Privacy & Cookies
Droit Privacy Statement
Version 4.0
November 2023
Table of Contents
In this Privacy Statement, all Droit companies are referred to as “Droit“, “we” and “us“.
We process personal data in the UK, the European Economic Area (“EEA”), Australia and in the US, and are committed to adhering to applicable privacy laws, including the following laws in these jurisdictions:
- In the UK, the Data Protection Act 2018;
- in the EEA, the General Data Protection Regulation (2016/679);
- in Australia, the Australian Privacy Principles contained in the Privacy Act 1988 (Cth); and
- In the US, the California Privacy Rights Act.
This Privacy Statement provides you with information about the personal information we collect in connection with your use of Droit’s website or enquiries to Droit, and activities undertaken by Droit. It details:
- the personal data that we collect about you (called “personal information” in this Privacy Statement);
- why and how we use that personal information;
- our legal basis for handling your personal information; and
- your rights regarding that personal information.
This Privacy Statement also outlines Droit’s security, access and data retention practices.
Your personal information is collected and controlled by Droit, including one of its group companies.
In the UK, Droit can be contacted at the following address: Droit Public Limited Company, 1 Poultry, London, EC2R 8EJ, United Kingdom.
In the US, Droit can be contacted at the following address: Droit Financial Technologies LLC, 250 Vesey St, 26th Floor, New York, NY, 10007, USA.
In Australia, Droit can be contacted at the following address: Droit Tech Pty Ltd, Level 14, 5 Martin Place, Sydney NSW 2000 Australia.
If you have any questions or concerns regarding this Privacy Statement, please contact: privacy@droitfintech.com.
1. Information we collect
In order for us to provide services, we need to collect and process certain personal information. The personal information we collect will depend upon your interaction with Droit:
Information you provide by using Droit products or completing forms on Droit websites
| What we collect | How/why we collect it | How we use it |
|---|---|---|
|
Contact Details (your name, email address and postal address, and your telephone number.) |
We need this information to register you or your employer as a user of Droit software or services. |
We use this information to provide you or your employer with access to Droit software and services. We also use this information to send you certain communications (including by email or post about our products and services such as administrative messages (for example, setting out changes to our terms and conditions and keeping you informed about our fees and charges). |
| If you contact us for support, or send us questions or comments. | We use this information to respond to your requests, or provide you with support you have requested. | |
| If you apply for a job with us. | We use this information to process your application, and communicate with you in relation to that application. | |
| Where you sign up to receive marketing material or where we have obtained it through your previous custom. | To send you marketing materials about our business and services. | |
| If you apply for a job with us. | We use this information to assess your suitability for a role at Droit. | |
| Previous employment information such as those you provide on a resume or cover letter. | To provide you with access to our platform where it has been purchased by you or your employer. | To provide a secure way for you to access our services. |
| Your log in information such as your email address and password. | We obtain this information from the payment provider and relationship manager at your employer. | We require this information to receive payment under our contract to provide services. |
| Information needed to provide the services to you (including information on joining forms, order details, order history and payment details); customer services information; and customer relationship management and marketing information. | We obtain this information if you use our contact us page on our website. | We need this information if you send us a query so that we can contact you with regards to that query. |
| Information you provide to us when you correspond with us. For example, through our 'contact us' page on the website. | We obtain this information if you send us a request for technical assistance. | We need this information to provide you with technical assessing such as diagnosing an error code or assistance with using the product. |
| Ticket information when you raise a query when using the Droit product. This may include user information, such as what the user was doing when they encountered an issue and technical information. | Through our website. | We use this personal information to administer our website, to measure the efficiency of our systems and to undertake an analysis on the locations from which people access our webpages. |
| Technical information. This includes: the Internet Protocol (IP) address used to connect your computer to the internet address; the website address and country from which you access information; the files requested; browser type and version; browser plug-in types and versions; operating system; and platform Information about your visit and your behavior on our website (for example, the pages that you click on). This may include the website you visit before and after visiting our website (including date and time), time and length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, traffic data, location data, weblogs and other communication data and information provided when requesting further service or downloads. | Through your use of our website. | We collect this to help us optimize our website for our users. |
2. Our legal basis for processing your information
The laws in some jurisdictions require us to tell you about the legal ground we rely upon to use or disclose your personal information. This section explains how we will use personal information you provide to us in order to carry out the activities relevant to the provision of our services to you.
