Just published: Supplier insight study on virtual card adoption trends.

Privacy policy

This “Privacy Policy” applies to our website visitors. Customers applying, using or subscribing to any of Previse’s Applications and Services should read and review our Privacy Policy for Applications and Services.

Version 3.1, Last updated:20 June 2023

General

Previse Limited (“we” and “us”, and “our”) is committed to protecting your personal data and respecting your privacy. This privacy policy (the “Privacy Policy”) explains the type of personal information that we collect via our company website https://previse.co/ and your product or information websites (such as https://instantpay.co) (each referred to as the “Website”) and governs our use of Personal Data as a controller as described in further detail below. Please note that this Privacy Policy does not apply to the use of our applications and services, to which the privacy policy for applications and services, found at https://previse.co/en-gb/privacy-policy/apps-and-services/, applies.

By using this Website you accept the terms of this Privacy Policy.

We recommend that you read this Privacy Policy whenever you visit the Website as we may, without prior notice to you, amend this Privacy Policy to reflect any changes in Previse’ practices, services and legal obligations. If Previse makes any material changes to the way Previse collects, uses or shares Personal Data, Previse will communicate those changes to you. Your continued use of the Website following the effective date of a change to this Privacy Policy signifies your acceptance and agreement to the terms of the revised Privacy Policy. This Privacy Policy has been revised at the “Last Updated” date displayed at the top of this Privacy Policy. All changes will be effective when posted at https://previse.co/en-gb/privacy-policy/ and are binding on you from that date. The current version of the Privacy Policy will be displayed on that page.

Information about us and our role

Previse Limited is a company registered in England and Wales with number 09117429 with its registered address at Building 423 – Sky View (Ro) Argosy Road, East Midlands Airport, Derby, DE74 2SA, United Kingdom. We are the controller responsible for the processing of Personal Data described in this Privacy Policy under the Data Protection Legislation and other applicable law.

If you wish to contact us about this Privacy Policy or for any enquiries about how we use Personal Data, please contact us at help@previ.se.

The personal data we process as a controller

Purposes for processing

We will use and process Personal Data lawfully, fairly and in a transparent manner. We will collect and use Personal Data solely for the specified and legitimate purposes stated in this Privacy Policy. We use:

Personal Data to:

send you marketing communications including:

updates about new or improved functionality of Previse’s applications and services and events, promotions or competitions being offered by us; and

information from us about goods and services which may be of interest to you;

If you are a corporate subscriber, we will do this because it is in our legitimate interests to process Personal Data in this way. You are entitled to object to us contacting you or to amend your communication preferences by contacting us at help@previ.se.

If you are an individual subscriber, we will process Personal Data in this way where you have consented to receive these marketing communications from us. You are entitled at any time to withdraw your consent to receiving these marketing communications from us at any time.

If you subsequently decide that you do not want to receive marketing communications from us, please click the “unsubscribe” link provided in our marketing messages. Objecting to receiving marketing communications will not affect our use of the Personal Data prior to you objecting but it will mean that we will not be able to contact you about the offers we may run and other services we may be able to offer to you in the future.

contact you, if we receive a request to contact you or to send you any requested information. We will use the Personal Data in this way because it is in our legitimate interests to use Personal Data to communicate with you, to respond to your request and develop the relationship between us. It may also be necessary for us to:

use Personal Data to perform an agreement with you, where we would be unable to provide those services without that information (for example, if a particular service or information is to be provided to you, we would be unable to provide that service or information unless we were able to use Personal Data for that reason);

use Personal Data to comply with a legal obligation relating to how we manage our business or our relationship with you;

enable us to contact you for security reasons. We will use the Personal Data in this way because it is in our legitimate interests to use Personal Data for these purposes;

manage our relationship with you. We will use the Personal Data in this way because it is in our legitimate interests to use Personal Data to communicate with you to develop the relationship between us. It may also be necessary for us to

