Privacy Policy

Last Updated 2025-09-18

Introduction

This privacy notice describes how we will collect, use, share and otherwise process your personal data in connection with your use of the [FusionFlo Suite Platform] (the Platform) and our website.

The Platform and our website is not intended for children and we do not knowingly collect data relating to children.

Important information and who we are

Unless specified otherwise, Intellicore Limited is the controller and is responsible for your personal data (Intellicore, we, us or our in this notice).

We have appointed a data protection officer (DPO). If you have any questions about this privacy notice, please contact them using the details set out below.

Contact details

Our full details are:

• Full name of legal entity: Intellicore Ltd

• Name or title of DPO: Barry Booth

• Email address: legal@intellicore.co.uk

• Postal address: 72-74 Commerce Street, Aberdeen, AB11 5FP

• Telephone number: +44 1224 213335

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK regulator for data protection issues.  

Changes to the privacy notice and your duty to inform us of changes

We keep our privacy notice under regular review.

This version was last updated on 2025-09-18. It may change and, if it does, those changes will be posted on this page and notified to you through the Platform.  The new notice may be displayed on-screen and you may be required to read and acknowledge the changes to continue your use of the Platform.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during our relationship with you.

Third party links and sites

Our Platform may, from time to time, contain links to and from the websites of third parties.  Please note that these websites (and any services accessible through them) are controlled by those third parties and are not covered by this privacy notice. You should review their own privacy notices to understand how they use your personal data before you submit any personal data to these websites or use these services.

The data we collect about you

We collect, use, store and transfer different kinds of personal data about you. To make it easier for you to use this privacy notice, we group these into the following categories.

Type of Personal Data Description of Personal Data
Identity Data Includes first name, last name, title, date of birth and Profile Data
Contact Data Includes first name, last name, contact address, email address and telephone numbers, your communication preferences and copies of the communications between you and us
Profile Data Includes your email address, username and password
Transaction Data Includes billing and delivery addresses, payment card details, history of your payments, purchases, deliveries, returns and refunds
Device Data Includes the type of device you use, your unique device identifier, mobile network information, your mobile operating system, the type of mobile browser you use, IP address, time zone setting
Content Data Includes information that you store or generate in the Platform
Usage Data Includes logs and detail of your use of our Platform, being the dates and times on which you download, access and update the Platform, any error or debugging information, and the resources that you access and the actions we and you take in relation to them and Cookies Data
Security Data Includes information we collect about your use of the Platform and our website in order to ensure your and our other users' safety and security, being Usage Data, the Cookies Data and the information provided to us by our payment processing provider
Cookies Data Includes the information collected through the cookies and similar technologies listed in our Cookies Notice available here [LINK]
Marketing and Communications Data Includes your direct marketing preferences, consents for receiving direct marketing from us and/or our third parties and the history of the direct marketing communications we have sent to you
Location Data Includes your current location as disclosed by GPS technology WiFi connections, your IP address for the time period where you have permitted us to collect it
Connected Data Includes information stored on the Platform that you permit the Platform to connect to, being Contacts lists and login information.
Feedback Data Includes your feedback and survey responses
Personalisation Data Includes : Cookies Data, Device Data, Content Data, Transaction Data, Connected Data, Social Media Data, Usage Data, Location Data, and the preferences we have inferred you have and use to personalise the Platform

We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). However, subscribers or their authorised personnel may upload, generate, or otherwise include such information within the content they choose to process through the Platform. We refer to the collection of Customer Content Data referred to in ‘How is your personal data collected’ section of this Privacy Policy for further information.

How is your personal data collected?

We collect your personal data in the following way:

Direct Collection

We collect personal data you provide directly to us when you:

• Create an account on the Platform;

• Subscribe to a Subscription Plan on the Platform;

• Contact us with enquiries, support requests or feedback; and

• Make payment or provide billing information.

Third-Party Collection

We may receive personal data about you from third parties, such as:

• Payment providers for processing transactions;

• Service provides engaged to provide analytics, hosting or customer support; and

• Publicly available sources where permitted by law.

Passive Collection

We automatically collect personal data when you use the Platform or our website, including Usage Data, Device Data and Cookies Data.

Collection via our Customers of the Platform

Subscribers and their authorised personnel may upload or generate content that contains personal data (Customer Content Data). We act as a data processor in relation to Customer Content Data. In this case:

• The Subscriber (i.e. our customer) is the data controller and determines the purposes of means of processing;

• We process the data solely on the Subscriber’s instructions to provide the Platform;

• We do not decide the content, scope, or purpose of the processing; and

• We implement appropriate technical and organisational measures to protect the data.

If your personal data has been uploaded to the Platform by one of our Subscribers, please contact the Subscriber in the first instance to exercise your rights. If you are unable to resolve your request with the Subscriber please contact us and we will liaise with the Subscriber to support them in responding to your request or enquiry.

