Privacy Policy
About
At Karfu, we like making things simple and easy for our customers. That includes being clear, transparent and open about what we collect. We will tell you openly how and why we use that data.
We are committed to protecting your personal information when you use our website and we want you to be confident that your personal information is safe and secure with us.
Summary
This Privacy Policy explains how we use your personal information, including the following, so please take time to read all the sections carefully:
-
where we collect your personal information from;
-
what personal information we collect;
-
how we use your personal information;
-
who your personal information is shared with; and
-
the rights and choices you have when it comes to your personal information.
The main reason we process your personal data is to provide you with services that you request from us (see section 4 below). For certain purposes, set out in section 5 below, we may share your personal information with our partners, suppliers and regulatory or governmental bodies. We will only hold your personal information for as long as necessary to fulfill the purposes for which we hold that personal information.
Use of karfu.com is subject to the terms of this Privacy Policy, our Security Policy, our Cookie Policy, our Website Terms and Conditions and, in certain circumstances, our Beta Terms and Conditions. If you don't agree to these terms, please stop using karfu.com immediately.
Please note that all our employees undertake regular training on Information Security and are required to comply with confidentiality obligations, as well as internal policies and procedures, whenever they handle your information.
1. Who are we
Karfu Limited (company number 12029292) is the data controller in relation to the processing of the personal information that you provide to us when you use our website. Karfu Limited’s registered address is 46 Gould Road, Twickenham, United Kingdom, TW2 6RS.
For the purposes of this Privacy Policy, references to Karfu Limited can include "we", "us" or "our".
If you have any queries relating to our use of your personal information, if you want to contact our data protection officer or if you have any other related data protection questions, please contact our team at general@karfu.com or write to our Data Protection Officer at Karfu, 46 Gould Road, Twickenham, United Kingdom, TW2 6RS
2. How we collect your personal information
The type of information we collect
We collect two types of data and information from our customers:
Personal information
Personal Information is information which can be used to identify an individual.
Non-personal information
The second type of information is un-identified and non-identifiable information pertaining to you which may be made available or gathered via your use of karfu.com.
We are not aware of the identity of the user from which the non-personal Information was collected.
Combining personal and non-personal information
If we combine Personal Information with Non-personal Information, the combined information will be treated as Personal Information for as long as it remains combined.
How we collect it
2.1. From you - Karfu collects personal information about you whenever you use karfu.com. Most of the personal information we collect will be direct from you when you use our website. We will collect this information from you through the website, mobile applications or other similar devices, channels or applications.
Most of the personal information we process is provided to us directly by you for one of the following reasons:
-
When you attempt or complete a karfu.com search
-
When you register or update your account
-
When you save a search, scenario or vehicle to your shortlist
-
When you make an enquiry to or transact with a partner
We also receive personal information indirectly from you, from the following sources in the following scenarios:
-
Through Cookie files stored on your browser or the hard drive of your computer.
-
see our Cookie Policy for more details
-
-
Interactions with our Customer Service team
-
via 1st or 3rd party live chat, surveys, email or physical correspondence
-
-
Interactions with our Social Media channels (e.g. Facebook, Instagram, Twitter and LinkedIn)
-
With your consent, through video or phone calls with karfu.com employees
2.2. From our partners - If you purchase a product from one of our partners whose products are shown on our website then they may send us information they hold relating to the product(s) or service(s) you have purchased. This allows us to track sales and improve our own services.
2.3. From our suppliers - We will sometimes use other companies to collect and process your personal information on our behalf, for example we may use IT service providers or market research agencies. Where we use third parties we will make sure that they commit to keep your information safe.
