Who are we?
We are Expend Limited, a private company that helps companies manage their expenses process. We are registered in England (no. 08531792). The registered address is 16 Brune Street, Unit 109, Coppergate House, London, E1 7NJ. Expend Limited will be what is known as the ‘Controller’ of the personal data you provide to us.
At Expend, we take privacy very seriously. This policy sets out the different areas where user privacy is concerned and outlines the obligations and requirements of the users, the website, our apps and other products and services and its owners. Furthermore, the way our company processes, stores and protects user data and information will be detailed in this policy.
We gather and use certain information about individuals in order to provide products and services and to enable certain product and service functionality. We also collect information to better understand how visitors use our products and to present timely, relevant information to them.
We take the security and confidentiality of our customers’ data very seriously and we will not sell your data to third parties.
If you have any questions about this policy, please email firstname.lastname@example.org or write to:
16 Brune Street
Unit 109, Coppergate House
How do we collect data from you?
We collect data from you when, for example:
- Visit our website
- Contact us to inquire about our products and services
- Chat to us on our website or in one of our apps
- Apply for an Expend account for your organisation
- Join an organisation who uses Expend
- Use an Expend card to pay for something
- Create an expense report
Why do we need your data?
The need and type of data we collect data depends on your role in your organisation:
- An employee of an organisation that is a customer of Expend
- A director, officer or person with significant control
If you are an employee of an organisation that is a customer of Expend
We need to collect data because your organisation is using Expend’s services.
If you are applying for an Expend account on behalf of your organisation
We need your data and the data of any of your organisation’s directors, officers or persons with significant to validate that:
- Your company is a legitimate business
- These persons are real
- These persons have not been involved in any illegal activities
We need to store your data in order to comply with various laws in the UK and the EU.
How will we use your information?
If you are applying for an Expend account on behalf of your organisation
If you are a director, officer or person with significant control, we use the following information to check that you, and other officers, directors or persons with significant control are a real people and that your company is a legitimate business:
- Your name, address and date of birth
- Your email address
- Telephone numbers
We also require proof of address and copies of documents such as a passport or drivers license to prove your identity.
This information is passed to another organisation, Experian Ltd, to perform searches against their databases. See ‘Third party service providers with your information’ below for more information.
If you are an employee of an organisation that uses Expend
If you are an employee of an organisation that uses Expend, we use the following information to provide an expense management and payment service to your organisation.
- Your name and email address
- Your date of birth
We pass this data to Prepaid Financial Services to identify you as the cardholder of any Expend cards that your company orders for you. We use this information to verify that you are the same person when you activate your Expend card or retrieve your PIN code.
When you use your Expend card
Every time you pay for something using your Expend card, we record the following data:
- The date and time
- Who you paid
- The amount paid
This information is accessible to your organisation and can be viewed by certain members of your organisation. We are required to store this information for a minimum of 7 years in order to comply with financial regulations.
When you create an expense report
Expense reports contain business data. If you create an expense report, we associate the data you provide with your organisation and your organisation becomes the owner of the information. All of the information you record in an expense report is visible to members of your organisation and will be shared with any accounting platforms (such as Xero) that your organisation has linked to Expend.
When you upload a document or takes an image associated with an expense
If you take add an image or document to an expense, this file is uploaded to our system and associated with your organisation. The document or image can be viewed by members of your organisation and it might be added to Xero if your company is using it. These files can also be accessed when someone from your organisation downloads expenses from Expend.
Who has access to your information
We will not sell or rent your information to third parties.
We do not share your information with third parties for marketing purposes.
We do share information with third party service providers who work on our behalf to deliver our service to you. These parties are:
- Prepaid Financial Services
- Amazon AWS
Third-party service providers with your information
If you or your organisation set up a link to Xero, Expend will share information with Xero:
- Financial transactions associated with your Expend Account, including:
- Amount paid
- Who was paid
- Copies of attachments (documents and images)
- Comments and notes made on Expenses
If you are applying for an Expend account on behalf of your organisation, we share the following data with Experian in order to comply with legal requirements:
- Address and date of birth of directors, officers and persons of significant control
- Copies of identification documents to check that they are legitimate
We use Intercom in order to provide a real-time chat service to you in our apps. Intercom stores the following information about you:
- Conversation history
- The IP address that your device was using when you started a conversation with us
We use Hubspot as our CRM and marketing automation system to manage our relationship with customers and sales leads, Also to acquire new customers and sales leads that have shown an intent to purchase our products both now or on a future date. We also add offline information from the likes of business cards. Hubspot helps us to understand where people have come from and what marketing and advertising campaigns have been effective. In doing so, hubspot stores the following information about you:
- Email address
- IP address and general location data
- Telephone number (if you entered it on a form before signing up for Expend)
- Any other information that you may have provided to visit events, agreed to share with the event organiser and then shared with us our stand.
