Privacy Policy

Updated On
September 10, 2020

Privacy Policy

Karma Technologies International Limited

Protecting personal data is a priority for everyone. This policy tells you the types of information we collect when you visit our website ( (“Website”) and/or use our services and applications, how we use that information, and when we may share that information. This policy may change from time to time so please check it every so often.

This Privacy Policy relates to the data we collect from you which includes “personal data” (being any information which identifies a person or which allows that person to be identified when combined with other information) and data which is otherwise recognised as sensitive data.

  1. WHO ARE WE?

We are Karma Technologies International Limited of 18 Finsbury Square, London, United Kingdom, EC2A 1AH (“we”, “us”, “our” or “Karma”).

We are the controller of personal data for the purposes of this Privacy Policy.

If you have any questions about this Privacy Policy, including requests to exercise your legal rights, please contact us using the details set out below:

Attn: Chief Risk Officer]

Karma Technologies International Limited 18 Finsbury Square,


United Kingdom, EC2A 1AH



We collect and use data relevant to your use of our services and applications, and your contact with us via the Website or through other means. In respect of this personal data, we are the Controller.

If you are signing up to use our services, if you are enquiring about using our services or if you are an employer enquiring about our services, it may be necessary for you to provide certain data to us.

The data you provide or may provide is listed below.

If you are passing data to us that belongs to someone else (such as an employer passing employee data) you must ensure you are lawfully permitted to transfer such data to us.

We may collect, use, store and transfer different kinds of personal data as follows:

• Identity Data includes your name, email address, username, title, date of birth, gender, photographic identification or similar identifier.

  • Contact Data includes billing address, delivery address, email address and telephone numbers.
  • Financial Data includes bank account and payment card details.
  • Transaction Data includes details about payments to and from you and other details of any payments made by you whilst using our services or purchasing services or goods from us.
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting, location, browser plug-in types and versions, operating system and platform, screen resolution and other technical characteristics of your device, your use of our services and applications and connection to the Website, (as applicable to the device you are using).
  • Profile Data includes your username and password, your user ID and preferences and feedback.
  • Usage Data includes information about your visit, including the website that referred you to the Website (if applicable), the path that you take through and from the Website (including date and time); pages that you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
  • Photographic identification data is biometric data and is a Special Category of personal data and where we collect this data:

    We also collect, use and share Aggregated Data, such as statistical or demographic data, for any purpose. Aggregated Data may be derived from your data but is not considered personal data as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Policy.

    Apart from the photographic identification data, we do not collect any Special Categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and

    biometric data). Nor do we collect any information about criminal convictions and offences.


    We use different methods to collect data from you including as follows:

    Enquiring about our services or subscribing to our services

    If you contact us to ask about our service or about us generally, either through the Website or otherwise, we will collect and process Identity, Contact and Financial Data.

    Signing up for our service

    If you sign up for our service and/or download our application, we will collect and process Identity, Contact, Financial, Transaction, Technical, and Profile Data.


    If you correspond with us using our contact form or through our ‘contact us’ or help features, we will collect and process Identity and Contact Data.


    We collect some Technical and Usage Data.

    Candidates applying for a role at Karma Technologies International Limited

    We will collect your Identity, Contact Data and Profile Data and information relating to your employment history.

    We will also collect data about you during telephone calls, in emails, during face to face interviews and from recruitment companies, head-hunters and social sites.

    We would always like to keep in touch with excellent candidates regarding any future vacancies and as a result, your consent also includes the ability for Karma Technologies International Limited to retain your personal details.


    We will only use your data when the law allows us to. Most commonly, we use it in the following circumstances:

    Generally, we only rely on consent as a legal basis for processing your data where we need to obtain the consent to provide you with our services or to send you third party direct marketing communications to via email or text message. You have the right to withdraw your consent at any time.

    We have set out below the ways we use data and the legal basis for doing so. We have also identified what our legitimate interest is, where appropriate.

    Purpose/Activity Type of Data

    Lawful basis for processing including basis of legitimate interest

    To register you as a new (a) Identity

    (a) Performance of a contract with you


    To perform the contract and provide you with services:

    1. Manage payments, fees and charges
    2. Collect and recover money owed to us

    (b) Contact

    1. Identity
    2. Contact
    3. Financial
    4. Transaction
    5. Technical
    6. Marketing and Communications

    (b) Necessary for our legitimate interest (for running our business and provide you with services)

    1. Performance of a contract with you
    2. Necessary for our legitimate interests (to recover debts due to us)

    To process a job application and keep you informed of employment opportunities

    1. Identity
    2. Contact
    3. Financial
    4. Profile

    1. Performance of a contract with you
    2. Necessary to comply with a legal obligation
    3. Necessary for our legitimate interests (to recruit good candidates for our business)

