1.1 We are committed to safeguarding the privacy of our website/marketplace visitors service users and individual customers.
1.2 This policy applies where we are acting as a data controller with respect to the personal data of such persons; in other words, where we determine the purposes and means of the processing of that personal data.
1.3 We use cookies on our website/marketplace. Insofar as those cookies are not strictly necessary for the provision of our website/marketplace and services, we will ask you to consent to our use of cookies when you first visit our website/marketplace.
1.4 In this policy, "we", "us" and "our" refer to LF Links Limited (trading as Litigation Funding Links), a company incorporated and registered in England and Wales with company number 14052211, our company website is www.fundinglinks.net. For more information about us, see Section 16.
2.1 In this Section 2 we have set out the general categories of personal data that we process and, in the case of personal data that we did not obtain directly from you, information about the source and specific categories of that data.
2.2 We may process data enabling us to get in touch with you ("contact data"). The contact data may include your name, email address, telephone number, postal address and/or social media account identifiers. The source of the contact data is you and/or your employer and/or your social media account. If you log into our website/marketplace using a social media account, we will obtain elements of the contact data from the relevant social media account provider.
2.3 We may process your website/marketplace user account data ("account data"). The account data may include your account identifier, name, email address, business name, account creation and modification dates, website/marketplace settings and marketing preferences. The primary source of the account data is you and/or your employer, although some elements of the account data may be generated by our website/marketplace. If you log into our website/marketplace using a social media account, we will obtain elements of the account data from the relevant social media account provider.
2.4 We may process your information included in your personal profile on our website/marketplace ("profile data"). The profile data may include your name, address, telephone number, email address, profile pictures, gender, date of birth, educational details and employment details. The source of the profile data is you and/or your employer. If you log into our website/marketplace using a social media account, we will obtain elements of the profile data from the relevant social media account provider.
2.5 We may process information relating to our customer relationships ("customer relationship data"). The customer relationship data may include your name, the name of your business or employer, your job title or role, your contact details, your classification / categorisation within our customer relationship management system and information contained in or relating to communications between us and you, or between us and your employer. The source of the customer relationship data is you and/or your employer.
2.6 We may process your personal data that are provided in the course of the use of our services and generated by our services in the course of such use ("service data"). The service data may, for example, include you as the decision make within your organisation, and/or as a supplier/user of certain services. The source of the service data is you and/or your employer and/or our services.
2.7 We may process information relating to transactions, including purchases of goods and/or services, that you enter into with us and/or through our website/marketplace ("transaction data"). The transaction data may include your name, your contact details, your payment card details (or other payment details) and the transaction details. The source of the transaction data is you and/or our payment services provider.
2.8 We may process information contained in or relating to any communication that you send to us or that we send to you ("communication data"). The communication data may include the communication content and metadata associated with the communication. Our website/marketplace will generate the metadata associated with communications made using the website/marketplace contact forms.
2.9 We may process data about your use of our website/marketplace and services ("usage data"). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website/marketplace navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is our analytics tracking system.
3.1 In this Section 3, we have set out the purposes for which we may process personal data and the legal bases of the processing.
3.2 Operations - We may process your personal data for the purposes of operating our website/marketplace, the processing and fulfilment of orders, providing our services, supplying our goods, generating invoices, bills and other payment-related documentation, and credit control. The legal basis for this processing is our legitimate interests, namely the proper administration of our website/marketplace, services and business.
3.3 Publications - We may process account data, profile data and/or service data for the purposes of publishing such data on our website/marketplace and elsewhere through our services in accordance with your express instructions. The legal basis for this processing is our legitimate interests, namely the publication of content in the ordinary course of our operations.
3.4 Relationships and communications - We may process contact data, account data, customer relationship data, transaction data and/or communication data for the purposes of managing our relationships, communicating with you (excluding communicating for the purposes of direct marketing) by email, SMS, post, fax and/or telephone, providing support services and complaint handling. The legal basis for this processing is our legitimate interests, namely communications with our website/marketplace visitors, service users, individual customers and customer personnel, the maintenance of our relationships, enabling the use of our services, and the proper administration of our website/marketplace, services and business.
3.5 Personalisation - We may process account data, service data and/or usage data for the purposes of personalising the content and advertisements that you see on our website/marketplace and through our services to ensure that you only see material that is relevant to you. The legal basis for this processing is our legitimate interests, namely offering the best possible experience for our website/marketplace visitors and service users.
