Slash.com Limited (here in after, «Slash») is the owner of the website («Website»). Sis committed to protecting the privacy of all users of the Website and complying with the applicable data protection legislation.
- What personal data Slash collects;
- How Slash uses personal data;
- Who personal data may be shared with;
- What rights users have in connection with their personal data.
Personal data (also, «personal information», «information», «data») refers to information that identifies a User or may identify a User (e.g. name, address, identification number).
Processing of personal data refers to actions such as collecting, handling, storing and protecting personal data.
Use of Slash Website, setting up of Slash account and provision of Slash Services are conditional on provision of the information requested by Slash, including personal data of data subjects (Users). Personal data is collected and processed pursuant to the following legal obligations:
- For the purpose of establishing business relations and providing Slash Services to Users. Establishment of business relations for provision of services and for the performance of contractual obligations between both parties (Slash and Users) requires provision of certain personal data;
- Under the legal obligations deriving from AML legislation and other legal acts. In order to be able to use Slash Services, including applying for and receiving the Virtual Card, Slash is required to identify User, verify User's identity and perform due diligence, as well as to fulfil the legal obligations.
User may decline to provider personal data to Slash, provided however, that in case User chooses not to provide information that is necessary for provision of Slash Services, such User shall not be able to use Slash Services.
Slash collects personal data from the following sources:
In order to set up Slash account, User will be required to provide basic information about him/herself, including name, email address, mobile phone number, and payment information (valid debit/credit card details). The foregoing information is collected for the purpose of authenticating the User's identity, register Slash account and use Slash Services.
At the time of application for issuing Virtual Card, depending on the User's account level with varying spending limits, User will be required to provide:
- For Level 1 account User will be required to provide: full name, date of birth, email address, mobile telephone number;
- For Level 2 account User will be required to provide: full name, date of birth, email address, mobile telephone number, proof of residence, and government-issued ID.
After registering Slash account and/or applying for Virtual Card, Slash may request User to verify the information provided, or provide additional information (if necessary for issuing and use of Virtual Card, for example).
Data collected in course of use of Slash Services or Website. This data may include:
- Payment and transactions data;
- Profile and usage data (such as data when User connects to Slash account, visit merchants' websites, make purchases using Slash Services, and may include data on how User uses the services). Slash may collect data from devices User uses to connect to Slash account and Services, such as computers and mobile phones, such as User's IP address and using cookies.
- Event and user behaviour data. Slash uses well-known tracking tools such as Google Analytics, Google Tag Manager, Amplitude, and others to collect data about visited pages, made actions, user devices, location, and marketing traffic channels attribution. We use this data to improve the user experience while using Slash and analyse the marketing efforts done by Slash or Slash's authorised partners. The mentioned tools may incorporate their cookie files.
Data collected from third parties. In order to facilitate Slash Services, Slash may obtain personal data about Users from third parties. Slash may lawfully obtain from other entities such as service providers, information aggregation agencies, public authorities, persons that refer User to Slash, Slash affiliated companies.
Various types of personal data are collected and processed in the context of the relationship arising between User and Slash and according to Services used. Indicatively, the following are examples of categories and types of personal data may be processed:
Individual personal information. E.g. Name, previous names, data and place of birth, language, if User holds prominent public functions (PEPs).
Individual personal contact details. E.g. Residential address, email address, telephone number, other contact details.
Identity information. E.g. Passport, National ID card, Nationality, Utility bill, other proof of residence.
Authentication data. E.g. login credentials.
Communications. E.g. Personal data that User may provide by filling in forms or by communicating with Slash (e.g. in emails, or via other electronic channels).
Transactional and other/documents information. E.g. Data arising for the purchases and payment transactions for purchases at merchants' websites using Slash Services (including data such as date, time, amount, currencies, location information and details of merchant associated with the transaction), details arising from contractual obligations between Slash and Users.
Location and technical information. E.g. Location data (for example, at the time of login or a purchase transaction); technical information from devices and technology used by User, IP addresses and device information, visitor's information and similar information collected automatically.
Consents. E.g. Any permissions or consent given to Slash by User.
Slash processes User's data with the data minimization principle in mind. Slash aims to limit the processing of User's data and the type of data processed to strictly the data needed for a lawful reason. Slash uses data inter alia to:
- Verify User's identity (e.g. authentication, AML and fraud prevention purposes);
- To provide Slash Services (e.g. setting up of User account, collecting data for issuing of a Virtual Card, provide Discount on purchases and other Slash Services);
- Perform obligations under Slash T&C (www.slash.com/terms-of-use) and EULA (www.slash.com/user-agreement);
- Maintain communication with Users and provide Users with information and updates;
- Provide User support and handle User inquiries or complaints;
- To enforce internal procedures and protective measures against fraud or risk;
- For internal operational support and administrative purposes (e.g. product/services development or improvement, quality management);
- Obtain reports regarding problems with Website or Services;
- General administrative functions (e.g. maintenance of Slash's internal records necessary for keeping up-to-date information, general record-keeping);
- Statistics and analytics for internal purposes and improvement of Services and Website;
- Compliance with the legal obligations;
- Enforcing or protecting the rights of Slash or its affiliates;
- Ensuring security.