use Personal Data to perform an agreement with you, where we would be unable to provide those services without that information;

use Personal Data to comply with a legal obligation relating to how we manage our business or our relationship with you;

verify your identity, onboard you as a customer, supplier and/or funder of Previse, conduct anti-money laundering checks, risk management, credit checks and other compliance related activities as well as to satisfy our internal operational requirements. We do this because it is in our legitimate interests to make sure that the identities of our counterparties are genuine and relationships are not being established for fraudulent or other illegal reasons. We may also do this because we may be subject to legal obligations which require us to confirm the details that you provide to us before entering into a relationship with you;

to corroborate, match with or enrich personal data held by us for the purposes of identifying, establishing and managing business relationships. We will use the Personal Data in this way because it is in our legitimate interests to use Personal Data for these purposes;

address other business needs such as website administration, fraud prevention, legal compliance and business continuity. We will use the Personal Data in this way because it is in our legitimate interests to use Personal Data for these purposes. We may also do this because we may be subject to legal obligations that require us to use Personal Data for these purposes.

With respect to the Personal Data that you provide to us, you will be informed at each information collection point which information is required to be provided and what we will use it for. We will let you know where you must provide us with the Personal Data in order to perform an agreement or to comply with a legal obligation. You can choose not to enter any such Personal Data. However, if you choose not provide us with Personal Data in circumstances where we require it, we will be unable respond to enquiries, engage in further communications with you and/or make Previse’s applications and services available to you in circumstances where the Personal Data is required to do that.

Previse does not sell your Personal Data to non-affiliated third parties (including for their own direct marketing purposes) without your consent. In addition, Previse has not sold your Personal Data to non-affiliated third parties in the last 12 months. If you are entitled to any disclosure rights in your jurisdiction regarding our sale of your Personal Data to non-affiliated third parties or our disclosure of your Personal Data to third parties for their own direct marketing purposes, this disclosure satisfies those requirements. If you still wish to learn more about our compliance with this requirement, please contact us using the information provided in the “Contact Information” section below.

Direct interactions

You may give us your:

identity data (such as your first name, last name, date of birth, gender, title and the company you work for);

contact data (such as your postal address, email address or telephone number);

profile data (such as your product interests, the subject of your enquiry and any personal information contained in the message section of your enquiry, feedback and survey responses);

marketing and communications data (such as your preferences in receiving marketing from us or your communication preferences); or

application data (such as contact data of any referees, personal information included on your CV/resume such as employment history, education history, citizenship status and immigration status, directorships and other business dealings).

You may submit this Personal Data by filling in forms on our Website or by corresponding with us by post, phone, email or otherwise when you submit a request for our products or services, make a business or press enquiry, subscribe to our publications, request marketing material to be sent to you, give us feedback, make a general employment enquiry or apply for a specific job or otherwise contact us.

Information we collect from your browser and your device

As you navigate through the Website, we will automatically collect information about your interaction with the Website such as your IP address, traffic data, clickstream information, time stamp, location data, web logs, other communication data and the resources that you access when you visit the Website and your browser or other applications on your device interact with it. We automatically collect this data using various technologies such as cookies, web logs and beacons as described below. This information allows us to better tailor our content to users’ needs and is only gathered while you are on the Website.

We automatically receive and record such information on our server logs from your browser. As discussed below, we use this information to diagnose problems with our server, report aggregate information for statistical analysis, determine the fastest route for your computer to connect to the Website and administer and improve the Website.

To the extent this information constitutes Personal Data, we use it as described in Clause 3.1.1, which includes to ensure that content from the Website is presented in the most effective manner for you and your device because it is in our legitimate interests to improve our users’ online experience in relation to the Website.

