:

• Strictly Necessary Cookies: Essential for our website’s operation, these cookies include those that allow secure login, shopping cart usage, and e-billing services.
• Analytical/Performance Cookies: These cookies help us recognize and count visitors, providing insights into their navigation across our website. This aids us in enhancing its functionality and user experience.
• Functionality Cookies: Used to identify you upon return visits, these cookies personalize content, greet you by name, and remember your preferences (e.g., language or region).
• Targeting Cookies: These cookies track your website visits, pages viewed, and links followed. They help tailor our website to your interests and may share this data with third parties for this purpose.

It’s important to note that third parties, such as advertising networks and providers of external services (e.g., web traffic analysis), may also use cookies beyond our control. These cookies typically fall into the analytical/performance or targeting categories.

You have the option to block cookies by adjusting your browser settings to refuse some or all cookies. However, blocking all cookies, including essential ones, may restrict your access to certain parts or the entirety of our website.

Penny Ledger highly values your privacy and is dedicated to safeguarding your personal data. This policy will explain how we handle your personal information when you visit our website, regardless of your location, and will outline your privacy rights as well as the legal measures we have in place to protect your data.

Purpose of This Privacy Policy

This policy is intended to provide you with insights into how Penny Ledger collects and processes your personal data while you interact with our website at https://www.pennyledger.co.uk, its subdomains, and any potential future sites we may operate (collectively referred to as the “Website”), including the services offered through it. This includes any information you may provide when subscribing to our newsletter, purchasing our services, or engaging with us in any other manner.

Our website is not intended for use by children, and we do not knowingly collect data concerning children.

It is crucial that you review this privacy policy alongside any other privacy or fair processing policy we might issue when collecting or processing your personal data. This comprehensive understanding will help you understand how and why we utilize your data. Please note that this privacy policy complements other notices and privacy policies and does not supersede them.

CONTROLLER

Positron Technologies Ltd, trading as Penny Ledger, is the controller responsible for your personal data (referred to as “Penny Ledger”, “we“, “us“, or “our” in this privacy policy).

We have appointed a data privacy manager to oversee queries related to this privacy policy. For inquiries about this policy or requests to exercise your legal rights, please contact the data privacy manager using the details provided below.

CONTACT DETAILS

For any questions regarding this privacy policy or our privacy practices, please reach out to our data privacy manager using the following contact information:

Full legal entity name: Supreme PLC – Trading as Penny Ledger

Email address: support@pennyledger.co.uk

Postal address: 4 Beacon Road Ashburton Road West Trafford Park Manchester M17 1AF

You have the right to file a complaint at any time with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would appreciate the chance to address your concerns before you approach the ICO; please contact us initially.

CHANGES TO THE PRIVACY POLICY AND YOUR DUTY TO INFORM US OF CHANGES

We regularly review our privacy policy.

To ensure the accuracy and currency of your personal data, please notify us of any changes to your personal information during our engagement.

THIRD-PARTY LINKS

Our website might include links to third-party websites, plug-ins, and applications. Clicking on these links or enabling connections may allow third parties to collect or share data about you. We do not govern these third-party websites and disclaim responsibility for their privacy policies. Upon leaving our Website, we recommend reviewing the privacy policy of each website you visit.

When we mention personal data or personal information, we are referring to any information that identifies an individual. Anonymous data, where the identity has been removed, is not included in this definition.

We collect, utilize, store, and transfer various types of personal data about you, which we categorize as follows:

• Identity Data: This encompasses information like your name, national insurance number, and unique taxpayer reference.
• Contact Data: This includes details such as your address and email address.
• Financial Data: This pertains to your bank account and payment card information.
• Transaction Data: Here, we store specifics about payments to and from you, along with additional details about the services you have procured from us.
• Technical Data: This refers to information like your internet protocol (IP) address, login data, browser type and version, time zone settings and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website.
• Accounting Data: This comprises financial details, documents such as P60s and invoices, as well as information regarding your income and expenses.
• Marketing and Communications Data: This segment involves your preferences concerning marketing material from us and our third-party associates, along with your communication preferences.

Additionally, we gather, use, and share Aggregated Data, which includes statistical or demographic information, for various purposes. While this data may be derived from your personal data, it is not considered personal data under the law since it does not directly or indirectly reveal your identity. For instance, we might analyze Usage Data to determine the percentage of users accessing a particular feature on our website. However, when Aggregated Data is combined or linked with your personal data in a way that can directly or indirectly identify you, we treat this combined information as personal data, subject to the terms outlined in this privacy policy.

