General Privacy Notice
This privacy notice is issued on behalf of 10x Banking Technology Limited and its Affiliates (“10x Group”) so when we mention "10x", "our", "we" or "us" in this notice, we are referring to the relevant company in the 10x Group responsible for processing your data.
For the purposes of this privacy notice, “Affiliates” means a person or entity and any other person or entity that, directly or indirectly through one or more intermediaries, Controls, is Controlled by, or is under common Control with that party; and “Control” means the power of one person or entity to direct the business, affairs, and/or management of another person or entity and whether by virtue of contract, or the holding of shares or securities or voting or any other rights, and “Controls” or “Controlled” shall be construed accordingly.
We are committed to respecting the privacy of individuals who:
- visit our websites ("Visitors");
- register to hear more about our products and services (“Products and Services”) and download content produced by us ("Interested Third Parties");
- trial our Product and Services on behalf of our customers ("Customers");
- use our products under the direction of our Customers ("End Users");
- work with us as our third party service providers or partners (see Section 6 for more information); and
- register to attend corporate in-person or online events, workshops or training sessions hosted by us ("Attendees").
1. Information Covered
This privacy notice explains:
- what information we may collect about you;
- how we will use the information we collect about you;
- when we may use your details to contact you;
- when we will disclose your detail to third parties; and
- your options and choice regarding the personal information you provide to us or which we collect about you.
This privacy notice covers the information practices of websites that link to this privacy notice, including https://www.10xbanking.com, https://docs.10xbanking.com/ and other websites which are owned or operated by 10x ("Websites").
If you use, browse, or visit our Websites or otherwise interact with us, we may use, collect, and store personal data that has been collected or received from you or about you.
Our Websites may contain links to other external websites that are not operated by 10x, for instance, to our content on social media platforms such as LinkedIn, Twitter and Brightsparks, or to the websites of our technology partners. The privacy notices or statements of these third-party websites govern the information practices or the content of those websites. We strongly encourage you to review the privacy notices or statements of every website you visit to understand their information practices. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.
2. Information Collected (When, What & Why)
Data protection law ensures that we can only use your personal data for certain reasons and where we have a lawful basis to do so. The table below sets out the reasons for which we process your data and the legal basis we rely on when doing so:
When we collect personal data
|
What personal data we collect
|
Why we collect personal data |
Lawful basis for processingLawful basis refers to the need under applicable law such as UK/EU GDPR or CCPA to have a specific reason, recognised by law, for us to have and use your personal data |
Who do we share it with and why |
Visitors of our Websites |
||||
When you browse or visit our Websites and any posts published on our social media accounts
|
|
|
We use this information for our legitimate interests in monitoring and improving our Websites (e.g. strictly necessary cookies) or, where this is required by applicable law, based on your consent (e.g. analytical cookies). Certain Website features may not be available. For more information please read our Cookie terms under Section 10. We hold this information against a Visitor's IP address, unless a Visitor submits contact information to us, in which case we would hold this information against the submitted contact information (outlined further in the rows below). We use this information to help improve our Websites and the content we publish. |
We may share this information with third party platform providers such as our:
Usage data is also collected on our behalf and analysed by third-party analytics providers (Google Analytics and LinkedIn Campaign Manager). |
When you make use of, or interact with, our Websites Including, for example: a) when you contact us or submit a request through our Websites, b) if you request a trial or demo of our Products and Services; and/or c) if you request more information about our case studies, whitepapers, data sheets, details of our events and webinars and any other resources we may have on our Websites or other third party website, including LinkedIn and Twitter |
|
|
When you contact us, we will use your information:
When you request a trial or demo of our Products and Services, we will process your personal data:
If you request more information about our case studies, whitepapers and data sheets or details of our events we may process your personal data:
We may then send you marketing communications in line with your consent and/or to the extent permitted by applicable law without your consent, such as based on our legitimate Interest in promoting our business (B2B marketing), which will include establishing a business relationship with you, developing our partner network; providing you with access to additional information and services in connection with our Products and Services. |
