Privacy Policy
Version: 1.0.0
Last updated: 14/09/2022
Let's get familiar!
Hey there! We are Pyrifera Technologies Ltd, but you can call us by our trading name Footprints Registry. We wrote this document to be transparent about how information we may collect from or about you is needed to power our services.
If you'd like to contact us to find out more information or raise any concerns about our use of your personal information then you can do so through our contact form, or by writing to us where we live at:
Footprints Registry
3rd Floor, 86-90 Paul Street
London
EC2A 4NE
Why do we collect your information?
We typically process your information simply because we need to in order to fulfill a contractual obligation (e.g. to provide you with a service). In most cases we consider ourselves to have "legitimate interests" to process your data, and broadly our reasons for this include that we need to:
- Provide you with and continue to improve upon our products and services.
- Provide support in various forms.
- Mitigate risks and prevent fraud.
- Generate reports and conduct analysis.
- Perform and optimise our marketing, advertising, and other communications.
We only process personal information for these "legitimate interests" after carefully assessing potential privacy risks and implementing any feasible measures to balance those risks. These measures include offering transparent insights into our privacy practices by offering documents such as this, granting you control over your personal information where appropriate, limiting the data we retain, restricting the types of processing we do with your information, minimising who receives your information, defining as short as feasible data retention periods, and implementing technical safeguards that protect your information.
In some cases, we process your personal information when you have given your consent. Specifically, this applies when we cannot rely on an alternative legal basis for processing, when you instruct us to transfer data to a third party, when we receive data from a third party that is already accompanied by consent, or when legal requirements necessitate obtaining your consent (such as in some of our sales and marketing activities). You retain the right to withdraw your consent at any time, either by adjusting your communication preferences, opting out of our communications, or contacting us directly.
What data do we collect?
We collect the following personal data:
Identifiers
We collect the following pieces of information in order to confidently identify you:
- Full Name
- Date of birth
- Mailing address
We must collect these pieces of identifying information in order to provide you with our services. They are required to:
- Enhance security, e.g. so you are able to identify which account you are currently logged in to.
- Personalise our services, e.g. by welcoming you by name.
- Be a good citizen - we must be able to identify you to appropriate authorities in cases where we suspect you may be breaking a law or regulation.
- Protect ourselves - we must be able to identify you in cases where we suspect you may not be complying with our Legal Terms.
After 10 years of inactivity or upon request, we will archive these pieces of data to a separate database. When this happens, your access to our services will be restricted unless you choose to re-register. The archived data will only be accessed in cases where there is a suspicion of historical non-compliance with a law, regulation or our Legal Terms. We may continue to process your data in an anonymised form following the archiving process for analytical purposes.
Contact details
We collect the following contact details:
- Email address
- Mailing address
We must collect contact details so that we are able to communicate important information to you when it's relevant for us to do so and we have a legitimate interest. We call these compulsory emails 'transactional' communications, and they could include but are not expressly limited to:
- summaries of action(s) taken on our services, either by you or a third party that have a direct consequence to you
- impactful changes to service(s) that you have previously accessed
- changes to your account (e.g. registration confirmation, confirmation of changes to your details)
- account actions (e.g. password reset requests, password reminders)
- changes to our Legal Terms or Privacy Policy
- providing support
With your express consent, we may use you contact details for marketing purposes. You will be opted out of marketing communications by default, but can consent to receiving them if you would like in your communication preferences.
After 10 years of inactivity or upon request, we will archive your email address by moving it to a separate database and hashing it. When this happens, your access to our services will be restricted unless you choose to re-register.
Account access credentials
We collect the following credentials:
- Email address
- Username
- Password
These are required to facilitate safe and exclusive access to your account with us.
After 10 years of inactivity or upon request, we will delete your username and hashed password from our databases. You may request for us to delete your username and password at any time, however this will restrict your access to our Services.
Your usage of our Services
We collect data about how you use and interact with our Services. This includes things like:
- Pages and sections within them that you have viewed, including time spent looking at them
- Things you have hovered over
- Things you have clicked on or otherwise interacted with
- Actions you have taken, e.g. clicks or taps
- Your IP address
- Device screen size
- Device type
- Browser information
- Geographic location
- Preferred language
We do this to help us learn and understand how our Services are being used, and how we can improve them for our customers. By fine-tuning our services, we can reduce our costs and we'll pass these savings on to our customers. If you aren't willing to support us in this endeavour, you can partially opt out of some forms of our usage tracking by rejecting cookies. See our cookie policy for more information on how we use cookies.
