Your privacy rights
The purpose of this document is to inform you about the type of information we hold about you, how we use it and to let you know your rights. Reach exercises control over the processing of the data we hold about you and carries the data protection responsibility for it. In legal terms this is referred to as being the ‘data controller’.
What personal information we use
Reach will not give, sell, rent or loan any personal Information to any third party.
What information is being collected
We collect personal information to provide you with our Services. When we require certain personal information from users it is because such information is relevant for specified purposes. We ask for your name, address, phone number and email address as this is our primary mechanism to identify you. We also store information about your debit or credit card or other means of payment when you first provide it to us. From time to time, we may also request identity documents to help with our fraud screening and identification.
How will your information be used
Your information will be used as per the following examples:
- To process transactions and send notices about your transactions
- To verify your identity by comparing your personal information against third-party databases
- To enhance security, prevent fraud, monitor and verify identity or service access, combat spam or other malware or security risks
- To deliver targeted marketing, service update notices, and promotional offers based on your communication preferences and consent (where this in accordance with the law)
- To resolve disputes
- To comply with legal obligations
We will not use your personal information for purposes other than those purposes we have disclosed to you, without your permission. From time to time we may request your permission to allow us to share your personal information with third parties.
You may choose not to have your personal information shared with third parties where we rely on consent as the lawful basis for processing your personal information. You may also choose not to allow us to use your personal information for any purpose that is incompatible with the purposes for which we originally collected it or subsequently obtained your authorization.
If you choose to limit the use of your personal information, we may not be able to continue to offer you our services.
Use of information collected automatically
We receive and store certain types of information automatically. This information does not necessarily reveal your identity directly but may include information about the specific device you are using, such as the hardware model, operating system version, web-browser software (such as Firefox, Safari, or Internet Explorer), your Internet Protocol (IP) address/MAC address/device identifier and location country.
We use this information so we can protect your information from being used fraudulently, for example, from a different IP address unrelated to you or country.
How will your information be shared
We take care to allow your personal information to be accessed only by those who really need to in order to perform their tasks and duties, and to share with third parties who have a legitimate purpose for accessing it.
We will only share your data in the following circumstances:
- We share your information with third party identity verification services in order to prevent fraud. This allows us to confirm your identity by comparing the information you provide us
- We may share your information with any third parties where required to do so by applicable law or any court or other authority to which we are subject in any jurisdiction; or we believe in good faith that the disclosure of personal information is necessary to prevent physical harm or financial loss, to report suspected illegal activity or to investigate violations
- We may share your information with other third parties with your consent or direction to do so
Our legal basis for processing data
We collect and use the data that we have, in line with and:
- As necessary to fulfill our Terms and Conditions
How we protect and store personal information
We understand how important your privacy is. This is why we take every precaution necessary to maintain security of your personal information.
We store your personal information so that it helps us prevent fraud and for ease of use.
We use computer safeguards such as firewalls and data encryption in order to keep all your personal information, including payment details secure.
Retention period of the data
We store data that identifies you until it is no longer necessary to provide our Services to you or our business relationship ceases. This is a case-by-case determination that depends on things such as the nature of the data, why it is collected and processed, and relevant legal or operational retention needs. For example, we may retain certain purchase information for accounting and security purposes even after our business relationship ceases.
Transfers to a third country and safeguards
While Reach is based in Canada, our service providers may store, transfer, and otherwise process your personal information in countries outside of the country of your residence. We require that the third party agree to at least the same level of privacy safeguards as required under applicable data protection laws.
Children’s personal information
We do not knowingly request to collect personal information from any person under the age of 18.
Your rights in relation to the use of your personal information
You have the right to make a request to:
- access all personally identifiable information that we hold about you
- restrict or object to the processing of the personal data we hold about you
- erase your personal data
- receive personal data about you that you have provided to us in a structured, commonly used, machine readable format where we use it with your consent.
You can also complain about our processing of your personal information to the relevant data protection authority. You can complain in the EU member state where you live or work, or in the place where the alleged breach of data protection law has taken place. In the UK, the relevant data protection authority is the Information Commissioner’s Office (ICO).