We must have a legal basis for processing your personal information. We consider that we have a legal basis where:
- you have given us consent to do so for the specific purposes which we have told you about;
- it is necessary for us to do so to enable us to provide you with the services that you have requested from us;
- it is necessary in order to fulfil our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; or
- we have a legal obligation to use your personal information.
Where we process your personal information on the basis of our legitimate interests, these are our (or our third party’s) interests in providing our services to you in an efficient and secure manner.
We have set out below a list of all the ways we may use your personal information and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are, where appropriate.
In some cases we may use more than one legal basis for processing your personal information; this will depend on the specific purpose for which we are using your personal information. Please contact us using the contact details below if you have any queries about the specific legal basis that we rely on for processing your personal information.
| Type of data | Legal basis for processing (including basis of legitimate interest) |
|---|---|
| Contact details (your name, email address and other contact details). |
|
| Previous employment information. |
|
| Your log in information such as your email address and password. |
|
| Information needed to provide the services to you (including information on joining forms, order details, order history and payment details); customer services information; and customer relationship management and marketing information. |
|
| Information you provide to us when you correspond with us. For example, through our 'contact us' page on the website. |
|
| Technical information. This includes: the Internet Protocol (IP) address used to connect your computer to the internet address; the website address and country from which you access information; the files requested; browser type and version; browser plug-in types and versions; operating system; and platform. |
|
| Information about your visit and your behavior on our website (for example, the pages that you click on). This may include the website you visit before and after visiting our website (including date and time), time and length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, traffic data, location data, weblogs and other communication data and information provided when requesting further service or downloads. |
|
Legitimate interests and marketing:
Except in countries or jurisdictions where it is not be permitted by law, we may from time to time send you email communications regarding our business, products or services.
Where you are based in the UK, EEA, Australia, and the US, this will be in according with data protection and marketing laws and will either be based on your consent or our legitimate interests.
We can only use your personal information to send you marketing messages if we have either your consent or a ‘legitimate interest’. A ‘legitimate interest’ is when we have a business or commercial reason to use your information. It must not unfairly go against what is right and best for you. Therefore, when we use legitimate interests, we will only send you marketing messages for similar products or services which you have expressed an interest in before.
The personal information we have for you is made up of what you tell us, and the data we collect about you when you use our services, or data provided to us from third parties we work with.
We want to ensure that you are informed and aware of the best products, services, promotions and events that we can offer you. By consenting to receive additional communications (by mail, telephone or email) from us and any named third parties that feature at the point of obtaining consent in respect of such information, we will process your personal information in accordance with this Privacy Statement.
If you have provided your consent to receive marketing communications from us and you change your mind, you can change your preferences and unsubscribe at any time by unsubscribing from the relevant communication channel, or by contacting us using the contact details. If you choose not to receive this information we will be unable to keep you informed of new products, services and promotions that may interest you
If you would like further details on these legitimate interests and our assessment of why they apply, please contact us via email at privacy@droitfintech.com.
3. Where your information is processed or transferred internationally
When sharing information, we will make sure your personal information is properly protected.
Droit is based and operates inside and outside the UK, the EEA, Australia, and the US. In addition, we operate and utilise sub-processors and third-party service providers globally, which may be based outside the country where you are a resident.. Therefore, depending on where you live, the processing of your personal information may involve a transfer of data outside your country.
Whenever we transfer your personal information, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will transfer your personal information to countries that have been deemed to provide an adequate level of protection for personal information by the relevant authority (e.g. for data transferred outside the EEA, the European Commission).
