Who are we?

We are Expend Limited, a private company that helps companies manage their expenses process. We are registered in England (no. 08531792). The registered address is Lower Ground,
10 Finsbury Square, London, EC2A 1AF. Expend Limited will be what is known as the ‘Controller’ of the personal data you provide to us.

At Expend, we take privacy very seriously. This policy sets out the different areas where user privacy is concerned and outlines the obligations and requirements of the users, the website, our apps and other products and services and its owners. Furthermore, the way our company processes, stores and protects user data and information will be detailed in this policy.

We gather and use certain information about individuals in order to provide products and services and to enable certain product and service functionality. We also collect information to better understand how visitors use our products and to present timely, relevant information to them.

We take the security and confidentiality of our customers’ data very seriously and we will not sell your data to third parties.

Your use of our services is subject to this privacy policy and our terms of use, including limitations on damages, arbitration of disputes, and application of UK law.

If you have any questions about this policy, please email help@expend.io or write to:

Expend Limited

Lower Ground,
10 Finsbury Square
London
EC2A 1AF

How do we collect data from you?

We collect data from you when, for example:

  • Visit our website
  • Contact us to inquire about our products and services
  • Chat to us on our website or in one of our apps
  • Apply for an Expend account for your organisation
  • Join an organisation who uses Expend
  • Use an Expend card to pay for something
  • Create an expense report

Why do we need your data?

The need and type of data we collect data depends on your role in your organisation:

  1. An employee of an organisation that is a customer of Expend
  2. A director, officer or person with significant control

If you are an employee of an organisation that is a customer of Expend

We need to collect data because your organisation is using Expend’s services.

If you are applying for an Expend account on behalf of your organisation

We need your data and the data of any of your organisation’s directors, officers or persons with significant to validate that:

  • Your company is a legitimate business
  • These persons are real
  • These persons have not been involved in any illegal activities

We need to store your data in order to comply with various laws in the UK and the EU.

How will we use your information?

If you are applying for an Expend account on behalf of your organisation

If you are a director, officer or person with significant control, we use the following information to check that you, and other officers, directors or persons with significant control are a real people and that your company is a legitimate business:

  • Your name, address and date of birth
  • Your email address
  • Telephone numbers

We also require proof of address and copies of documents such as a passport or drivers license to prove your identity.

This information is passed to another organisation, Experian Ltd, to perform searches against their databases. See ‘Third party service providers with your information’ below for more information.

If you are an employee of an organisation that uses Expend

If you are an employee of an organisation that uses Expend, we use the following information to provide an expense management and payment service to your organisation.

  • Your name and email address
  • Your date of birth

We pass this data to Prepaid Financial Services to identify you as the cardholder of any Expend cards that your company orders for you. We use this information to verify that you are the same person when you activate your Expend card or retrieve your PIN code.

When you use your Expend card

Every time you pay for something using your Expend card, we record the following data:

  • The date and time
  • Who you paid
  • The amount paid

This information is accessible to your organisation and can be viewed by certain members of your organisation. We are required to store this information for a minimum of 7 years in order to comply with financial regulations.

When you create an expense report

Expense reports contain business data. If you create an expense report, we associate the data you provide with your organisation and your organisation becomes the owner of the information. All of the information you record in an expense report is visible to members of your organisation and will be shared with any accounting platforms (such as Xero) that your organisation has linked to Expend.

When you upload a document or takes an image associated with an expense

If you take add an image or document to an expense, this file is uploaded to our system and associated with your organisation. The document or image can be viewed by members of your organisation and it might be added to Xero if your company is using it. These files can also be accessed when someone from your organisation downloads expenses from Expend.

Who has access to your information

We will not sell or rent your information to third parties.

We do not share your information with third parties for marketing purposes.

We do share information with third party service providers who work on our behalf to deliver our service to you. These parties are:

  • Xero
  • Experian
  • Intercom
  • Hubspot
  • Prepaid Financial Services
  • Amazon AWS

Third-party service providers with your information

Xero

If you or your organisation set up a link to Xero, Expend will share information with Xero:

  1. Financial transactions associated with your Expend Account, including:
    1. Amount paid
    2. Who was paid
  2. Copies of attachments (documents and images)
  3. Comments and notes made on Expenses

Experian

If you are applying for an Expend account on behalf of your organisation, we share the following data with Experian in order to comply with legal requirements:

  1. Name
  2. Address and date of birth of directors, officers and persons of significant control
  3. Copies of identification documents to check that they are legitimate

Intercom

We use Intercom in order to provide a real-time chat service to you in our apps. Intercom stores the following information about you:

  1. Name
  2. Conversation history
  3. The IP address that your device was using when you started a conversation with us

Hubspot

We use Hubspot as our CRM and marketing automation system to manage our relationship with customers and sales leads, Also to acquire new customers and sales leads that have shown an intent to purchase our products both now or on a future date. We also add offline information from the likes of business cards. Hubspot helps us to understand where people have come from and what marketing and advertising campaigns have been effective. In doing so, hubspot stores the following information about you:

  • Name
  • Email address
  • IP address and general location data
  • Telephone number (if you entered it on a form before signing up for Expend)
  • Any other information that you may have provided to visit events, agreed to share with the event organiser and then shared with us our stand.
  • Cookie information
  • Hubspot does not store: your Date of Birth, passwords, any data that forms part of your application (mentioned above) or any financial data.

