1. Overview

This policy sets out the personal data processing practices and your related rights in relation to the personal data collected about you when you use the Lantern Website (lantern.ai) (the “Website”), the Lantern Portal (the “Portal”) and the Lantern Microsoft Excel Add in via Microsoft AppSource (“Lantern | Model”) (together the “Platforms”).

We take your privacy very seriously. We ask that you read this privacy policy (“Policy”) carefully as it contains important information about how we will use your personal data and how we will ensure we meet our legal obligations to you under the Jersey data protection rules (including associated guidance) (the “Data Protection Laws”).

We are a controller of your information which means that we are responsible for looking after it. We will use your personal data fairly, lawfully and in a transparent manner, and in accordance with the Data Protection Laws.

2. Personal data we may collect about you

2.1 Information that you provide

We will obtain personal information about you (such as your name, email address, job title and telephone number) when you access the Website and register with us to access the Portal, or where the business organisation you represent has provided us with your information to enable us to register you as the business contact for your organisation and enable you to access the Portal.

We will also obtain personal information about you when you use the Platforms, send us feedback, post material, contact us for any reason and by any medium, sign up to a service/ notification, report a problem with the Platforms or otherwise communicate with us.

We will not ask you to provide sensitive personal data and a condition of you using the Platforms, and being granted access to the Platforms, is that you will not put any such information relating to yourself or any other person within any communications you share with us, or include it within any information submitted on the Platforms.   Sensitive personal data (or otherwise called special categories of personal data) means information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation or any information relating to criminal convictions or offences on the Platforms.

We may retain a record of any contact you make with us.

2.2 Information about you that we will collect

Cookies

We may monitor your use of the Platforms through the use of cookies and similar tracking devices. For example, we may monitor how many times you use the Platforms, which pages you go to and traffic data. This information helps us to build a profile of our users. Some of this data will be aggregated or statistical, which means that we will not be able to identify you individually. For further information on our use of cookies, please see the sections on cookies below. For more information on cookies and how they work please visit www.allaboutcookies.org.

Device information

We may also collect information about your device each time you use the Platforms. For example, we may collect information on the type of device that you are using and its unique device identifier (for example, IP Address, the IMEI number, the device’s mobile phone number, or the MAC address of the device’s wireless network interface), the type of browser that you are using, the operating system that you are using, network information and the time zone setting.

2.3 Information from third parties

Where you are the representative of a business we interact with (for example your employer) that business may provide us with information about you such as name, email address, job title, role within organisation, address and telephone number to enable us to register you as the business contact for your organisation and enable you to access the Portal.

3. How we use your personal data

Website and individuals who may contact us

  1. to provide the website and the functionalities on the Website;
  2. to handle and respond to queries, comments, complaints and other communications you send us;
  3. to maintain the security of the website and to detect, investigate, monitor, remediate and/or prevent security or cyber incidents;
  4. for system administration, operation, testing and support;
  5. to protect and enforce the rights, property or safety of us, our business, our clients or others;
  6. to understand how visitors engage with the website and to monitor, improve and optimise the performance of the Website;
  7. to send you marketing information about our products and services that we think may be of interest to you (except where we require consent for this);
  8. in relation to the establishment, exercise or defence of legal claim;
  9. for compliance, regulatory, audit and investigative purposes;
  10. to send you direct marketing by email about our products and services that may be of interest to you; and
  11. when we use cookies or similar technologies for the purposes explained in our Cookie Notice below.

Clients and the Portal

  1. to deliver products and services to our clients;
  2. to communicate with you and respond to requests and inquiries;
  3. to notify you of any changes to the Portal or to our services that may affect you;
  4. to create and administer accounts and log in access to our Portal;
  5. to engage in transactions with you and your employer;
  6. for identification, and authentication purposes;
  7. for research, statistical analysis and behavioural analysis;
  8. to deliver functionality on the Portals including customising future use for you;
  9. for service improvement, research and to contact you for surveys;
  10. to analyse, develop and improve the function and performance of the Portal;
  11. to manage security and operation of the Portal, our networks and systems;
  12. to comply with applicable laws and regulations in the operation of our business.

4. What is our lawful basis for using your information

Performance of a Contract You may have directly entered into a contract with us for the provision of certain services. In order for us to fulfil our obligations under such contract (e.g. to provide you with Data Services and for you to provide us with requisite information), we will need to collect, process and share (as further detailed below) your personal information, to register and communicate with you on and through the Platforms.

