Privacy Policy

VFD SaaS Technologies Limited trading as Qokoon

Protecting personal data is a priority for everyone. This policy tells you the types of information we collect when you visit our website ( (“Website”) and/or use our services and applications, how we use that information, and when we may share that information. This policy may change from time to time so please check it every so often.

This Privacy Policy relates to the data we collect from you which includes “personal data” (being any information which identifies a person or which allows that person to be identified when combined with other information) and data which is otherwise recognised as sensitive data.

1. WHO ARE WE? We are VFD SaaS Technologies Limited (“we”, “us”, “our” or “Qokoon”). We trade under the name Qokoon. We are the controller of personal data for the purposes of this Privacy Policy. If you have any questions about this Privacy Policy, including requests to exercise your legal rights, please contact us on  

2. WHAT DATA DO WE COLLECT FROM YOU? We collect and use data relevant to your use of our services and applications, and your contact with us via the Website or through other means. In respect of this personal data, we are the Controller. If you are signing up to use our product or services, if you are enquiring about using our product or services or making a general enquiry, it may be necessary for you to provide certain data to us. The data you provide or may provide is listed below. We may collect, use, store and transfer different kinds of personal data as follows:

  • Identity Data includes your name, email address, username, title.
  • Contact Data includes billing address, delivery address, email address and telephone numbers.
  • Financial Data includes bank account and payment card details.
  • Transaction Data includes details about payments to and from you and other details of any payments made by you whilst using our services or purchasing services or goods from us.
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting, location, browser plug-in types and versions, operating system and platform, screen resolution and other technical characteristics of your device, your use of our services and applications and connection to the Website, (as applicable to the device you are using).
  • Profile Data includes your username and password, your user ID and preferences and feedback.
  • Usage Data includes information about your visit, including the website that referred you to the Website (if applicable), the path that you take through and from the Website (including date and time); pages that you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

We also may collect, use and share Aggregated Data, such as statistical or demographic data, for any purpose. Aggregated Data may be derived from your data but is not considered personal data as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Policy.

We do not collect any Special Categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.


We use different methods to collect data from you including as follows:

Enquiring about our product or services or subscribing to our services If you contact us to ask about our product or service or about us generally, either through the Website or otherwise, we may collect and process Identity, Contact and Financial Data.

Signing up for our service If you sign up for our service and/or download our application, we may collect and process Identity, Contact, Financial, Transaction, Technical, and Profile Data.

Correspondence If you correspond with us using our contact form or through our ‘contact us’ or help features, we may collect and process Identity and Contact Data.

Browsing We may collect some Technical and Usage Data.

Candidates applying for a role at VFD SaaS Technologies Limited We will collect your Identity, Contact Data and Profile Data and information relating to your employment history. We will also collect data about you during telephone calls, in emails, during face to face interviews and from recruitment companies, head-hunters and social sites. We would always like to keep in touch with excellent candidates regarding any future vacancies and as a result, your consent also includes the ability for VFD SaaS Technologies Limited to retain your personal details.


We will only use your data when the law allows us to. Most commonly, we may use it in the following circumstances:

  • Where we need to perform the contract we are about to or have entered into with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests).
  • Where we need to comply with a legal or regulatory obligation.

Generally, we only rely on consent as a legal basis for processing your data where we need to obtain the consent to provide you with our services or to send you third party direct marketing communications to via email or text message. You have the right to withdraw your consent at any time.

We have set out below the ways we may use data and the legal basis for doing so. We have also identified what our legitimate interest is, where appropriate.