Cookies and other tracking technologies

The Website uses “cookies” to enhance your use of the Website and/or services and to monitor your activity during your visit(s) to the Website. Cookies are small text files that are stored on your browser and the hard drive of your computer, mobile or other handheld device. The cookies store information about your visit to the Website and distinguish you from other users. Our use of cookies allows us to provide you with a better experience when you browse the Website. The use of cookies also helps us to display content on the Website and also allows us to obtain and analyse statistics about the use of the Website so that we can improve it.

The use of cookies allows us to personalize each application’s content for you and remember your preferences. It also allows you to participate in interactive features on our platforms, when you choose to do so.

By accepting and consenting to this Privacy Policy, you also consent to our use of cookies as explained in this Privacy Policy. You can withdraw your consent at any time by turning off the cookies as described below but withdrawing your consent will not affect our use of your Personal Data processed using those cookies prior to you withdrawing that consent.

The following table sets out the types of cookies used on the Website and provides detail about what they are used for. When you use the Website for the first time, cookies which are essential to make the Website operate (see those identified as “essential cookies” below) will have been set but other cookies will not have been set unless you agreed to those cookies being set at that time. If you have agreed to accept cookies, then the Website will remember this and continue to set cookies each time you visit.

Some cookies are deleted when you close your browser. These are known as session cookies. Others remain on your device until they expire, or you delete them. These are known as persistent cookies and enable us to remember things about you as a returning visitor, particularly if you wish to be remembered so you do not have to click on a link on every time you visit the Website.

If you do not want cookies to be stored, then you may delete certain cookies listed below individually, or you can select the appropriate options on your web browser to delete some or all cookies. Please note, however, that if you block some or all cookies (including essential cookies) you may not be able to use or access all or parts of the Website, such as being able to access specific areas.

If you use Previse’s applications and services described in the Previse privacy policy for applications and services found at https://previse.co/en-gb/privacy-policy/apps-and-services/, then your privacy is covered by the terms of that privacy policy. This may include other cookie types and trackers, for example, for marketing purposes and different privacy management tools.

Disabling cookies

If you would like to disable cookies, you can set your web browser to reject cookies. However, if you disable the cookie function, you may not be able to access or receive all the information contained on the Website.

Please note that Google and other third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies as a result of you visiting other websites, over which we have no control.

Sharing of Personal Data with third parties

We will share Personal Data with the following third parties:

Our Affiliates;

Our or any of our Affiliates’ accountants, insurers, auditors, partners and managers;

Our or any of our Affiliates’ legal advisers and representatives for the purposes of establishing, exercising and defending our legal rights and obligations and otherwise taking legal advice;

Our or any of our Affiliates’ service providers and sub-contractors;

Our or any of our Affiliates’ customers, suppliers and funders;

Potential purchasers of and/or successors in title to member(s) of the Previse Group and their Affiliates and representatives in connection with a sale, acquisition, reorganisation or other disposition of all or part of Previse Group’s business or assets, or the insolvency, bankruptcy or receivership of a member of the Previse Group;

Those third parties identified in the InstantPay terms and conditions you have executed with us;

Data analytic companies for the purposes of managing credit risk through the use of Delphi scoring;

Operators of publicly available and private databases of business and individuals for the purposes of verifying identities. For example, we may use databases such as those retained by LinkedIn for this purpose;

Third party service providers for the purpose of fraud protection and credit risk reduction such as industry associations (such as CIFAS) and their members and any agents, delegates, nominees, attorneys, trustees or custodians acting on our or any of our Affiliate’s behalf;

To those third parties where we are required to do so by law or court order or in response to reasonable enquiries from or as a result of cooperating with any governmental, banking, taxation, supervisory, industry association (such as CIFAS) or other similar body or by the rules of any stock exchange;

To law enforcement and fraud prevention agency.

Records of Personal Data

We will keep a record of the Personal Data for the purposes described in this Privacy Policy. We will keep a copy of Personal Data held for the specific purpose for which it was provided, until this has come to an end and we no longer need to comply with a legal obligation that requires us to retain Personal Data. We will delete our copy of Personal Data 24 months after the termination of the business relationship or after a longer period after the end of the purposes explained in the preceding sentence, although we may retain a record of the existence of the relationship, to the extent that and for so long as we are required to do so by law. For example, if you have contacted us to ask for the processing of Personal Data to be erased, we will retain a record of your request in order to ensure that we comply with your wishes.