3.6 Direct marketing - We may process contact data, account data, profile data, customer relationship data and/or transaction data for the purposes of creating, targeting and sending direct marketing communications by email, SMS, post and/or fax and making contact by telephone for marketing-related purposes. The legal basis for this processing is our legitimate interests, namely promoting our business and communicating marketing messages and offers to our website/marketplace visitors and service users.
3.7 Research and analysis - We may process usage data, service data and/or transaction data for the purposes of researching and analysing the use of our website/marketplace and services, as well as researching and analysing other interactions with our business. The legal basis for this processing is our legitimate interests, namely monitoring, supporting, improving and securing our website/marketplace, services and business generally.
3.8 Record keeping - We may process your personal data for the purposes of creating and maintaining our databases, back-up copies of our databases and our business records generally. The legal basis for this processing is our legitimate interests, namely ensuring that we have access to all the information we need to properly and efficiently run our business in accordance with this policy.
3.9 Security - We may process your personal data for the purposes of security and the prevention of fraud and other criminal activity. The legal basis of this processing is our legitimate interests, namely the protection of our website/marketplace, services and business, and the protection of others.
3.10 Insurance and risk management - We may process your personal data where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks and/or obtaining professional advice. The legal basis for this processing is our legitimate interests, namely the proper protection of our business against risks.
3.11 Legal claims - We may process your personal data where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
3.12 Legal compliance and vital interests - We may also process your personal data where such processing is necessary for compliance with a legal obligation to which we are subject or in order to protect your vital interests or the vital interests of another natural person.
4.1 We may disclose your personal data to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes, and on the legal bases, set out in this policy.
4.2 We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice.
4.3 Your personal data held in our website/marketplace will be stored on the servers of our hosting services providers identified at www.digitalocean.com. As a data controller, we retain all your personal information within the UK.
4.4 We may disclose your personal data to our suppliers or subcontractors insofar as reasonably necessary for enabling the use of our services, and the proper administration of our website/marketplace, services and business.
4.5 Financial transactions relating to our website/marketplace and services may be handled by our payment services providers. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds.
4.6 In addition to the specific disclosures of personal data set out in this Section 4, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise, or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
5.1 In this Section 5, we provide information about the circumstances in which your personal data may be transferred to a third country under UK and/or EU data protection law.
5.2 We may process your personal data in the UK for the purposes set out in this policy, and may permit our partners and subcontractors to do so, during any period with respect to which the UK is not treated as a third country under EU data protection law or benefits from an adequacy decision under EU data protection law; and we may transfer your personal data from the UK to the EEA and process that personal data in the EEA for the purposes set out in this policy, and may permit our partners and subcontractors to do so, during any period with respect to which EEA states are not treated as third countries under UK data protection law or benefit from adequacy regulations under UK data protection law.
5.3. We may also transfer your personal data from the UK to third country (the United States, Canada, South Africa, New Zealand, India, Brazil, United Arab Emirates, Hong Kong, Singapore and/or Australia). If you are a resident in the EEA or the UK then these third countries may not necessarily have data protection laws or other similar laws as comprehensive as those in your country. We will however take all necessary measures to protect your personal information in accordance with this privacy policy and applicable law. Transfers to each of these countries will be protected by appropriate safeguards, namely, by using the European Commission’s Standard Contractual Clauses for transfers of personal information between us and our partners. These clauses require all recipients to protect all personal information that they process originating from the EEA or UK in accordance with European data protection laws and regulations.
6.1 This Section 6 sets out our data retention policies and procedures, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.
6.2 Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
6.3 We will retain your personal data as follows:
(a) contact data will be retained for a minimum period of 2 years following the date of the most recent contact between you and us, and for a maximum period of 6 years following that date;
(b) account data will be retained for a minimum period of 2 years following the date of closure of the relevant account, and for a maximum period of 6 years following that date;
(c) profile data will be retained for a minimum period of 2 years following the date of deletion of the profile by you, and for a maximum period of 6 years following that date;
(d) customer relationship data will be retained for a minimum period of 2 years following the date of termination of the relevant customer relationship and for a maximum period of 6 years following that date;
(e) service data will be retained for a minimum period of 2 years following the date of termination of the relevant contract, and for a maximum period of 6 years following that date;
(f) transaction data will be retained for a minimum period of 2 years following the date of the transaction, and for a maximum period of 6 years following that date;
(g) communication data will be retained for a minimum period of 2 years following the date of the communication in question, and for a maximum period of 6 years following that date;
(h) usage data will be retained for 2 years following the date of collection; and
6.4 Notwithstanding the other provisions of this Section 6, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
6.5 When we have no ongoing legitimate business need to process your personal information, we will either delete or anonomyse such information, or, if that is not possible, for example, because your personal information has been stored in a backup archives), then we will securely store your personal information and isolate it in any further processing until deletion is possible.