- Cookie information
- Hubspot does not store: your Date of Birth, passwords, any data that forms part of your application (mentioned above) or any financial data.
We use hubspot to send various types of emails to our contacts, these are normally welcome to Expend emails, emails to confirm demo bookings or anyone who fills out our contact us page and occasional newsletters to customers and other contacts that have opted into hearing from us. If you do not want to receive marketing information from Expend or be contacted by us, please unsubscribe from the bottom of our emails or contact us via our contact page and we will endeavor to complete any requests with in 48 hours.
Hubspot integrates with a number of other services that we use, including: Google analytics, Google Adwords, Gmail, LinkedIn, Google Calendar, Promo by Slidely, Zapier, Bit.ly and Facebook. These integrations help us to automate some of our marketing efforts and track the effectiveness of our advertising.
We also use Hubspot to manage our social media posting across, Facebook, Twitter, LinkedIn and Instagram. Hubspot records interactions with these posts for reporting purposes.
You can find more information here: https://www.hubspot.com/data-privacy/gdpr/product-readiness
Bit.ly is a leading link shortening and tracking tool that allows us to see the effectiveness of our social media posts when we provide links to our website or blog. We use bit.ly alongside Hubspot to help manage our social media relationships. Bit.ly stores the following information about you:
- IP address, browser type, your general location and cookie information. This information may be used to help us understand how users transit a website, to fight spam/malware, to facilitate collection of data concerning your interaction with the Services (e.g., what Bitly Links you have clicked on) and for other similar purposes.
You can find more information here: https://bitly.com/pages/privacy
We use a number of Google’s tools to track and serve adverts to audiences that we believe would be interested in our products and services. These include: Google analytics, Google Adwords and display network. We also other Google owned products like YouTube to embed videos on our website, these may contain Google’s tracking technology and may also serve 3rd party adverts that YouTube control.
As Google is a vast company with a number of different products and services both for businesses such as ours and for personal users, we recommend that you visit https://privacy.google.com/# for more information on how they track and manage your information.
Facebook and Instagram
We use Facebook and Instagram to communicate with our followers organically and for advertising. We use Facebook’s pixel technology help determine when a Facebook or has converted into a customer or sales lead. Facebook does not share its user information with Expend
You can find more information here: https://www.facebook.com/business/gdpr
We use Twitter to communicate with our followers and share our latest news. We occasionally embed tweets that are of interest in our blogs and website, interacting with this content will share information with Twitter. We also use Twitter to advertise our products to Twitter defined segments based interests and location.
You can find more information here: https://gdpr.twitter.com/en.html
LinkedIn is the world’s largest business networking platform and it allows our employees to make new connections for sales, partnerships and recruitment. It also allows us to advertise our products to their users and we use their supplied tracking pixel to monitor the effectiveness of our activity.
You can find more information here:
Zapier provides technology to connect different tools together and allow them to communicate. This helps us to automate tasks and events that wouldn’t normally be possible. Zapier is working through their list of vendors to ensure they are adhering to GDPR as well as signing all appropriate DPAs.
You can get more information here: https://zapier.com/help/gdpr/
Prepaid Financial Services
Prepaid Financial Services (PFS) is the issuing bank of your Expend card. They are regulated and authorised by the Financial Conduct Authority, as an Electronic Money Institution, registration number 900036. We share the following information with PFS:
Information about your organisation
We share the following information that is available publicly:
- Name of business
- Company registration number
- Names of directors, officers and persons of significant control
Information about you
If you have an Expend card, we share the following information with PFS:
- Your name
- Your date of birth
- Your mobile telephone number
We use Amazon AWS to store and process all our data. Data is stored in the EU, in Amazon’s EU West region, physically located in Ireland. Our data is encrypted at rest and that means no-one but Expend can access it because we are the only party with access to the encryption keys.
How long we keep your data
We are required under UK law to keep your basic personal data (name, address, contact details) and financial records for a minimum of 7 years.
Cookies are small files saved to the user’s computer hard drive that track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server to provide the users with a tailored experience within this website.
What are your rights?
If at any point you believe the information we process on you is incorrect, you can request to see this information and have it corrected. You can request deletion of any data that we are not required to keep for compliance purposes. If you wish to raise a complaint on how we have handled your personal data, you can contact us to have the matter investigated at email@example.com.
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law, you can complain to the Information Commissioner’s Office: https://ico.org.uk/