ExpensePlus is absolutely committed to the protection of the privacy of all our customers. Your privacy is really important to us and we understand how important it is to you. Our aim is to be as clear and open as possible about what we do with your personal data and why we do it.
Definitions We Use In This Document
"The Service" means our ExpensePlus software, which is accessed online through a web browser. Access is provided through a unique username/password. The service also includes any files you upload to ExpensePlus.
"your Organisation" means your church or charity or other type of organisation that has opened a ExpensePlus account. In the relationship between us, your Organisation should be considered the Data Controller as defined within the context of the General Data Protection Regulation (GDPR) and UK data protection law.
"us", "we" and "our" refer to ExpensePlus Ltd. In the relationship between us, ExpensePlus Ltd should be considered the Data Processor as defined within the context of the General Data Protection Regulation (GDPR) and UK data protection law.
"you" means you, the person who accesses The Service on behalf of your Organisation. This may include others within your Organisation to whom you choose to grant user access to The Service.
How Do We Use Your Information?
When you first sign up for a trial of The Service, you are required to provide basic contact information (about your Organisation, and about yourself as the organisation's account contact) to enable us to create your trial account to access The Service. The contact details you provide are used solely to communicate with you during your trial. At the end of the trial period, if you wish to continue to access The Service on a paid subscription basis, those same contact details are retained.
Within the 'manage settings' section of The Service you are able to update your contact details; for example, if the account contact person changes within your organisation.
We comply with our obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
What Is Our Lawful Basis For Using Your Information?
We have various scenarios under which we may use your information, and for each have identified a lawful basis, as described below:
- If you have subscribed to use The Service (see our related Terms of Service), processing is necessary to perform and manage the contract.
Legitimate interest applies
- Where the contract between us has ended – either because you have closed your trial of ExpensePlus or you have cancelled your subscription to The Service. We will opt you out of all communication and not contact you after the contract has ended; unless you contact us or have requested we contact you at a later date. However, we will retain your contract contact details for internal statistical and reporting purposes.
- Where you sign-up for a training event and we communicate with you about that event, both before the event, and in follow up after the event.
- Where you have engaged with us at an exhibition or marketing event, or you have approached us independently for information about The Service. We will only use your contact details to respond to your enquiry.
Where we need to communicate with you about: -
- A technical issue or bug within The Service that affects you,
- Any security-related matter,
- New features and functionality added to The Service, or changes to existing functionality,
- Training events we are running designed to help train your users and maximise your organisation's use of The Service.
- For good governance and accounting, for market research, analysis and developing statistics.
Legal obligation applies
- When you exercise your rights under data protection law and related disclosures.
- For maintaining and reporting financial accounting information for up to 6 years from the end of the tax year in which a financial transaction was processed. Financial information may be for The Service, and for training.
- Where you have voluntarily subscribed to the ExpensePlus email list and explicitly consented to receiving our emails. You can unsubscribe from this list at any time using the unsubscribe link in the footer of those periodic emails.
- Where you have explicitly consented for us to publish a "Review" that your have written about The Service on our website. Your name, organisation name and website are included in the review, along with a profile image you have supplied us. You may withdraw your consent at any time and we will remove your review from our website.
Sharing Your Information
The information we hold about you will be treated as strictly confidential and we will only share your data with third parties with your prior consent, or unless required to do so by law.
How Secure Is Your Information?
We take security very seriously and will do everything within our power to keep your information safe. Full details on the steps we have taken to manage your data securely can be found on our security page.
How Long Do We Keep Your Information?
We keep data in accordance with the guidance set out by the GDPR. We endeavour to maintain only data that is relevant, accurate and up to date. You are responsible for keeping account contact, billing contact and data protection contact details up to date (managed in the Administrator section of the Service). We have internal processes to periodically review the data we hold and delete data that is no longer relevant to our purpose for processing.
Your Rights And Your Information
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data
Access To Your Information
You have the right to request a copy of the personal information about you that we hold.
Correcting Your Information
We want to make sure that your personal information is accurate, complete and up to date and you may ask us to correct any personal information about you that you believe does not meet these standards.
Deletion Of Your Information
You have the right to ask us to delete personal information about you where
- you consider that we no longer require the information for the purposes for which it was obtained or that we no longer need to retain it in accordance with our statutory obligations
- you have validly objected to our use of your personal information - see 'Objecting to how we may use your information' below
- our use of your personal information is contrary to law or our other legal obligations.
Objecting To How We May Use Your Information
Where we use your personal information to perform tasks carried out in the public interest then, if you ask us to, we will stop using that personal information unless there are overriding legitimate grounds to continue.