    To manage our relationship with you which will include:

    1. Notifying you about changes to our terms or privacy policy
    2. Asking you to provide feedback on our services

    To administer and protect our business and this website (including troubleshooting, data analysis, testing, system

    1. Identity
    2. Contact
    3. Profile
    4. Marketing and Communications

    1. Identity
    2. Contact
    3. Technical

    1. Performance of a contract with you
    2. Necessary to comply with a legal obligation
    3. Necessary for our legitimate interests (to keep our records updated and to study how customers use our services and applications)

    (a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of

    maintenance, support, reporting and hosting of data)

    To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you

    To use data analytics to improve the Website, services, applications, marketing, customer relationships and experiences

    1. Identity
    2. Contact
    3. Profile
    4. Usage
    5. Marketing and Communications
    6. Technical

    1. Technical
    2. Usage

    a business reorganisation or group restructuring exercise)

    (b) Necessary to comply with a legal obligation

    Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)

    Necessary for our legitimate interests (to define types of customers for our products and services, to keep the Website updated and relevant, to develop our business and to inform our marketing strategy)

    To make suggestions

    1. Identity
    2. Contact

    Necessary for our legitimate

    and recommendations to (c) Technical you about services that

    may be of interest to you (d) Usage

    (e) Profile

    interests (to develop our products/services and grow our business)

    We may process data for more than one lawful ground depending on the specific purpose for which we are using data. Please contact us if you want further details about the specific legal ground we are relying on to process your data.

    Where we need to collect data by law, or under the terms of a contract and you do not provide that data when requested, we may not be able to perform the contract. In this case, we may have to cancel a service you have with us.


    We may share your data within Karma (i.e. our officers, staff and contractors) and with our service providers; for example, to service your requests or provide you with information. We may also share your data if a change happens in our business such as a merger or acquisition. If that happens, the new owners may use your data in the same way as set out in this Privacy Policy.

    We may also share your data with service providers who we engage to help us run our business or deliver our services to you.

    We may also share your data with our appointed Electronic Money Institution (which is a company registered with the Financial Conduct Authority to process payments) so that you can open a payment account with the Electronic Money Institution which is necessary in order to use our service.

    We may also share your data with other organisations or individuals when it is reasonably necessary to:


    We will process and store your data on the Website servers, email and other servers and equipment that are needed to provide the services as applicable.

    We do not ordinarily transfer your data outside of the European Economic Area except as follows:

    Analytics providers

    Our service providers, such as Google Analytics (Google Inc. and its affiliates), may process your data in the course of providing analytical information to us about the use of the Website. These service providers may collect and/or transfer your data outside of the European Economic Area.

    For more information on how Google Analytics processes your data you can visit here:

    Technical support

    Sometimes we need to engage the assistance of our affiliated companies to provide technical support for your use of our service. The individuals providing the support may be based outside of the European Economic Area and will only have access to your data when they need to in order to provide support.

    Whenever we transfer data out of the EEA or UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

    • Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.

  • Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to data shared between the Europe and the US or are subject to approved standard contract clauses. For further details, see European Commission: EU- US Privacy Shield.


    We will not keep your data longer than reasonably necessary to fulfil the purposes described in this Privacy Policy or as we reasonably need to in order to meet our legal and governance obligations.


    If you provide your contact details, we might contact you individually in the future if we think that our services may be of interest to you.

    If we think it appropriate, we might also add you to our regular email marketing list.

    You can ask us to remove your personal details from our marketing lists using the contact details listed at the top of this Privacy Policy.


    We have put in place appropriate security measures to prevent data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to data to those of our staff and other third parties who have a business need to know. They will only process data on our instructions and they are subject to a duty of confidentiality.

    We have put in place procedures to deal with any suspected data breach and will notify you and any applicable regulator of any breach where we are legally required to do so.


    We will retain data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

    To determine the appropriate retention period for data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of data, the purposes for which we process data and whether we can achieve those purposes through other means, and the applicable legal requirements.

    For example, if you are a customer, we will generally keep your data for the longer of six years from the date of the last interaction with you or until the applicable statutory limitations period has expired.

    We regularly review the data we hold taking into account the lawful purpose for which we hold it and any data that is deemed no-longer relevant or required is deleted where it is practicable to do so.


    Under certain circumstances, you have rights under data protection laws in relation to your personal data.

    applies to personal data processed by automated means which you initially provided consent for us to use or where we used the information to perform a contract with you.

    No fee usually required

    You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

    What we may need from you

    We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.