Cookies

We use cookies (small files placed on your device) and other tracking technologies on the Platform and our website to improve your experience and our development of the Platform. For detailed information on the cookies we use, the purposes for which we use them and how you can exercise your choices regarding our use of your cookies, see our cookie notice [LINK].

How we use your personal data

We will only use your personal data when we have a lawful basis to do so. Our lawful basis for each purpose for which we use your personal data is specified below. Most commonly we will use your personal data in the following circumstances:

Consent. Where you have freely consented before the processing in a specific, informed and unambiguous indication of what you want.

Performance of a contract. Where we need to process your personal data to perform a contract with you or where you ask us to take steps before we enter into a contract with you. Where we rely on performance of a contract and you do not provide the necessary information, we will be unable to perform your contract.

Legitimate interests. Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.

Legal obligation. Where we need to use your personal data to comply with a legal or regulatory obligation. Where we rely on legal obligation and you do not provide the necessary information, we may be unable to fulfil a right you have or comply with our obligations to you, or we may need to take additional steps, such as informing law enforcement or a public authority or applying for a court order.

Delivery and improvement of our Platform

Purpose or Activity Type of Personal Data Lawful Basis for Processing
To permit you to access the Platform and register you as a new Platform user Identity, Contact, Financial, Device Performance of a contract and Legitimate Interests
To take steps towards providing you with services at your request and deliver services to you, including managing payments and sending you service communications Identity, Contact, Transaction, Device Performance of a contract
Enforce our terms and conditions, including to collect money owed to us Identity Legitimate interests (to recover debts due to us)
To utilise the functionality of the Platform Customer Content Data, Content Data Performance of a contract

Account management and profiling

Purpose or Activity Type of Personal Data Lawful Basis for Processing
Combining the information we collect about you into a single customer account profile Contact, Direct marketing Legitimate Interests (to publicise and grow our business)

Direct marketing

Purpose or activity Type of personal data Lawful basis for processing
To send you direct marketing communications Contact
Device
Direct Marketing 		Consent
Unless we can rely on the soft opt-in and you have not opted out,
in which case we rely on Legitimate Interest (to publicise and grow our business)

Troubleshooting, improvement and security

Purpose or activity Type of personal data Lawful basis for processing
To administer, monitor and improve our business and the Platform including troubleshooting, data analysis and system testing Identity
Contact
Device		 Legitimate interests (for running our business, provision of administration and IT services, network security, maintaining the security of our Platform, providing a secure service to users and preventing fraudulent and other misuse of our Platform)
Applying security measures to our processing of your personal data, including processing in connection with the Platform All personal data under this privacy notice Legal obligation (applying appropriate technical and organisational measures under Article 32 of the UK GDPR)
Otherwise monitoring use of the Platform and deploying appropriate security measures Contact
Security
Transaction		 Legitimate interests (running our business, provision of administration and IT services, network security, maintaining the security of our Platform, providing a secure service to users and preventing fraudulent and other misuse of our Platform)
To screen for unlawful content, phishing activities, spam and fraud Content Data
Customer Content Data		 Legitimate interests

Rights and obligations

Purpose or activity Type of personal data Lawful basis for processing
To comply with our other legal obligations, including compliance with tax legislation, judicial, law enforcement and government authorities' requests All personal data under this privacy notice Legal obligation

Cookies and personalisation

Purpose or activity Type of personal data Lawful basis for processing
To deploy and process personal data collected via Cookies, as set out in the cookies note [LINK] Cookies Legitimate interests (delivering and securing the Platform)
To deliver (personalised) advertisements to you Personalisation Consent

Other communications

Purpose or activity Type of personal data Lawful basis for processing
To notify you of changes to the Platform, your purchases and our terms and conditions for ongoing contracts Contact For ongoing or prospective contracts, Performance of a contract
Otherwise, Legitimate interests (in servicing our users and prospective users)
To notify you of updates to this privacy notice Contact
Transaction		 Legal obligation (to inform you of our processing under Articles 13 and 14 of the UK GDPR)
To respond to your requests to exercise your rights under this notice As relevant to your request Legal obligation (complying with data subject requests under Chapter 3 of the UK GDPR)
To otherwise respond to your enquiries, fulfil your requests and to contact you where necessary As relevant to your enquiry or request Legitimate interests (service our users and prospective users)

Business contacts

Purpose or activity Type of personal data Lawful basis for processing
Process personal data relating to staff members of our business contacts, including suppliers, customers and prospects Contact Legitimate interests (servicing and receiving products or services, to or from our business contacts and carry out our B2B business)

Automated decision making and profiling

We do not make decisions based solely on automated processing or profiling that produce legal effects concerning you (or have similarly significant effects).