Anonymization means converting personal data of an individual into anonymized data so that it does not identify the individual (User) and does not allow such individual to be identified through its combination with other data.
When Slash processes User's personal data, Slash will rely on one of the processing legal bases below. Slash may process User's personal data for more than one legal basis depending on the specific purpose for which Slash is using the data.
(a) Performance of a contractual obligations. This is when processing of personal data is needed in order to perform the obligations under the T&C (www.slash.com/terms-of-use). This is also processing in the course of the application to be able to complete acceptance process of User and to be able to commence provision of Services under T&C.
(b) Legal obligation or for public interest. This is when Slash is required to process User's personal data to comply with a legal obligation.
(c) Legitimate interests. Where necessary, Slash may process personal data where there is a legitimate interest for Slash or a third party in pursuing commercial and business interests, except where such interests are overridden by User's interests, fundamental rights and freedoms.
(d) User's consent. In particular circumstances, Slash may ask User for specific permission to process personal information for specific purposes. User's data will be processed in this way if User agrees to this. Where the legal basis is the consent provided by User, User may withdraw his/her consent any time. The revocation of User's consent will not affect the legality of the data processed prior to the revocation.
Slash functions receive User's personal data in the context of Slash Services and operations.
This is required in order to provide carry out requests and provide Services, and to perform Slash's contractual and legal obligations.
Slash will not share personal data with third parties unless this is necessary for the legitimate business needs, to carry out requests, provide services and/or as required or permitted by law. Third parties under these circumstances include:
(1) Service providers. Slash will disclose personal data to third party partners and service providers (processors) so they can process it on Slash's behalf where required. These service providers are required to provide sufficient assurances in accordance with data protection law. (e.g. being bound contractually to confidentiality and data protection obligations). Slash will only share personal data necessary for them to provide their services. For example, Slash will shall User's data with the Issuer for the purpose of issuing a Virtual Card. The Issuer will process User's personal data for the performance of its contractual obligations, for the performance of the legal obligations (including under AML laws, Laws on provision of e-money and payment services and other legal acts).
(2) Auditors, advisors and consultants. Slash may disclose personal data for purposes and in the context of audits, to legal and other advisors, in order to investigate security issues, risks, complaints etc.
As such, personal data may be transferred and disclosed to:
- Money laundering and fraud prevention aggregation/agencies, compliance/verification services and risk prevention services. This is required in order to verify User's identity, ensure protection against fraud, confirm eligibility for Slash Services.
- Banks (or other credit or financial service institutions, including the Issuer), and similar institutions. These enable Slash to provide Services.
- Data management, storage, archiving, cloud storage service providers;
- Companies assisting with provision of Services (e.g. technological services, solutions, support such as support/maintenance/development of IT applications, technology, website management, telephony/SMS services);
- Customer support service providers and marketing service providers;
- Administrative service providers;
- Auditing and accounting services and consultants;
- External legal advisors.
- Regulatory authorities, law enforcement, courts. Slash may disclose personal data to comply with applicable legislation, regulatory obligations, to respond to requests of regulatory authorities, government and law enforcement agencies, courts and court orders in the UK/EEA/Internationally.
(3) Slash may also disclose User's data in circumstances such as the following:
- If Slash is under a duty to disclose or share personal data in order to comply with any legal or regulatory obligation or request;
- In order to apply or enforce the Terms and Conditions or any other agreement in place in the context of the relationship between Slash and User and to investigate potential breaches;
- If Slash or substantially all of its assets are acquired by a third party, in which case personal data held by it about its Users will be one of the transferred assets.
User's personal data may be transferred to third countries (outside the EEA) or to international organizations if the transfer is necessary and has a legal basis as described in this document. Such transfers take place for example:
- When necessary to carry out and in the context of transactions (e.g. card transactions, payment orders to third countries, through correspondent bank in third country);
- Under applicable law;
- On the basis of User's instructions or consent;
- In the context of data processing undertaken by third parties on Slash behalf. (e.g. the data may also be processed by staff operating outside of the EEA who work for Slash or for one of our third party service providers or Slash affiliated companies. Such staff may be performing technical duties and support, duties related to processing of User's orders, provision of support services etc.).