- If the recipient entity or service provider is not in a country deemed to provide an adequate level of protection, we may use specific contracts which give personal information transferred an adequate level of protection.
Please contact us at privacy@droitfintech.com if you would like further information on the specific mechanism used by us when transferring your personal information internationally.
4. How your information is shared
Droit will share your information with its group companies where it is in our legitimate interests to do so for internal administrative purposes (for example, for corporate strategy, compliance, auditing and monitoring, research and development and quality assurance). Individuals within Droit will only have access to information that is required for them to perform their roll within the firm.
Droit will share your personal information with the following categories of trusted third-party service providers, to help us provide, improve, or protect Droit’s services:
- Cloud infrastructure hosting services, specifically Amazon Web Services, Inc.;
- Our other service providers and sub-contractors, including payment processors, utility providers, suppliers of technical and support services, insurers, and logistic providers;
- Companies that assist in our marketing, advertising and promotional activities, this includes but not limited to Salesforce and HubSpot;
- Analytics and search engine providers that assist us in the improvement and optimisation of our website.
We may also share information that’s aggregated and anonymized in a way that it doesn’t directly identify you. For example, we may disclose and use anonymised, aggregated reporting and statistics about users of our website or our services for the purpose of internal reporting or reporting to our group or other third parties, and for our marketing and promotion purposes.
Droit reserves the right to disclose personal information when:
- we have assessed it is in our legitimate interests to do so to run, grow and develop our business, such as:
- if we sell or buy any business or assets, we may disclose your personal information to the prospective seller or buyer of such business or assets;
- if substantially all of our or any of our affiliates’ assets are acquired by a third party, in which case personal information held by us will be one of the transferred assets;
- we believe that doing so is reasonably necessary to comply with the law or law enforcement;
- to prevent fraud or abuse; or
- to protect Droit’s legal rights, property, or the safety of Droit, its employees, users, or others.
We will never sell or rent your information to any third parties for any reason, without notifying you and, where necessary, obtaining your consent. If you have given your consent for us to use your personal information in a particular way, but later change your mind, you should contact us and we will stop doing so.
5. Data retention
We only retain personal information for so long as it may be necessary for the purposes identified within this Policy Statement.
The length of time for which we retain personal information depends on the purposes for which we collect and use it and/or as required to comply with applicable laws and to establish, exercise or defend our legal rights. We retain your details as follows:
- Account information: We will use your contact information to administer the account to which your information relates for as long as the relevant contract is in place. Once the relevant contract is terminated, we will delete your contact information unless we have alternative reasons to process it (such as to send you marketing materials).
- Marketing information: Where we process your personal information for marketing purposes, we will continue to process your information for as long as we consider it in our legitimate interests to do so, and provided you do not ask us to stop processing your information for this purpose.
- Financial information: We are required by law to keep financial information for 7 years after each transaction, so we will continue to store any financial information you provide to us for 7 years following the last transaction you make with us.
To dispose of personal information, we may anonymize it, delete it or take other appropriate steps. Data may persist in copies made for backup and business continuity purposes for additional time.
6. Your rights
You have certain rights in relation to your personal information. If you would like further information in relation to these or would like to exercise any of them, please contact us via email at privacy@droitfintech.com at any time. You have the following rights:
- Right of access: You have a right of access to any personal information we hold about you. You can ask us for a copy of your personal information; confirmation as to whether your personal information is being used by us; details about how and why it is being used; and details of the safeguards which are in place if we transfer your information outside of the United Kingdom, the EEA, Australia, or the US.
- Right to update or correct your information: You have a right to request an update to any of your personal information which is out of date or incorrect.
- Right to delete your information: You have a right to ask us to delete any personal information which we are holding about you in certain specific circumstances. You can ask us for further information on these specific circumstances by contacting us using the details below.We will pass your request on to other recipients of your personal information unless that is impossible or involves disproportionate effort. You can ask us who the recipients are, using the contact details below.