International Personal Data Transfers

We store and process Personal Data:

in the UK and the European Economic Area (“EEA”) if you are located in the UK or in the EEA; and

in the UK, the EEA and/or the United States of America (“US”) if you are located in the US.

Do Not Track Disclosure; No Tracking Across Websites

Certain web browsers may provide a do-not-track (“DNT”) option. You may be able to ask your browser to inform websites that you do not wish your activities to be tracked, either with cookies or other persistent identifiers, commonly called “DNT signals”.

Other people’s personal data

The information you give us, or that we collect through your use of our website, may contain your or another person’s personal data. If you provide us with information about another person, you confirm that they have appointed you to act for them, they consent to you providing their personal data to us and any processing of their personal data and that you have informed them of our identity and the purpose for which their personal data will be processed – as set out in this Privacy Notice.

Your relationship with us

Your obligations

You warrant, represent and undertake to us that the Personal Data that you provide or otherwise make available to us is true, complete and up-to-date.

If any of the Personal Data that you have provided to or made available to us changes (for example if you change your contact details) then you will promptly notify us by sending an email to help@Previ.se.

Your rights

Depending on your applicable jurisdiction, including if your Personal Data is subject to the GDPR, you may have certain rights with respect to your Personal Data. Such rights may include the right to:

request access to that Personal Data;

receive a copy of that Personal Data which you have provided to Previse in a structured commonly used format so that you can share it with others;

where that Personal Data is inaccurate or incomplete, ask for Personal Data to be rectified or completed;

request the transfer of that Personal Data to another party;

ask for that Personal Data be erased;

object to us processing that Personal Data by asking for the processing of that Personal Data to be restricted or stopped. For example, if Previse uses Personal Data for marketing purposes; and

make a complaint to the applicable data protection supervisory authority about the manner in which Previse processes Personal Data, such as the UK Information Commissioner’s Office.

Please contact help@previ.se for additional information, or if these rights apply to you based on your jurisdiction, to exercise these rights. When you contact us to exercise the above rights, we may ask for further information from you, to confirm your identity and, if applicable, the jurisdiction to which you are subject. You may also be able to access and update the information you have provided to us via your weblink.

Miscellaneous

Contact information

If you have any questions, comments or concerns about this Privacy Policy, you may contact us at help@previ.se.

Security

We have implemented appropriate technical and organizational measures on our servers, which are designed to protect Personal Data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.

You should keep in mind that internet transmissions (including emails) are never completely secure or error-free. As such, you should take steps to protect yourself, especially online and take special care in deciding what information you send to us via e-mail or other transmissions. Where you use weblinks, ID numbers, or other special access features on the Website, it is your responsibility to safeguard them. You should choose a strong password for your device, do not use the same password that you use elsewhere and do not share your password with anyone else. Also remember to close your browser window when you have finished to ensure that others who may have access to your computer cannot access Personal Data.

Whilst we may take any information provided by you into account, only we will determine the content of any related public statements and any required notices to the affected data subjects and/or the relevant supervisory authorities in connection with a personal data breach in relation to the Personal Data.

Links to other websites

The Website may contain links or references to other websites. Please be aware that we do not control other websites and, except as otherwise noted in the applicable website, this Privacy Policy does not apply to those websites. We encourage you to read the privacy and cookie policy of every website you visit. We are not responsible for the security or privacy of any information collected by these third parties.

We may offer certain “share”, “social media” or “email a friend” functionality on the Website. If you choose to use these functions, we may and/or the third party social media networks may collect certain information about you depending on the function or feature you use. With respect to the social media features (such as allowing you to post information about your activities or share your information with others on a social media site), the collection and use of information by and your interactions with the third party social media network will be governed by the privacy policy of the company providing those social media features. We are not responsible for the security or privacy of any information collected by these third parties.