Type of Data

Lawful basis for processing including basis of legitimate interest

To register you as a new customer

(a) Identity

(b) Contact

(a) Performance of a contract with you

(b) Necessary for our legitimate interest (for running our business and provide you with services)

To perform the contract and provide you with services:

(a) Manage payments, fees and charges

(b) Collect and recover money owed to us

(a) Identity

(b) Contact

(c) Financial

(d) Transaction

(e) Technical

(f) Marketing and Communications

(a) Performance of a contract with you

(b) Necessary for our legitimate interests (to recover debts due to us)

To process a job application and keep you informed of employment opportunities

(a) Identity

(b) Contact

(c) Financial

(d) Profile

(a) Performance of a contract with you

(b) Necessary to comply with a legal obligation

(c) Necessary for our legitimate interests (to recruit good candidates for our business)

To process a job application and keep you informed of employment opportunities

(a) Identity

(b) Contact

(c) Financial

(d) Profile

(a) Performance of a contract with you

(b) Necessary to comply with a legal obligation

(c) Necessary for our legitimate interests (to recruit good candidates for our business)

To manage our relationship with you which will include:

(a) Notifying you about changes to our terms or privacy policy

(b) Asking you to provide feedback on our services

(a) Identity

(b) Contact

(c) Profile

(d) Marketing and Communications

(a) Performance of a contract with you

(b) Necessary to comply with a legal obligation

(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our services and applications)

To administer and protect our business and the Website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

(a) Identity

(b) Contact

(c) Technical

(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)

(b) Necessary to comply with a legal obligation

To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you

(a) Identity

(b) Contact

(c) Profile

(d) Usage

(e) Marketing and Communications

(f) Technical

Necessary for our legitimate interests (to study how customers use our products/ services, to develop them, to grow our business and to inform our marketing strategy)
To use data analytics to improve the Website, services, applications, marketing, customer relationships and experiences

(a) Technical

(b) Usage

Necessary for our legitimate interests (to define types of customers for our products and services, to keep the Website updated and relevant, to develop our business and to inform our marketing strategy)
To make suggestions and recommendations to you about services and offers or promotions that may be of interest to you


(a) Identity

(b) Contact

(c) Technical

(d) Usage

(e) Profile

(a) Necessary for our legitimate interests (to develop our products/services and grow our business)

(b) Consent where co

nsent is necessary

We may process data for more than one lawful ground depending on the specific purpose for which we are using data. Please contact us if you want further details about the specific legal ground we are relying on to process your data.

Where we need to collect data by law, or under the terms of a contract and you do not provide that data when requested, we may not be able to perform the contract. In this case, we may have to cancel a service you have with us.


We may share your data within Qokoon (i.e. our officers, staff and contractors) and with our service providers; for example, to service your requests or provide you with information. We may also share your data if a change happens in our business such as a merger or acquisition. If that happens, the new owners may use your data in the same way as set out in this Privacy Policy.

We may also share your data with service providers who we engage to help us run our business or deliver our services to you.

We may also share your data with other organisations or individuals when it is reasonably necessary to:

  • Meet any applicable law, regulation, legal process or request of a suitable governmental body or public authority e.g. under a relevant court production order.
  • Enforce applicable legal terms and conditions or our other legal rights, including investigation of potential violations.
  • Detect, prevent, or otherwise address financial crime.
  • Protect against or prevent harm to the rights, property or safety of Qokoon, our customers or the public as required or permitted by law. 


We will process and store your data on the Website servers, email and other servers and equipment that are needed to provide the services as applicable.

We do not ordinarily transfer your data outside of the UK or the European Economic Area except as follows:

Analytics providers

Our service providers, such as Google Analytics (Google Inc. and its affiliates), may process your data in the course of providing analytical information to us about the use of the Website. These service providers may collect and/or transfer your data outside of the UK or European Economic Area. For more information on how Google Analytics processes your data you can visit here: https://

Technical support

Sometimes we need to engage the assistance of our affiliated companies to provide technical support for your use of our service. The individuals providing the support may be based outside of the European Economic Area and will only have access to your data when they need to in order to provide support.

Whenever we transfer data out of the EEA or UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer data to countries that have been deemed to provide an adequate level of protection for data by the European Commission. For further details, see European Commission: Adequacy of the protection of data in non-EU countries.
  • Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.