We will keep this data for up to 10 years following your last activity, after which time the data will become anonymised by virtue of your identifying information being archived.
Bank Account Details
If you are the creator of a cash gift registry on our website, we require your bank account details so that your guests are able to contribute money.
This includes:
- Your name, as registered with your bank account
- Your bank account sort code
- Your bank account number
- Your address, as registered with your bank account
These details are shared with our partner FumoPay Ltd who facilitate contributions by your guests directly in to the bank account with details you provide.
If a guest of yours does not use or is unable to use internet banking or banks with a provider that doesn't offer open banking services then we may show them your bank account details (name, sort code, account number) in order for them to transfer money to you directly.
These details will be stored indefinitely to ensure that our systems combat fraud and money laundering.
Details about your wedding and honeymoon
If you are the creator of a cash gift registry on our website, we may store information you provide relating to your wedding and honeymoon, including:
- the date of your wedding
- the names of the bridegrooms
- the location(s) of your honeymoon
- the dates of your honeymoon
The names of the bridegrooms will be archived after 10 years, and stored in an obfuscated form. The remainder of the details will be stored indefinitely for analytics purposes.
Details when contributing to a registry
If you are contributing to a registry, we may require and store the following information:
- Your name, so that the owner of the registry knows who has contributed.
- Your email address, so that we can contact you if necessary.
This information will be deleted after 10 years.
Sharing your data with third parties
There are a few cases where we will have a legal basis to share your data with third parties. These include:
- Your name, as registered with your bank account. This is shared with our business partner FumoPay so that they are able to facilitate guests contributing to your cash gift registry directly to your bank account.
- Your bank account sort code. This is shared with our business partner FumoPay for the aforementioned reason.
- Your bank account number. This is shared with our business partner FumoPay for the aforementioned reason.
- Your address, as registered with your bank account. This is shared with our business partner FumoPay for the aforementioned reason.
- affiliates, business partners, suppliers and subcontractors for the performance and execution of any contract we enter into with them or you and to help them improve the services they provide to us
- advertisers and advertising networks to select and serve relevant adverts to you and others
- analytics and search engine providers that assist us in the improvement and optimisation of our site
- in the event that we sell any of our business or assets or combine with another organisation, in which case we may disclose your personal data to the prospective buyer of such business or assets or prospective organisation with which our business or assets may be combined
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Legal Terms and other applicable agreements, or to protect the rights, property, or safety of Pyrifera Technologies Ltd, our customers, our employees or others;
- to prevent and detect fraud or crime and to assist us in conducting or co-operating with investigations of fraud or other illegal activity where we believe it is reasonable and appropriate to do so. Please note that if we, or a fraud prevention agency, determine that a fraud or money laundering risk is posed, we may refuse to provide the services requested or we may stop providing existing products and services to a customer. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services.
- in response to a subpoena, warrant, court order, properly constituted police request or as otherwise required by law;
- to assess financial and insurance risks;
- to recover debt or in relation to your insolvency or to allow a party or a financial institution that sent money to recover money received by you in error or due to fraud;
- limited information is sent to payment beneficiaries when you initiate a payment transaction;
- to develop customer relationships, services and systems; and
- if you consent, to share your details when using our Services
How we get personal information
Most of the personal information we process is provided to us directly by you, and therefore you will be made aware of what information we have access to. If you have given us explicit consent, we may also collect and store data from third parties, for example a social media account. If you choose to do this, the third party provider will detail exactly what information they will have given us access to. You will be able to rescind our access to third party accounts at any time, and this must be done through the third party directly.
How we store your information
All of your information is securely stored on private networks. We use a special irreversible hashing process when storing your password - it is never stored in plain text. This means that even if an intruding third party gained illegal access to our database containing passwords, they would not be able to reverse engineer your password.
Your data protection rights
Under data protection law, you have rights including:
- Your right of access - You have the right to ask us for copies of your personal information.
- Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
- Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
- Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.
- Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights, unless they are considered excessive. If you make a request, we may take up to one month to respond to you. Please contact us through our contact form, or by writing to us at 3rd Floor, 86-90 Paul Street, London, EC2A 4NE, UK if you wish to make a request!
How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us at through our contact form, or by writing to us at 3rd Floor, 86-90 Paul Street, London, EC2A 4NE, UK.
Whilst we'd prefer to take the opportunity to right things ourselves, you can of course also complain to the ICO if you are unhappy with how we have used your data. You can find out more information about the ICO on their website, or can contact them directly either by phone on 0303 123 1113 or by mail at the following address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF