Vircarda Privacy Policy



Causeway Technologies Limited (we) are committed to protecting your personal information and respecting your privacy.  Our address is Sterling House, 20 Station Road, Gerrards Cross, Buckinghamshire, SL9 8EL and you may e-mail us at 


This policy, together with our Vircarda end-user licence terms (Licence Terms), applies to your use of: 

  • Our Vircarda mobile application software (App), once you have downloaded a copy of the App onto your mobile telephone or handheld device (Device). 
  • Our service accessible through the App (Service).  

This policy describes the types of "personal Information” (information that is capable of identifying a particular person) we collect from you or that you provide to us, and explains the basis on which we will process that personal information and how we safeguard your privacy as a user of Vircarda and its back-end services. For more details on what your rights and obligations are when using the Service, please refer to the Licence Terms. 

This policy does not seek to cover the personal information supplied by you to your card issuer in order to obtain a virtual smartcard or how your card data is used in relation to which a separate privacy policy should be available from your card issuer.  You must be 16 or over to download the App. If you are 16 or 17 years old our terms require that you confirm that you have sought and obtained the permission of your parent or guardian to do so. 

For the purpose of the Data Protection Act 2018, any regulations made thereunder and the Retained Regulation (EU) 2016/679 (“UK GDPR”) (together “data protection legislation”), the data controller (or its equivalent, if any, in other jurisdictions) is Causeway Technologies Limited.   

If you are in Australia: We treat your personal information collected by us, or that you may provide to us, in accordance with the Australian Privacy Principles as contained in Schedule 1 of the Privacy Act 1988 (“the Privacy Laws”).  

Questions, comments and requests regarding this policy are welcomed and should be addressed to for the attention of our Data Protection Officer at 


Vircarda is an app that holds virtual smartcards (“cards”) and other items such as qualification certificates. Before you can use the App, you have to register via the App. Once you have registered, you can download virtual cards that have been issued to you by card issuers authorised by us. Virtual cards downloaded by you into Vircarda can be read by other parties using software or application protocol interfaces (APIs) supplied by us.  


You must use a secure password for your use of the App and Service and it is your responsibility to keep your password confidential. 


The personal information that you give us or we collect from or about you may include: 

  • Contact information such as name, telephone numbers and e‐mail addresses;  
  • Information such as date of birth to help verify your identity;  
  • Details of any ancillary services to which you have subscribed to via the Service;  
  • What you have used the Service for;  
  • Notifications sent to you;  
  • What cards and/or items are held or have been held in your app but not details of card contents; 
  • Information to help authenticate your access to the Service;  
  • Technical information, including the type of mobile device you use, a unique device identifier (for example, your Device's IMEI number, the MAC address of the Device's wireless network interface, or the mobile phone number used by the Device), mobile network information, your mobile operating system, the type of mobile browser you use, time zone setting and other information about your device;  
  • If you contact us, a record of that correspondence.  


The Service may collect personal information about you: 

  • Directly through your entry of information for the Service (for example, when you fill in forms to register);  
  • From card scheme operators or service providers whose virtual cards you download;  
  • From other third parties (including, for example, sub-contractors in technical services, analytics providers, search information providers, and so on);  
  • From geolocation services utilised by your device;  
  • From backend services integral to the Service.  


We treat your personal information as confidential. We do not sell or rent your personal information. We do not use or share your personal information in a manner that differs from what is described in this policy without your prior consent.  

We may use and disclose your personal information for the following purposes, including limited disclosures to our affiliates, to non‐affiliated third party service providers performing services on our behalf, to card scheme operators and to certain other non-affiliated entities as described below: 

  • To provide services authorised by you (such as to share information about your virtual cards and other items held in Vircarda and to send messages to you related to authorised services, including sending notifications to your device from us, and, where applicable, your card scheme operator, employers or other authorised users of your card scheme);  
  • To verify your identity and perform fraud screening by comparing details you give us about yourself with information from third parties including card scheme operators; 
  • To share details of your card usage with the relevant card scheme operator; 
  • To prevent fraudulent or other abusive use of a card in your app or the Service;  
  • To comply with laws and regulations, including compliance with court orders or lawful instructions from a governmental or regulatory body, to protect the personal safety of card holders or the public, to defend the Service against legal claims and to protect the Service’s rights and property, as permitted by applicable law;  
  • To support your use of the App;  
  • To provide you with information, products or services that you authorise us to provide;  
  • To carry out our obligations arising from any contracts entered into between you and us;  
  • To allow you to participate in interactive features of our service, when you choose to do so; 
  • To notify you about changes to our service;  
  • In the event that we sell or buy any business or assets, in which case we will disclose your personal information to the prospective seller or buyer of such business or assets;  
  • If Causeway Technologies Limited or substantially all of its assets are acquired by a third party, in which case personal information held by it about its customers will be one of the transferred assets; 
  • To complete a change of control transaction in which all or a portion of our operations and business are purchased or acquired by a third party; 
  • In order to enforce or apply the Licence Terms and other agreements or to investigate potential breaches;   
  • To protect the rights, property or safety of Causeway Technologies Limited, our customers, or others; or 
  • As otherwise authorised by you. 