We may share this information with our website and marketing automation platform provider (HubSpot), webinar providers (Zoom, BrightTalks) and members of our partner programmes. |
When you express an interest in our Products and Services to members of our partner programme (other companies for who we have arrangements under which they promote our Products and Services) |
|
To establish a business connection. To send details of events, webinars, whitepapers, and marketing materials as described above. |
We may send you marketing communications and provide you with our marketing materials in line with your consent and/or to the extent permitted by applicable law without your consent, such as based on our legitimate Interest in promoting our business (B2B marketing). The legal basis for the data transfer to these providers is Article 28 of the GDPR in connection with the data processing agreements concluded with each of these providers. |
We may share this information with our:
|
When you subscribe to our newsletter(s)/blog(s)
|
|
|
We collect and use this information based on your consent. |
We may share this information with third party platform providers such as our:
|
When you provide feedback and testimonials of us and our Products and Services
|
|
To publish your feedback and testimonials on our Websites or social media channels. |
We use feedback, testimonials and pre-recorded sessions for our legitimate interests in promoting our business and publish your reviews and testimonials. We may also use them as part of our performance of a contract to which you are a party or in order to take steps at the request of yourself prior to entering into a contract. You can request the removal of your testimonials and recorded sessions by contacting us at DPO@10xbanking.com. |
We may share this information with our:
|
When you interact with us on our social media profiles (e.g. Twitter, LinkedIn etc)
|
|
To interact back with you on these social media profiles, including replying and responding to your requests or questions and to establish a business connection. |
Depending on the context, legitimate interest (B2B marketing and/or to provide you with information about our Products and Services, pre-contractual discussions or consent. |
We may share this information with party platforms such as LinkedIn (social media channel). |
When you complete a survey or questionnaire of ours
|
|
To review and analyse your answers, including to send you the results of the survey/questionnaire. |
We use this information:
|
We may share the information with third party platforms such as:
|
Customers, Partners or Third Party Service Providers of 10x |
||||
When you engage us for new business (actual or potential) as a Customer, reseller, Partner, distributor or third party service provider.
|
|
|
We retain Billing Information for the duration of our contract with these parties and thereafter for legal and audit purposes in line with legal retention periods.
|
We will share this with:
Such processing is based on Art. 28 GDPR in connection with our data processing agreement with respective providers. |
|
|
We rely on our legitimate business interest for sending out B2B marketing communications and/or to providing you with additional information about our Products and Services. |
We may share this with our:
|
|
When you are a Customer and you create an account to use and/or test our Products and Services offered under a customer agreement ("Customer Data")
|
|
|
We use this information:
We retain this information for the duration of our contract with our Customer and thereafter as an inactive account. Information in support cases may be retained indefinitely because historical data regarding customer issues is always relevant to the development of our Product and Services. |
We may share this with 3rd party platforms such as our:
|
When you attend marketing events and/or we exchange business cards and you provide us with your personal data
|
Contact information, such as name, company name, email address, phone number and other data you decide to provide/supply to us. |
To establish a business connection and send you marketing communication. |
Depending on the context:
|
We may share this with third party platforms such as:
|
When we acquire your personal data from third party sources (such as lead-generation companies)
|
Contact information (such as name, company name, email address). |
To establish a business connection and send you marketing communications. |
We use this information for our legitimate business interest for B2B marketing and/or to provide you with information about our Products and Services. |
We may share this with third party platforms such as:
|
When you are a Partner and you take part in or sign up to 10x’s Platform Certification Program
|
|
To sign you up for 10x’s Partner Certification Program and to assess and keep a record of your participation, progress and/or outcome when you complete assessments as part of the program. |
Performance of a contract to which the data subject is part or as part of any pre-contractual arrangement. It could also be used for our legitimate interest to allow you to participate in 10x’s Partner Certification Program and complete the relevant assessments. |
We will share this with third party platforms such as our:
|
End Users of our Products and Services Offering |
||||
When you are the End User of our Customers and you use the Products and Services provided by us under a Customer agreement.
