Maintaining your privacy is really important to us. You entrust us with sensitive personal and financial information, and we take that responsibility seriously.
- Who are we?
AIRPA Research and Development or AIRPA (“we”, “us”, “our”) is an online business and accounting platform for everyone but it is best suited to small businesses and accountants.
- What information do we collect and receive?
Your personal data
When we say “personal data”, we mean any information that relates to and identifies a living person. Personal data will be contained in the information that you provide to us or that is provided during your interactions with us or our service, or in the information that you authorise a third party to give to us on your behalf.
The financial data that you enter into AIRPA, or that is provided to AIRPA from your bank or other third party software, isn’t part of the “personal data” discussed here, unless it identifies a person. For more information about your financial data, please see the following section.
When it comes to your personal data, we comply in full with our obligations under the General Data Protection Regulation (GDPR) and other applicable data protection legislation.
Information you provide – Your personal data includes the information you provide to us or that you authorise someone else to provide when you:
- sign up for an AIRPA account;
- elect to have an AIRPA account provided to you;
- sign up to receive our emails or communications;
- participate in or answer questionnaires or surveys, provide feedback or enter competitions;
- provide information in your AIRPA account profile;
- provide information during a support enquiry about you and/or your organisation;
- provide information when you complete any forms which you submit to us, e.g. when you authorise us to receive transaction information from your bank; or
- provide information via an upload or data transfer to your AIRPA account.
Examples of this personal data include name, email address, contact number, as well as any correspondence sent by you when you contact us. It could also include your bank account details and bank transaction details (if that information identifies a person). It could also include details in any invoices or receipts that you upload (if they identify a person).
AIRPA has no requirement to collect or process any special categories of personal data, as defined under GDPR and the Data Protection Act 2018, in order to provide the service. In addition, we do not knowingly collect or solicit any personal data from anyone under the age of 16 or knowingly allow such persons to register for AIRPA. AIRPA is not directed at children under the age of 16. In the event that we learn that we have collected personal data from a child under age 16 without verification of parental consent, we will delete that information as quickly as possible.
Your financial data
In addition to your own personal data, we may also hold financial data that you enter into AIRPA in order to make use of our services. Examples of your financial data include your organisation’s invoices, expenses, receipts and bank transactions. You are in control of the financial data subject to our Terms. For example, if you want to give your accountant access to your financial data, you can switch this on in AIRPA. Likewise, you can also stop a feed of data from your bank or remove an accountant’s access at any time.
It is your responsibility to safeguard your login information and control third party account access. Also, you need to make sure you have made suitable disclosures and, where applicable, have obtained any relevant consents or permissions necessary for you to upload the data of others (such as suppliers and clients) to AIRPA and for that data to be used as set out in this policy. If, at any time, you want to prevent third party access to your AIRPA account or stop any transfer of data between your bank and your AIRPA account, please contact firstname.lastname@example.org or talk to your accountant.
Information we collect – We collect information about your usage of our service and website to improve our service, understand trends and enhance and customise content and campaigns. Some of this data may be “personal data”, where it relates to an identifiable person. Here’s the information that we collect and how we use it:
- we monitor patterns of usage, such as login dates and volumes of data, so we can understand how people are using AIRPA. We also do this in order to keep AIRPA secure and to develop and improve our products.
- we also monitor patterns of usage so that we can tailor any communications we may send to you or advertising that you may receive. For example, we may tailor a newsletter with information about product features that you haven’t tried yet, instead of features that you use frequently. We want the content of our communications to be relevant and useful to you.
- for security reasons and to aid in our monitoring of usage patterns, we log your Internet Protocol (IP) address when you use our website. This is the individual identification number that is assigned to your computer when it’s connected to the internet.
- we monitor traffic information to our website and emails, including page visits, email clicks, purchases, referring sites, and video viewings. We use this information to improve our website, advertising, promotions, and to understand customer behaviour. Please see section 10 below regarding our policy on cookies.
Utilisation of Google User Data
- AIRPA integrates with Google user data via restricted scopes in strict accordance with the Google API Services User Data Policy. This integration specifically leverages Mail and Drive data obtained from Google to enhance the user experience by enabling seamless access and organisation of cloud storage and email functionalities.
- To verify your email address and create your Software account on our servers, linking your Google account.
- To access and read your Google account profile information to retrieve and display your account name and photo in AIRPA;
- To access and retrieve your email messages to: (i) display a count of messages; (ii) show your unread, read, draft, deleted, archived, sent, and flagged emails; (iii) read and display any files attached to your emails; and (iv) provide a direct link to your inbox for your emails.