We may also obtain data about you from our suppliers – for example, if you use an eligibility or affordability checking service on our website, we will obtain information about your credit history for you and if you receive car tax and MOT reminders from us, we will obtain the dates these fall due by accessing public sector information (which can be free but are more usually paid for). Example suppliers of these are shown below:
-
Credit referencing agencies (e.g. Equifax) to check credit scores, history, affordability and ID verification
-
Public sector information (e.g. DVLA and DVSA) including car tax and MOT data
3. What personal information do we collect
3.1. We currently can collect and process the following information, though we do not hold it on every user as it is dependent on how they interact with our website and the services they request to access:
-
Full name
-
Date of birth
-
Height
-
Weight
-
Home and business address, including Postcode
-
Email addresses
-
Phone numbers (landline and mobile)
-
Driving License Number
-
Financial information
-
Financial deposits / lump sums available
-
Annual gross and net salary
-
Monthly mobility budget
-
Total mobility budget
-
User selected indicative credit rating / score
-
Actual credit rating / score
-
Credit report / history
-
Affordability rating
-
Eligibility rating
-
-
Payment means
-
Debit or Credit card number
-
Vehicle finance preferences (term / mileage)
-
-
Family information
-
Members (number of partners / children)
-
Ages of members
-
Physical size of members
-
-
Vehicle information
-
Vehicle registration mark (number plate)
-
Vehicle make / model / specification details
-
Estimated vehicle valuation
-
Vehicle Excise Duty information (car tax data)
-
Ministry of Transport information (MOT data)
-
-
Usage preferences
-
Overall mobility needs
-
Vehicles under consideration
-
Purchase timing
-
Length mobility solution required
-
Frequency of use of mobility solution
-
Journey types and frequency of journeys
-
Personal priorities in relation to convenience, price and the environment
-
-
Vehicle preferences
-
Type and sub-category
-
Size preference
-
Fuel preference
-
Brand preference
-
Essentials required (i.e. characteristics of a vehicle type)
-
Options required (i.e. specific features fitted to a vehicle)
-
-
Device information that can personally identify you
-
Geolocation data
-
IP address (a number that identifies a specific device on the internet and is required for your device to communicate with websites)
-
Hardware model
-
Operating system and version number
-
Browser type
-
-
Website user statistics and information on your activity on karfu.com
-
Pages viewed
-
Time spend on page
-
Links clicked
-
Searches made
-
Products and services expressed interest in
-
Completed quotes
-
Saved vehicles
-
Saved quotes
-
Partner enquiries
-
Partner transactions
-
-
Social media user statistics and information on your activity on official Karfu social media channels
-
Access
-
Views
-
Shares
-
Contributions (e.g. comments posted)
-
Communications (e.g. direct messages or platform chat functionality)
-
-
General internet usage
-
Websites visited
-
Pages viewed
-
Time spend on page
-
Links clicked
-
-
Changes you make to any personal information you supply to us
3.2. Special Category data - In order to provide you with a quote we may need to collect personal information which data protection law defines as special category data. This is personal information which is particularly sensitive, such as medical history or criminal convictions.
We cannot display quotes for certain types of insurance (such as vehicle insurance) without this information. We may also need to share this data with our partners to enable them to generate a quote for you (which we are allowed to do under data protection legislation in order to arrange and/or advise on an insurance contract).
3.3. We do not knowingly collect or store any personal information about children under the age of 16. If you are aged under 16 please get your parent or guardian’s permission before you provide any personal information to us.
3.4. If you are providing us with another person's information (for example where you request a policy which includes another person as a joint policyholder or obtaining quotes for a family member) you should first ask them to read this Privacy Policy and our Website Terms and Conditions. By giving us information about another person you are confirming that they are happy for you to provide the information to us and that they understand how their details will be used.
3.5. We may monitor or record your calls, emails, sms or other communications but we will do so in accordance with data protection legislation and other applicable law. Monitoring or recording will always be for business purposes, such as for quality control and training (e.g. where you call our customer services help line), to prevent unauthorised use of our telecommunication systems and website, to ensure effective systems operation, to meet any legal obligation and/or to prevent or detect crime.
