Privacy Policy 

Last modified:

Privacy Policy 

Privacy Statement 

This is our Privacy Statement which explains how we obtain, use and keep your personal data safe in relation to the Foundy website: (“Website”) or any of the services we provide through it, including the creation of your Foundy Account (“Services”).

Your personal data is data which is about you that, by itself or with other data available to us, can be used to identify you – such as your name, your date of birth or contact details.  Foundy respects your privacy and we are committed to keeping your personal information safe in accordance with applicable data protection laws.  

This Privacy Statement will tell you about your privacy rights and how the law protects you.  It is important that you read it together with our Terms and Conditions and User Agreement (“Terms”) which govern your use of our Services, Cookies Policy and any other policies we have in place at any time. 

This Privacy Statement supplements our Terms and other policies and is not intended to override them.

Data Controller

The data controller is Foundy Limited trading as Foundy (“we”, “us” or “our”). The data controller is responsible for your personal data.

Contact Details

Foundy Ltd trading as Foundy

Data Control Officer: John Lewin

Email address: [email protected]

Telephone: +44 (0)7725 240418

Postal address: 10 Wingate Business Exchange, 64-66 Wingate Square, London SW4 0AF

Changes to the Privacy Policy and your duty to inform us of changes

We keep our privacy policy under regular review. We reserve the right to revise or amend this Privacy Policy at any time to reflect changes to our business or changes in the law. Where these changes are significant, we will endeavour to let you know. However, it is your responsibility to check this Privacy Policy before each use of the Website 

It is important that the personal data we hold about you is accurate and current. Please ensure that you keep us informed of changes to your personal data.

The types of personal data we collect and use

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been anonymised (removed).

Information you give to us:

We may collect the following information you give to us: your name, date of birth, gender, your job title, your personal biography or summary, your contact information including your email address, telephone and residential address you provide us for contacting you, your preferred method of payment such as your credit or debit card details, your marketing preferences for receiving information about our services, your account username and password, and communications you exchange with us.

Information we collect about you and the device you connect to us with

Each time you visit the Website and/or use the Services, we automatically collect personal data including data relating to the electronic device you are using, content and usage data. We collect this data using cookies and other similar technologies. Our Cookie Policy explains this in more detail and is available on the Foundy website at

Interacting with others

When you use the Website to interact with other users we will collect both the data that you upload to it (which may be included in messages that you send, or content that you upload) as well as data about how you are interacting with the Website and with other users. So, for example, if you send a message to another user we will collect information about the content of that message, as well as the fact that you sent that message to another user. 

If you create a profile when using our Services, you also accept that unless otherwise specified other users will be able to view the information you include on your profile about yourself, other individuals and the business you wish to sell. 

You confirm that you have received appropriate authorisation to share information about other individuals on your profile. You also understand that we have no control over and have no responsibility with respect to the use by other users of the Services who have been granted access to your personal data either through your profile or through any messaging functionality available on the Website. 

Third-party links and information we receive from third-party sources

The Website contains links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you which we cannot control and we cannot be responsible for their privacy statements. When you leave the Website, it is your responsibility to ensure that you read the privacy statement of third-party websites.

In addition, we may receive personal data about you from various third parties and public sources including:

  • Data about your device from analytics providers, advertising networks and search information;
  • Data about payments to and from you from providers of payment services;
  • Identity and contact data from data brokers or aggregators; and
  • Identity and contact data from publicly available sources (such as Companies House).

What happens if you fail to provide personal data

If you fail to provide the requested personal data, we may be unable to process or respond to your query or supply the Services under the Terms in full or in part.

Under certain circumstances, we may be under compulsion of law to collect personal data.  If you fail to provide that data when requested, we may have to cancel Services or close your account but we will notify you if this is the case at the time.

How we will process your personal data

We will only use your personal data for the purpose for which we collected it which include the following:

1. As necessary to perform our contract under the Terms with you:

  • To take steps at your request prior to entering into it;
  • To decide whether to enter into it;
  • To manage and perform that contract;
  • To update our records; and
  • To trace your whereabouts to contact you about your account and recovering debt or otherwise enforce the Terms.

2. As necessary for our own legitimate interests or those of other persons and organisations, e.g.:

  • For good governance, accounting, and managing and auditing our business operations;
  • To monitor emails, calls, other communications, and activities on your account;
  • For market research, analysis and developing statistics; and

3. As necessary to comply with a legal obligation, e.g.:

  • When you exercise your rights under data protection law and make requests;
  • For compliance with legal and regulatory requirements and related disclosures;
  • For establishment and defence of legal rights;
  • For activities relating to the prevention, detection and investigation of crime; and
  • To monitor emails, calls, other communications, and activities on your account.