Legitimate Interest If you are the business representative of an organisation who has entered into an agreement with us, or you have been granted access to the Platforms by another organisation, we need to collect and process your personal data for our legitimate interests to enable us to provide you access to the Platforms.

We also use your personal data as set out in this privacy policy for our legitimate interests to enable us:

  • to administer the Platforms
  • for research, statistical analysis and behavioural analysis;
  • to deliver functionality on the Platforms
  • for service improvement, research and to contact you for surveys;
  • to analyse, develop and improve the function and performance of the Platforms;
  • to manage security and operation of the Platforms, our networks and systems;

As indicated below, we may also pass your personal data to members of our group and other third parties and this is also for our legitimate business interests.

We are required to carry out a balancing test of our legitimate business interests in using your personal data outlined above against your interests and rights under the Data Protection Laws. As a result of our balancing test, which is detailed below, we have determined, acting reasonably and considering the circumstances, that we are able to process your personal data in accordance with the Data Protection Laws on the basis that we have a legitimate business interest.

Legitimate interest:  We have a legitimate interest in processing your information as: to grant you access to the Platforms, to provide the Platform services and facilities, to the use of data to improve our services and the Platforms.

Necessity: We consider that it is reasonable for us to process your personal data for the purposes of our legitimate interests outlined above as we process your personal data only so far as is necessary to achieve the purpose outlined in this Policy.

Impact of processing: We consider that it is reasonable for us to process your personal data for the purposes of our legitimate interests outlined above as the processing of your personal data does not unreasonably intrude on your privacy.

Consent

We do not expect to process your personal data subject to consent, however where we do so we will inform you of the purpose of processing, obtain your consent, and where given you will have the right to withdraw your consent to processing at any time by contacting us on the contact details provided at the beginning of this privacy policy.

Legal Duty

We will also process your personal data, as necessary, to comply with applicable laws and regulations in the operation of our business.

5. Disclosure of your personal data

We may disclose your personal data to:

  • other companies within our group, but only for the purposes specified in this Policy;
  • a third party who acquires our business or acquires substantially all of our assets, in which case the personal data shall be one of the acquired assets;
  • our agents and service providers;
  • law enforcement and regulatory agencies in connection with any investigation to help prevent unlawful activity or as otherwise required by applicable law;

5.1 Data Transfers

We may share your personal data within the Aztec Group and with third parties. This will involve transferring your data within the European Economic Area (“EEA”) and outside the EEA.

Whenever we transfer your personal data out of the EEA we ensure that is protected to an equivalent level – we do this in two primary ways:

  • By transferring the information to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission, UK, the Bailiwick of Jersey, or the Bailiwick of Guernsey.
  • By transferring within the Group to which we are a member which is covered by a data sharing agreement that contractually obliges each member to ensure that personal data receives an adequate and consistent level of protection wherever it is transferred within the Group.

5.2 Keeping your data secure

Ensuring the security of your information is an important part of our business. We take commercially reasonable and appropriate security measures to protect against unauthorised access to or unauthorised alteration, disclosure or destruction of data.

While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not completely secure and for this reason we cannot guarantee the security or integrity of any personal data that are transferred from you or to you via the internet; any transmission is at your own risk.

5.3 Monitoring

We may monitor and record communications with you such as emails for the purpose of quality assurance, training, and compliance.

6. Data retention

We may retain your personal data (provided for account creation and log in purposes) for as long as you continue to use the Platforms, have an online account with us, or for the period your organisation confirms that you are the business representative for them in relation to Data Services, and typically for ten years after the termination of your online registration with us, in order to enable us to deal with any issues or concerns you may have about the Platforms, and also to allow us to bring and defend legal proceedings, or for as long as is necessary to fulfil the purposes outlined above.

We may however retain personal data for an additional period as is permitted or required under applicable laws, for legal, tax or regulatory reasons, for legitimate and lawful business purposes and for our own internal audit and record keeping purposes.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.   If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. We will only use personal data for a purpose that is materially different than the purpose for which it was collected where your explicit consent to the new purpose has been provided. Such consent will be obtained prior to further processing under the different purpose.

7. Your rights

You have a number of rights under the Data Protection Laws in relation to the way we process your personal data, which are set out below. You may contact us using the details at the beginning of this Policy to exercise any of these rights.