3.6. In order to ensure the services we provide you continue to meet your needs we may ask you for feedback on your experience of using the website. Any feedback you provide will only be used as part of our programme of continuous improvement and will not be published on the website.
3.7. Note that it is your responsibility to check and ensure that all information, content, material or data you provide on the website is correct, complete, accurate and not misleading and that you disclose all relevant facts.
4. How we use your personal information
We use the information that you have given us for a variety of reasons outlined below. Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are outlined below each reason:
4.1. To enable you to access and use the website, including:
-
4.1.1. Identification and verification of your personal details, managing, running and administering your account if you choose to set up a Karfu account
-
We have a contractual obligation
-
We have a legal obligation.
-
-
4.1.2. Passing it to our partners including companies whose products or services are included on our website, with a view to them providing you with an online quote or eligibility score for the product/service requested by you. When our partners use your personal information to provide a quote they will act as data controllers of your personal information
-
We have a contractual obligation
-
-
4.1.3. To make it easier for you to use the website we will store the personal information you provide and may use it to pre-populate fields on the website when making return visits;
-
We have a legitimate interest.
-
-
4.1.4. To enable you to use our eligibility checker services. When you use our eligibility checker services, a credit report will be generated by carrying out a 'soft' credit check. We do not carry out these checks but will pass your personal information to our trusted suppliers who will generate these checks
-
We have a contractual obligation
-
-
4.1.5. To process a transaction between you and a third party;
-
We have a contractual obligation
-
-
4.1.6. To track sales, which may involve us sharing data with your product or service provider relating to the product(s) or service(s) you have purchased;
-
We have a contractual obligation
-
-
4.1.9. To enable you to share our content with others, e.g. by using any 'Email a friend' or 'Share this' functionality on our website;
-
We have a legitimate interest.
-
-
4.1.10. To identify and authenticate your access to certain features.
-
We have a contractual obligation
-
-
4.1.11. To use publicly available information (on social media sites and the like) to help verify information provided to us and we log and save the results.
-
Your consent.
-
-
4.1.12. To support and troubleshoot our services and to respond to your queries;
-
Your consent
-
4.2. To communicate with you, including some or all of the following:
-
4.2.1. sending you information about products and services which we think may be of interest to you
-
We will only send you this information if you give us your consent for us to do so. We will contact you (depending on your contact preferences) via email, post, telephone, sms, or by other electronic means such as via social and digital media this may include new product launches, newsletters and opportunities to participate in market research;
-
Your consent
-
-
-
4.2.2. Sending you a confirmation email of your quote
-
when you obtain a quote with us, you will automatically be sent confirmation of your quote by email or SMS so that you have a record of it and can easily retrieve your quote in the future;
-
We have a contractual obligation
-
-
-
4.2.3. Informing you of your renewal quotes
-
Based on information you previously provided to us (if you have previously obtained a quote) - when our systems indicate that your renewal is due (based on the dates you entered for your most recent quote) we may resubmit your quote details to give you an idea of what your quotes could be for your next renewal.
-
In order to provide this service to you, we may also send that information to our partners so that they can calculate their quotes.
-
When they do this, our partners may carry out ‘soft’ credit checks on you with credit reference agencies, and these checks may be performed ahead of the renewal date.
-
You may see these ‘soft’ credit checks on your credit report but they will have no impact on your credit rating.
-
We have a legitimate interest.
-
-
-
4.2.4. To provide alerts about vehicles and mobility choices that match your search or scenario criteria
-
Your consent.
-
-
4.2.5. To provide alerts about new and updated mobility choices in your local area
-
Your consent.
-
-
4.2.6. To provide alerts about new and updated vehicles available
-
Your consent.
-
-
4.2.7. To receive reminders for when your car tax and MOT are due
-
Your consent
-
-
4.2.8. To communicate with you and to keep you informed of Karfu’s latest updates
-
Your consent.
-
-
4.2.9. To market our website and products or those of any of our business partners and affiliates.
-
Your consent.