- To access and read your Google Drive files for certain Software features to display and retrieve those files, including file name, location and file preview with a direct link to your Drive.
Information others provide to us
We may receive information from other companies or entities (e.g. your bank) when you have authorised that third party to provide information to us. This could, in certain circumstances, include the initial information to enable us to create your account (e.g. your full name, your email address and your business type), as well as your bank transaction data.
- What do we use your personal data for?
We collect and use your personal data for a variety of business reasons. However, we need some of the data to enter into and perform our contract with you, maintain the security of our systems and provide you with access to AIRPA. This data includes your contact details and other information requested during the AIRPA setup process. If you fail to provide this data, or refuse to do so, we may be unable to provide our service to you.
All the processing we carry out is underpinned by a set of processing conditions. These are the legal bases under which we have the authority to collect, use and store your personal information. The following is a summary of how these could apply to you within the AIRPA service.
We will process data where it is necessary to enter into a contract with you for the provision of the AIRPA service or to perform our obligations under that contract. Please note that if you do not agree to provide us with certain requested information it may be difficult for the service to operate as intended or at all. Examples include:
- processing and reviewing applications for the AIRPA service, financial products or additional services;
- executing your instructions; processing transactions, providing support or advice, resolving any queries or discrepancies and administering any changes;
- receiving calls or emails to our support team;
- managing and maintaining our relationships with you and for ongoing customer service;
- communicating with you about the service and products you receive from us or via the AIRPA service; and
- handling any complaints, queries or requests which relate to the AIRPA service.
Please note – you will retain complete discretion to terminate your account with AIRPA where we/you consider that it does not meet your needs or expectations.
When you elect to use the AIRPA service, we are required by law to collect and process certain personal information about you. Please be aware that, should you refuse to provide us with certain mandatory information, it may not be possible for you to access the service. Examples include:
- confirming your identity and protecting against fraud as part of a model for secure access;
- performing checks on the service and monitoring transactions and location data for the purpose of preventing and detecting crime and to comply with laws relating to money laundering, fraud, terrorist financing, bribery and corruption;
- sharing information with police, law enforcement, tax authorities or other government and fraud prevention agencies where we have a legal obligation to do so, including reporting suspicious activity and complying with production and court orders;
- delivering mandatory communications to users of the service, providing service messages, publishing revised disclosures or terms and conditions;
- investigating and resolving complaints where we may need to exercise or defend our legal rights;
- conducting investigations into suspected criminal acts, breaches of conduct and corporate policies;
- processing applications for products and services available from or through AIRPA, including making decisions about whether to agree to approve any application;
- performing assessments and analysing customer information for the purposes of managing, improving and fixing data quality; and
- providing assurance that we have effective processes to identify, manage, monitor and report on the risks AIRPA might be exposed to (e.g. security, fraud and client confidentiality).
We will process your personal data within AIRPA where it is in our legitimate interests do so, and without prejudicing your interests or fundamental rights and freedoms. Examples include:
- delivering service insights and personalised recommendations to you which help to maximise your use of AIRPA and its products and services, or those products and services from our parent company and trusted third parties;
- providing you with updates about the AIRPA service and its functionality, including new features and services;
- analysing your personal data and financial data so that we can administer, support, improve and develop our business, customer service and features of the AIRPA service; we may use third parties to assist us in performing these activities from time to time and, in those cases, we may pass on your personal and/or financial data to them. We will only share your data with third parties that we trust, and when there are assurances in place as to how they will protect the data.
- improving your experience of the AIRPA service by:
- gathering feedback from you on your use of and interactions within our service;
- assessing your use of our service;
- tracking your interactions with our service to tailor the content; and
- recording and monitoring communications to our telephone and online helplines.
- taking action if we need to defend our legal rights under our Terms of Service if you misuse the service or act in a way which contravenes laws, regulations or our Terms;
- utilising available support functions for the management of the service. This may include budgeting, advice from our legal and accounting teams and technology support from relevant expert areas and third parties;
- tracking and analysing your use of our service to prepare reports on its performance;
- sharing anonymous or aggregate data in order to get you the best deals available on associated products and services, or with trusted third parties for research purposes;
- validating your information (and, in some cases, matching it against information that has been collected by a third party, for example Companies House) to check that the data we hold is accurate, consistent and current;
- monitoring anonymous, aggregated information about accounting and financial data so that we can produce insights about small business finance. For example, based on an anonymous, aggregate data analysis, we may produce a white paper that reports on how most small businesses are not paid on time;
- performing research and trend analysis to optimise your experience of the service;
- developing and enhancing our data models to improve the accuracy of the service and your insights;
- engaging our users by:
- gathering your feedback on the service;
- reporting at an aggregate level on the user experience and service performance;
- engaging and communicating with our users on social media and via SMS/email; and
- providing you with detailed information on your account activity.
