Date Last Revised: April 12, 2019
Salt Edge takes the privacy of individuals very seriously. We are committed to maintaining the security, confidentiality and integrity of the personal data in our custody or control, and protecting such data in accordance with the applicable legislation. The technological developments in the information society are continually evolving, along with the threats that such innovations pose to the privacy of individuals and the security of their personal data. Salt Edge will continually assess the employed security techniques in order to determine the appropriate level of protection. We regularly review our privacy and security practices and adapt them as necessary to deal with new regulatory requirements, changes in legislation and/or security standards.
Section 1 – DEFINITIONS
Section 2 – APPLICATION
Section 3 – ACKNOWLEDGEMENT
Section 4 – COLLECTION OF PERSONAL DATA
Section 5 – USE OF INFORMATION
Section 6 – CHILDREN’S PRIVACY
Section 7 – DISCLOSURES AND TRANSFERS
Section 8 – LEGAL BASIS FOR PROCESSING (FOR EU/EEA USERS)
Section 9 – SPECIAL CATEGORIES OF PERSONAL DATA
Section 10 – FENTURY BLOG
Section 11 – ANTI-SPAM LEGISLATION
Section 12 – THIRD PARTY WEBSITES
Section 13 – USER’S RIGHTS UNDER GDPR (FOR EU/EEA USERS)
Section 14 – DATA DELETION AND RETENTION
Section 15 – PERSONAL DATA SECURITY
Section 16 – NOTIFICATION OF PERSONAL DATA BREACH
Section 18 – DATA PROTECTION OFFICER
Section 19 – CONTACT
"Consent" of User means any freely given, specific, informed and unambiguous indication of the User’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of Personal Data relating to him or her.
"Data Protection Act" means the Data Protection Act 2018 (c.12) of the United Kingdom.
"Data Protection Laws" means, as applicable, the GDPR, the Data Protection Act, or any similar or equivalent law, regulation, statute, legislation, directive or ruling, of any government, legislature, parliament, regulatory authority, agency or commission having or purporting to have jurisdiction on behalf of any nation, or province or state or other subdivision thereof, in force from time to time in User’s jurisdiction with respect to the privacy, protection, processing, collection, use or disclosure of Personal Data.
"Fentury Account" means a unique user account created within the Salt Edge’s systems when User starts using the personal finance management service Fentury through the Website and/or App.
"Fentury Account Data" means the financial information available in User’s Fentury Account, including but not limited to manually input transactions and their details (including without limitation amount, date, description, category), manually created wallets and their details (name, balance, currency), manually created budgets and their details, savings goals details and Financial Account Data (if applicable).
"Financial Account" means a financial account that can be accessed online held in User’s name by the Financial Institution.
"Financial Account Data" means data relating to User’s Financial Account that can be automatically imported into User’s Fentury Account. Financial Account Data includes, but is not limited to, the following information:
- Financial Account details (including by way of example and without limitation account number, type, currency, balance); and
- transactions details (including by way of example and without limitation transaction amount, date, description, currency).
"Financial Institution" means a legal entity engaged in the business of dealing with financial transactions, including without limitation banks, building societies, credit institutions, payment system providers, loan companies, mortgage companies, investment companies, utilities/bills providers and other financial service providers located worldwide.
"GDPR" means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
"Personal Data" means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Personal Data includes without limitation Registration Information, Fentury Account Data and Financial Account Data (if applicable).
"Special Categories of Personal Data" means Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation.
4. COLLECTION OF PERSONAL DATA
When User uses the Services Salt Edge will collect information, including Personal Data, for the purpose of providing, maintaining and improving the Services, as well as complying with applicable laws or regulations. Salt Edge collects Personal Data primarily in four (4) ways:
Information User voluntarily provides to Salt Edge:
- In order to start using the Services User will be required to register a Fentury Account. During the registration process User will have to provide certain Personal Data (including name and email address) and create a password and username (collectively, "Registration Information"). Alternatively, User may register using his/her Google account to verify User’s identity, in which case Salt Edge may receive User’s name and email address from the account provider Google LLC.
- If User wishes to use the automatic data import functionality available in the Services, that enables import of Financial Account Data into User’s Fentury Account, User will have to authenticate himself/herself with the personalized features provided by the respective Financial Institution, including without limitation Financial Institution’s API tokens, username, password, access number, security questions and answers, token/SMS codes, and multifactor information (collectively, "Financial Account Credentials"). Financial Account Credentials are always stored encrypted. Salt Edge will use the provided Financial Account Credentials in order to establish a secure connection to User’s Financial Account in the respective Financial Institution and retrieve the associated Financial Account Data as further described in the Terms of Service.