-
-
4.2.10. To serve you online advertisements.
-
We may disclose an anonymised version of your personal information such as your name and email address (we use a process called hashing which means that the third party does not receive a plain text version of your personal information to protect your details) to third party providers such as Facebook and Google to enable us to display marketing to you via such sites.
-
Your consent.
-
-
4.3. To personalise and improve aspects of our website including:
-
4.3.1. To improve our recommendations and insights.
-
The information we collect helps us tailor our content and improve our suggestions to you and other users about products or services that may interest you or them.
-
We have a legitimate interest.
-
-
-
4.3.2. To match our data with data from other sources.
-
We may validate and analyse your information and, in some cases, match it against information that has been collected by a third party to ensure that the information we hold about you is accurate, consistent and well-organised and in order to continually personalise our website and make it as easy to use as possible.
-
For example, we may pass your IP address to certain of our third party partners or suppliers to facilitate the correct look-up of your street address.
-
We may also match information you provide us with against that collected by a third party to help gather all the information that is required to carry out the service you have requested (particularly if some of this information may be difficult for you to locate) and to pre-populate some of the information required to carry out the service for you by providing estimated figures.
-
Personalising our services to you also helps us ensure that any marketing material that we send you is appropriate to your needs;
-
We have a legitimate interest.
-
-
-
4.3.3. To populate our customer insight products which are available to subscribers.
-
We may pass certain insight products to our partners to help them understand customer behaviours and develop their product offerings
-
We have a legitimate interest.
-
-
-
4.3.4. Help us to understand issues with the existing functionality and performance of karfu.com to improve the overall experience for users
-
We have a legitimate interest.
-
-
4.3.5. To provide personalised services, recommendations and customize karfu.com to your needs and interests under your Username and account.
-
We advise against using anything that can identify you personally, however this is your choice.
-
We have a legitimate interest.
-
-
4.4. For research, such as analysing market trends and customer demographics including:
-
4.4.1. We may contact you to ask you to assist us with market research by asking you questions about the services and asking you if you would like to complete a review of the services. We may sometimes ask market research companies to contact you on our behalf.
-
We have a legitimate interest.
-
-
4.4.2. We may use the data relating to your quotes, your personal information and information about the policies and contracts you have taken out to carry out various research and analysis activities to help us review and improve the website or our services.
-
We have a legitimate interest.
-
4.5 To meet our legal obligations
-
4.5.1 To investigate violations and enforce our policies, as required by law, regulation or other governmental authority, or to comply with a subpoena or similar legal process or respond to a government request.
-
We have a legal obligation.
-
-
4.5.2. To audit certain elements of our business practices.
-
We have a legal obligation.
-
5. Sharing your personal information
We share may your personal information with external organizations that carry out a range of services on behalf of Karfu. We carry out checks to ensure that the companies we work with will give your information the same level of care and protection as we do. Both we and they are obliged to handle your information in accordance with data protection law, and we are also required to put in place contractual measures reinforcing those obligations.
We will not disclose your Personal Data with any third parties outside of the European Union in countries where there is no adequate data protection regime. However, in the event that such a data transfer occurs, we will take all reasonable steps possible to ensure that your data is treated as securely as it is within the European Union and in accordance with this Privacy Policy and the applicable legislation. Additionally, we will update the current Privacy Policy in order to reflect the cross-border data transfer and the relevant safeguards for your privacy.
When you use any of our services, we may disclose your personal information to the following parties:
5.1. our partners - including companies whose products or services are included on our website:
-
5.1.1. In order to display quotes on the website we will send your personal information to our partners. We need to send them your personal information so that they can generate an estimate or quote for us to display on the website;
-
To make it easier for you to complete your application we may pass the personal information you provide on the website to our partners to pre-populate fields on our partners’ website to save you having to input your information again;
-
If you click through to any of our partners websites, provide them with additional information on their websites and/or if you decide to purchase a product from any of our partners then they will be data controllers of your personal information and you should read their own privacy policy which you should find on their website.
