Last updated: March 2023. We periodically review the contents of the Privacy Policy to ensure it’s accurate.

Introduction

Hello. We’re Sequence, a software-as-a-service financial operations platform. We provide a web platform and API that allows businesses to simplify their financial and payment operations. Altogether, these are our “Services”. At Sequence, we’re committed to protecting the privacy and security of all data we collect, store and process when we provide our Services. This Privacy Policy is meant to help you to understand how we use the information we collect in order to provide our Services and to build trust in our system. We may need to update this Privacy Policy from time to time, so we recommend you check back periodically. If we make any substantial changes, we may notify you via email or by posting a notice on our website.

Contact us

We are Sequence HQ Ltd, incorporated in England and Wales under the company number 13585168. In this Privacy Policy, we are referred to as “Sequence”, “we”, “us” or “our”.
  • You can find us at 27 New Dover Road, Canterbury, England, CT1 3DN.
  • Our ICO Registration number is ZB304614.
  • Questions, comments and requests about this Privacy Policy can be addressed to compliance@sequencehq.com.
  • Alternatively you can write to us at our address.

Responsible disclosure

In the event of any I.T. security or data incidents, you can email us at security@sequencehq.com to alert us.

The information we collect, use and hold

The information we collect, use and hold depends on the service we are providing, who we are providing that service to and how our customers, our customers’ users, and our customers’ end customers interact with us.
Terms we use: our customers are businesses, our users are the staff of those businesses, and end customers are counterparties or customers of those businesses.
Below we detail out: the information collected, how that information is used and how it is held – according to which service is being provided, and how.

When a customer creates or uses an account in the Sequence platform

Our customers and their staff give their information in order to use the Sequence platform or sandbox. This information may include the user’s name, email address, job title, login information, company billing information, usage information, and other company information including business name, company address and company number. For this information, we are the controller of the data and will hold it securely in line with our Security Measures. Some of this information may also be shared with our product or service providers or subprocessors, for instance to check if it is an existing customer or in order for us to deliver our services.

When our customers use our financial operations platform for and on behalf of their end customers

Our customers are businesses and when they use our financial operations platform and services we are acting on their behalf as their service provider and processor. Our customers, and not us, are the controllers of the data submitted when they use our services to interact and provide a service to their end customers; we are the data processor. The exact information processed depends on how our customer is using our service, which of their end customers they are interacting with and the purpose of the usage. For instance, when a Sequence customer uses the Sequence API to program a payment to or from their end customers or a counterparty, then Sequence will process certain payment information such as payment recipient name and bank information. Or for instance, when a Sequence customer uses the Sequence platform to send communications to their end customers or counterparties, then Sequence will process certain contact information like email or recipient name. We use this information in order to meet our contractual obligations and provide our service to our customer. From time to time we may need to assist our customers regarding, for example, payment or account failures and will use certain information such as debugging, time logs, nature and detail around complaints etc. We use this information in order to meet our obligation to provide Customer Services around our services. Some of this information may also be shared with our product or service providers or sub-contractors, in order for us to deliver our services to our customer. For additional information about how your specific data is being collected and used, and if you are an end customer or counterparty of a business who is our customer, please also review the privacy policy of the business who is using our services.

When on our website or when you otherwise interact with us

We collect the information you decide to provide when browsing our websites or when you otherwise interact with us. For example, we collect information when you inquire about the Sequence Services, sign up for our newsletter, submit a request, submit information, comment on a blog post, or otherwise contact us. This information might include your name, email address, address, phone number, company information, billing and purchase information, and any other information you choose to provide. In addition, we also automatically collect certain information from you when browsing our website. This includes:
  • Log Information: we log information about your use of the website, including the type of browser you use, access times, pages viewed, your IP address and the page you visited before navigating to the website.
  • Device Information: we collect information about the computer or mobile device you use to access our website, including the hardware model, operating system and version, unique device identifiers and mobile network information.
  • Information Collected by Cookies and Other Tracking Technologies: we and our service providers use various technologies to collect information, including cookies and web beacons. Cookies are small data files stored on your hard drive or in device memory that help us improve our website and your experience, see which areas and features of our website are popular and count visits. Web beacons are electronic images that may be used on our website or emails and help deliver cookies, count visits and understand usage and campaign effectiveness. For more information about cookies, and how to disable them, please see below.
We use the information we collect to:
  • Provide, maintain and improve the website;
  • Send you technical notices, updates, security alerts and support and administrative messages;
  • Respond to your comments, questions and requests and provide customer service;
  • Communicate with you about products, services, offers, promotions, rewards, and events offered by Sequence and others, and provide news and information we think will be of interest to you;
  • Monitor and analyze trends, usage and activities in connection with the websites; and
  • Carry out any other purpose for which the information was collected.
Some of this information may also be shared with our product or service providers or sub-contractors, in order for us to deliver our services. We use information for the above purposes where it is necessary to meet our contractual obligations, where it is necessary in our legitimate interest to do so, where we have a legal obligation, or where an individual has provided their consent.

Change of purpose

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. We may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Data sharing

In addition to the data sharing and specific purposes described above, Sequence may also share information with other companies, organizations, government bodies, and individuals outside Sequence where we have a legitimate legal reason for doing so (for example, in connection with any merger or acquisition or to comply with a court order) or where we have been instructed to share the information on behalf of our customers. Whenever legally possible, we seek to protect the information we share by imposing contractual privacy and security safeguards on the recipient of the information. This is particularly important in cases where the recipient is located in a country that has different or lesser privacy laws than those of the country where the information was originally collected. In some cases, however, it’s not possible for us to do so — for example, when we have a legal obligation to disclose information to a government authority and that government authority isn’t willing to enter into such contractual safeguards.

Processing information outside the UK

Where we, or our partners, process your personal information outside the UK, we will look to limit the jurisdictions to the EU and US so that you can expect an essentially equivalent degree of protection to your personal information (and certainly no less than expected in the data protection legislation regarding the countries and entities which process your information). Where we do process your personal data outside the UK, we would only do so in order to carry out activities to operate our business and provide our services. In most circumstances, we rely on approved standard contract clauses (SCC) which we include in our agreements with data processors and service providers, but may also rely on other mechanisms recognized in data protection legislation.

Subprocessors

We maintain a list of the subprocessors and third parties with whom we may share data in order to provider our Services. This list also includes, where possible, the locations in which the data will reside or be processed.

Data retention

We will only retain data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from authorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. In some circumstances we may pseudonymize or anonymize personal information so that it can no longer be associated with an individual person, in which case we may use such information without further notice to you.

Your rights

If you would like to access a copy of, delete, or otherwise exercise control over your personal information, please contact us via the Data Requests form. Please be aware, for many requests Sequence may need to notify our relevant customer (as described above detailing how Sequence may collect, use and hold information) and so our customer (and not Sequence) may fulfill the request. This is necessary where Sequence is acting on the customer’s behalf.

Information security

We take the security of the information that we process very seriously, and endeavor to operate enterprise-grade information security measures. We are certified for SOC2 and shortly to be certified for ISO27001 (see more on our certifications). We take appropriate administrative, physical, technical and organizational measures designed to help protect user information from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. More detail on how we secure and protect data can be found on the Security Measures page. Transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website or to us, for instance, by email; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access, loss or damage.

How to complain

You have the right to make a complaint at any time to your local supervisory authority. In the UK that is the Information Commissioner’s Office (ICO) (www.ico.org.uk). We would, however, very much appreciate the chance to deal with your concerns before you approach the ICO, and you can contact us in the first instance by contacting us directly. Our ICO Registration number is: ZB304614