We refrain from collecting any Special Categories of Personal Data, which include sensitive information about race or ethnicity, religious or philosophical beliefs, details about one’s sex life, sexual orientation, political opinions, trade union memberships, health-related information, genetic or biometric data. Additionally, we do not gather data about criminal convictions or offenses.

If you decline to provide personal data when it is necessary by law or under a contract we have with you, it might prevent us from performing our contractual obligations. For instance, it might hinder our ability to provide you with goods or services. Should such a situation arise, and we’re unable to proceed due to a lack of data, we will inform you accordingly.

We use various methods to collect data about you:

Direct interactions: You can provide us with your Identity, Contact, Financial, and Accounting Data by filling in forms or communicating with us through mail, phone, email, or other means. This involves personal information you provide when you:

• Register an account on our website.
• Subscribe to our Services.
• Use the financial tools available on our website.
• Request marketing materials.
• Participate in contests, promotions, or surveys.
• Provide feedback or contact us.

AUTOMATED TECHNOLOGIES OR INTERACTIONS: When you interact with our Website, we automatically collect Technical Data related to your devices, browsing behavior, and patterns. We acquire this personal information through the use of cookies and similar technologies. Also, if you visit other websites that use our cookies, we may obtain Technical Data.

THIRD-PARTY OF PUBLICLY AVAILABLE SOURCES: We gather personal data about you from various third-party sources and publicly accessible platforms, including:

Technical Data from

• Analytics providers.
• Advertising networks
• Search information providers.

Financial and Transaction Data from providers offering technical, payment, and delivery services. Accounting Data from HMRC and other governmental bodies.

Your personal data is handled by Penny Ledger strictly in accordance with the law. Primarily, we engage with your personal data in the following scenarios:

• Where it is essential to fulfil the agreement we are establishing or have already established with you.
• When it is vital for our legitimate interests (or those of a third party), considering that your fundamental rights and interests do not outweigh these interests.
• When there is a necessity to adhere to legal obligations.

Typically, we do not hinge on consent as the legal basis for processing your personal data. However, we seek your consent before dispatching third-party direct marketing communications via email or text message. You retain the right to withdraw consent for marketing at any time by reaching out to us.

PURPOSES FOR UTILIZING YOUR PERSONAL DATA

We have provided a structured depiction below, outlining the various ways in which we plan to utilize your personal data and the legal foundations upon which we rely for each purpose. Moreover, we have pinpointed our legitimate interests wherever applicable.

Kindly note that we may process your personal data based on more than one lawful ground, contingent upon the specific purpose for which your data is being utilized. Should you require detailed information about the specific legal grounds for processing your personal data in instances where multiple grounds are cited in the table below, please feel free to contact us.

MARKETING

Our commitment is to give you choices when it comes to how we use your personal data, especially concerning marketing and advertising.

PROMOTIONAL OFFERS FROM US

We personalize our offers based on what we believe aligns with your interests or needs, using your Identity, Contact, and Technical Data. This guides our decisions on products, services, and offers that could be relevant to you (referred to as marketing).

You’ll receive marketing communications from us if you’ve requested information or purchased services from us and haven’t opted out of receiving such marketing.

THIRD-PARTY MARKETING

Before sharing your personal data with any third party for marketing purposes, we’ll ask for your explicit opt-in consent.

OPTING OUT

You have the option to request us or third parties to stop sending you marketing messages at any time. You can do so by using the provided opt-out links in any marketing communication you receive or by contacting us at support@pennyledger.co.uk.

COOKIES

You can adjust your browser settings to block some or all browser cookies or receive notifications when websites set or access cookies. Please note that disabling or rejecting cookies might limit access to certain parts of our website or affect its functionality. Refer to our cookie policy for more details on the cookies we use.

CHANGE OF PURPOSE

We use your personal data only for the purposes for which we collected it, except when we reasonably believe there’s a compatible reason for its use. If you’d like to understand how we align the processing for a new purpose with the original one, please contact us at support@pennyledger.co.uk.

In cases where we need to use your personal data for an unrelated purpose, we’ll notify you and explain the legal basis that allows us to do so.

Please note that there are situations where we may process your personal data without your explicit consent, following the rules mentioned above, if it’s necessary or permitted by law.

We might share your personal data with the following parties for the purposes detailed in the table above.

External third parties falling within these categories:

• Communication and administration (e.g., Microsoft Azure)
• Analytics, tracking, and website functionality (e.g., Google and Auth0)
• Accounting
• Payments (e.g., Stripe)
• Anti-money laundering compliance
• External accountants

Additionally, third parties to whom we might opt to sell, transfer, or merge parts of our business or assets. Alternatively, we may decide to acquire or merge with other businesses. If such changes occur in our business, the new owners may utilize your personal data as outlined in this privacy policy.