-
5.1.2. On some of our journeys you can apply and purchase our partners’ products on our website. When you purchase a product or service on our website any contract will be entered into between you and the relevant product provider and so we will pass your personal information to them.
5.2. our suppliers - that we engage to help us provide certain services and/or functionality, such as whether products or suitable are suitable for you. These include:
-
5.2.1. our service providers who enable our eligibility checker services
-
5.2.2. market research agencies who may contact you on our behalf in order to ask you to assist us with our research and collect or analyse customer feedback;
-
5.2.3. our service provider who help us to provide customer insight products to enable subscribers to develop and improve their products for you;
-
5.2.4. Management and execution of advertising and marketing campaigns
-
5.2.5. Payment processing and verification
-
5.2.6. ID verification
-
5.2.7. Checks to detect unfair use of our products and services
-
5.2.8. Web hosting, online content services and data storage
-
5.2.9. Management of competitions, contests and offers
-
5.2.10. Data analytics and data cleansing
-
5.2.11. IT services and support
-
5.2.12. Audit, legal and compliance related services
-
5.2.13. Vehicle information suppliers (identification, technical data, specification data and valuation)
-
5.2.14. Vehicle finance suppliers (identification, eligibility, product finance information)
5.3. the DVLA and DVSA
-
5.3.1. if you give us your driving licence number when obtaining a quote, it may be submitted by us or our partners to the DVLA MyLicence service in order to verify the status of your (or any named driver's) licence and entitlement along with any relevant restriction information, endorsement and/or conviction data.
-
The providers may carry out the searches themselves or we may perform them and then pass the results to the insurers. These driving licence searches may be made when you first use our services and subsequently throughout the duration of your agreement or policy.
-
These searches will not show on your (or your named driver's) DVLA driving licence record. Carrying out these searches may help providers to prevent fraud and reduce the need for insurers to cancel policies for negligent misrepresentation and non-disclosure of important information.
-
For details of the information about you that the DVLA may hold, please see http://www.mylicence.org.uk/.
-
5.3.2. If you run a car based journey on our website and confirm you have the relevant vehicle, we can match your car registration number with public sector information to obtain the dates that your car tax and MOT will need renewing so that we can add these dates to your homepage for you to see next time you log in and, if you sign up to receive them, send you car tax and MOT reminders via email before these fall due.
-
This car tax and MOT information is accessed by us from public sector information under the terms of the Open Government Licence 3.0. Karfu does not warrant the accuracy of any information relating to your vehicle’s MOT and tax status, and does not accept any liability for any inaccurate information accessed by it in this way.
5.4. Where permitted or required by law or regulation - Where permitted or required by law or regulation, we may also disclose information about you (including electronic identifiers such as IP addresses) and/or access your account in order to comply with legal or regulatory requirements for example:
-
5.4.1. If required to do so by any court, the Financial Conduct Authority, the Competition and Markets Authority or any other applicable regulatory, compliance, Governmental or law enforcement agency;
-
5.4.2. If necessary in connection with legal proceedings or potential legal proceedings
-
5.4.3. In connection with the sale or potential sale of all or part of our business
-
5.4.4. If we reasonably believe false or inaccurate information has been provided and fraud is suspected, details may be passed to fraud prevention agencies to prevent fraud and money laundering.
5.5. Credit Information Services & Soft Credit Checks - When you use the services a ‘soft’ credit check may be carried out against your credit report by our partners and suppliers by a credit reference agencies for the following purposes:
-
5.2.1. to enable our eligibility checker services
-
5.2.2. to provide you with your credit history including your credit score and credit report
-
5.2.3. Many of our partners will also carry out checks with credit reference agencies when they generate a quote for comparison both at the time you request a quote and at renewal. You should read their privacy policy for more information on how they carry out these checks.
