Last updated: June 2020

Neutro Ltd Privacy Policy

At Neutro we see data privacy and security as an integral part of our business. The environment is important but it shouldn’t come at the cost of your personal information. This Policy details how we collect and secure your information and the personal information of anyone who uses our services. It will also detail how we use this data and when and how we may disclose it to others.

We have done our best to make this document clear and concise. If you would like any further clarification please feel free to email us.

We will occasionally update this Privacy Policy. When changes to this Privacy Policy will be posted, the date at the top of this Privacy Policy will be revised. We recommend checking the website from time to time to inform yourself of any changes in this Privacy Policy or any of other policies.

Neutro is the data controller (the body that collects and processes your data). Neutro Ltd is incorporated in the UK. We use TrueLayer as a provider for some of our services (including being a licensed PISP and technical integration to banks) in which case they may also collect and processes some data in accordance with their privacy policy (which you can find at https://truelayer.com/privacy/, at the time of writing)

If you have any questions, please email our data privacy officer (DPO), at privacy@neutro.net.

Our reference number at the ICO (UK information commissioner’s office) is ZA755699.

In this document, when Neutro Ltd refers to itself, it may use wording like ‘we’ or ‘our’. Not to be confused with the word ‘you’ which will be referring to you, the reader of this document or a user of our services.

How do we collect data from you?

We collect information about you from different sources including:

  • directly from you when you use any Neutro service – this would only be done in a clear form. For example if you input your name in a “name” field and click “register”
  • from a third party (such as your bank) acting on your behalf
  • from other organizations (such as Linkedin, Google, Facebook) where you have chosen to link those services and explicitly consented to your information being shared
  • from publicly available sources (such as Google)
  • from merchants when you choose to pay them with Neutro
  • when we generate it ourselves using any of the above sources

What type of information do we collect from you?

Data that we collect from you includes, but is not limited to, the list below. Although we will try to make it a comprehensive list. We also don’t always collect all this information.

  • Name
  • Business Name
  • Home address (Shipping and billing address)
  • Business Address
  • Email address
  • Telephone
  • Bank Account information
  • Transaction details
  • Data about the device you used to connect such as IP address, which browser or operating system you use, how you arrived at our site, etc’
  • Usage statistics such as how long you were on each page, what buttons you clicked on etc’

How is your information used?

We may use your information to:

  • For customers:
    • Initiate payments/refunds that you have authorized for goods or services
    • Improve your payment and shopping experience 
  • For merchants:
    • Support your online sales experience and your payment collection in ways that you have authorized us to do
  • Provide information to you allowing you to benefit from other services
  • Carry out any contractual obligations between us
  • Notify you of any changes to our services
  • Better our services or build new complimentary services
  • Improve our sales and marketing targeting
  • Send you our newsletter and similar marketing material if you opt in

We review our data retention periods regularly and some of your data will be permanently saved as part of statutory requirements or best practice. 

Our legal basis for processing personal data is:

  • Legitimate Interests – including providing better products, services, websites and applications
  • Contract – we may process data in order to fulfill our contract with you (terms and conditions)
  • Regulatory reasons

Who has access to your information?

Your data is used directly as part of your experience (for example to show your name so you see you are logged in or to show your chosen bank as the default option) or as statistical analysis (for example to see if our user experience is good enough).

Third Party service providers that could receive your data:

We may pass your information to third party providers that we use as part of our service. We will only pass the information that is needed for our service and only after making sure they adhere to a high standard of data security and privacy.

These third parties may include:

For payment initiation: Trulayer.com (or another PISP service we choose from time to time)

For login and user management: Google, Twitter, Facebook

For Analytics: Google Analytics and other website analytic tools

Marketing and targeting: Facebook Ads, Google Ads, LinkedIn Ads, Twitter Ads

We do not run our own IT, your data will be stored in secure data centers and platforms managed by our cloud/IT partners Google, Amazon, Microsoft or others. We also use third party tools such as business intelligence tools, user segmentation, CRM, support ticketing and chat etc.