- Right to restrict use of your information: You have a right to ask us to restrict the way in which we process your personal information in certain specific circumstances. You can ask us for further information on these specific circumstances by contacting us using the details below. We will pass your request on to other recipients of your personal information unless that is impossible or involves disproportionate effort. You can ask us who the recipients are using the contact details below.
- Right to stop marketing: You have a right to ask us to stop using your personal information for direct marketing purposes. If you exercise this right, we will stop using your personal information for this purpose. You can object to further marketing at any time by selecting the “unsubscribe” link at the end of all our marketing and promotional update communications.
- Right to data portability: You have a right to ask us to provide your personal information to a third-party provider of services.This right only applies where we use your personal information on the basis of your consent or performance of a contract; and where our use of your information is carried out by automated means.
- Right to object: You have a right to ask us to consider any valid objections which you have to our use of your personal information where we process your personal information on the basis of our or another person’s legitimate interest.
- Right to complain: We hope to resolve any complaints with you at Droit. However, where you are based in the UK, EEA, or Australia, you also have the right to make a complaint to:
- the Information Commissioner’s (ICO) if you are based in the UK;
- your local Data Protection Regulator if you are based in the EU;
- the Office of the Australian Information Commissioner (OAIC),
if you are unhappy with how we have handled your personal information.
For more information, see the contact section below.
We will consider all such requests and provide our response within a reasonable period (and in any event within one month of your request unless we tell you we are entitled to a longer period under applicable law). Please note, however, that certain personal information may be exempt from such requests in certain circumstances, for example if we need to keep using the information to comply with our own legal obligations or to establish, exercise or defend legal claims.
If an exception applies, we will tell you this when responding to your request. We may request you provide us with information necessary to confirm your identity before responding to any request you make.
If you would like to exercise any of these rights, you can contact Droit at privacy@droitfintech.com, or write to us at 250 Vesey St, 26th Floor, New York, NY, 10007, USA.
7. Security of your information
We take your privacy seriously and have implemented appropriate physical, technical and organizational security measures designed to secure your personal information against accidental loss, destruction or damage and unauthorized access, use, alteration or disclosure. Examples include tight network security, multi factor authentication to file repositories where sensitive client information is held, and physical security of our premises.
However, communications over the internet (such as emails) aren’t secure unless they have been encrypted. Your communications may go through a number of countries before being delivered as is the nature of the internet. We cannot accept responsibility for any unauthorized access or loss of personal information that is beyond our control.
Where we have given you (or where you have chosen) a password which enables you to access your online account, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
8. Links to other websites
This Privacy Statement applies only to the products and services that Droit provides or websites that Droit operates. These services and websites may contain links to other websites not operated or controlled by Droit. The policies and procedures described in this Policy Statement do not apply to these third-party sites. Any links from Droit websites or services do not imply that we endorse or have reviewed the third-party sites or their policies. We suggest contacting those sites directly for information on their privacy policies.
9. A word about children
You must be aged 18 or over to receive services from us. Our website and services are not directed at children and we do not knowingly collect any personal information from children.
If you are a child and we learn that we have inadvertently obtained personal information from you from our websites, or from any other source, then we will delete that information as soon as possible.
Please contact us at privacy@droitfintech.com if you are aware that we may have inadvertently collected personal information from a child.
10. Additional information for California residents
a. Your Privacy Rights under CPRA
Pursuant to the California Privacy Rights Act (“CPRA”), residents and households located in the state of California have the following rights regarding the processing of their Personal Information:
- Right to know (or right to access), to request deletion, and to correct your personal information: For more information about these rights, please refer to section 6 (“Your rights”) above.
- Right to opt-out of the sale or sharing of personal information: You have the right to opt-out of the sale or sharing of personal information. Please note, however, that we do not sell or share for the purpose of cross-context behavioral advertising any personal information obtained about you, nor have we done so in the past.