In some instances, we may be unable to carry out your request, in which case we will write to you to explain why.

  • You have the right to request access to your personal data You have the right to request confirmation that your personal data is being processed, access to your personal data (through us providing a copy) and other information about how we process your personal data.
  • You have the right to ask us to rectify your personal data You have the right to request that we rectify your personal data if it is not accurate or not complete.
  • You have the right to ask us to erase your personal data You have the right to ask us to erase or delete your personal data where there is no reason for us to continue to process your personal data. This right would apply if we no longer need to use your personal data to provide the debt management services to you, where you withdraw your consent for us to process special categories of your personal data, or where you object to the way we process your personal data (see right 6 below).
  • You have the right to ask us to restrict or block the processing of your personal data You have the right to ask us to restrict or block the processing of your personal data that we hold about you. This right applies where you believe the personal data is not accurate, you would rather we block the processing of your personal data rather than erase your personal data, where we don’t need to use your personal data for the purpose we collected it for but you may require it to establish, exercise or defend legal claims.
  • You have the right to port your personal data You have the right to obtain and reuse your personal data from us to reuse for your own purposes across different services. This allows you to move personal data easily to another organisation, or to request us to do this for you.
  • You have the right to object to our processing of your personal data You have the right to object to our processing of your personal data on the basis of our legitimate business interests, unless we are able to demonstrate that, on balance, our legitimate interests override your rights or we need to continue processing your personal data for the establishment, exercise or defence of legal claims.
  • You have the right not to be subject to automated decisions You have the right to object to any automated decision making, including profiling, where the decision has a legal or significant impact on you.
  • You have the right to withdraw your consent You have the right to withdraw your consent where we are relying on it to use your personal data.

8. Complaints

You have the right to make a complaint in relation to data protection issues at any time to the Data Protection Authority in Jersey.

We would, however, appreciate the chance to deal with your concerns before you approach one of these supervisory authorities so please contact us in the first instance.

9. Use of cookies

9.1 What is a cookie?

A cookie is a small text file which is placed onto your device when you access our Platforms. We use cookies and other online tracking devices on our Platforms for several purposes as described below. enable the Platforms to remember choices you have previously made (for example language settings) where such devices are necessary to enable the functionality of the Platforms and enable you

In some cases, we will need your consent in order to use cookies on the Platforms . We obtain this through the pop up notice which appears when you navigate to the Platforms. The exception is where the cookie is essential in order for us to provide you with a service you have requested (for example to enable you to log in to the Platforms and enable you to view Documentation or upload information to us, and for us to communication with you).

If you wish to remove cookies placed on your device by our Platforms or stop our Platforms placing further cookies on your device, you can do this at any time through your browser by following the instructions at www.allaboutcookies.org.

9.2 What categories of cookies are used on the Portal?

Strictly necessary cookies.

These are cookies that are required for the operation of our Platforms. They enable core functionality such as security, network management and accessibility. We do not require your consent to place these cookies. Nevertheless, you may be able to block these cookies yourself on your device/ browser, but restricting these cookies is likely to mean that our site will not work as you would expect and certain functionality may be inoperable.

Non-essential cookies

Analytical/performance cookies.

These allow us to recognise and count the number of visitors and to see how visitors move around out Platforms when they are using it. This helps us to improve the way our Platforms works, for example, by ensuring that users are finding what they are looking for easily.

Functionality cookies.

These are used to recognise you when you return to our site. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).

You can find out more information about the individual cookies we use and the purposes for which we use them in the table below:

10. Our contact details

In this privacy policy, the terms “we”, “our”, and “us” are used to refer to Lantern Limited, who are the primary controller in relation to personal data processed in relation to registration and access to the Platforms. Lantern is part of the Aztec Group and depending on your agreement for services, or the agreement for services with the organisation you represent, Aztec Group Limited or one of its Affiliates as identified within that service agreement, may also be the controller of your personal data where it is provided to, or collected, through the Platforms in relation to such services. We welcome your feedback and questions. If you have any questions in relation to this policy or generally how your personal data is processed by us please contact our Data Protection Officer by letter addressed to: The Data Protection Officer, PO Box 730, 11-15 Seaton Place, St Helier, Jersey SE4.

11. Changes to this privacy policy

We may change this Policy from time to time. You should check this Policy frequently to ensure you are aware of the most recent version that will apply each time you use the Website and/or the Portal.