No Collection of Children’s Data

Previse does not seek to, nor do we knowingly collect, information directly from children under the age of 16. If a child has directly provided us with Personal Data, a parent or guardian of that child may contact us to have the information deleted from our records. To do so, contact us through the information provided below in the “Contact Information” section.

Severability

If any provision of the Privacy Policy is deemed unlawful, void or for any other reason unenforceable then that provision will be deemed severed from the Privacy Policy and will not affect the validity and enforceability of any remaining provisions of the Privacy Policy.

Third party rights

Nothing in this Privacy Policy is intended or shall be deemed to confer any rights or benefits upon any person other than the parties thereto, or to make or render any such other person a third-party beneficiary of this Privacy Policy, except to the extent that an affiliate of either party, or any officer, director, or employee of a party or its Affiliate, has any rights, including a right to be indemnified, under this Privacy Policy.

No partnership

Nothing in this Privacy Policy is intended to or will operate to create a partnership between you and us or authorise either you or us to act as agent for the other. Neither party will have the authority to act in the name of, on behalf of or otherwise to bind the other in any way (including, but not limited to, the making of any representation or warranty, the assumption of any obligation or liability and the exercise of any right or power).

Governing law and jurisdiction

The Privacy Policy and any non-contractual obligations arising out of or in connection with it are governed by English law. The courts of England have non-exclusive jurisdiction to settle any dispute arising out of or in connection with your use of this Privacy Policy (including a dispute relating to the existence, validity or termination of the Privacy Policy or any non-contractual obligation arising out of or in connection with the Privacy Policy) and the parties to this Privacy Policy agree that the courts of England are the most appropriate and convenient courts to settle disputes and accordingly no party will argue to the contrary.

Privacy Notice for California Residents

This “Privacy Notice for California Residents” section only applies to California residents. This notice describes how we collect, use and disclose your personal information (as defined in the CCPA), and your rights with respect to that personal information.

Information We Collect

Clauses 3.2, 3.3 and 3.4 describe the personal information we may collect from you, including the categories of sources of that information. We collect the information for the purposes of described in section 3.1. We share this information as described in section 3.5. We will retain your personal information as set forth in section 3.6. For the purposes of this clause 7, we may use the terms “personal information” and “Personal Data” interchangeably.

Your Rights

The CCPA provides California residents with specific rights to request information about Previse’s collection, use and disclosure of your personal information over the prior twelve (12) months, and ask that we provide you with the following information:

Access to Specific Information and Data Portability Rights

You have the right to request that we disclose certain information to you about our collection and use of your personal information.

Once we receive and confirm your verifiable consumer request, we will disclose to you:

the categories of personal information we collected about you;

the categories of sources from which we collect personal information;

purpose for collecting, using or selling personal information;

the categories of third parties with whom we share that personal information;

the specific pieces of personal information we collected about you (known as “data portability request”); and

if applicable, categories of personal information sold about you and the categories of third parties to which the personal information was sold.

Deletion Request Rights

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you;

detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;

debug products to identify and repair errors that impair existing intended functionality;

exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law;

comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. Seq.);

engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent;

enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us; or

comply with a legal obligation.

Exercising Access, Data Portability, and Deletion Rights

To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us at: help@previ.se. Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. You may only make a verifiable consumer request for access or data portability twice within a 12-month period.

The verifiable consumer request must:

provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include: First Name, Last Name, Email used to register with Previse, and Phone Number; and

describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. However, we do consider requests made through your password protected account sufficiently verified when the request relates to personal information associated with that specific account. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

Sensitive personal information

We do not use or disclose sensitive personal information except for purposes for which you do not have a right to limit the use and disclosure of sensitive personal information under the CCPA. For example, we may use Sensitive personal information to provide you products or services you have requested. “Sensitive personal information” includes Social Security number, government-issued identification, bank account and routing numbers, credit and debit card information, voice identification and Photo IDs or Precise Geolocation (each capitalized terms have the meanings ascribed to them under the CCPA).