- When using the Services, User may manually input certain financial data in its Fentury Account, including but not limited to transactions and their details (amount, date, description, currency, category), wallets and their details (name, balance), budget details, and savings goals details. Salt Edge will collect, access, process and use the Fentury Account Data for the purposes of providing the Services to User.
- Information Salt Edge collects from Financial Institutions: When User uses the automatic data import functionality available in the Services, Salt Edge will access User’s Financial Account in the respective Financial Institution in read-only mode on User’s behalf based on the consent to access given to Salt Edge in order to retrieve, use, store and process User’s Financial Account Data.
- Information Salt Edge receives from Payment System Providers: Where User uses the Services on a paid subscription basis, the respective payment service provider will collect certain Personal Data necessary in order to process the payment for the purchased Services. Users acknowledges that the collection, use and processing of Personal Data collected by such payment system providers are subject to separate terms of service and privacy policies applicable for the respective payment system provider. Salt Edge does not collect, access, use or process any information about User’s credit/debit card or bank account used for making such payments, as the payments for in-app purchases are processed via App Store account for iOS Users or Google Play account for Android Users, and payments initiated via the Website are processed via PayPal Holdings, Inc. or Stripe, Inc. Salt Edge identifies User in our systems via a digital code provided by the respective payment system provider and we don’t obtain User’s identity or payment information from such payment system providers.
Information Salt Edge collects through User’s use of the Services:
Information collected by Cookies.
A cookie is a data file placed on a device when it is used to access a service. Cookies or similar technologies may be used for many purposes, including without limitation remembering the User and User’s
preferences and tracking User’s visits to the Website or access to the Services. Cookies work by assigning a number to User that has no meaning outside of the assigning website or application. Salt Edge
quality of the Services. Salt Edge encodes and encrypts the cookies so that only Salt Edge can interpret the information stored in them. Cookies can be disabled or controlled by setting a preference within
level. However, if User chooses to disable cookies some features of the Services may not function properly or Salt Edge may not be able to customize the delivery of information to User. For detailed guidance
on how to control, manage and delete cookies, Users are advised to visit
- First-Party Cookies: Salt Edge uses session cookies and persistent cookies when User uses the Services. These types of cookies are essential to the operation of the Website, App and the provision of Services. The session cookie is stored in temporary memory and is not retained after the browser is closed. Session cookies do not collect information from User’s computer. They store information in the form of a session identification that does not personally identify the User. The persistent cookies are set with expiration date and are stored on User’s hard drive until they expire or User deletes them. Salt Edge does not collect any Personal Data in the session and persistent cookies. Salt Edge uses session and persistent cookies for technical purposes, including but not limited to verifying the origin of requests, distributing requests among multiple servers, authenticating Users and determining what functionality of the Services such Users are allowed to access.
Salt Edge also uses third-party cookies. These third-party service providers with whom Salt Edge has contracted help analyze certain online activities and provide analytics services. Salt Edge uses the
following third-party cookies:
Yandex Metrica and Yandex App Metrica: Salt Edge has integrated Yandex Metrica and Yandex App Metrica, an analytics solution provided by Yandex LLC, in the Website and App, respectively, in order to
collect and analyze data about Users’ activity and improve the Website and App performance. Information collected by Yandex Metrica cookies may include browser and version, operating system, device
information and IP address, which may be considered Personal Data under the applicable Data Protection Laws. Salt Edge has enabled the IP address masking feature that prevents the storage of full IP
address information in Yandex Metrica cookies. Information collected by Yandex cookies will be transferred to Yandex LLC and stored on Yandex LLC’s servers in Europe. Yandex will process this information
to assess how Users use the Website and App, compile statistics and other reports on Website and App operation. User can prevent the collection of information through Yandex Metrica cookies by making
relevant adjustments in browser settings or installing an opt-out add-on (available at
Further information about Yandex Metrica cookie usage can be found
- Crashlytics: Salt Edge has integrated Crashlytics, an analytics service for mobile applications provided by Google Inc., in the App in order to collect and analyze data about Users’ behavior within the App and improve the App performance. Crashlytics cookies collect certain information that does not personally identify the Users who access and/or use the App, including the frequency of using the App, the IP address, timestamps, device model name, device hardware and operating system information, and other performance data. The collected data is used for crash reporting, application logging, online review and statistical analysis of application logs, and other related services that help Salt Edge to resolve technical issues, stabilize and improve the App, and enhance user experience.