- Right to limit the use and disclosure of sensitive personal information: You have the right to limit the use and disclosure of sensitive personal information. Please note, however, that we only collect the information mentioned in this Privacy Statement, and do not use or disclose it for any purposes that are covered by this right (nor have we done so in the past).
- Right to non-discrimination: We will not discriminate against you for exercising any of your CPRA rights. We will not (i) deny you products or services, (ii) charge you different prices or rates for products or services, including through granting discounts or other benefits, or imposing penalties (except for financial incentives permitted by the CPRA, see below), (iii) provide you a different level or quality of products or services, and (iv) suggest that you may receive a different price or rate for products or services or a different level or quality of products or services.
- Right to designate an authorized agent: If you submit a request to know or delete your personal information through the use of an authorized agent, we may require that you (i) provide the authorized agent written permission to act on your behalf, and (ii) verify their identity directly with us.
b. Excercising Your Privacy Rights under CPRA
To exercise the rights described above, please submit a request to us by using the methods outlined under “Contact Us” below with the subject line “CPRA Request”.
What we need to know to fulfill your request: The request must: (i) provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative; and (ii) describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information related to you. Making a request does not require you to create an account with us.
How you will hear back from us: We will confirm receipt of a request within ten (10) business days of its receipt and endeavor to respond within forty-five (45) calendar days of its receipt. If we require more time, we will notify you of the extension and provide an explanation of the reason for the extension in writing, and we will provide you with a response no later than ninety (90) calendar days of receipt of the request. The response we provide will also explain the reasons we cannot comply with a request, if applicable.
We may charge a reasonable fee to process or respond to your requests if they are excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will inform you of the reasons for this decision and provide you with a cost estimate before completing your request.
c. Other California Privacy Rights
Pursuant to Section 1798.83 of the California Civil Code, residents of California have the right to obtain certain information about the types of personal information that companies with whom they have an established business relationship (and that are not otherwise exempt) have shared with third parties for direct marketing purposes during the preceding calendar year, including the names and addresses of those third parties, and examples of the types of services or products marketed by those third parties. In order to submit such a request, please contact us as described below. Please note, however, that we do not disclose personal information to third parties for such third parties’ direct marketing purposes.
11. Additional Information for Nevada Residents
If you are a Nevada resident, you have the right to submit a request directing us not to sell your personal information. In order to submit such a request, please contact us as described below. Please note, however, that we do not sell consumers’ covered information for monetary consideration (as defined in Chapter 603A of the Nevada Revised Statutes).
12. Additional information for Australian residents
For individuals in Australia, the following provisions apply and vary the rest of this Privacy Statement to the extent of any inconsistency.
For the purposes of this Privacy Statement, ‘personal information’ includes such information as defined in the Privacy Act 1988 (Cth), being information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether or not the information or opinion is true and whether or not recorded in material form.
For the purpose of Section 1 “Information we collect”, we will only collect your sensitive information with your consent or where otherwise permitted by law. “Sensitive information” is any information or an opinion about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices or criminal record that is also personal data. Sensitive information also includes health information about an individual, genetic information about an individual that is not otherwise health information, biometric information that is to be used for the purpose of automated biometric verification or biometric identification or biometric templates.
For the purposes of section 2 “Our legal basis for processing your information”:
- Our purposes of collection include all purposes set out in this Privacy Statement, and we may also use or disclose personal data for secondary purposes that you would reasonably expect and that are related to the primary purpose of collection, or as otherwise permitted by law.
- We collect personal information to enable us to comply with certain legal obligations including complying with record keeping obligations under or in connection with the Corporations Act 2001 (Cth), the Competition and Consumer Act 2010 (Cth) and the A New Tax System (Goods and Services Tax) Act 1999 (Cth), and in an employment context, various employment laws including the Fair Work Act 2009 (Cth)), and taxation and superannuation law obligations under the Income Tax Assessment Act 1936 (Cth) and Part 25A of the Superannuation Industry (Supervision) Act 1993 (Cth).