These individuals are herein referred to as "End Users" of our Products and Services ('End Users') and their data is processed solely under the clear instructions of our Customers (as the Data Controllers). We act solely as the Data Processors of this information.
|
Our Customers can choose what personal data of End Users is submitted and collected by our Products and Services. Therefore, data processed by our Products and Services could include both personal and non-personal data and will vary per service and the Customer's own use-case (depending on the core modules/domains opted for by the Customer as part of delivery of the Products and Services). By way of illustration, the following are examples of typical End User personal data processed and stored by us:
|
To successfully deliver the financial products and services agreed to under our Customer agreement.
|
We may process End User personal data within our Products and Services in order to perform our contract with our Customers to which you are a party. We will retain personal data we process on End Users on behalf of our Customers for as long as needed to provide the Product and Services under our Customer contracts and as necessary to comply with our legal obligations and the legal obligations of our Customers. We have no ownership of such End User information or any direction relationship with individual End Users whose personal data may be processed as part of us providing our Products and Services. If you are a consumer or End User of one of our Customers and would no longer like to be contacted by one of our Customers that use our Products and Services, please contact the Customer representatives that you interact with directly.
We acknowledge that End Users have the right to access their personal data and to request erasure, rectification and data portability. An individual who seeks to access their information or to correct, amend, or delete inaccurate personal data which we process for the purpose of providing our Products and Services to our Customers, should direct their query to the Customer that they interact with directly (otherwise known as the Data Controller). If our Customer provides a valid request that we remove personal data on their behalf, we will do so where the law permits us and in line with our retention schedule, and in any case we will response to their request within 30 days. |
We may transfer personal data to companies that help us provide our Products and Services as contemplated in this privacy notice. Transfers to subsequent third party service providers are covered by our service agreements with our Customers and such third party service providers. Such data collected on End Users will not be shared with any third parties for any marketing purposes. |
3. Special Categories of Personal Data and Children Data
We only offer business-to-business service and our Products and Services or Websites do not offer information intended to attract children. We do not knowingly solicit personal information from or target children under the age of 13 years old.
We also do not collect any special categories of personal data about our Visitors, Attendees, Customers or End Users (this would include, for example, details about your race or ethnicity, religion or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). We do not collect any information about criminal convictions and offences about such individuals covered under this privacy notice.
4. Direct Marketing and Opt-Out
You are not under any statutory or contractual obligation to provide your personal data to us, and we strive to provide you with choices regarding certain personal data uses, particularly around marketing communications. Our marketing team will ensure that our marketing communications are tailored and relevant to the recipients and kept to a reasonable and proportionate level.
Our marketing and sales teams use Zoominfo, LinkedIn, and other direct marketing providers to obtain business contact information for individuals working in certain industries that we think will be interested in our Products and Services. These companies provide us with assurances that they have complied with applicable data protection and privacy laws, such as the EU’s GDPR, in obtaining the data and providing it to us for our marketing purposes.
How to Opt-Out
If you do not wish for your business contact information to be used in this way or if you receive marketing from us, you always have the right to opt-out by using the unsubscribe link in the email communications that we send. You can also contact these companies directly for information on privacy or to learn how they obtain your data and provide it to third parties.
We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements and will only contact you in relation to these items.
5. Securing Data
We have put in place appropriate operational and technical security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
The security of your data is extremely important to us however please remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. If you believe your privacy has been breached, please contact us immediately at DPO@10xbanking.com.
6. Disclosure of Personal Data
6.1 Third Party Service Providers
We will share personal data within the 10x Group and with third parties only in the ways described in this privacy notice, in line with our service agreements with our Customers and our third party service providers. Third party service providers include third parties carrying out the following activities:
- Platform providers;
- Email service providers;
- Marketing, sales, and service software providers;
- Fulfilment providers; and
- Professional services.
These companies are authorised to use your personal data only as necessary to provide these services to us in accordance with our instructions and we do not allow them to use your personal data for their own purposes. The data transfer to respective providers is based on Article 28 of the GDPR in connection with our data processing agreement with the respective providers.