- using your personal information in an anonymised and aggregated form to create content to include in:
- infographics, industry reports and media campaigns;
- blog posts and videos on the AIRPA service;
- emails that inform users about the success and performance of the service; and
- posts from social media accounts owned and operated by AIRPA.
- Who do we share your information with?
Elective third party access to AIRPA data
Should you choose to use parts of AIRPA that permit the sharing of your personal and/or financial data with third parties (for example, if you choose to give your accountant or your bank access to your data), then your personal and/or financial data will be shared in that way. Such personal or financial data may include, for example, general, financial and transactional data and information from your account such as accounting ledger balances, bank transactions and invoices, bills, expenses and project details. These third parties will use that data in accordance with any permissions and consents you have given us or that you may give to us in the future.
Supplier and third party arrangements
As part of the service, we may need to share your personal information outside AIRPA. There are limited circumstances in which we would do this and we will always have a compelling business reason to do so. Examples of when we will share your information include:
- when we have your permission to do so;
- when you ask us to share your information as part of the service or a connected product you are interested in so that we can tailor your experience;
- when you instruct us to share your information with your bank and to add accounts from other providers to the AIRPA service;
- when part of the service, or a product you are interested in, is supported or provided by a third party outside AIRPA;
- when we are under a duty to disclose or share your personal or financial data in order to comply with any legal or regulatory obligation;
- to cooperate with law enforcement officials, judicial bodies, government entities, tax authorities or regulatory bodies in the investigation of unlawful activities of AIRPA users or relating to AIRPA users; or in order to enforce or apply any contract with you; or to protect our rights, property, or the safety of our employees, customers or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction;
- sharing with third parties and other financial services companies to help prevent, detect and prosecute unlawful acts and fraudulent behaviour;
- sharing with suppliers, sub-contractors and advisors who support the operation of the service, provide information for an insight, or manage connected products;
- sharing with third parties in the event that we, our business, or substantially all of its assets are acquired by a third party (in which case, personal information about customers will be one of the transferred assets);
- we may pass aggregate information on the usage of the AIRPA service, where relevant, to maintain, improve and manage the AIRPA service or for the purposes of research, but this will not include your personal data.
We will always take steps to ensure that the safety and security of your information is maintained. We will implement and maintain technical and organisational measures over each transfer of personal information and mandate that our partners and third parties do the same. No ownership rights to the data will be transferred to any third party, unless otherwise notified.
Transferring information overseas
We will, from time to time, have to transfer your information to third parties or organisations in other countries. This will only happen on the basis that any party to which we pass your information will protect it in the same way that we would and in accordance with applicable laws.
In the event that we transfer information to countries outside of the European Economic Area (which includes countries in the European Union as well as Iceland, Liechtenstein and Norway), we will only do so when:
- the European Commission has decided that the country or the organisation we are sharing your information with will protect your information adequately;
- the transfer has been authorised by the relevant data protection authority; and
- we have entered into a valid contract with the third party or organisation with which we are sharing your information (on terms approved by the European Commission) to ensure your information is adequately protected.
Additionally, you may grant third party access to your personal or financial data by enabling the AIRPA API for that third party. At all times, this access is controlled by you. AIRPA is not responsible for the privacy practices employed by any third party given access by you to your personal or financial data by the AIRPA API.
- How long do we store your data for?
We only store your data for as long as is necessary for the purposes of processing that are set out in this policy. When you cancel your account with AIRPA, you can either delete your data immediately in-app via the delete account function, or we will automatically delete your data after one year. Please see the table below detailing our retention policy for all types of account.
|Expired Free Trial
If you are signed up to marketing communications, cancelling your AIRPA account will not automatically cancel your marketing preferences. If you would like to unsubscribe, please email email@example.com, otherwise we will delete your email address from our system after two years of inactivity.
To ensure the integrity of our systems and your data, we utilise various technologies to continually take secure, encrypted backups. All data, including deleted data, remains archived within these backups, which are maintained according to our defined two-year data retention policy, after which they are deleted.
- You can export your account data at any time
You can export a copy of your data whenever you like – this will include some elements of your personal data and that of your clients, contacts and suppliers, your financial transactions, invoices, and expenses. We recommend that you use the export functionality to keep a backup of your data. While we regularly back up your data, we can’t restore backups on an individual basis. You can also ask us for a copy of your personal data that we hold – see section 9 below for more information.