We mandate all third parties to uphold the security and lawful treatment of your personal data. Our third-party service providers are not permitted to use your personal data for their own purposes. They are authorized to process your personal data solely for specific purposes and in alignment with our instructions.

Certain external third parties we engage with are situated outside the European Economic Area (EEA), involving the transfer of your personal data outside the EEA.

Whenever we transfer your personal data beyond the EEA, we guarantee a similar level of protection by implementing one of the following safeguards:

• We transfer your personal data solely to countries approved by the European Commission that ensure an adequate level of data protection.
• In instances where we engage certain service providers, we utilize specific contracts endorsed by the European Commission. These contracts provide personal data with the same level of protection as in Europe.
• When utilizing providers in the US, we might transfer data to them if they are part of the Privacy Shield. This framework necessitates them to offer comparable protection for personal data exchanged between Europe and the US.

Should you require further details about the specific mechanism used for transferring your personal data beyond the EEA, please reach out to us.

Penny Ledger has implemented suitable security measures to prevent accidental loss, unauthorized access, misuse, alteration, or disclosure of your personal data. Additionally, we restrict access to your personal data to authorized employees, agents, contractors, and other third parties who require such information for business purposes. They will process your personal data solely based on our instructions and are bound by confidentiality obligations.

We have established procedures to address any suspected personal data breaches. In cases where legally required, we will notify you and relevant regulators of any breaches.

How long will Penny Ledger use my personal data?

We retain your personal data only for as long as necessary to fulfill the purposes for which we collected it. This includes meeting any legal, regulatory, tax, accounting, or reporting requirements. In certain circumstances, such as pending litigation or a complaint, we may retain your personal data for an extended period.

To determine the appropriate retention period, we consider various factors, including the type and sensitivity of the personal data, the potential risk of unauthorized use or disclosure, our processing purposes and whether these can be achieved by other means, and the applicable legal, regulatory, tax, accounting, or other requirements.

You can request details about the retention periods for different aspects of your personal data by contacting us to obtain our retention policy.

Under specific circumstances, you are entitled to certain rights concerning your personal data, as per data protection laws. These rights include:

Requesting access to your personal data (commonly referred to as a “data subject access request”). This allows you to obtain a copy of your personal data held by us and verify its lawful processing.

Seeking correction of the personal data we hold about you. This empowers you to rectify any incomplete or inaccurate data we might have about you. However, we may need to verify the accuracy of any new data you provide.

Requesting erasure of your personal data. You have the right to ask for deletion or removal of your personal data if there’s no compelling reason for us to continue processing it. Similarly, if you’ve successfully objected to processing, if we processed your information unlawfully, or if erasing your data is necessary to comply with local law, you can request its deletion. Yet, please note that certain legal reasons may prevent us from complying with your erasure request, and we will inform you if applicable at the time of your request.

Objecting to the processing of your personal data. In situations where we rely on legitimate interests (or those of a third party), and you believe it impacts your fundamental rights and freedoms, you have the right to object. You also have the right to object when we process your personal data for direct marketing purposes. However, there might be cases where we can demonstrate compelling legitimate grounds to process your information, which could override your rights and freedoms.

Requesting restriction of processing of your personal data. This allows you to ask us to temporarily halt the processing of your personal data in the following situations:

• Verification of data accuracy.
• Unlawful use of data where you prefer it not to be deleted.
• Retention of data needed for legal claims.
• Verification of compelling legitimate grounds for processing if you’ve objected to our use of your data.

Requesting the transfer of your personal data to you or a third party. Your personal data will be provided to you or a third party in a structured, commonly used, machine-readable format. This right applies only to automated information for which you initially consented to its use or which was used to perform a contract with you.

Withdrawing consent at any time. If we rely on your consent to process your personal data, you have the right to withdraw it. However, this doesn’t affect the lawfulness of any processing conducted before your consent was withdrawn. Note that withdrawing consent may affect our ability to provide certain products or services to you, and we will inform you if this is the case upon withdrawal.

NO FEE USUALLY REQUIRED

Accessing your personal data or exercising your rights does not typically incur a fee. However, we may charge a reasonable fee or refuse to comply if your request is evidently unfounded, repetitive, or excessive.

WHAT WE MAY NEED FROM YOU

To confirm your identity and ensure your right to access your personal data or exercise other rights, we may need specific information from you. This is a security measure aimed at preventing unauthorized disclosure of personal data. Additionally, we might contact you for further details regarding your request to expedite our response

TIME LIMIT TO RESPOND

We strive to respond to all valid requests within one month. However, if your request is complex or multiple requests have been made, it may take longer than a month. In such cases, we will notify you and keep you informed of the progress.