Criminal offence data and special category data

We do not intentionally collect criminal offence data about you. However, we may process data relating to criminal offences in monitoring the use of our Platform for security purposes, where we suspect you may have committed a crime, such as attempting to make a fraudulent purchase or claim or circumvent the security of the Platform. In such circumstances we will provide that information to law enforcement and/or use it to establish, exercise or defend a legal claim. In those circumstances, according to the type of activity and purpose, we will rely on legitimate interests (protecting our business, employees and other users) and legal obligation (where required by legal, judicial or law enforcement to disclose or process that information). UK law authorises that processing under the Data Protection Act 2018 and although the appropriate authorisation will depend on a case-by-case basis, monitoring for criminal behaviour through the use of our Platform is in the Substantial public interest (preventing or detecting unlawful acts) and processing information related to suspected criminal activity for legal claims is permitted under the additional condition of legal claims.

Disclosures of your personal data

We may share your personal data with the following third parties:

External third parties.

• Service providers who provide third-party support to the Platform, including:

    •    Cloud Hosting Provider – to provide hosting facilities and infrastructure to support the Platform and services we provide;

    •    Payment Processors – to process your subscription fees.

    •    Email service providers – to send account related notifications and alerts to you.

    •    Web Traffic Analytics Providers – to analyse web traffic patters and ad performance.

   •    App Crash Analytics Providers – to identify and troubleshoot application crashes.

    •    App Logging Providers – to analyse usage patterns for security purposes, troubleshooting and turning of our services.

    •    Help Desk Providers – to provide help centre and support ticketing services,

        If you wish to receive a full list of our external third party providers, please contact us.

• Our professional advisors  including lawyers, auditors and insurers who provide legal, accounting, insurance services

• Your service providers that you have appointed and we need to contact to fulfil your requests, such as your banking or payment card provider to process your transactions.

Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.

• HM Revenue and Customs, regulators, law enforcement, public authorities or other third parties based in the UK where necessary to exercise our rights or comply with a legal obligation.

International transfers

Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

• We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data.

• Where we use certain service providers located outside the UK, we use specific contracts approved by the UK which give personal data the same protection it has in the UK.

• We ensure ongoing security and compliance.

Please contact the DPO using the contact details above if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.

Data security

All information you provide to us is stored on our secure servers and located in the UK. Any payment transactions carried out by us or our chosen third-party provider of payment processing services will be encrypted using Transport Layer Security technology. Where we have given you (or where you have chosen) a password that enables you to access certain parts of our Platform, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Once we have received your information, we will use strict procedures and security features to protect your personal data from loss, unauthorised use or access.

We have put in place procedures to detect and respond to personal data breaches and notify you and any applicable regulator when we are legally required to do so.

Data retention

By law we have to keep basic information about our customers (including Contact, Identity, Security and Transaction Data) for six years after they cease being customers.

Upon deletion or cancellation of your account on the Platform, we retain Customer Content Data for 180 days unless you specifically request to purge the data at the point of cancellation.

In some circumstances you can ask us to delete your data: see Your legal rights below for further information.

Once we no longer have a legal right to hold your personal data, we will delete or, in some circumstances, we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

Your legal rights

You have the following rights under data protection laws in relation to your personal data.

Access. Request access to and/or a copy of the personal data we process about you (commonly known as a data subject access request). This enables you to check that we are lawfully processing it.

Correction. Request correction of any incomplete or inaccurate data we hold about you. (We may need to verify the accuracy of the new data you provide to us.)

Deletion. Request us to delete or remove personal data where there is no good reason for us continuing to process it. You also can ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we have processed your information unlawfully or where we need to erase your personal data to comply with law. (In some cases, we may need to continue to retain some of your personal data where required by law. If these apply, we will notify you at the time of our response.)

Objection. Object to us processing your personal data where (a) we are relying on legitimate interests as the lawful basis and you feel the processing impacts on your fundamental rights and freedoms, or (b) the processing is for direct marketing purposes. In some cases, we may refuse your objection if we can demonstrate that we have compelling legitimate grounds to continue processing your information which override your rights and freedoms.

Restriction. Request that we restrict or suspend our processing of your personal data:

• if you want us to establish the data's accuracy;

• where our use of the data is unlawful, but you do not want us to erase it;

• where we no longer require it, but you need us to hold onto it to establish, exercise or defend legal claims; or

• you have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.

Data portability. Request we transfer certain of your personal data to you or your chosen third party in a structured, commonly used, machine-readable format. This right only applies to information processed by automated means that we process on the lawful bases of consent or performance of a contract.

Withdraw consent. Withdraw your consent at any time where we are relying on consent to process your personal data. Please know that this does not affect the lawfulness of any processing carried out before you withdraw your consent, and after withdrawal, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.  

Complain to the UK data protection regulator. If you are unhappy with how we process your personal data, we ask that you contact us first using the details below so that we have the chance to put it right. However, you also have the right to make a complaint to the ICO at any time.

You can exercise any of these rights at any time by contacting us at legal@intellicore.co.uk.