Privacy notice.

1. Introduction

Chargeforwards Limited ("Chargeforwards", "we", "us", or "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, share, and protect your personal information when you visit our website at www.chargeforwards.com, use our secure portal at portal.chargeforwards.com, access our API services, or engage with our chargeback alert, dispute resolution, and fraud prevention services.

This Privacy Policy applies to all personal information we process as both a data controller and data processor in connection with our services.

2. Who We Are

Data Protection Contact: For all data protection enquiries, please contact us at support@chargeforwards.com.

You have the right to make a complaint to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues, at any time. However, we would appreciate the opportunity to address your concerns in the first instance.

3. Information We Collect

3.1 Information Collected Directly from You

Website Visitors:

• Contact information (name, email address, company name, phone number)
• Communication preferences
• Enquiry details and correspondence
• Marketing preferences

Portal and API Users (Authorised Clients):

• Account credentials and authentication information
• User profile information
• Service usage data and logs
• Technical configuration data
• Communication and support correspondence

3.2 Information We Process on Behalf of Clients

As part of our chargeback alert and fraud prevention services, we process customer data on behalf of our merchant clients, including:

• Transaction identifiers and references
• Chargeback and dispute information
• Customer identifiers (as provided by merchants)
• Payment card details (last four digits only)
• Risk assessment data
• Alert and notification data

3.3 Information Collected Automatically

Website Analytics:

• IP addresses and location data
• Browser type and version
• Device information
• Pages visited and time spent
• Referral sources
• Cookie data (see Section 8)

Service Analytics:

• API usage statistics
• Portal access logs
• System performance data
• Error and diagnostic information

4. Legal Bases for Processing

We process personal information under the following legal bases:

4.1 As Data Controller

• Contract Performance: To provide our services and fulfil our contractual obligations
• Legitimate Interests: For business development, service improvement, and direct marketing
• Legal Obligation: To comply with legal and regulatory requirements
• Consent: Where you have given specific consent (e.g., marketing communications)

4.2 As Data Processor

When processing customer data on behalf of merchant clients, we rely on the instructions and legal bases established by our clients as data controllers.

5. How We Use Your Information

5.1 Website Visitors

• Respond to enquiries and provide information about our services
• Process contact forms and support requests
• Send marketing communications (with consent)
• Improve our website and user experience
• Conduct market research and analysis

5.2 Portal and API Users

• Provide access to our services and maintain user accounts
• Deliver chargeback alerts and fraud prevention services
• Provide technical support and customer service
• Monitor service performance and security
• Conduct service analytics and improvements
• Fulfil our contractual obligations

5.3 Client Customer Data

• Generate and deliver chargeback alerts
• Provide dispute resolution services
• Conduct fraud prevention analysis
• Generate reports and analytics for clients
• Maintain service functionality and security

6. Information Sharing and Disclosure

6.1 Third-Party Service Providers

We may share personal information with trusted third-party service providers who assist us in operating our business, including:

• Cloud hosting and infrastructure providers
• Analytics and monitoring services
• Communication and support platforms
• Security and fraud prevention services

All third-party processors are contractually obligated to protect your information and use it only for specified purposes.

6.2 Legal Requirements

We may disclose personal information when required by law, regulation, legal process, or governmental request, or to:

• Comply with legal obligations
• Protect our rights and property
• Ensure the safety of our users and the public
• Investigate potential violations of our terms

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, personal information may be transferred as part of the transaction, subject to appropriate data protection safeguards.

6.4 With Your Consent

We may share information for other purposes with your explicit consent.

7. International Data Transfers

We may transfer personal information to countries outside the UK and European Economic Area (EEA). When we do so, we ensure appropriate safeguards are in place, including:

• Adequacy decisions by the UK government or European Commission
• Standard contractual clauses
• Binding corporate rules
• Other legally recognised transfer mechanisms

8. Cookies and Similar Technologies

8.1 What Are Cookies

Cookies are small text files stored on your device when you visit our website. They help us provide a better user experience and understand how our website is used.

8.2 Types of Cookies We Use

• Essential Cookies: Necessary for website functionality and security
• Analytics Cookies: Help us understand website usage and performance
• Functional Cookies: Remember your preferences and settings
• Marketing Cookies: Used to deliver relevant advertisements (with consent)

8.3 Third-Party Cookies

Our website may include cookies from third-party services such as:

• Google Analytics (website analytics)
• Google Fonts (font delivery)
• Font Awesome (icon display)
• YouTube (embedded content)

8.4 Managing Cookies

You can control cookies through your browser settings. However, disabling certain cookies may affect website functionality. For more information about managing cookies, visit www.aboutcookies.org.