‘Soft’ credit checks are carried out by using credit reference agencies in order to:
-
(i) assess your financial and insurance profile;
-
(ii) verify your identity; and/or
-
(iii) to help prevent fraud.
The credit reference agencies may keep a record of the search and you may see this recorded against your credit file but these ‘soft’ credit checks have no impact on your credit rating. ‘Soft’ credit checks are visible on your credit report but do not show up in the same way as a 'hard' check.
6. How do our partners use your personal information and who might they share it with
Personal Information will be disclosed to a third party only to the extent required for the specific purpose, as stipulated in this Privacy Policy, and in such cases, we require the relevant third party to agree to process such information in compliance with our Privacy Policy.
In order to provide you with a quote, our partners may exchange information about you with other companies and/or carry out checks with various databases. This information exchange allows our partners to verify the information that is provided during the quote process (including information about any third party who is named on the agreement or policy), and also helps to detect fraudulent claims.
Our partners may also use the data relating to your quotes and your personal information to create and improve the products and services they offer and to develop and improve their processes, credit risk systems and policies, so they can better meet the needs of their customers.
If you decide to enter into a contract with one of our partners through our website, the information you have provided to us, together with any further information requested by, and supplied by you or us to the partner, will be held by the partner for the purposes set out in their privacy policy and they will act as data controller of your personal information and we are not responsible for it.
Therefore, you are strongly advised to read your chosen provider's privacy policy and satisfy yourself as to the purposes for which the provider will use your personal information before entering into the contract. We have no responsibility for the uses to which a provider puts your personal information.
We have set out below some of the common ways they will share your information:
6.1. Some of our partners will use your personal information to assess your circumstances (including information about any third party who is named on the policy) and verify the information that you have provided before providing a quote to you;
6.2. Some partners may carry out checks with fraud prevention and credit reference agencies, both when you first run your quote and when we run an annual renewal quote. Partners generally run these checks to ensure that they, insurers and credit partners have the necessary facts to assess your risk, verify your identity, help prevent fraud and to provide you with their best premium and payment options.
If partners do these checks, they will be quotation searches only and do not show up on your credit report in the same way that a ‘hard’ check does, but will be visible to other organisations. Both public data (e.g. the electoral roll) and private data (e.g. your personal credit history) may be checked in this way;
6.3. Some partners may carry out checks against data they already hold on you, (or is held by the company whose brand they administer the product for, or members of their group of companies) such as data from existing products, account data, data from previous product transactions, accounts you may hold with them or loyalty scheme data to share with insurers in order to determine your premium or partners to determine your payments;
6.4. Our partners may also exchange data with certain industry databases such as the No Claims Discount Database, the Motor Insurance Anti-Fraud and Theft Register, the Claims and Underwriting Exchange (which holds records of incidents reported to insurers that may or may not have resulted in a claim) and the Hunter Database (a central insurance and claims checking system). If our partners carry out these searches, a record of the search will appear on your credit report;
6.5. Some of our partners may also check public and private higher education sources to obtain information about your educational background; and
6.6. Our partners may also share information with insurance underwriters. These checks are not unique to users of our services - they may also be carried out if you obtain quotes from other sources.
7. What legal grounds do we have for processing your personal information
We will only collect and use your personal information in accordance with data protection laws. The lawful bases for processing are set out in Article 6 of the GDPR. At least one of these must apply whenever we process personal data:
-
(a) Consent: the individual has given clear consent for us to process their personal data for a specific purpose.
-
(b) Contract: the processing is necessary for a contract we have with the individual, or because they have asked us to take specific steps before entering into a contract.
-
(c) Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations).
-
(d) Vital interests: the processing is necessary to protect someone’s life.
-
(e) Public task: the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.
-
(f) Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
Our legal grounds for processing your personal information in the ways described in this Privacy Policy are as follows, and detailed earlier in Section 4:
7.1. Contract - In order to provide you with the services you request and manage your account we will:
-
7.1.1. Search the websites of our partners to get you the best quotes and/or access information required to provide you with the relevant service from our third party partners (as described herein for the relevant service);
-
7.1.2. Process any transaction between you and a third party; and
-
7.1.3. Manage, run and administer your account. When we do this we are processing your personal information because it is necessary to perform the contract that we have in place with you to provide you with our services.
7.2. Consent – We will only send you certain marketing emails or alerts if you have confirmed that you are happy to receive this material. Where we have asked for your consent, we will only collect and process your personal information if you have given your consent for us to do so.
7.3. Legitimate Interests – We may use and process some of your personal information where we have sensible and legitimate business grounds for doing so. Under European privacy laws there is a concept of “legitimate interests” as a justification for processing your personal information. Our legitimate interests for processing your personal information are:
-
7.3.1. to communicate with you about our services.
-
We need to keep you informed about your use of the services for example:
-
informing you of your renewal quotes
-
if you have logged into our website or created an account and run a car insurance enquiry with us and you confirm that you have the relevant vehicle, we will show you when your car tax, MOT or insurance are due for renewal next time you log in and visit your homepage
-
-
-
7.3.2. to personalise and improve our services.
-
For example, we may use your personal information to personalise aspects of our service, including to inform you about products and services we think may be of interest to you (this will not include sending you marketing communications unless you have given us consent to receive these); and to allow you to use our eligibility checker services. We constantly aim to improve our services to you and using your personal information in this way helps us to do this; and
-
-
7.3.3. for market research and analysis.
-
This helps us to regularly review and improve the products and services we or our partners provide. Where possible data that we use/provide in this way will be in an anonymised format.
-
7.4. Legal obligation – the processing is necessary for us to comply with the law
-
Not including contractual obligations
8. How we store your personal information
8.1. Your information is securely stored by Amazon Web Services (AWS) on servers based in the UK.
8.2. We hold your personal information only as long as we have a valid legal reason to do so, which includes providing you with the services you have requested, meeting our legal and regulatory obligations, resolving disputes and enforcing our agreements.
8.3. Generally, you can expect us to keep your personal information while you use the website or if you have an active account with us.
8.4. The length of time for which we keep different types of personal information can vary, depending on why we originally obtained them, the reason we process them and the legal requirements that apply to them. When setting our data retention and deletion timescales we take into account a range of factors including applicable regulations and standards relating to personal finance, anti-money laundering, taxation, payment processing and complaint handling, the need to prevent or detect crime or other misuse of our services, and audit requirements.
8.5. Where you have applied for or purchased products or services via the website we will need to keep your personal information for longer for accounting purposes - up to six (6) years following the date on which it is provided to us.
8.6. If, having registered for our website, you do not use it for a reasonable time (which may vary depending on the service(s) you’ve registered for) we may contact you to ensure you’re still happy to receive communications from us.
8.7. If one of our partners processes your data in order to provide you with a quote they will be acting as data controller but they should only hold that data for so long as is reasonable in relation to providing you with that quote.
8.8. If you purchase a product then the partner will keep your personal information in accordance with their own retention periods and so you should check their own privacy policy for further information.
8.9. When we no longer need it to fulfill the above requirements, we delete it securely or anonymize it. To fulfill our legal, tax or regulatory purposes requirements, some of your personal data will need to be retained for a period of time after you cease to be a customer. Therefore even if you delete or ask us to delete your personal information it may persist on backup or archival media.
9. Your personal information data protection rights
You have certain rights under data protection legislation in relation to the personal information that we hold on you including:
Your right to be informed - Karfu have to be transparent in how are using your personal data, hence this Privacy Policy.
Your right of access - You have the right to ask us for copies of your personal information.
Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances.
Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us at general@karfu.com if you wish to make a request.
10. Upholding your rights
10.1. Consent
10.1.1. You are able to remove your consent at any time. You may also amend your marketing preferences by accessing your personal details via Account, via the link received in emails or by emailing us at general@karfu.com.
