MyChargeBack Privacy Policy

Our Privacy Policy was last updated on February 14, 2020

This Privacy Policy (“Privacy Policy”) explains how Cactil, LLC d/b/a MyChargeBack (“MyChargeBack” referred to as “we,” “us” or “our”) handle your personal data, including the types of personal data we collect about you, how your personal data may be used and when it may be disclosed, how we protect your personal data and the rights you have in relation to the processing of your personal data. MyChargeBack respects your privacy and we are committed to protecting your personal data in accordance with applicable data privacy laws and our internal policies. 

This Privacy Policy applies to personal information that we collect through our website at MyChargeBack.com as well as any other related sites and applications. This Privacy Policy does not apply to websites operated by other organizations and other third parties. The Privacy Policy also applies to personal information that we collect when you use or interact with our services through any correspondence made with us by phone, e-mail or otherwise. It also provides transparency in other cases of our data processing where no other privacy policy or notice applies, for example in case of our partners.

We reserve the right to change the provisions of the Privacy Policy from time to time and you are, therefore, advised to check it regularly.  

Your Information

When you enter personal information on MyChargeBack forms, we encrypt the entire transmission using Secure Socket Layer (SSL) technology.

Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems and are required to keep the information confidential.  Your information is used in order to allow us to fulfill the terms of our contract.  Your information may also be used to send you promotional materials or communications regarding services we provide which we believe may be of interest to you.  We may also contact you to seek feedback on services we provided or for market or other research purposes.

At any time, you may request that we discontinue sending you emails or other communication by sending an email from your registered email to info@mychargeback.com with “unsubscribe” in the subject line.

We implement a variety of security measures when users enter, submit or access their information to maintain its safety and your confidentiality.

1. Who Is the Controller of My Personal Data?

Unless we notify you otherwise, MyChargeBack is the controller of your personal data as it is the entity that alone or jointly determines how or why your personal data is being processed. One of our affiliated entities may be the processor of your personal data under certain circumstances, depending on our relationship and the services we are providing to you. 

2. How Do We Collect Your Personal Data?

We use different methods to collect personal data from and about you, including:

Collection directly from you

Most of the personal data we process about you comes directly from you. You may, for example, give us your name and contact details when filling in forms or corresponding with us by email, phone, mail, in person or otherwise including when you:-

  • Subscribe to our services and
  • Buy or express an interest in our products and services

Automatic collection

We automatically collect technical information when you use our websites, for example: IP address, log-in data, browser type, time zone setting and location and plug-in types when you interact with our websites. We also collect data through cookies. 

A cookie is a small data file that certain websites written to your hard drive when you visit them. A cookie file can contain information such as a user ID that the site uses to track the pages you have visited. We use Facebook Pixel and Google Analytics cookies subject to your consent.

Our website, MyChargeBack.com, may place and/or store code or other types of information (e.g., “cookies”) on your computer. We use these cookies to better serve you and make your experience on our website better. We do not place any confidential information in these cookies and the cookies may be removed at any time.

We ask for your consent to place the cookies, except for the necessary cookies, which enable the website to function properly.

You may choose to disable the cookies. However, you may not be able to access some parts of this website if you choose to disable the cookie acceptance in your browser, particularly the secure parts of the website.

For further information about cookies and how to disable them, please refer to http://www.allaboutcookies.org

You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser (like Internet Explorer or Google Chrome) settings. Each browser is a little different, so look at your browser’s Help menu to learn the correct way to modify your cookies.

If you turn cookies off, some features will be disabled. It will not affect the user experience that makes your visit to our site more efficient but some of our services will not function properly.

Collection from other sources

Where necessary to prevent fraud or to manage our partners’ database, we may collect information about you from third parties and public sources (such as public databases and social media websites). This is to ensure we have accurate, up to date or necessary information for us to communicate with you or to provide the best possible service. The types of information we may collect includes personal details (including name, age, gender and other demographic data) and contact information (including postal address and telephone numbers).

3. For What Purposes and on What Legal Basis Do We Process Your Personal Data?

We have set out below a description of all the ways we plan to use your personal data and what legal basis we rely on to do so. We have also identified what our legitimate interests are, where appropriate.

