Cookies & Privacy Policy
This Privacy Policy outlines how Moneyright Financial Planning Ltd (“us”, “we”, or “our”), a Scottish Private Limited Company registered on 36 Brooklea Drive
Giffnock, Glasgow, G46 6AS, collects, uses, maintains, and discloses information collected from users (“you” or “your”) of the TruTactics website (the “Service”). This Privacy Policy applies to the Service and all products and services offered by TruTactics.
1. Information We Collect
We may collect personal information from users in various ways, including but not limited to when users visit our site, complete our financial MOT, subscribe to our newsletter, respond to a feedback survey following a successful session, fill out a form such as our contact form or the feedback form, and in connection with other activities, services, features, or resources we make available on our site. Users may be asked for, as appropriate, name, email address, mailing address, phone number, and other relevant information. As outlined in the second statement of our policy, you have the right to request and erase this information subject to certain conditions being met.
2. About GDPR
GDPR, or General Data Protection Regulation, is legislation that was introduced by the European Union in 2016 and implemented on the 25th May 2018. Following the United Kingdom’s exit from the European Union, GDPR legislation was approved by parliament and applies to all businesses that are trading within the United Kingdom.
This legislation aims to protect the data of private citizens within the United Kingdom and European Union from misuse of their data, and MoneyRight, under GDPR, can be fined for breaches of the UK’s implementation of General Data Protection Regulation.
There are three primary entities that GDPR applies to, namely:
- Data controllers: These are organisations or individuals that determine the purposes and means of processing personal data. They are responsible for ensuring that any data processing activities comply with GDPR. MoneyRight Limited is considered as a Data Controller;
- Data processors: These entities process personal data on behalf of data controllers. They are bound by GDPR and must implement appropriate security measures to protect the data. In the case of MoneyRight, Data Processors will include, but are not limited to, ActiveCampaign, and Zapier. You can see a full list of the third-party Data Processors we use listed below.
- Data subjects: GDPR is ultimately focused on protecting the rights and privacy of individuals, referred to as data subjects. Any individual whose personal data is collected and processed by an organisation falls under the purview of GDPR. In the case of MoneyRight, you, our end user of our platform, are considered to be the primary Data Subject.
As a responsible provider, MoneyRight abides by the key requirements that Data Controllers are obliged by the procedures and policies outlined in the policy. You can find a full list of these responsibilities on the UK Government’s website by clicking on this hyperlink. We have listed some of the key responsibilities below:
Consent. When using MoneyRight, you must double opt-in to receive communications from us. This includes when you sign up for an account, and when you subscribe to our newsletter;
You control your data. You have the right to modify and update the data we hold on you, request to receive a report on what data we hold on you, and the right to request that we erase data on you given that specific conditions are met (for instance, if it is deemed that the data we display on you is in the public interest, we may refuse this request);
- Data protection impact assessments (DPIAs) are mandatory for TruTactics when engaging in processing activities that could potentially jeopardise the rights and freedoms of individuals. This process entails evaluating the necessity, proportionality, and potential risks associated with the data processing. We take this responsibility particularly seriously as we work with young people on our platform;
- Data Breach Notification: If in the rare event that MoneyRight becomes the victim of a cyberattack, we are obliged to notify you of this and what data we deem to have been breached. With that said, we take every precaution to implement the necessary cybersecurity procedures and work with partners to this end;
- Data Protection Officer: our data protection officer is Tony Sandher, contactable by emailing tony@moneyright.co.uk
MoneyRight would like to inform you that the above list is not an extensive list of all of our GDPR responsibilities, and you should consult the UK Government’s website for a thorough list of the responsibilities that we oblige by.
3. Why we collect information, and our lawful reasons for doing so
We may collect and use personal information for the following purposes:
- To improve customer service: Information you provide helps us respond to your customer service requests and support needs more efficiently.
- To personalise user experience: We may use information in the aggregate to understand how our users as a group use the services and resources provided on our site.
- To improve our site: We may use feedback you provide to improve our products and services.
- To send periodic emails: We may use the email address to send user information and updates pertaining to their order. It may also be used to respond to their inquiries, questions, and/or other requests.
4. How we protect your information
We adopt appropriate data collection, storage, and processing practices and security measures to protect against unauthorised access, alteration, disclosure, or destruction of your personal information and data stored on our site.
We take the following measures:
- Data encryption in storage and transit. Encryption applies to the most sensitive data, such as a password if you ever register on our site. Some data is not encrypted.
Secure use of APIs such as Zapier, ActiveCampaign, Google Sheets, among other services. - We perform regular vulnerability scans of our website (built on WordPress) and on the backend application for security vulnerabilities including XSS, SQL Injections, CSRF, SSTI, Business Logic Errors, and other common vulnerabilities outlined in the OWASP10.
- We use security plugins on our WordPress website to prevent user enumeration, install a firewall, prevent directory traversal, and several other security measures.
MoneyRight Financial Planning Limited holds the complete and total responsibility for your data and we take every precaution to secure it.
6. Changes to This Privacy Policy
MoneyRight Financial Planning Limited has the discretion to update this Privacy Policy at any time. When we do, we will revise the updated date at the bottom of this page. We encourage users to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we collect.
You acknowledge and agree that it is your responsibility to review this Privacy Policy periodically and become aware of modifications. It is not feasible for MoneyRight Financial Planning Limited to email every user of this site (especially when we do not have your email address) whenever we make changes to this policy.
7. Thirdparty Services
At MoneyRight Financial Planning Limited, we leverage various third-party services to augment the functionality and user experience of our website. Each of these third parties plays a distinct role in supporting our operations and services tailored to the football analysis platform we provide. We choose our partners wisely. Here’s a brief overview of each third party and how MoneyRight Financial Planning Limited utilises them:
- Google Analytics: MoneyRight Financial Planning Limited relies on Google Analytics, located in Mountain View, California, to gain insights into website traffic and user behaviour. By analysing data such as user demographics, device information, and browsing behaviour, we can enhance our platform’s performance and tailor our services to better meet the needs of our users.
- Zapier: MoneyRight Financial Planning Limited utilises Zapier, based in San Francisco, California, to automate workflows and integrate various tools seamlessly. This automation platform allows us to streamline processes such as data transfer and communication between different platforms, improving our efficiency.
- Google Sheets: MoneyRight Financial Planning Limited relies on Google Sheets, a cloud-based spreadsheet application provided by Google LLC, to organise and analyse data collected from users and third-party sources.
- HotJar: MoneyRight Financial Planning Limited utilises HotJar, a behaviour analytics and user feedback service headquartered in Malta, to gain insights into user interactions and preferences on our website. By leveraging features such as heatmaps and session recordings, we can optimise the user experience of our platform and tailor our football analysis services to better meet the needs of our users.
Each of these third-party services plays a vital role in supporting MoneyRight Financial Planning Limited’s operations and enhancing the services we provide to our users. We ensure that all data shared with these third parties is handled securely and in accordance with applicable privacy laws and regulations.
8. Contact us
If you have any questions about this Privacy Policy, the practices of this site, or your dealings with this site, to request access to the data we hold on you, and for data removal requests, please contact our designated Data Protection Officer at tony@moneyright.co.uk