Primer API Limited (“us”, or “we”) are the “data controller” in respect of your personal information. This privacy notice sets out the basis on which we will process your personal information that we collect in the provision of our products and services (“Services), through our website or which you otherwise provide to us. Please read the following carefully to understand our practices regarding your personal information and how it will be treated.

Please note your personal data (such as credit card information) will also be handled by us where we provide our services to our customers’ (known as the “Merchants”). In these cases, where we handle personal data as part of our Services to Merchants (such as online retailers), the Merchant (and not us) will be the ‘data controller’ (as we will be acting as a “processor”). That means that the Merchant’s, and not our, privacy notice will apply to the processing of your personal data. If you have any questions about how the Merchant handles your personal information you should direct those questions to the Merchant.

1. HOW AND WHEN WE COLLECT PERSONAL INFORMATION ABOUT YOU

We collect your personal information from various sources. You may be a website visitor, a user of our Services, or an end-customer of a Merchant (see above). We will collect and process personal information when you:

• visit our website (including filling in forms on our site, such as when you sign up for an account or a newsletter);

• contact our customer service team or request information from us in any other way;

• participate in our customer satisfaction surveys or other market research; and/or

• communicate with us, including via email or social media.

We may also collect information about you from third party sources, for example from our related third parties such as our service providers, and the third party providers (such as payment services providers) with whom our service integrates.

2. WHAT PERSONAL INFORMATION DO WE COLLECT ABOUT YOU

We may collect the following types of personal information about you:

• your contact details (such as your name, address, email address and telephone number);

• financial and credit card information;

• account information, such as your password and other authentication information;

• any other information we might collect over the course of our business relationship with you such as your transaction history or details of any correspondence between us;

• responses to any surveys or market research; and

• your marketing preferences.

When you visit our website, we and our related third parties may also collect information from you automatically, for example using cookies and other similar technologies. A cookie is a small file of letters and numbers that we may set on your device. You can find more information about the types of cookies we use and the purposes for which we use them below:

This type of information may include the following:

• information about your device, operating system and IP address;

• your login information;

• browser type and version;

• information about your visit, including URL, clickstream (i.e. your journey to, through and from our site), length of visits to certain pages, and page interaction information.

3. PURPOSES FOR PROCESSING YOUR PERSONAL INFORMATION

We may process your personal information for the following purposes:

• to provide you with the information and Services you have requested;

• to authenticate your access to our website and Services;

• to provide customer support and ensure we provide a good level of customer service;

• to notify you of any changes to our Services;

• for system administration purposes and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;

• to distinguish you from other users (for example to remember your log-in details);

• to monitor your use of our website and Services to improve the user experience;

• to send you marketing and advertising materials where we have the authority to do so;

• to tailor any marketing or advertising so that it is more relevant to you;

• to conduct marketing analysis to allow us to assess trends and the effectiveness of our advertising and marketing campaigns;

• for security and fraud prevention;

• to ensure that our website and Services are safe and secure; and

• to comply with applicable laws and regulations.

4. LEGAL BASIS FOR PROCESSING YOUR PERSONAL INFORMATION

Where we are acting as a “data controller”, we will only process your personal information where we have a legal basis to do so. Where we are acting as a “processor” and we are processing the personal information on the Merchant’s behalf as part of the provision of our Services – the Merchant is responsible for determining and ensuring there is an appropriate lawful basis. Our legal basis for processing your personal information where we are acting as a controller, will depend on the purposes for which we have collected and use your personal information. In almost every case the legal basis will be one of the following:

• Consent: For example, where you have provided your consent to receive certain marketing from us. You can withdraw your consent at any time, including by clicking on the “unsubscribe” link at the bottom of any marketing email we send you.

• Our legitimate business interests: Where it is necessary for us to understand our customers, promote our services and operate our business effectively, provided in each case that this is done in a legitimate way which does not unduly affect your privacy and other rights. For example we will rely on this legal basis when we conduct certain market analysis to understand our customers in sufficient detail so we can create new services and improve the profile of our brand.