Legal basisPurpose
Necessary for the compliance with a legal obligation to which we are subject.  Complying with legal requirements. Managing our contractual relationship with you.
Necessary for the performance of a contract to which you are a party. To help you resolve your dispute.
Justified on the basis of our legitimate interest in ensuring the proper functioning of our business operations. Operating and managing our business operations and/or improving our products, service and event experience. Preventing fraud. Managing partners’ and suppliers’ databases and relationships.
Justified on the basis of our legitimate interest in ensuring that we can conduct and increase our business. Marketing or communicating information to you related to our products and services, subject to the rules on direct marketing, as further described in Section 4 (“How Do We Use Personal Data for Direct Marketing Purposes?”). We may also share personal data with our affiliates for this purpose, as further described at Section 7 below, subject to proportionality and appropriate international transfer mechanisms, notably Standard Contract Clauses.
Justified on the basis of our legitimate interest in ensuring we can conduct and increase our business and those of our business partners. If you are neither a citizen nor resident of the EU, sharing personal data with selected partners (including sponsors) by our non-EU affiliates, as further described in Section 6 below.
Justified on the basis of our legitimate interest in ensuring network and information security. Monitoring your use of our systems (including using technical tools to automatically monitor the use of our website and any apps and tools you use).
Justified on the basis of our legitimate interest in ensuring that you receive an excellent user experience. Improving the security and functioning of our website, networks and information.
Justified on the basis of our legitimate interest in ensuring the proper functioning of our business operations. Undertaking data analytics, i.e. applying analytics to business operations and data to describe, predict and improve business performance within MyChargeBack and/or to provide a better user experience. (more details on how we run analytics on our website can be found in our cookie policy described above in Section 2.

4. How Do We Use Personal Data for Direct Marketing Purposes?

We may send you marketing communications to keep you up to date with our products and services, including those we think may be of interest to you.

Do we send targeted e-mails?

We send targeted electronic direct marketing to business contacts at our clients or other companies with whom we want to develop or maintain a business relationship in accordance with applicable marketing laws. Our electronic direct marketing typically includes web beacons, cookies, and similar technologies that allow us to know whether you open, read, or delete the message, and links you may click. When you click a link in an electronic direct marketing message, we will also use a cookie to log what pages you view and what content you download from our websites, even if you are not registered at or signed into our site. Please see our cookies policy for further details.

Do we maintain Customer Relationship Management (CRM) databases?

Like most companies, MyChargeBack uses customer relationship management (CRM) database technology to manage and track our marketing efforts. Our CRM databases include personal data belonging to business contacts at our clients and other companies with whom we already have a business relationship or want to develop one. The personal data used for these purposes includes relevant business information such as: contact data, publicly available information (e.g. board membership, published articles, press releases, your public posts on social media sites if relevant for business purpose), your responses to targeted electronic direct marketing (including web activity following links from our e-mails), website activity of registered users of our website and other business information included by MyChargeBack professionals based on their personal interactions with you.

Do we combine and analyze personal data?

We may combine data from publicly available sources, and from our different e-mail, website, and personal interactions with you (this includes information collected across our different websites such as our careers and corporate sites and information collected when you sign-up or log on to our sites or connect to our sites using your social media credentials). We combine this data to better assess your experience with MyChargeBack and to perform the other activities described throughout this Privacy Policy.

What are your rights regarding marketing communications?

You can elect to not receive marketing communications from us by, or by utilizing opt-out mechanisms in e-mails we send to you or on our website when we collect your email. You can also object to receiving marketing communications or request that your personal data be removed from our CRM databases by contacting our Data Protection Officer at dpo@aphaia.co.uk.

5. What about Sensitive Data?

We do not generally seek to collect sensitive data (also known as special categories of personal data) from individuals and we request that you please do not submit sensitive data to us. In the limited cases where we do seek to collect such data, we will do this in accordance with data privacy law requirements and/or ask for your consent.

The term “special categories of data” refers to the various categories of personal data including racial or ethnic origin, political opinions, religious, philosophical or other similar beliefs, membership of a trade union, physical or mental health, biometric or genetic data, sexual life or orientation, or criminal convictions and offences (including information about suspected criminal activities).

6. What about Persons Under 18 Years of Age?

We are concerned to protect the privacy of children. We do not knowingly contact or collect information from persons under the age of 18. The website is not intended to solicit information of any kind from persons under the age of 18.

If you believe that we have received information pertaining to or from persons under the age of 18 please contact us at contacting dpo@aphaia.co.uk. If we become aware that a person under the age of 18 has provided us with personal information, we will take steps to delete such information.

7. Will We Share Your Personal Data with Third Parties?

We may share personal data with the following categories of recipients:

  • Our affiliates, so they can, where applicable, provide you with services that you have requested under an agreement with MyChargeBack, or otherwise in order to provide information about our products and services that we believe may be of assistance to you (see Sections 1 and 3 above). We will only provide you with information related to the same or similar products to those you have expressed interest in.
  • Our third-party service providers, including IT service providers, law firms and private investigators providing fund recovery services, marketing automation, solutions and analytics providers, marketing agencies, professional advisers, and
  • If you are neither a resident nor citizen of the EU, our selected partners, representatives and sponsors or we may make available contact details to create marketing opportunities in certain industries and markets.