Privacy Notice for Residents of Certain Other U.S. States

This “Privacy Notice for Residents of Certain Other U.S. States” section applies to U.S. residents subject to the applicable U.S. Data Protection Laws, except the CCPA. Please refer to section 5 above to understand the categories of personal data that we process and disclose to third parties, the purposes for which we process personal data, and the categories of third parties that we disclose personal data. As residents in a State subject to the U.S. Data Protection Laws, you may be entitled to the same rights described in section 3.6 and section 8.2. However, these rights are not absolute, and we may decline your request as permitted by the applicable U.S. Data Protection Laws.

Definitions and interpretation

In this Privacy Policy:

Affiliates” means, with respect to any specified person or entity, any other person or entity that, directly or indirectly, controls, is under common control with or is controlled by such specified person or entity. The term “control” (including its correlative meanings “under common control with” and “controlled by”) as used in the preceding sentence means the possession, directly or indirectly, of the power to direct or cause the direction of the management or policies of a person or entity, whether through ownership of securities or partnership or other interests, by contract or otherwise;

Data Protection Legislation” means data protection and/or privacy laws, including, where applicable, U.S. Data Protection Laws and European Data Protection Laws;

European Data Protection Laws” means the GDPR and the Privacy and Electronic Communications Directive 2002/58/EC, as implemented into and supplemented by domestic legislation of each EU Member State and in the UK (such as by the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003 in the UK) and as amended, replaced or superseded from time to time;

GDPR” means the EU General Data Protection Regulation 2016/679;

Personal Data” means any personal data collected by us about you which we use for the purposes described in Clause 3.1.1 and as set out in Clauses 3.2, 3.3 and 3.4; and

Previse Group” means us and each of our Affiliates;

Privacy Policy” has the meaning described in Clause 1.1 above; and

U.S. Data Protection Laws” means the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA“), the Virginia Consumer Data Protection Act (“VCDPA“), the Colorado Privacy Act (“CPA“), the Connecticut Data Privacy Act (“CTDPA“), and the Utah Consumer Privacy Act (“UCPA“) but excluding, without limitation, consent decrees.

The terms, “Commission“, “controller“, “data subject“, “Member State“, “personal data“, “personal data breach“, “processor“, “processing” and “supervisory authority” will have the same meaning as in the GDPR (even if the GDPR does not apply to the applicable data) as implemented and/or supplemented by domestic data protection laws (such as by the Data Protection Act 2018 in the UK), and their cognate terms will be construed accordingly.

Unless a contrary indication appears, any reference to:

the “Privacy Policy” or other agreement is a reference to the Privacy Policy or that agreement as amended, novated, restated, supplemented, extended or replaced;

the singular will include the plural and vice versa;

a “Clause” is a reference to a Clause to these terms and conditions;

the word “including” (and its derivations) must be construed as being for illustration or emphasis only and not as limiting the generality of any preceding words;

the word “other” must not be construed as being limited by the context in which it appears or the words that precede it where a wider construction is possible;

any “person” includes any assignee, transferee, successor-in-title, delegate or appointee of that person (but, in the case of you or us, only permitted assignees or transferees). It also includes any individual, company or other body corporate, any state or state agency or any unincorporated body, association, trust, joint venture, consortium or partnership whether or not having separate legal personality);

a “regulation” includes any regulation, rule, official directive, request or guideline (whether or not having the force of law) of any governmental, intergovernmental or supranational body, agency, department or of any regulatory, self-regulatory or other authority or organisation;

a provision of law is a reference to that provision as amended or re-enacted;

a time of day is a reference to local time in London, United Kingdom; and

clause headings are for ease of reference only.