We use hubspot to send various types of emails to our contacts, these are normally welcome to Expend emails, emails to confirm demo bookings or anyone who fills out our contact us page and occasional newsletters to customers and other contacts that have opted into hearing from us. If you do not want to receive marketing information from Expend or be contacted by us, please unsubscribe from the bottom of our emails or contact us via our contact page and we will endeavor to complete any requests with in 48 hours.

Hubspot integrates with a number of other services that we use, including: Google analytics, Google Adwords, Gmail, LinkedIn, Google Calendar, Promo by Slidely, Zapier, Bit.ly and Facebook. These integrations help us to automate some of our marketing efforts and track the effectiveness of our advertising.

We also use Hubspot to manage our social media posting across, Facebook, Twitter, LinkedIn and Instagram. Hubspot records interactions with these posts for reporting purposes.

You can find more information here: https://www.hubspot.com/data-privacy/gdpr/product-readiness

Bit.ly

Bit.ly is a leading link shortening and tracking tool that allows us to see the effectiveness of our social media posts when we provide links to our website or blog. We use bit.ly alongside Hubspot to help manage our social media relationships. Bit.lystores the following information about you:

  • IP address, browser type, your general location and cookie information. This information may be used to help us understand how users transit a website, to fight spam/malware, to facilitate collection of data concerning your interaction with the Services (e.g., what Bitly Links you have clicked on) and for other similar purposes.

You can find more information here: https://bitly.com/pages/privacy

Google

We use a number of Google’s tools to track and serve adverts to audiences that we believe would be interested in our products and services. These include: Google analytics, Google Adwords and display network. We also other Google owned products like YouTube to embed videos on our website, these may contain Google’s tracking technology and may also serve 3rd party adverts that YouTube control.

As Google is a vast company with a number of different products and services both for businesses such as ours and for personal users, we recommend that you visit https://privacy.google.com/# for more information on how they track and manage your information.

Facebook and Instagram

We use Facebook and Instagram to communicate with our followers organically and for advertising. We use Facebook’s pixel technology help determine when a Facebook or has converted into a customer or sales lead. Facebook does not share its user information with Expend

You can find more information here: https://www.facebook.com/business/gdpr

Twitter

We use Twitter to communicate with our followers and share our latest news. We occasionally embed tweets that are of interest in our blogs and website, interacting with this content will share information with Twitter. We also use Twitter to advertise our products to Twitter defined segments based interests and location.

You can find more information here: https://gdpr.twitter.com/en.html

LinkedIn

LinkedIn is the world’s largest business networking platform and it allows our employees to make new connections for sales, partnerships and recruitment. It also allows us to advertise our products to their users and we use their supplied tracking pixel to monitor the effectiveness of our activity.

You can find more information here:

AdRoll

We use AdRoll for some of our advertising, targeting and personalization.
You can find more information here: https://www.adrollgroup.com/privacy

Zapier

Zapier provides technology to connect different tools together and allow them to communicate. This helps us to automate tasks and events that wouldn’t normally be possible. Zapier is working through their list of vendors to ensure they are adhering to GDPR as well as signing all appropriate DPAs.

You can find more information here: https://zapier.com/help/gdpr/

Prepaid Financial Services

Prepaid Financial Services (PFS) is the issuing bank of your Expend card. They are regulated and authorised by the Financial Conduct Authority, as an Electronic Money Institution, registration number 900036. We share the following information with PFS:

Information about your organisation

We share the following information that is available publicly:

  • Name of business
  • Company registration number
  • Names of directors, officers and persons of significant control

Information about you

If you have an Expend card, we share the following information with PFS:

  • Your name
  • Your date of birth
  • Your mobile telephone number

Amazon AWS

We use Amazon AWS to store and process all our data. Data is stored in the EU, in Amazon’s EU West region, physically located in Ireland. Our data is encrypted at rest and that means no-one but Expend can access it because we are the only party with access to the encryption keys.

How long we keep your data

We are required under UK law to keep your basic personal data (name, address, contact details) and financial records for a minimum of 7 years.

Use of Cookies

Cookies are small files saved to the user’s computer hard drive that track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server to provide the users with a tailored experience within this website.

What are your rights?

If at any point you believe the information we process on you is incorrect, you can request to see this information and have it corrected. You can request deletion of any data that we are not required to keep for compliance purposes. If you wish to raise a complaint on how we have handled your personal data, you can contact us to have the matter investigated at complaints@expend.io.

If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law, you can complain to the Information Commissioner’s Office: https://ico.org.uk/

Changes to this Privacy Policy

We may amend or change this policy at any time. The use of the information we collect at any given point is subject to the privacy policy in effect at the time of collection. We recommend you periodically check the privacy policy to make sure you understand the current policy.