We may share your personal data with our Partners where we have a legitimate interest to do so, such as when you attend an event that is co-hosted by 10x and a Partner.
6.2 Partners
Our Products and Services are sold directly by us to Customers and indirectly through our business partners ("Partners") to Customers. If you register interest in our Products or Services or a jointly promoted Products or Services, we may share your personal data collected in connection with your expression of interest in our Products and Services, with our Partners.
We contractually limit our Partners' use of personal data for the purpose of promoting and selling our Products and Services and require Partners to contractually comply with applicable law on the collection of personal data. We do not control our Partners' use of the personal data that they may collect from you directly and their use of the information will be in accordance with their own privacy policies. If you do not wish for your information to be shared in this manner, you may opt not to express interest in our Products and Services or a jointly offered Products or Services.
We do not share your personal data with Partners unless: (1) you specifically opt-in to such sharing via an information request or an event (including virtual events) registration form; or (2) you attend an event hosted by us and have your attendee information registered/noted down by a Partner. If you do not wish for your information to be shared in this manner, you may choose not to opt-in via information request or event registration forms and elect not to have your information registered/noted down at such events. If you choose to share your information with our Partners in the manners described above, your information will be subject to the Partners’ respective privacy policies.
6.3 Compelled disclosures
We reserve the right to use or disclose information provided to us if required by law or based on our legitimate interests if we reasonably believe that use or disclosure is necessary to:
- comply with a legal obligation;
- protect and defend our rights or property;
- prevent or investigate possible wrongdoing and/or fraud;
- protect your safety or the safety of others; and
- protect against legal liability and/or comply with a judicial proceeding, court order, legal process or other governmental authority.
7. Data Retention
Insofar as not explicitly stated in this privacy notice, we take every commercially reasonable step to ensure that your personal data is retained only for as long as is necessary for the purposes for which it was collected or to comply with applicable legal requirements.
Moreover, we constantly monitor engagement with our direct marketing activities so if you have not engaged with us within 18 months, we aim to delete your personal data from our systems unless we continue to have a legitimate interest to process your information. If you wish to unsubscribe from any of our mailing lists, or if you wish to stop receiving updates, targeted offers, or other customised content, there is a link at the bottom of every marketing email we send out that will allow you to reach a web page where you can update your email preferences.
For the retention of data collected through our cookies, please see section 10 (Cookies) of this privacy notice.
8. Your Privacy Rights
8.1 Your rights
If you are an EU/EEA/UK resident, depending on the specific circumstances of the case, you have the following rights under the GDPR and applicable national privacy laws:
- Access - You have the right to be informed about how we use your personal data and have access to the data processed by us. In particular, you can obtain information about the purposes of processing, categories of recipients to whom your data has been or will be disclosed, planned retention period and origin of your personal data if it was not collected directly from you.
- Erasure - You have the right to request that we delete or remove the personal data that we process on you. This right usually applies where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law.
- Rectification or Restriction of processing - You have the right to ask us to correct or rectify the personal data that we hold on you.
- Object - You have the right to object to the processing of your personal data on grounds relating to your particular situation if we process your personal data based on our legitimate interest. You may also object to the processing of your personal data for direct marketing purposes at any time, as outlined above.
- Data Portability - You have the right to request your personal data, which you have provided to us, in a structured, commonly used, and machine-readable format. You also have the right to request that we transmit this data to another controller. You can also make the request that we directly transmit this data to another controller, where technically feasible.
- In addition, you have the right to enforce your rights in court or to lodge a complaint with the competent data protection supervisory authority, such as the UK's ICO.
To exercise any of your rights, you can send your request to DPO@10xbanking.com. Please see the contact details of our DPO set out below.
8.2 What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
However, please remember that these rights may be limited, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping. We will inform you of relevant exemption we rely upon when responding to your requests.