Performance of a contract with you (or in order to take steps prior to entering into a contract with you): For example, where you have created an account for our Services, we will need to use your contact details in order to provide the Services to you. Compliance with law: Where we are subject to a legal obligation and need to use your personal information in order to comply with that obligation.

5. WHERE WE STORE YOUR PERSONAL INFORMATION

The personal information that we collect may be transferred to, and stored at, a destination outside the European Economic Area (the “EEA”), including countries, which have less strict, or no data protection laws, when compared to those in Europe.

“Whenever we transfer your information as described in the paragraph above, we will take steps which are reasonably necessary to ensure that adequate safeguards are in place to protect your personal information and to make sure it is treated securely and in accordance with this privacy notice. In these cases, we rely on approved data transfer mechanisms (such as the EU “Standard Contractual Clauses”) to ensure your information is subject to adequate safeguards in the recipient country. If you are located in the EEA, you may contact us for a copy of the safeguards which we have put in place to protect your personal information and privacy rights in these circumstances.

6. HOW WE KEEP YOUR PERSONAL INFORMATION

We take steps to ensure that the personal information that you provide is retained for only as long as it is necessary for the purpose for which it was collected. After this period it will be deleted or in some cases anonymised. For example, where you have created an account with us, we will keep a record of this for the period necessary for any finance and tax purposes.

We may also keep a record of correspondence with you (for example if you have made a complaint) for as long as is necessary to protect us from a legal claim.

7. CHILDREN

Our Services and website are not intended for, and should not be used by, children under the age of 18. We do not knowingly collect personal data from children under 18.

8. SECURITY AND PASSWORDS

You must keep your password and any other authentication information for our website and Services confidential. If you know or suspect that anyone other than you knows your password or any other authentication information, you must promptly notify us using the contact details below.

9. DISCLOSING YOUR INFORMATION

We may share your personal information with any of our group companies from time to time (e.g. subsidiaries or ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006). We may also share your personal information with our suppliers, business partners and service providers, where they are helping us to market and advertise our Services as well as providing our Services to you.

In addition to the above, we may disclose your personal information to other third parties in the following cases:

• for the purposes of research, evaluation, and analysis;

• in the event that we sell any business or assets, in which case we may disclose your personal information to the prospective buyer of such business or assets

• if we or substantially all of our assets are acquired by a third party, in which case personal information held by us about our customers and visitors to our websites will be one of the transferred assets;

• if we are under a duty to disclose or share your personal information in order to comply with any legal or regulatory obligation or request; or

• to protect the rights, property or safety of us or our users, or others, and in order to enforce or apply our terms and conditions (this includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction).

10. YOUR RIGHTS

You have certain rights in relation to your personal information. These include: the right to object to the processing of your information for certain purposes, the right to access and rectify your personal information, and the ability to erase, restrict or receive a machine-readable copy of your personal information.

We will handle any request to exercise your rights in accordance with applicable law and any relevant legal exemptions. If you wish to exercise any of these rights please conduct us using the contact details below.

You may also have the right to complain to a data protection authority if you think we have processed your personal information in a manner which is unlawful or breaches your rights. If you have such concerns we request that you initially contact us (using the contact details below) so that we can investigate, and hopefully resolve, your concerns.

Our website and Services may, from time to time, contain links to and from third party websites and services such as our business and integration partners. If you follow a link to any of these websites and/or services, please note that they have their own privacy notices and we do not accept any responsibility or liability for them. Please check any such third party privacy notices before you submit any personal information to these websites or services.

11. CHANGES TO THIS PRIVACY NOTICE

We may change this privacy notice at any time. The new privacy notice will be displayed on our website. The date this privacy noticed was last updated appears at the bottom.

12. CONTACT US

Questions and comments regarding this privacy notice should be sent to: hello@primer.io

Our registered offices are located at 154 Bishopsgate, 2nd Floor, London, England

This Privacy Notice was last updated: 05.10.2020