We are Expend Limited, a private company that helps companies manage their expenses process. We are registered in England (no. 08531792). The registered address is Lower Ground, 10 Finsbury Square, London, EC2A 1AF. Expend Limited will be what is known as the ‘Controller’ of the personal data you provide to us.
At Expend, we take privacy very seriously. This policy sets out the different areas where user privacy is concerned and outlines the obligations and requirements of the users, the website, our apps and other products and services and its owners. Furthermore, the way our company processes, stores and protects user data and information will be detailed in this policy.
We gather and use certain information about individuals in order to provide products and services and to enable certain product and service functionality. We also collect information to better understand how visitors use our products and to present timely, relevant information to them.
We take the security and confidentiality of our customers’ data very seriously and we will not sell your data to third parties.
If you have any questions about this policy, please email email@example.com or write to:
Lower Ground, 10 Finsbury Square London EC2A 1AF
We collect data from you when, for example:
The need and type of data we collect data depends on your role in your organisation:
We need to collect data because your organisation is using Expend’s services.
We need your data and the data of any of your organisation’s directors, officers or persons with significant to validate that:
We need to store your data in order to comply with various laws in the UK and the EU.
If you are a director, officer or person with significant control, we use the following information to check that you, and other officers, directors or persons with significant control are a real people and that your company is a legitimate business:
We also require proof of address and copies of documents such as a passport or drivers license to prove your identity.
This information is passed to another organisation, Experian Ltd, to perform searches against their databases. See ‘Third party service providers with your information’ below for more information.
If you are an employee of an organisation that uses Expend, we use the following information to provide an expense management and payment service to your organisation.
We pass this data to Prepaid Financial Services to identify you as the cardholder of any Expend cards that your company orders for you. We use this information to verify that you are the same person when you activate your Expend card or retrieve your PIN code.
Every time you pay for something using your Expend card, we record the following data:
This information is accessible to your organisation and can be viewed by certain members of your organisation. We are required to store this information for a minimum of 7 years in order to comply with financial regulations.
Expense reports contain business data. If you create an expense report, we associate the data you provide with your organisation and your organisation becomes the owner of the information. All of the information you record in an expense report is visible to members of your organisation and will be shared with any accounting platforms (such as Xero) that your organisation has linked to Expend.
If you take add an image or document to an expense, this file is uploaded to our system and associated with your organisation. The document or image can be viewed by members of your organisation and it might be added to Xero if your company is using it. These files can also be accessed when someone from your organisation downloads expenses from Expend.
We will not sell or rent your information to third parties.
We do not share your information with third parties for marketing purposes.
We do share information with third party service providers who work on our behalf to deliver our service to you. These parties are:
If you or your organisation set up a link to Xero, Expend will share information with Xero:
If you are applying for an Expend account on behalf of your organisation, we share the following data with Experian in order to comply with legal requirements:
We use Intercom in order to provide a real-time chat service to you in our apps. Intercom stores the following information about you:
We use Hubspot as our CRM and marketing automation system to manage our relationship with customers and sales leads, Also to acquire new customers and sales leads that have shown an intent to purchase our products both now or on a future date. We also add offline information from the likes of business cards. Hubspot helps us to understand where people have come from and what marketing and advertising campaigns have been effective. In doing so, hubspot stores the following information about you:
We use hubspot to send various types of emails to our contacts, these are normally welcome to Expend emails, emails to confirm demo bookings or anyone who fills out our contact us page and occasional newsletters to customers and other contacts that have opted into hearing from us. If you do not want to receive marketing information from Expend or be contacted by us, please unsubscribe from the bottom of our emails or contact us via our contact page and we will endeavor to complete any requests with in 48 hours.
Hubspot integrates with a number of other services that we use, including: Google analytics, Google Adwords, Gmail, LinkedIn, Google Calendar, Promo by Slidely, Zapier, Bit.ly and Facebook. These integrations help us to automate some of our marketing efforts and track the effectiveness of our advertising.
We also use Hubspot to manage our social media posting across, Facebook, Twitter, LinkedIn and Instagram. Hubspot records interactions with these posts for reporting purposes.
You can find more information here: https://www.hubspot.com/data-privacy/gdpr/product-readiness
Bit.ly is a leading link shortening and tracking tool that allows us to see the effectiveness of our social media posts when we provide links to our website or blog. We use bit.ly alongside Hubspot to help manage our social media relationships. Bit.lystores the following information about you:
You can find more information here: https://bitly.com/pages/privacy
We use a number of Google’s tools to track and serve adverts to audiences that we believe would be interested in our products and services. These include: Google analytics, Google Adwords and display network. We also other Google owned products like YouTube to embed videos on our website, these may contain Google’s tracking technology and may also serve 3rd party adverts that YouTube control.
As Google is a vast company with a number of different products and services both for businesses such as ours and for personal users, we recommend that you visit https://privacy.google.com/# for more information on how they track and manage your information.
We use Facebook and Instagram to communicate with our followers organically and for advertising. We use Facebook’s pixel technology help determine when a Facebook or has converted into a customer or sales lead. Facebook does not share its user information with Expend
You can find more information here: https://www.facebook.com/business/gdpr
We use Twitter to communicate with our followers and share our latest news. We occasionally embed tweets that are of interest in our blogs and website, interacting with this content will share information with Twitter. We also use Twitter to advertise our products to Twitter defined segments based interests and location.
You can find more information here: https://gdpr.twitter.com/en.html
LinkedIn is the world’s largest business networking platform and it allows our employees to make new connections for sales, partnerships and recruitment. It also allows us to advertise our products to their users and we use their supplied tracking pixel to monitor the effectiveness of our activity.
You can find more information here:
We use AdRoll for some of our advertising, targeting and personalization. You can find more information here: https://www.adrollgroup.com/privacy
Zapier provides technology to connect different tools together and allow them to communicate. This helps us to automate tasks and events that wouldn’t normally be possible. Zapier is working through their list of vendors to ensure they are adhering to GDPR as well as signing all appropriate DPAs.
You can find more information here: https://zapier.com/help/gdpr/
Prepaid Financial Services (PFS) is the issuing bank of your Expend card. They are regulated and authorised by the Financial Conduct Authority, as an Electronic Money Institution, registration number 900036. We share the following information with PFS:
We share the following information that is available publicly:
If you have an Expend card, we share the following information with PFS:
We use Amazon AWS to store and process all our data. Data is stored in the EU, in Amazon’s EU West region, physically located in Ireland. Our data is encrypted at rest and that means no-one but Expend can access it because we are the only party with access to the encryption keys.
We are required under UK law to keep your basic personal data (name, address, contact details) and financial records for a minimum of 7 years.
Cookies are small files saved to the user’s computer hard drive that track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server to provide the users with a tailored experience within this website.
If at any point you believe the information we process on you is incorrect, you can request to see this information and have it corrected. You can request deletion of any data that we are not required to keep for compliance purposes. If you wish to raise a complaint on how we have handled your personal data, you can contact us to have the matter investigated at firstname.lastname@example.org.
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law, you can complain to the Information Commissioner’s Office: https://ico.org.uk/