7.1 We will take appropriate technical and organisational precautions to secure your personal data and to prevent the loss, misuse or alteration of your personal data.
7.2 We have implemented appropriate technical and organisational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorised third parties will not be able to defeat our security, and improperly collect, access, steal or modify your information. Although we will do our best to protect your personal information, transmission of personal information to or from our website/marketplace is at your own risk. You should only access the website/marketplace within a secure environment.
7.3 You acknowledge that the transmission of unencrypted (or inadequately encrypted) data over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.
7.4 You should ensure that your password is not susceptible to being guessed, whether by a person or a computer program. You are responsible for keeping the password you use for accessing our website/marketplace confidential and we will not ask you for your password (except when you log in to our website/marketplace).
8.1 In this Section 8, we have listed the rights that you have under data protection law.
8.2 Your principal rights under data protection law are:
(a) the right to access - you can ask for copies of your personal data;
(b) the right to rectification - you can ask us to rectify inaccurate personal data and to complete incomplete personal data;
(c) the right to erasure - you can ask us to erase your personal data;
(d) the right to restrict processing - you can ask us to restrict the processing of your personal data;
(e) the right to object to processing - you can object to the processing of your personal data;
(f) the right to data portability - you can ask that we transfer your personal data to another organisation or to you;
(g) the right to complain to a supervisory authority - you can complain about our processing of your personal data; and
(h) the right to withdraw consent - to the extent that the legal basis of our processing of your personal data is consent, you can withdraw that consent.
8.3 These rights are subject to certain limitations and exceptions. You can learn more about the rights of data subjects by visiting https://edpb.europa.eu/our-work-tools/general-guidance/gdpr-guidelines-recommendations-best-practices_en and https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/.
8.4 If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time. Please note, however, that this will not affect the lawfulness of the processing before its withdrawal, nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.
8.5 You may exercise any of your rights in relation to your personal data by written notice to us, using the contact details set out below.
8.6 If you consider that our processing of your personal data infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. In relation to complaints under EU data protection law, you may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement; in relation to complaints under UK data protection law, you should do so in the UK.
9.1 California Civil Code Section 1798.83 permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below. Please note that we do not disclose users’ personal information to third parties for direct marketing purposes. CCPA Privacy notice
9.2 The California Code of Regulations defines a "resident" as: (1) every individual who is in the State of California for other than a temporary or transitory purpose; and (2) every individual who is domiciled in the State of California who is outside the State of California for a temporary or transitory purpose. All other individuals are defined as "non-residents. "If this definition of "resident" applies to you, we must adhere to certain rights and obligations regarding your personal information.
9.3 Categories of personal information we might collect (Examples are for guidance only and it does not mean that we will collect all type of data set out in examples against which “Yes” appears):
| Category | Examples | Collected |
| A. Identifiers | Contact details, such as real name, alias, postal address, telephone or mobile contact number, Internet Protocol address, email address and account name | Yes |
| B. Personal information categories listed in the California Customer Records statute | Name, contact information, education, employment, employment history and financial information Some personal information included in this category may overlap with other categories. | Yes |
| C. Protected classification characteristics under California or federal law | Gender and date of birth | No |
| D. Commercial information | Transaction information, purchase history, financial details and payment information | No |
| E. Biometric information | Fingerprints and voiceprints | No |
| F. Internet or other similar network activity | Browsing history, search history, online behavior, interest data, and interactions with our and other websites, applications, systems and advertisements | Yes |
| G. Geolocation data | Device location | Yes |
| H. Audio, electronic, visual, thermal, olfactory, or similar information | Images and audio, video or call recordings created in connection with our business activities | No |
| I. Professional or employment -related information | Business contact details in order to provide you our services at a business level, job title as well as work history and professional qualifications if you apply for a job with us | Yes |
| J. Education information | Student records and directory information | No |
| K. Inferences drawn from other personal information | Inferences drawn from any of the collected personal information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics | No |
9.4 We may also collect other personal information outside of these categories instances where you interact with us in-person, online or by phone or mail in the context of: (i) receiving help through our customer support channels; (ii) participation in customer surveys; and (iii) facilitation in the delivery of our services and to respond to your inquiries. Using and sharing your personal information
9.5 We collect but not share your personal information through Beacons/Pixels/Tags.
9.6 You may exercise any of your rights in relation to your personal data by written notice to us, using the contact details set out below.