- You can delete your data at any time
You have the option to delete all of your data at any time, using the delete account option in the settings area of AIRPA. Using this option cancels and deletes your AIRPA account and all associated data.
Deleting your data removes it from our active servers immediately; however, we retain archived database backups for two years, after which they are permanently deleted.
We highly recommend that you export your data before cancelling, since many countries (including the UK) require you to retain your business records going back many years, even if you have finished trading. AIRPA is under no obligation to retain data on your behalf if you are no longer subscribed to the AIRPA service.
If your free trial expires or your account is suspended due to non-payment, your account will be automatically deleted after two years of inactivity. We retain historical details about your payments to AIRPA for accounting purposes because we are required by law to do so.
- We don’t store your credit card details
Once your 30-day free trial is over, in some cases, you may need to provide payment details to start your subscription and continue using AIRPA. Where this information is provided, it is passed directly to our payment service provider, GoCardless, via an encrypted link and is never stored on our systems. We handle ongoing billing by passing a token to GoCardless that identifies your account.
- What are your rights?
- Access to your personal data: You can ask us to confirm if we are processing your personal data and you may request a copy of your personal data by contacting our team at firstname.lastname@example.org.
- Right to change or withdraw your consent: Where you have given us consent to make use of your personal data for any of the purposes outlined in this policy, you may withdraw that consent by contacting us using the details located in section 13 of this policy. If you wish to change your contact preferences or you no longer wish to be contacted for marketing purposes, please get in touch.
- Right to rectification: If you need to update out-of-date or inaccurate information we hold about you, please log on to your AIRPA account and update your information or please get in touch.
- Right to erasure: You are free to delete your data at any point, using the delete functionality.
- Right to data portability: In certain circumstances you may ask us to provide you with the personal data that we hold about you in a structured, commonly used, machine-readable form, or ask for us to send such personal data to another data controller. You can use the export functionality at any time to export your data in this manner.
- Right to object: In certain circumstances you may object to our processing of your personal data. If this is the case, please get in touch
- Right to restrict processing: You can ask us to restrict the processing of personal data we hold about you in certain circumstances. If you wish to do so, please get in touch.
- Make a complaint: You may make a complaint about our data processing activities to a supervisory authority. In the UK this is the Information Commissioner’s Office (ICO). Further details can be found on their website.
If you want to manage or disable cookies for the AIRPA website or any other site, you can do so by changing your browser settings. Please bear in mind that disabling functional cookies may impair the availability and/or functionality of the AIRPA service. We suggest consulting the “Help” section of your browser which offers guidance for all modern browsers.
- Security and data storage
We take security and privacy seriously. We will endeavour to take all reasonable steps to keep your personal and financial data secure once it has been transferred to our systems. We adopt appropriate, industry-standard data collection, storage and processing practices and security measures to protect against unauthorised access, alteration, disclosure or destruction. For further details of the security measures we have implemented.
Where we utilise third parties to help provide our services, we will always ensure that, as a minimum, the security policies and confidentiality arrangements of those third parties adhere to the same requirements that we impose and expect.
Where we have given you (or where you have chosen) a password that enables you to access certain parts of the AIRPA website or AIRPA itself, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
We shall periodically check that the personal data we store for you is accurate. If you would like to update the personal data we hold about you, please log in to your AIRPA account or contact us at email@example.com with your request.
Please note that the internet is not a secure medium and although we will do our best to protect your data, we cannot guarantee the security of any data transmitted to AIRPA. Any such transmission is at your own risk.
Consistent with Google’s Limited Use requirements, AIRPA is committed to the following principles in its handling of Google user data:
- We utilise data obtained from Google APIs solely to deliver or improve upon the user-facing features clearly presented within our application’s interface, ensuring a cohesive and efficient user experience.
- The redistribution of Google user data is strictly controlled, limited to instances directly benefiting the operation of AIRPA, with explicit user consent, for security measures, to meet legal obligations, or during corporate restructuring, always with prior explicit consent from our users.
- AIRPA categorically refrains from the sale, transfer, or misuse of Google user data for advertising or unrelated third-party engagements.
- AIRPA upholds the highest standards of data security as necessitated for applications accessing sensitive and restricted Google API scopes. Regular security assessments are undertaken to ensure adherence to Google’s security requirements and to protect user data against unauthorised access and threats.
- Getting in touch
AIRPA Privacy Officer
962 Eastern Avenue, Essex, United Kingdom, IG2 7JD
Please note that phone calls to AIRPA Support may be recorded for monitoring, training and security purposes.