Neutro may also pass information where we are required by law or ordered by court order.

Marketing emails?

We try to not spam our users so you won’t receive marketing emails unless you decided to opt in, and you can always opt out by contacting us.

Your data rights

It is our belief that you (the data subject in this context) should be able to control your data. This is also the belief of the regulatory bodies. You have full control over your data and also other rights all of which you can exercise by contacting us, or by going through the relevant screens in your account page. To make sure your data is secure we will have to go through a strict identification process.

You have eight defined rights, which are:

  1. the right to be informed
  2. the right of access
  3. the right to rectification
  4. the right to erasure
  5. the right to restrict processing
  6. the right to data portability
  7. the right to object

Additionally, you have the right to lodge a complaint with a supervisory authority. In the UK that would be the ICO (https://ico.org.uk/).

If you wish to exercise any of the rights you can do so through your personal setting page (if applicable) or by sending an email to privacy@neutro.net.

If, because of exceptional circumstances, we refuse to provide any of the stated data services we will explain these circumstances, unless we can not do so for legal reasons.

If we feel your request is overtly unreasonable (for example motivated by causing a nuisance rather than a genuine concern for your data)  we reserve the right to refuse them.

Security precautions in place to protect the loss, misuse or alteration of your information

We take the security of your personal information seriously. Luckily there are tools and standards in place that make any handling of your information extremely secure. All of these are quite technical but we will go ahead and detail the most important ones.

All transferal of your personal information is encrypted with SSL encryption.

We will never save your password.

All our servers run on industry leader cloud services (Like Google Cloud and Amazon AWS) which operate to the highest standards. You can read more about Google’s high level of compliance here https://cloud.google.com/security/compliance and Amazon’s here https://aws.amazon.com/compliance/.

Profiling

We may make use of additional information about you when it is available from external sources to detect and reduce criminal activity, including fraud risk.

Cookie Policy

We use cookies across our site to help improve its performance, to enhance the user experience and to support some key site functionality. Below we detail which cookies we use, and what we use them for.

Cookies and Cookie Types

Cookies are small text files that are stored on your computer by websites you visit. They allow the website to do things such as keep track of your preferences as you move around the site so that the website can personalize pages for you and store little bits of information about your visit for use on future visits. Cookies stay on your computer for varying amounts of time depending on their type and the parameters the website sets whilst creating them.

Cookies come in three different types. The cookies themselves vary very little between the types but their effect and use is different.

First Party Cookies

First party cookies are created by the website you are visiting. They can only be read and used by that website.

Third Party Cookies

Third party cookies are not set by the website you are visiting. They are set by a different organization whose features are being used by the website you are visiting. This is common practice if sites use analytical systems supplied by a third party (as most sites do) to track the usage and load on their website. These may also be created by embedded content in the web page, a YouTube video for instance, as these need their own cookies to work.

Session Cookies

These enable a website to track your use throughout the site, storing choices you have made and any information you have provided. They are a type of first party cookie that only remain stored on your computer until you close your browser when they are then deleted.

Disabling Cookies

Each browser has settings which allow you to elect not to block websites from storing cookies on your machine. As each browser is a little different, we advise you to check your browser’s help functionality for this option or search for instructions that are specific to your browser.

If you choose to disable cookies, some aspects of this website may not function as intended.

Transferring your information outside of European Economic Area (“EEA”)

As part of the services offered to you through this website, the information which you provide to us may be transferred to countries outside the European Economic Area (“EEA”). We use cloud computing providers such as Google Cloud and AWS (Amazon Cloud) both of which have servers internationally. We only use cloud computing providers that work with high standards of data protection and that certify that they comply with the EU and UK’s data protection laws.

We encrypt your data whenever we transfer it, including any transfer in/out of the EU.