- Web beacons - web beacons are images (single-pixel gifs) embedded in a web page or email for the purpose of measuring and analyzing website usage and activity. Web beacons or similar technologies help Salt Edge better manage the Services, count Users of the Services, monitor how Users navigate the Services, count how many emails that Salt Edge sends are actually opened and, generally, measure performance. Salt Edge does not link the information gathered by web beacons to Users’ Personal Data. Web beacons do not collect Personal Data.
5. USE OF INFORMATION
Use of Personal Data:
Salt Edge may use the collected Personal Data for the following purposes:
- to provide, maintain, administer, support, protect and improve the Services;
- to bill and collect money owed to us. For this purpose, Salt Edge may send User emails, invoices, receipts, notices of delinquency, and/or alerts in case of payment issues;
- to meet the regulatory compliance requirements set forth in the applicable laws;
- to provide customer support;
- to handle and process inquiries submitted through the Website;
- to send system alert messages relating to the Services and the Fentury Account;
- to enforce compliance with the Terms of Service;
- to investigate any illegal activity or wrongdoing in connection with the Services;
- to protect the rights, property and safety of Users, Salt Edge and third parties;
- to troubleshoot, investigate and fix service-related errors. In such cases, Users’ Personal Data may be visible to and/or accessed by technicians, IT staff and/or system administrators authorized by Salt Edge;
- to comply with legal obligations to which Salt Edge is subject;
- to generate Anonymized Data and Anonymized Aggregate Data (as defined below); and
- to respond to User’s requests for exercising User’s rights under the applicable Data Protection Laws.
Use of Non-Personal Data:
Salt Edge may generate anonymous data derived from or based on Personal Data collected from User or acquired from User’s use of the Services, which anonymous data can no longer be used to identify,
directly or indirectly, a User
and may combine or incorporate such Anonymized Data with, or into, other similar data or information collected from other Users or derived from other Users’ use of the Services
("Anonymized Aggregate Data").
Salt Edge may use such Anonymized Data and Anonymized Aggregate Data for various business purposes, including, but not limited to:
- providing, maintaining, supporting and improving the Services;
- conducting analytical research, compiling statistical reports and performance tracking;
- developing and/or improving other Salt Edge’s services and products; and
- sharing such Anonymized Data and Anonymized Aggregate Data with Salt Edge’s affiliates, agents or other third parties with whom Salt Edge has a business relationship.
6. CHILDREN’S PRIVACY
Protecting the privacy of young children is especially important to Salt Edge. The Services are not directed to children under the age of eighteen (18) years and Salt Edge does not knowingly solicit, collect or process Personal Data from persons under eighteen (18) years of age. If Salt Edge becomes aware of the fact that Personal Data of persons less than eighteen (18) years of age has been collected via the Services, Salt Edge will take the appropriate steps to delete this information without undue delay.
7. DISCLOSURES AND TRANSFERS
Disclosure and/or Transfer to Subcontractors:
Salt Edge has put in place adequate contractual (including data protection, confidentiality and security provisions) and other technical and organizational measures with subcontractors that Salt Edge may engage
from time to time in connection with the provision, operation, security and/or maintenance of the Services or part thereof
Salt Edge will restrict access, disclosure and/or transfer of Personal Data to its Subcontractors to what is strictly necessary for the performance of such Subcontractors’ contractual obligations towards Salt Edge.
- Salt Edge Inc. in Canada
Disclosure and/or Transfer to Processors:
Salt Edge may disclose and/or transfer Personal Data to Processors engaged by Salt Edge to carry out the processing of Personal Data on Salt Edge’s behalf in connection with the provision of Services.
Salt Edge will ensure that any engaged Processor provides sufficient guarantees that appropriate technical and organizational measures are implemented and that processing of Personal Data by Processor
EU/EEA/UK Users to a third country, such transfer will be subject to articles 45 and 46 of the GDPR and will take place either (i) on the basis of an adequacy decision by the European Commission, or
(ii) by entering into the standard data protection clauses adopted by the Commission, or by ensuring the respective Processor has signed up to the EU-US Privacy Shield. At the date of this Privacy
Policy Salt Edge engages the following Processor:
- Salt Edge Inc. in Canada
- Disclosure to Financial Institution: Salt Edge will disclose certain Personal Data (particularly, Financial Account Credentials) to User’s respective Financial Institution when User uses the automatic data import functionality available through the Services.