We may also share your personal data with public and governmental authorities if we are required to do so, or with third parties in connection with a potential corporate or commercial transaction.

Before we share your personal data with any third parties, such as trusted suppliers, business partners, advertisers and search engines, we take the necessary steps to ensure that your personal data will be given adequate protection in accordance with relevant data privacy laws and MyChargeBack’s internal policies.

8. How Long Will Your Personal Data Be Retained by Us?

We retain your information for no longer than necessary for the purpose for which it was collected. Our dispute related information is typically held for seven (7) years. We maintain specific records management and retention policies and procedures, so that in determining how long your information will be stored, we will consider:

  • The purpose(s) and use of your information both now and in the future;
  • Our global legal and contractual obligations; and
  • What information we need to manage your relationship with us and to develop and deliver our products and services

9. Do We Transfer Your Data Internationally?

As we are a global organization with a presence in a number of jurisdictions and countries, we may transfer your personal data to our affiliates internationally. If you are located in the EEA, this may involve transferring your data outside the EEA. To ensure that such transfers are in accordance with applicable law and carefully managed to protect your privacy rights, any inter-company transfers of personal data are covered by agreement(s) which contractually oblige(s) us to ensure adequate and consistent levels of protection wherever personal data is transferred within our group of companies. We may also share your personal data with third parties (see Section 7), some of which are based outside the EEA. Whenever we transfer your personal data outside the EEA, we ensure a similar degree of protection is afforded it by ensuring appropriate safeguards are implemented, for example we may use specific contracts approved by the European Commission. Please contact us (see our details at section 11 below) if you would like further information on the mechanism used by us when transferring your personal data outside the EEA.

10. Data Security

We maintain organizational, physical and technical security arrangements for all the personal data we hold. We have protocols, controls and relevant policies, procedures and guidance to maintain these arrangements taking into account the risks associated with the categories of personal data and the processing we undertake, including as appropriate:

  • The pseudonymization and encryption of personal data;
  • In certain areas of our websites MyChargeBack.com, the use of industry-standard SSL-encryption to enhance the security of data transmission;
  • The ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
  • The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and
  • A process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of personal data

11. Which Rights Do You Have with Respect to the Processing of Your Personal Data?

If you are based within the EEA, you may be entitled under certain circumstances to:

  • Request access to the personal data we process about you: this right entitles you to know whether we hold personal data about you and, if we do, to obtain information on and a copy of that personal data
  • Request a rectification of your personal data: this right entitles you to have your personal data corrected if it is inaccurate or incomplete
  • Object to the processing of your personal data: this right entitles you to request that MyChargeBack no longer processes your personal data
  • Request the erasure of your personal data: this right entitles you to request the erasure of your personal data, including where such personal data would no longer be necessary to achieve the purposes
  • Request the restriction of the processing of your personal data: this right entitles you to request that MyChargeBack only processes your personal data in limited circumstances, including with your consent
  • Request portability of your personal data: this right entitles you to receive a copy (in a structured, commonly used and machine-readable format) of personal data that you have provided to MyChargeBack, or request MyChargeBack to transmit such personal data to another data controller
  • Request not to be subject to any decision that significantly affects you being taken by automated processing, including profiling

If you are based in CALIFORNIA you have many of the rights set out in this Section 11 and you are entitled under certain circumstances to prohibit the sale of personal information and to request access to certain information about the personal data we have shared with third parties for direct marketing purposes.

Please contact us at dpo@aphaia.co.uk to exercise any of these rights. We will process any request in line with any local laws and our policies and procedures. We may ask you for additional information to confirm your identity and for security purposes, before disclosing information requested to you.

12. What if You Have Questions or Want Further Information?

MyChargeBack is the controller of your personal information and is registered as a data controller with the UK Information Commissioner’s Office under registration number ZA664835.

Any questions regarding this notice and our privacy practices should be sent to our Data Protection Officer:

Aphaia Ltd
Eagle House
163 City Road
Shoreditch
London EC1 1NR
United Kingdom

dpo@aphaia.co.uk

If you wish to make a complaint about how we use your information, please contact us using dpo@aphaia.co.uk and we will do our best to help. If you are located in the EEA, you have the right to lodge a complaint with the appropriate data protection supervisory authority in your country. We would, however, appreciate the chance to deal with your concerns before you approach your local supervisory authority so please contact us in the first instance.