- We will only use any sensitive information we collect about you for a purpose set out in this policy or for a secondary purpose that you would reasonably expect and that is directly related to the primary purpose of collection, and will only disclose it in accordance with the section 4 “How your information is shared”.
- If you do not provide us with your personal information, the consequences will depend on the circumstances, but for example we may not be able to enter a contract with you, provide the services you or others are seeking, process your job application, or improve our systems or website or services.
For the purpose of Section 6 “Your Rights” (and without limiting any rights in that section):
- You can request access to the personal data we hold about you at any time by contacting us via the contact details at the bottom of this notice. You may also request the correction of any of the personal data we hold about you. In most cases, we can help you promptly and informally with these requests. In other cases, we may need to verify your identity and ask you to make your request in writing.
- From time to time, we may need to reject your request to access or correct the personal data we hold about you, if we believe it to be necessary and to the extent allowed by law. We will provide our reasons if we deny your request for access to, or correction of, your personal data. Where we decide not to make a requested correction to your personal data and you disagree, you may ask us to make a note of your requested correction with the data we hold about you.
13. Changes to this Privacy Statement
Droit may update this Privacy Statement from time to time. Any changes we make to our Privacy Statement in the future will be posted on this page and, where appropriate, notified to you by post or email. Please check back frequently to see any updates or changes to our Privacy Statement.
New versions of this Privacy Statement will never apply retroactively, and the effective date will be indicated within this document.
14. Cookies
Some pages on our website use cookies, which are small files placed on your internet browser when you visit our website. This information is used to enable you to browse our websites and use our online features as a logged in user and to remember any preferences that you have set for the site whilst you are on our site. If you disable cookies in your web browser, certain features of our site may not be available. We also use cookies in order to offer you a more tailored experience in the future, by understanding and remembering your particular browsing preferences.
We use the following cookies:
- Necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.
- Analytical or statistical cookies. These allow us to recognize and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
- Marketing cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
You can find more information about the individual cookies we use and the purposes for which we use them at https://droit.tech/cookie-declaration/.
To access your cookie preferences click this 
on our website and select ‘Change your consent’. A full breakdown of all the cookies including their functionality is available on the ‘show details’ button of our website cookie manager.
Where we use cookies on our website, you may block these at any time. You can do this by opening the cookie tool through the icon.
You can also activate the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies), you may not be able to access all or parts of our website or to use all the functionality provided through our website.
We work with third-party partners that use cookies to collect usage information about how visitors use our Website and our Services. The trusted third parties we currently work with include the following. Click on each link to learn more about their privacy practices and your choices with respect to managing these cookies:
Google Analytics: https://tools.google.com/dlpage/gaoptout.
HubSpot: https://legal.hubspot.com/privacy-policy
Lead Forensics: https://www.leadforensics.com/privacy-policy/
15. Contact us
If you have any queries or complaints about our collection, use or storage of your personal information, or if you wish to exercise any of your rights in relation to your personal information, please contact privacy@droitfintech.com. We will investigate and attempt to resolve any such complaint or dispute regarding the use or disclosure of your personal information.
Where you are based in the UK, EEA, or Australia, you have the right to make a complaint to your local Data Protection Regulator, as follows:
- if you are in the UK, you have the right to make a complaint to the Information Commissioner’s Office (ICO): https://ico.org.uk/. The ICO is the authority in the UK which is tasked with the protection of personal information and privacy;
- if you are in the in the EEA, please go to https://edpb.europa.eu/about-edpb/board/members_en for details on who your regulator is; and
- if you are in Australia, you have the right to make a complaint to the Office of the Australian Information Commissioner (OAIC): https://www.oaic.gov.au/. The OAIC is the authority in Australia which is tasked with the protection of personal information and privacy.
Alternatively, you may be able to seek a remedy through the courts if you believe your rights have been breached.
If you need to contact us more generally about this Privacy Statement or to make a data request you can also email us at privacy@droitfintech.com.