Slash has in place internal procedures for secure processing of personal data in order to protect data from unauthorised access, loss, misuse, alteration or destruction. Slash uses its best efforts to limit access to personal data to persons on a need to know basis, and that persons who have access are required to maintain its confidentiality. However, security cannot be absolutely guaranteed against all threats despite our best efforts. Transmission of information via the internet is not completely secure. Slash cannot guarantee the security of data transmitted via email, to Website or online resources; such transmissions are at User's risk. User is responsible for keeping the User credentials secure and confidential and not to disclose them to any persons.
As data subjects, Users have the following rights afforded under data protection law in respect of the personal data, which Slash holds as a controller. Users should note that the rights are not absolute and may be limited due to a legal basis replied upon by us to process User's data.
As the majority of processing Slash performs is a consequence of legal obligations, some of the rights may be limited by the legal and regulatory requirements or legitimate interests.
Right of access: right to obtain a copy of User's personal data. User can request a copy of the personal data retained and a confirmation from Slash whether personal data is processed or not.
Request correction of incorrect personal data. User can request a correction of incorrect or incomplete data kept by Slash. In such a case, Slash may need to verify the accuracy of the data Slash has and data provided and take steps to correct its records.
Object to the processing of personal data. User can object to the processing of personal data by Slash and request us to stop using the data in certain circumstances such as:
- Processing is conducted on the lawful ground of legitimate interest or of serving the public interest; however User objects on grounds relating to User's particular situation. In such a case, Slash may continue processing if Slash demonstrates that it has compelling legal grounds for processing which override User's rights or that processing is necessary to establish, exercise of defend a legal claim. User should note that despite the objection, Slash may continue to use User's personal data. This will be in cases where processing is required in compliance with legal obligations (the requirements of legal obligations to process and retain data will supersede any right to objection.).
- Processing is conducted for marketing purposes. In certain circumstances, if User objects to the processing of certain personal data, Slash may not be able to provide Services and may need to terminate provision of services.
Right to erasure ("to be forgotten"). User can request erasure of User's personal data (depending on the circumstances and agreements in place) where:
- Processing is no longer required for the reasons the data was collected or processed;
- Slash is relying on consent as a legal basis, and User withdraws the consent;
- User has objected to the processing of data;
- The data has been unlawfully processed (i.e. breach of legal basis requirement).
- Required by law.
Slash may continue to retain User's data if another legitimate reason for doing so exists. Slash's requirements to comply with legal obligations (record-keeping requirements in particular) to process and retain certain data will supersede any right to erasure requests, and Slash may also continue to retain/use User's data if another legitimate reason for doing so exists (for exercise of legal claims and or serving in the public interest).
Restriction of processing of personal data. User can request that Slash restricts/suspends the use of personal data if:
- User requested that Slash verifies the accuracy of personal data it has;
- Processing is unlawful but User does not request its erasure;
- Processing and retention of data is no longer needed by Slash, but User wishes that Slash retains it as this data is required by User to establish, exercise or defend a legal claim;
- User have objected to the processing of data and is waiting for verification on Slash's overriding legitimate interest.
In some cases restriction might prevent Slash from performing its obligations under the contractual relationship with User. In such event, Slash will notify User accordingly.
Withdrawal of consent. If Slash is relying on the lawful basis of User's consent (i.e. Slash requested and User provided his/her consent), User can withdraw such consent at any time. Slash may continue to process User's information if another lawful basis exists for doing so. If Slash is unable to provide User with Services due to the withdrawal of consent, Slash will inform User accordingly.
Data portability. User can request from Slash to provide personal data to User directly in an easily re-used format or to a third party if technically possible. This right applies only to personal information provided by User to Slash for the performance of contractual relationship with Slash, or which Slash processes based on User's consent. This right may not be fully applicable in cases where the processing is done due to a legal obligation of Slash.
Users are advised to contact Slash directly at contact details indicted below to exercise User's rights or if User has any questions about the use of personal data. firstname.lastname@example.org
User may be subject to identification procedures and measures in order to ensure that no personal data is disclosed to unauthorized persons. Slash may also request additional information/clarifications to process User's request as rapidly and efficiently as possible.
All requests must be made in English in a comprehensive manner, and contain a clear description of the object of the request. Slash will not be able to process requests which are incomprehensive or in languages other than English.
Slash will not normally charge User a fee to access his/her personal data (or exercise other rights). Slash may charge a fee where User request is clearly unfounded, excessive or repetitive.
Slash aims to satisfy all legitimate requests within one month of receipt or to inform User of refusal, or of an extension period of up to three months to satisfy User's request. Slash will notify User appropriately if the request requires more than one month to fulfill, depending on the complexity of User's request and volume of data associated with it.
In case User has any complaints about the use of personal data, exercise of User's rights, User is advised to notify and/or file a complaint with Slash directly at the contact details indicated below. email@example.com Slash will immediately investigate and inform User in regards to the complaint.
Complaints must be made in English in a comprehensive manner, and contain sufficient details and a clear description of the complaint. Slash will not be able to process requests which are incomprehensive or in languages other than English.