9. Data Retention

9.1 General Principles

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, and resolve disputes.

9.2 Specific Retention Periods

• Website Enquiries: 3 years from last contact
• Marketing Data: Until consent is withdrawn or contact becomes inactive
• Client Account Data: Duration of contract plus 7 years for legal compliance
• Service Usage Logs: 12 months for security and performance monitoring
• Customer Data (processed for clients): As instructed by client or required by law
• Financial Records: 7 years for tax and accounting purposes

9.3 Secure Deletion

When retention periods expire, we securely delete or anonymise personal information using industry-standard methods.

10. Data Security

We implement appropriate technical and organisational security measures to protect personal information against unauthorised access, alteration, disclosure, or destruction, including:

• Encryption of data in transit and at rest
• Regular security assessments and monitoring
• Access controls and authentication systems
• Staff training on data protection and security
• Incident response and breach notification procedures
• Regular backup and disaster recovery testing

11. Your Rights

Under UK data protection law, you have the following rights:

11.1 Right of Access

Request a copy of the personal information we hold about you.

11.2 Right to Rectification

Request correction of inaccurate or incomplete personal information.

11.3 Right to Erasure

Request deletion of your personal information in certain circumstances.

11.4 Right to Restrict Processing

Request that we limit how we use your personal information.

11.5 Right to Data Portability

Request a copy of your personal information in a structured, machine-readable format.

11.6 Right to Object

Object to our use of your personal information for direct marketing or legitimate interests.

11.7 Rights Related to Automated Decision-Making

Request human review of automated decisions that significantly affect you.

11.8 Right to Withdraw Consent

Withdraw consent at any time where processing is based on consent.

11.9 Exercising Your Rights

To exercise any of these rights, please contact us at support@chargeforwards.com. We will respond to your request within one month, though this may be extended in complex cases.

12. Children's Privacy

Our services are designed for businesses and are not intended for individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected such information, we will take steps to delete it promptly.

13. Marketing Communications

13.1 Consent and Opt-In

We will only send marketing communications to individuals who have given explicit consent or where we have a legitimate interest (for existing clients regarding similar services).

13.2 Unsubscribing

You can unsubscribe from marketing communications at any time by:

• Clicking the unsubscribe link in any marketing email
• Contacting us at support@chargeforwards.com
• Updating your preferences in your account settings (for portal users)

14. Third-Party Links and Services

Our website may contain links to third-party websites, plugins, and services. This Privacy Policy does not apply to these external sites. We recommend reviewing the privacy policies of any third-party services you use.

14.1 Specific Third-Party Services

Google Services: Our website uses Google Analytics, Google Fonts, and may embed YouTube content. These services are governed by Google's Privacy Policy at policies.google.com/privacy.

Font Awesome: We use Font Awesome for icons, governed by their privacy policy at fontawesome.com/privacy.

15. Data Processing for Clients

15.1 Our Role as Data Processor

When providing services to merchant clients, we act as a data processor. This means:

• We process customer data only on behalf of and according to client instructions
• Clients remain responsible as data controllers
• We implement appropriate technical and organisational measures
• We assist clients with their data protection obligations

15.2 Data Processing Agreements

Our data processing arrangements with clients are governed by separate Data Processing Agreements that form part of our service contracts.

16. Contact Information

16.1 Data Protection Enquiries

16.2 General Enquiries

For general questions about our services, please use the contact information provided on our website.

16.3 Supervisory Authority

If you are not satisfied with our response to any data protection concern, you can contact the Information Commissioner's Office:

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. When we make material changes, we will:

• Update the "Last updated" date at the top of this policy
• Notify you via email if you have provided your email address
• Post a notice on our website
• For significant changes, seek renewed consent where required

We encourage you to review this Privacy Policy regularly to stay informed about how we protect your information.

18. Compliance and Governance

This Privacy Policy is designed to comply with:

• UK Data Protection Act 2018
• UK General Data Protection Regulation (UK GDPR)
• Privacy and Electronic Communications Regulations (PECR)
• Other applicable data protection laws

We regularly review our data protection practices and this Privacy Policy to ensure ongoing compliance and best practices.