Disclosure for Legal Reasons:
Salt Edge may disclose Personal Data without User’s Consent when Salt Edge believes in good faith that the disclosure of such information is reasonably necessary or appropriate:
- to comply with the Data Protection Laws, any subpoena, enforceable request from the competent authorities, or other legal process;
- to enforce Salt Edge’s rights against User or in connection with a breach by User of the Terms of Service, including investigation of potential violations;
- to help detect, curb or investigate fraud or other prohibited or illegal activities that affect or hurt the interests of Salt Edge or third parties;
- to identify, contact or bring legal action against someone who may be causing injury to, or interference with (either intentionally or unintentionally), Salt Edge’s rights or property, other Users of the Services, or anyone else (including the rights or property of anyone else) that could be harmed by such activities; and
- to help Salt Edge comply with a legal obligation to which Salt Edge is subject, or accounting or security requirements, in which case Salt Edge may disclose such information to its auditors, professional consultants, accountants and/or legal advisors.
In all the foregoing cases, Salt Edge will disclose Personal Data only as required or permitted by the applicable Data Protection Laws.
8. LEGAL BASIS FOR PROCESSING (EU/EEA USERS)
In providing the Services to Users, Salt Edge acts as Controller of Personal Data collected from such Users. Salt Edge shall adhere to the following general principles with respect to Personal Data processing:
- not to collect more Personal Data than is necessary for the purpose of providing the Services;
- ensure that all personnel authorized by Salt Edge to process Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality; and
- not to knowingly solicit, access, collect and/or process any Special Categories of Personal Data.
- processing is necessary for the performance of a contract to which the User is a party, particularly for the provision of the Services under the Terms of Service;
- processing is necessary for compliance with a legal obligation to which Salt Edge is subject; and/or
- processing is necessary for the purposes of the legitimate interests pursued by Salt Edge as the data Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of User as the Data Subject which require the protection of Personal Data.
If there is another legal basis for Salt Edge to collect and process Personal Data, Salt Edge will provide the required notification to User at or before the time the Personal Data is collected.
If User voluntarily provides Personal Data to Salt Edge when contacting Salt Edge with respect to the Services, such User will be deemed to have given Consent to the collection, use and processing of Personal Data by Salt Edge as reasonably necessary to carry out the specific purpose(s) for which User has provided the Personal Data. Salt Edge will rely on such implied Consent as if it were given to Salt Edge under normal circumstances.
9. SPECIAL CATEGORIES OF PERSONAL DATA
Salt Edge does not solicit from Users, nor does it knowingly collect or process, any Special Categories of Personal Data. Users are requested at all times to refrain from voluntarily providing any Special Categories of Personal Data by any means of communication to Salt Edge.
10. FENTURY BLOG
11. ANTI-SPAM LEGISLATION
12. THIRD PARTY WEBSITES
13. USER’S RIGHTS UNDER GDPR (FOR EU/EEA USERS)
Taking into account the nature of the processing and the type of Personal Data processed, EU/EEA Users have the right to exercise their rights as set forth in the GDPR, particularly:
- the right to be informed: User has the right to receive fair processing information about his/her Personal Data processed by Salt Edge, including without limitation the recipients or categories of recipients to whom the Personal Data has been or will be disclosed, in particular transfers to recipients in third countries or international organizations, and the appropriate safeguards relating to such transfers.
- the right of access: User has the right to obtain: (i) confirmation that his/her Personal Data is being processed; and (ii) access to such Personal Data.
- the right to rectification: User is entitled to have Personal Data rectified if it is inaccurate or incomplete.
- the right to erasure (right to be forgotten): User has the right to request the deletion of his/her Personal Data when there is no compelling reason for its continued processing or, where the Consent is the legal basis for processing, User withdraws Consent to such processing.
- the right to restrict processing: User has the right to block processing of his/her Personal Data on the grounds specified in the GDPR.
- the right to data portability: User may request to receive free of charge a copy of Personal Data stored in Salt Edge’s systems in a structured, commonly used and machine-readable format, or have Salt Edge transmit the data directly to another organization, if this is technically feasible. Salt Edge will respond to any data portability requests as set forth in the GDPR.
- the right to object: User has the right to object to: (i) processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling); (ii) direct marketing (including profiling); and (iii) processing for purposes of scientific/historical research and statistics. Salt Edge does not process User’s Personal Data for direct marketing or for purposes of scientific/historical research and statistics.
- rights in relation to automated decision-making and profiling: User has the right to object to processing of Personal Data for the purposes of automated individual decision-making (making a decision solely by automated means without any human involvement) and profiling (automated processing of Personal Data to evaluate certain things about an individual).
- the right to withdraw Consent: Provided that the Consent is the legal basis for processing, User may withdraw Consent to Salt Edge’s processing of Personal Data at any time by contacting Salt Edge.