4. Based on your consent, e.g.:

  • When you request us to disclose your personal data to other people or organisations.

You are free at any time to change your mind and withdraw your consent. The consequence might be that we can’t do certain things for you.

When will we make disclosures of your personal data

We will share your personal data to third parties in circumstances as follows:

  • Service providers acting as processors based in and outside of the UK who provide payment processing services, App development, IT and other system services;
  • Professional advisers acting as processors or joint controllers including banks, lawyers, auditors and insurers;
  • Government, regulators and other authorities based in the UK who require reporting of processing activities in certain circumstances, or if we believe it is necessary to do so to meet legal requirements or to prevent accidents and or crime, or to defend our legal rights;
  • Third parties to whom we may choose to merge, sell or transfer our assets or parts of our business. In these circumstances, new owners may use your personal data.


We may use your identity, contact, technical, usage and use of your Services to form a view on what we think you may want or need, or what may be of interest to you, including promotional offers. 

You may receive marketing communications from us if you have: 

  • provided us with your business e-mail account and we have a legitimate interest in keeping you up to date with our latest news and offers;
  • subscribed to receive marketing communications from us to your personal or business e-mail account; and
  • requested information from us or purchased services from us or if you provided us with your details when you entered a competition or registered for a promotion unless you have opted out of receiving that marketing when we first collected your personal e-mail address.


Cookies are small text files placed on your computer, smartphone or other device and are commonly used on the internet. We use cookies and similar technologies to:

  • collect information that will help us understand visitors’ browsing habits on our website;
  • compile statistical reports on website activity, e.g. number of visitors and the pages they visit;
  • temporarily store any information which you may enter in tools, such as calculators or demonstrations on our website; and
  • in some cases, remember information about you when you visit our site. 

We use cookies and other tracking technologies to enable us to perform our contract under the Terms with you and for our legitimate interests (e.g. to distinguish you from other users of the Foundy website and to help us improve our service to you by remembering your preferences).  You can set your browser to refuse all or some cookies.  You can also set your browser to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of the Foundy website may become inaccessible or not function properly. For more information about the cookies we use, please see our Cookies Policy.

Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We limit access to your personal data to those Foundy employees, agents and contractors and other third parties who have a justified business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

Where we have given you a password that enables you to access certain parts of the Website or the Services, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

We have procedures to deal with any personal data breach, suspected or actual, and will notify you and any applicable regulator of a breach where we are legally required to do so.

Retention of your personal data

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for.  We apply the following criteria to determine data retention periods for your personal data:

  • Retention in case of queries: we will retain your personal data as long as necessary to deal with your queries or for a sensible period in order for us to reply to your online query and then deal with queries you raise upon receipt;
  • Retention in case of claims: we will retain your personal data for as long as you might legally bring claims against us; and
  • Retention in accordance with legal and regulatory requirements: we will retain your personal data after your account, policy or service has been closed or has otherwise come to an end based on our legal and regulatory requirements.

International Data Transfers

Whenever we do transfer your personal data outside of the UK, we ensure that a similar degree of protection is afforded to it by ensure that in most cases at least on of the following safeguards is implemented: 

  • we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data under UK data protection laws; and
  • where we use certain service providers, we will use specified contracts approved by the Information Commissioner which gives personal data the same level of protection it has in the UK. 

By submitting your personal data, you understand the terms on which we may transfer your personal data outside of the UK. 

Your rights under data protection law

The Data Protection Act 2018 gives you the following rights:

  • The right to be informed about our processing of your personal data;
  • The right to have your personal data corrected if it’s inaccurate and to have incomplete personal data completed;
  • The right to object to processing of your personal data;
  • The right to restrict processing of your personal data;
  • The right to have your personal data erased (the “right to be forgotten”);
  • The right to request access to your personal data and information about how we process it;
  • The right to move, copy or transfer your personal data (“data portability”); and
  • Rights in relation to automated decision making including profiling.

You have the right to complain to the Information Commissioner’s Office. It has enforcement powers and can investigate compliance with data protection law: However, we encourage you to contact us in the first instance so that we can attempt to resolve your complaint directly. 

If you wish to exercise any of the rights set out above, please contact us using the details provided above.