We will only use your personal information when the law allows us to.  Under the data protection legislation our lawful basis for processing is as follows -  

  • We may use your personal information to perform the contract we have entered into with you or in order to take steps at your request to enter into a contract with you. 
  • Where we need to comply with a legal or regulatory obligation.  
  • We and any third parties with whom we share your personal information may also find it necessary to process your data for legitimate interests we pursue, for example, to maintain the security of our services or improve them.  This basis only applies where your interests and fundamental rights do not override those legitimate interests.  
  • Where we do not rely on another lawful basis, we may process your personal information based on consent you provide. 


To ensure your personal information remains confidential, the Service maintains physical, electronic, and procedural safeguards to help prevent unauthorised access to your personal information. 

The Service has policies and procedures that limit employee access to your personal information to those with a business reason to have such information and we educate our employees about the importance of confidentiality and customer privacy. 

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of the information you transmit to us; any transmission is at your own risk. Once we have received your information, we will use reasonable procedures and security features to try to prevent unauthorised access. 


The personal information that we collect from you will be stored in the UK.  It will only be processed by staff operating inside the UK who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the provision of support services.  

We will not transfer any data that we collect or receive from you that constitutes personal information outside of the UK unless there are appropriate safeguards, the transfer is based on adequacy (decision or regulation) or the transfer otherwise complies with the data protection legislation. Such transfers may involve, for example, our use of third party services allowing us to send e-mails or automated SMS messages which make use of facilities in third countries to process and store data. 

If you are in Australia:  The personal information that we collect from you will be stored in Australia. It will only be processed by staff operating inside Australia or the UK who work for us or for one of our suppliers.  Such staff may be engaged in, among other things, the provision of support services.  

We will not transfer any information that we collect or receive from you that constitutes personal information outside of Australia (save for any processing that occurs by us/our staff in the UK) unless we have taken such steps as are reasonable in the circumstances to ensure that the overseas recipient does not breach the Australian Privacy Principles (other than Principle 1) in relation to the information. Such transfers may involve, for example, our use of third party services allowing us to send e-mails or automated SMS messages which make use of facilities overseas to process and store data. 


Information collected will be retained for a period no longer than is necessary to support the purpose of processing personal information set out above. 

We will retain encrypted back ups for a maximum of 3 years from the termination of our contract with you, if any, or from when you cease to use our services. This time limit is set in line with the limitation period for possible legal claims which may require such data in order to be investigated and defended against. 


You have the right to: 

  • Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected, although we may need to verify the accuracy of the new personal information you provide to us. 
  • Request erasure of your personal information (commonly known as “the right to be forgotten”). This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have successfully exercised your right to object to processing (see below), where we have processed your information unlawfully or where we are required to erase your personal information to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. 
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms. 
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal information to you or to a third party. We will provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you. 

Where our processing is based on your explicit consent to our processing, you have the right to withdraw such consent (this will not affect the lawfulness of processing prior to the withdrawal of your consent). 

If you wish to exercise any of these rights please contact our Data Protection Officer at 


If you are in the UKYou have the right to lodge a complaint about our processing with the Information Commissioner’s Office (ICO), the UK’ supervisory authority for data protection issues.  

Rest of world: If you believe that we have at any time failed to keep one of our commitments to you to handle your personal information in the manner required by the Privacy Laws or any other applicable privacy law, then we ask that you contact us immediately at 


We do not process your personal information for marketing purposes. We will inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes and you can withhold your consent to and prevent such processing by not checking certain boxes on the forms we use to collect your data.  You can also exercise the right to prevent such processing at any time by contacting us at 


 Your provision of personal information to us may be a requirement necessary for you to enter into a contract with us. If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you. 



The App or any related website of ours may, from time to time, contain links to third party websites. Please note that these websites and any services that may be accessible through them have their own privacy policies and that we do not accept any responsibility or liability for these policies or for any personal information that may be collected through these websites or services, such as contact and location data. Please check these policies before you submit any personal information to these websites or use these services. 


We keep our privacy policy under review. Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by SMS or by e-mail or when you next start the App. The new privacy policy may be displayed on-screen and you may be required to read and accept the changes to continue your use of the App or the Service. 

It is important that the personal information we hold about you is accurate and current. Please correct your registration details in the App if your personal information changes during our relationship with you.