9.8 We may disclose your personal information with our partner pursuant to a written contract between us and each partner. We may use your personal information for our own business purposes, such as, for example, undertaking internal research for business development. This is not considered to be "selling" of your personal data.
9.9 You can ask for the deletion of your personal information. If you ask us to delete your personal information, we will respect your request and delete your personal information, subject to certain exceptions provided by law, such as (but not limited to) our compliance requirements resulting from a legal obligation or any processing that may be required to protect against illegal activities.
9.10 Depending on the circumstances, you have a right to know:
• whether we collect and use your personal information;
• the categories of personal information that we collect;
• the purposes for which the collected personal information is used;
• whether we sell your personal information to third parties;
• the categories of personal information that we sold or disclosed for a business purpose;
• the categories of third parties to whom the personal information was sold or disclosed for a business purpose; and
• the business or commercial purpose for collecting or selling personal information.
In accordance with applicable law, we are not obligated to provide or delete consumer information that is de-identified in consumer request or to re-identify individual data to verify a consumer request.
9.11 We will not discriminate against you if you exercise your privacy rights.
9.12 Upon receiving your request, we will need to verify your identity to determine you are the same person about whom we hold information in our system. These verification efforts require us to ask you to provide information so that we can match it with information you have previously provided us. For instance, depending on the type of request you submit, we may ask you to provide certain information so that we can match the information you provide with the information we already have on file, or we may contact through a communication method (e.g. phone or email) that you have previously provided to us. We may also use other methods as the circumstances dictate. We will only use personal information provided in your request to verify your identity or authority to make the request. To possible, we will avoid requesting additional information from you for the purposes of verification. If, however, we cannot identity from the information already maintained by us, we may request that you provide additional information for the purposes of verifying your identity, and for security or fraud-prevention purposes. We will delete such additionally provided information as soon as we finish verifying you.
9.13 You have the right to:
• object to the processing of your personal data.
• request correction of your personal data if it is incorrect or no longer relevant, or ask to restrict the processing of your data.
• designate an authorised agent to make a request under the CCPA on your behalf. We may deny a request from an authorised agent that does not submit proof that they have been validly authorised to act on your behalf in accordance with the CCPA.
• request to opt-out from future selling of your personal information to third parties. Upon receiving a request will act upon the request as soon as feasibly possible, but no later than 15 days from the date of the request submission.
To exercise these rights, you can contact us by email, using the email address published on our website/marketplace. If you have a complaint about how we handle your data, we would like to hear from you.
10.1 Our website/marketplace includes hyperlinks to, and details of, third party websites.
10.2 In general we have no control over, and are not responsible for, the privacy policies and practices of third parties.
11.1 A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
12.1 We use cookies to help us to analyse the use and performance of our website/marketplace and services.
13.1 Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:
(a) https://support.google.com/chrome/answer/95647 (Chrome);
(b) https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop (Firefox);
(c) https://help.opera.com/en/latest/security-and-privacy/ (Opera);
(d) https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer);
(e) https://support.apple.com/en-gb/guide/safari/manage-cookies-and-website/marketplace -data-sfri11471/mac (Safari); and
(f) https://support.microsoft.com/en-gb/help/4468242/microsoft-edge-browsing-data-and-privacy (Edge).
13.2 Blocking all cookies will have a negative impact upon the usability of many websites.
13.3 If you block cookies, you will not be able to use all the features on our website/marketplace.
14.1 We may update this policy from time to time by publishing a new version on our website/marketplace.
14.2 You should check this page occasionally to ensure you are happy with any changes to this policy.
15.1 This website/marketplace is owned and operated by LF Links Limited (trading as Litigation Funding Links).
15.2 We are registered in England and Wales under registration number 14052211, and our registered office is at Kemp House, 160 City Road, London, EC1V 2NX.
15.3 You can contact us by email, using the email address published on our website/marketplace.
16.1 We are registered as a data controller with the UK Information Commissioner's Office.
16.2 Our data protection registration number is [number].