User may exercise any of the foregoing rights at any time by contacting Salt Edge a email@example.com. Where Users’ requests for exercising their rights under GDPR are manifestly unfounded or excessive, in particular because of their repetitive character, or further copies of the Personal Data undergoing processing are requested, Salt Edge may charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested.
14. DATA DELETION AND RETENTION
Salt Edge will retain Personal Data for no longer than strictly necessary for the purposes for which such Personal Data is collected and processed. The retention period depends on the requirements of the applicable laws or regulations Salt Edge must comply with, the purposes of the collection and processing of Personal Data, and the legitimate interests of Salt Edge to establish, exercise or defend its legal rights.
Salt Edge will delete User’s Personal Data from its production servers when:
- User exercises the right to be forgotten or, if applicable, withdraws Consent;
- User deletes his/her Fentury Account or such account is deleted by Salt Edge as described in the Terms of Service;
- Salt Edge deletes a Fentury Account that is inactive for more than twelve (12) months; or
- Salt Edge terminates the provision of Services under the Terms of Service.
- in backup files on its backup servers for a period of up to one (1) month from the date of deletion from the production servers in order to ensure compliance with internal business continuity and disaster recovery procedures; and
- in log files in order to: (i) comply with the requirements of the applicable laws or regulations; (ii) exercise or defend (ongoing) legal claims; and (iii) meet audit or statutory requirements. The retention period for Personal Data retained in log files shall be a minimum of five (5) years from the date of deletion from the production servers, or such longer period as required by the applicable laws, unless subject to statutory or regulatory change.
Backup files are stored using strong asymmetric encryption and Salt Edge’s authorized personnel does not access such files in the ordinary course of business operations, nor will Salt Edge actively process any Personal Data retained in backup files anymore.
15. PERSONAL DATA SECURITY
- Although Salt Edge will take reasonable steps to ensure that User’s Personal Data is treated and stored securely, unfortunately, the sending of information via the Internet is not totally secure and on occasion such information may be intercepted. Therefore, Salt Edge can’t guarantee the security of Personal Data that User chooses voluntarily to send to Salt Edge electronically. Salt Edge expressly disclaims all liability for any interception or interruption of any Internet transmissions sent by User or any losses of or changes to data, including Personal Data, resulting from such interception or interruption.
- Personal Data Safeguards: Salt Edge is committed to maintaining the confidentiality, integrity and security of the Personal Data of Users. Salt Edge employs advanced security techniques to safeguard Personal Data against unauthorized access, use and/or disclosure. Salt Edge strictly restricts access to Personal Data in accordance with specific internal procedures governing access to such information. Salt Edge carefully selects the individuals privileged with access to Personal Data in accordance with internal security policies and practices, and each such individual is bound by confidentiality obligations. The Services ensure secure communications with TLS encryption. To maintain the security of online sessions and protect Salt Edge’s systems from unauthorized access, Salt Edge uses a combination of firewall barriers, encryption techniques and authentication procedures, among others. Access to Salt Edge’s systems requires multiple levels of authentication, including biometric recognition procedures. Security personnel monitor the systems 24/7. Salt Edge databases are both physically and logically protected from general employee access. Salt Edge enforces physical controls on its premises. Salt Edge is routinely verified for its use of encryption technologies and audited for its privacy practices. Salt Edge tests its systems, the Website and App infrastructure for any failure points that might allow hacking.
16. NOTIFICATION OF PERSONAL DATA BREACH
If a security breach causes an unauthorized intrusion into Salt Edge’s systems, software or networks that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise processed by Salt Edge ("Personal Data Breach"), Salt Edge will notify the appropriate data protection authority unless the Personal Data Breach is unlikely to result in a risk to the rights and freedoms of affected Users. Salt Edge will report the Personal Data Breach to the appropriate data protection authority without undue delay after having become aware of it and in any case within the timeframes as provided for in the applicable Data Protection Laws, by including all the pertinent information relating to such Personal Data Breach as required by the applicable Data Protection Laws. When the Personal Data Breach is likely to result in a high risk to the rights and freedoms of affected Users, or if required by the appropriate data protection authority, Salt Edge will also communicate the Personal Data Breach to the affected Users without undue delay.
18. DATA PROTECTION OFFICER
Salt Edge’s data protection officer can be reached at any time by email at firstname.lastname@example.org in case of any questions with respect to Salt Edge’s collection, use, disclosure or processing of Personal Data.
Salt Edge Limited.
Level 39, One Canada Square, Canary Wharf
London, E14 5AB