Restricting How We May Use Your Information
In some cases, you may ask us to restrict how we use your personal information. This right might apply, for example, where we are checking the accuracy of personal information about you that we hold or assessing the validity of any objection you have made to our use of your information. The right might also apply where there is no longer a basis for using your personal information but you do not want us to delete the data. Where this right is validly exercised, we may only use the relevant personal information with your consent, for legal claims or where there are other public interest grounds to do so.
Withdrawing Consent Using Your Information
Where we use your personal information with your consent you may withdraw that consent at any time and we will stop using your personal information for the purpose(s) for which consent was given. Please contact us in any of the ways set out in the 'Contact information and further advice' section if you wish to exercise any of these rights.
Lodging A Complaint
If you feel we have used your information incorrectly or without lawful basis, or you dispute our lawful basis, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).
If we wish to use your information for a new purpose, not covered by this Privacy Notice, then we will provide you with a new notice explaining the new use prior to starting the processing and setting out the relevant purposes and legal basis for processing. Where and whenever necessary, we will seek your prior consent to the new processing.
Our Contact Details
We can provide you with access to your personal data at any time. Requests must be made in writing to The Data Protection Officer, ExpensePlus Ltd, Headingley Enterprise & Arts Centre, Bennett Road, Leeds, England, LS6 3HN or by email to firstname.lastname@example.org.
If you have a data protection, security or privacy-related question or complaint, please contact us by email in the first instance, where we will do our best to assist you or resolve an issue.
Here is the information we may collect about you/your organisation and how we use that information
Contact First And Last Name
Each organisation will designate a named individual who will serve as our point of contact for matters relating to The Service. The account contact will also be our initial billing contact and date protection contact; however, you can update any of these at any time from within the System Settings screen of The Service.
Used by us to help verify your trial request account when a trial account is opened for The Service, and also to enable us to tailor our communication with you appropriately in relation to The Service.
Contact Email Address
An email address is required in order for you to access the service, and to communicate with you about your account and account-related matters.
Used to create an account for The Service for your named organisation.
we use your charity number to obtain basic information about your charity to help us validate your trial request when a trial account is opened for The Service and for internal reporting purposes.
Used by us to help verify the existence of your organisation when a trial account is opened for The Service. Your organisation's domain name is also used to match support emails received from your organisation's domain name to your account.
Annual Income Of Charity
Used to calculate your monthly billing and ensure you are on the correct pricing plan, and for statistical reporting.
Financial Year Start Date
Used to enable us to correctly set up your financial year start date within The Service.
Name Of Referrer (If Applicable)
Used so that we know how to thank for referring you to ExpensePlus.
Other Information We May Derive From Your Website Or The Charities Commission Website
We produce internal reporting about the different types of organisations in our customer base (e.g. church, independent charity, other; and for churches, if appropriate, the denomination).
Organisation 'Known By' Names
Where your organisation is known by more than one name, or by an abbreviation of your organisation name, we'll note these to help us better match email support requests to the correct customer account.
Other Information We Maintain About Your Organisation
We maintain a financial history audit trail of invoices raised and payments made for The Service, including payment method, and overdue and unpaid accounts.
Event Sign Up
If you sign up for an online tour, training or support sessions, your sign-up details are used solely to communicate with you about that event, both before and in follow up to the event.
Each website can send its own cookie to your browser if your browser's preferences allow it, but to protect your privacy your browser only permits a website to access the cookies it has already sent to you, not the cookies sent to you by other websites.
During the course of any visit to ExpensePlus, the pages you see, along with a cookie, are downloaded to your device.
ExpensePlus uses Google Analytics, a web analytics service provided by Google on our sales website. Google Analytics sets a cookie in order to evaluate your use of the website and compile reports for us on activity on ExpensePlus. Google stores the information collected by the cookie on its servers. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google. By using ExpensePlus, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
If you wish to restrict or block the cookies which are set by ExpensePlus, or indeed any website, you can do this through your browser settings. Users have the opportunity to set their devices to accept all cookies, to notify them when a cookie is issued, or not to receive cookies at any time.
Each browser is different, so check the "Help" menu of your browser to learn how to change your cookie preferences. You may also wish to visit www.aboutcookies.org which contains comprehensive information on how to do this on a wide variety of browsers. You will also find details on how to delete cookies from your computer as well as more general information about cookies.
As cookies we use are necessary for accessing and using the content and features of our software, if cookies are disabled in the internet browser, users will be unable to log in to ExpensePlus.
Note: when visiting pages within our sales website with content embedded from, for example, YouTube or Facebook, you may be presented with third party cookies from these sites. Our website does not control the dissemination of these cookies and you should check the third party websites for more information about these.