9. International transfers
Given that the 10x Group is an international business with global outreach, the use of our Products and Services may involve the transfer of personal data on an international basis to and from countries outside of the EU/EEA and across the world where the third parties that we work with or 10x Group companies are established. This may include but is not limited to transfers to Australia, United States and South Africa. The jurisdictions where that information will be processed may have lower standards of data protection than in your home country.
Whenever we transfer your personal data outside of the EU/EEA and/or UK, we ensure appropriate safeguards are in place with appropriate security measures and the transfer will be carried out in accordance with this privacy notice and in compliance with applicable laws. For example:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK government or the European Commission; or
- Where the receiving country does not benefit from adequacy by the UK government or European Commission, we will ensure that a legally approved transfer mechanism is used to implement the transfer, such as the new EU Standard Contractual Clauses with accompanying UK addendum or the International Data Transfer Agreement (IDTA), to implement the transfer; and
- Where the transfer is between the 10x Group companies, we have an intragroup data transfer agreement in place which regulates crossborder transfers of personal data between the 10x Group.
If you do not agree to this procedure, you should not use our Products and Services. By using our Products and Services, you consent to us transferring your information to countries outside your own and the EEA, if necessary, for the business purposes as outlined above.
You can obtain a copy of any standard contractual clauses in place which relate to transfers of your personal data by contacting 10x’s DPO, DPO@10xbanking.com.
You have a right to request a copy of any data transfer agreement under which your personal data is transferred, or to otherwise have access to the safeguards used. Any data transfer agreement made available to you may be redacted for reasons of commercial sensitivity. To request sight of these contact contacting our DPO at DPO@10xbanking.com.
10. Cookies
10.1 Cookie Information
Our Websites use cookies to collect information to help us provide you with a good experience and to allow us to improve our Websites and make interactions with it easy and meaningful. When you visit our Websites, we or one of our third party service providers may send cookies to your computer.
Cookies are pieces of information that a website transfers to your hard drive to store and sometimes track information about you. This information and thus the cookies, allow us or one of our third party service providers to identify a specific device or browser.
Web browsers may automatically accept cookies, but if you prefer, you can change your browser settings to prevent that and your help screen or manual will tell you how to do this. However, you will not be able to take full advantage of our Websites or Products and Services if you do so. Standing alone, cookies do not personally identify you in the "real world" they merely recognise your web browser. Unless you choose to identify yourself to us, such as by responding to our marketing communications, filing in a web form (such as sending a 'Contact us', 'Demo', 'Partnerships', 'Media' or 'General' enquiry form) or signing up to our newsletter, we are unable to identify you by name or other "real-world" information from the data collected through cookies.
We use cookies that are session-based and persistent-based.
- Session cookies exist only during one online session. They disappear from your computer when you close your browser or turn off your computer. We use session cookies to allow our systems to uniquely identify you during a session or while you are logged into our Websites and make it easier for you to navigate our Websites.
- Persistent cookies remain on your computer after you have closed your browser or turned off your computer. We employ persistent cookies as explained below. Choices you make regarding cookies are website, device, and browser-specific, and are deleted whenever you clear your browser’s cache. Generally, we use persistent cookies to remember your user information, preferences and activity, to enable us to provide our services to you when you next return to our Websites. We also use persistent cookies to track aggregate and statistical information about user activity, which may be combined with other user information.
We use the following cookies on our Websites:
Cookie Type |
Purpose |
Retention Period |
Strictly necessary cookies |
These are cookies that are required for the operation of our Websites. |
These cookies expire in 13 months. |
Analytical or performance cookies |
These allow us to recognise and count the number of visitors and to see how visitors move around our Websites when they are using it. This helps us to improve the way our Websites works, for example, by ensuring that visitors are finding what they are looking for easily. |
The main cookies for tracking visitors of our Websites and their identity expire in 13 months and the cookie used for tracking a visitor’s sessions expires in 30 mins. |
Functionality cookies |
These are used to recognise you when you return to our Websites. This enables us to personalise our content for you and remember your preferences. |
These cookies expire in 13 months. |
Marketing or advertisement cookies |
We use marketing cookies to deliver many types of targeted digital marketing. These are ad pixel cookies used to record and track user and behaviour information including recording your visit to our Websites, the pages you have visited and the links you have followed. These allow advertising services to target audience according to variables. Marketing cookies set by a range of social media services such as LinkedIn and Twitter, may be used which are capable of tracking across a visitor’s browsers and other sites building up a profile of interest. We may also share this information with third parties for this purpose. |
|
10.2 Third Party Analytics Providers and Behavioural Targeting
We partners with third party ad networks, including Google and LinkedIn, to manage our ads on other sites. Our ad network partners use cookies to collect data about your activities on our Websites, which do not identify you "in the real world" to provide you targeted advertising based on your interests.