10.1.2. Any electronic marketing or communications from Karfu we send you will include clear and concise instructions to follow should you wish to unsubscribe at any time
10.1.3. Withdrawal of your consent does not affect the lawfulness of the treatment of your data prior to its revocation.
10.1.4. If you no longer wish to be contacted by partners or providers for marketing purposes, please follow the instructions in their marketing communications, or consult their privacy policies for further information about unsubscribing.
10.2. Legitimate interests
10.2.1 You have the right to object to our use of your personal information for legitimate interests. If you raise an objection we will stop processing your personal information unless very exceptional circumstances apply, in which case we will let you know why we are continuing to process your personal information.
10.2.2 In certain circumstances, your objection to our use of your personal information for legitimate interests may make the karfu.com website unable to provide you with some or all of our services.
10.2.3. Please contact our Data Request Team at general@karfu.com if you wish to exercise this right.
11. Non-personal Information
11.1. The type of non-personal information we collect
11.1.1. Non-personal Information which is being collected may include your aggregated usage information and technical information transmitted by your device including certain software and hardware information, for example:
-
the type of browser and operating system your device uses
-
language preference
-
access time
-
the domain name of the website from which you linked to karfu.com
11.2. How we get the non-personal information and why we have it
11.2.1. Most of the non-personal information we process is provided to us indirectly, from the following sources in the following scenarios:
-
From your device (desktop computer, laptop computer, tablet or mobile device) when you arrive at karfu.com from another website
11.2.2. We use the information that you have given us indirectly for a variety of reasons outlined below:
-
For essential system administration
-
Help us to improve the functionality and performance of karfu.com
-
To report aggregate information to our advertisers
11.2.3. We may share this information with:
-
Website analytics specialists
-
Website functionality improvement specialists
-
Advertising and marketing specialists
11.3. How we store your non-personal information
11.3.1. This information is securely stored by Amazon Web Services (AWS) on servers based in the UK.
11.3.2. This information is held separately to personal information.
11.3.3. We keep all non-personal information indefinitely, limited only by our storage capability with AWS and commercial considerations for the cost of this storage, leading to the deletion of older non-personal information as required.
11.4. Your non-personal information data protection rights
You do not have any non-personal information data protection rights, unless that data is combined with personal information.
12. How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us at:
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
13. Changes to this Privacy Policy
13.1. We reserve the right to amend or modify this Privacy Policy at any time and any changes will be published on the website. The date of the most recent revision will appear on this page.
13.2. If we make significant changes to this policy, we may also notify you by other means such as sending an email. Where required by law we will obtain your consent to make these changes.
13.3. If you do not agree with any changes please do not continue to use the website.
14. Jurisdiction and Enforceability
14.1. If any provision of this Privacy Policy is held to be unlawful, invalid or unenforceable, that provision shall be deemed deleted from the Privacy Policy and the validity and enforceability of the remaining provisions of these Privacy Policy shall not be affected.
14.2. In the event of a dispute in connection with or arising out of this Privacy Policy, English law will apply.
14.3. Each of you and us submits to the exclusive jurisdiction of the courts of England and Wales in connection with this Privacy Policy and your access to and use of the website (including any claims or disputes).
14.4. This Privacy Policy will only apply as between us and you. Unless as otherwise stated in these Privacy Policy no other person may benefit or rely upon this Privacy Policy.
14.5. This Privacy Policy, together with our Website Terms and Conditions, Cookie Policy, Security Policy and in certain circumstances our Beta Terms and Conditions, constitute the entire agreement between you and us relating to your access to and use of the website and supersede any prior agreements (including any previous Privacy Policy on the website).
14.6. No failure or delay by us in exercising any right under these Privacy Policy will operate as a waiver of that right nor will any single or partial exercise by us of any right preclude any further exercise of any right.
Last update to this Privacy Policy
2 October 2020