We may from time to time share your personal information with third parties for the purposes of providing you with our services, understanding how you use them, and making them better. For example, Findmypast will share a Universally Unique identifier (UUID) with Apple if you purchased a subscription through Apple Pay, which ensures that we can link your payment to the correct account. Our third-party providers include payment processors, providers of card validation services, credit referencing providers, providers of website analytics, and the provider of our subscriber referral program. Please note that we do not keep a record of your credit or debit card data and our payment processors do not decide what is done with it, they only process it on our behalf.
We share your information when we have a legitimate interest in doing so, or to fulfill our contract with you. The third parties with whom we share it may not be located in your country of residence; however, we only use providers that ensure adequate protection for your personal information at all times. When we transfer your personal information to a third party in another country, we use recognised mechanisms for ensuring it is properly protected, which include:
- The country in question is subject to the same Data Protection regulation (for example, when we transfer data from one EU country to another, GDPR will apply in both);
- The country in question has been deemed safe for data transfer by the European Commission (also known as an ‘adequacy finding’); or
- The contract for data processing contains contractual provisions approved by relevant Data Protection regulators (for example, the standard contractual clauses laid down by the European Commission to safeguard the transfer of personal information, or the International Data Transfer Agreement approved by the UK Information Commissioner’s Office).
We also take reasonable steps to ensure that any such overseas recipients do not hold, use or disclose your personal information in a way that is inconsistent with the obligations imposed under the Privacy Act and the Australian Privacy Principles in the Privacy Act, or the NZ Privacy Act and the New Zealand Privacy Principles in the NZ Privacy Act, or the California Consumer Privacy Act.
We will disclose your personal information in order to comply with any legal obligation. This includes disclosing information to organisations for the purposes of fraud protection, credit risk reduction, or the order of a court or regulator.
We also share your details with service providers who assist us with hosting our marketing campaigns and surveys but only in cases where you have consented to marketing or surveys. We will not provide your personal information to other third parties for marketing purposes unless you have specifically consented to this when you first provided your information to us. You are entitled to decline to receive such third-party communications by not selecting the appropriate box on the web form that collects your details or at any subsequent time by logging into your account and adjusting your preferences, by contacting us by email at firstname.lastname@example.org or by post to Findmypast, 185 Fleet Street, London, England, EC4A 2HS.