For example, Google Analytics cookies are used to help us analyse how our visitors use our site, including page views, source and time spent on the Websites. The information is depersonalised and is displayed as numbers, meaning It cannot be tracked back to individuals. The Google Analytics cookies are governed by Google, Inc. and their specific privacy or cookies policy, not this one. You can opt-out of Google Analytics by going to https://tools.google.com/dlpage/gaoptout/. Please note that if you use a new or different computer, install a new browser, or clear your cookies; in that case, you will need to re-opt-out through the link above.
To opt-out of interest-based advertising by participating companies in the following consumer choice mechanisms, you can opt-out of certain uses of cookies for advertising purposes by visiting https://optout.aboutads.info/ and/or https://optout.networkadvertising.org/ and you can consult the user instructions for your Internet browser for additional controls relating to the use of cookies, including blocking certain cookies by adjusting the settings on your Internet browser. For mobile application-based "AppChoices" download page please visit https://youradchoices.com/appchoices. European users can opt-out at European Interactive Digital Advertising Alliance (EDAA)'s consumer opt-out page (https://youronlinechoices.eu/). Additionally please note this does not opt you out of being served advertising. You will continue to receive generic ads.
Our Websites may also link through to third party websites that may also use cookies or web beacons over which we have no control. We recommend that you check the privacy and cookies policy of those websites for information about the cookies they use and the collection of personal data. If you use the buttons that allow you to share products and content with your friends via social networks like Google, Twitter and Facebook, these companies may set a cookie on your computer memory.
The privacy policies of such third party websites, including Google and LinkedIn, are available at their respective websites.
We cannot accept any responsibility for any content contained in any third party websites.
10.3 Opt-out of 10x Cookies
You can set up your browser to delete or refuse some or all of our cookies, or to notify you when you are sent a cookie and therefore choose whether to accept it or not. You can block cookies at any time by accessing the Privacy Preference Centre on this Website under the link below: “Cookies Settings”. In order to delete or refuse cookies across all your devices you will need to separately adjust your browser and cookies settings for each device. Unless you have adjusted your settings, cookies will be issued or reissued when you visit our Websites.
However, please remember that if you use your browser settings to disable, reject or delete some or all your cookies (including essential cookies), some features on our Websites, such as remembering your preferences, may not function and your experience on the Websites may be affected. In some cases, our Websites may not be accessible at all. Please note that where third parties use cookies, we have no control over how those third parties use those cookies. If you do decide to delete or refuse cookies but subsequently decide that you would in fact like to allow cookies, you should adjust your browser settings and continue using our Websites. Cookies will then be sent to and from our Websites.
11. Changes to this Privacy Notice
We keep this privacy notice under regular review and may periodically update the privacy notice and its last modified date to reflect changes to our information practices. The current version of this privacy notice is always available at https://www.10xbanking.com/privacy-policy. We will notify you of any modifications by means of a notice on this page prior to the changes becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.
12. Contact Us
You may contact us using the following information set out below:
Controller Details
Attn: Data Protection Officer
10x Banking Technology Services Limited
33 Holborn, London EC1N 2HT
United Kingdom
ICO Registration Number: ZA491049
Data Protection Officer
Data Protection Officer: Jaime Topp
Email Address: DPO@10xbanking.com
This Privacy Notice was last modified and updated on Nov 2024.