We will not keep your data longer than reasonably necessary to fulfil the purposes described in this Privacy Policy or as we reasonably need to in order to meet our legal and governance obligations.


If you provide your contact details, we might contact you individually in the future if we think that our product or services may be of interest to you. If we think it appropriate, we might also add you to our regular email marketing list. You can ask us to remove your personal details from our marketing lists using the contact details listed at the top of this Privacy Policy.


We have put in place appropriate security measures to prevent data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to data to those of our staff and other third parties who have a business need to know. They will only process data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected data breach and will notify you and any applicable regulator of any breach where we are legally required to do so.


We will retain data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of data, the purposes for which we process data and whether we can achieve those purposes through other means, and the applicable legal requirements. For example, if you are a customer, we will generally keep your data for the longer of six years from the date of the last interaction with you or until the applicable statutory limitations period has expired. We regularly review the data we hold taking into account the lawful purpose for which we hold it and any data that is deemed no-longer relevant or required is deleted where it is practicable to do so.


Under certain circumstances, you have rights under data protection laws in relation to your personal data.

  • Request access to your personal data (commonly known as a "data subject access request"). This enables you to confirm with us whether your personal data is processed and, if it is to receive a copy of the personal data we hold about you.
  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  • Request erasure of your personal data in certain circumstances. This enables you to ask us to delete or remove personal data where it is no longer necessary for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your personal data unlawfully or where we are required to erase your personal data to comply with applicable law. However, the right to erasure is not an absolute right and we may not always be required to comply with your request for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party). In some cases, we may demonstrate that we have compelling legitimate grounds to process your personal data which override your rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes.
  • Request restriction of processing of your personal data in certain circumstances. This enables you to ask us to suspend the processing of your personal data in the following circumstances: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your personal data when relying on a legitimate interest but we need to verify whether we have overriding legitimate grounds to use it.
  • Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to personal data processed by automated means which you initially provided consent for us to use or where we used the information to perform a contract with you.
  • Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
  • Right to complain: You also have the right to lodge a complaint with the competent data protection supervisory authority, which in the UK is the Information Commissioner's Office.

No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Cookies Policy

Our website uses cookies to help personalize your online experience and to help us to distinguish you from other users.  When you use our website for the first time you will be given the opportunity to accept or decline cookies.  By accepting the cookies, you agree to our use of cookies as set out in this policy.

You may also want to review our privacy policy (  to learn how we protect your privacy in our use of cookies and other information.

What is a cookie?

A cookie is a small text file sent to your device from a website which is stored on your browser or the hard drive of your computer.  They are widely used in order to make websites work, or work more efficiently, as well as provide information to website owners. 

Cookies are not used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you and can only be read by a web server in the domain that issued the cookie to you.

How are cookies used on our website?

Details of the cookies we use and why are set out below:  

  • Strictly necessary cookies. These are cookies that are essential to enable you to browse around our websites and for us to maintain your security and privacy while using the website. They are always ‘on’ as without these cookies we can’t operate our website.
  • Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, and remember your preferences where relevant.
  • Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.

We use HotjarMixpanel and Google Analytics cookies on our site.

Google Analytics.  This is a third party cookie.  The information generated by the Google Analytics cookies (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on activity and providing other services relating to activity and internet usage.  Google may also transfer this information to third parties where required to do so by law, or where third parties process the information on Google’s behalf.  

To see more information on the cookies set by Google Analytics see: Cookies and Google Analytics 

To opt out of being tracked by Google Analytics across all websites visit

You can control cookie settings in your browser.  To find out how to do so, you may wish to visit  which contains comprehensive information on how to do this on a wide variety of browsers. Please be aware that restricting cookies may impact on the functionality of our websites.

Who owns this policy?

We are VFD SaaS Technologies Limited (trading as Qokoon). If you have any questions or would like to contact us about this policy, you can contact us by email at