Version 1.0 (July 2020)

About us

We are Huntly Solutions Limited. Our registered office address is 64a Cumberland Street, Edinburgh, Scotland and our company number is SC667648.

We are authorised and regulated by the Financial Conduct Authority (FCA FRN 738728) and under the Electronic Money Regulations 2011 (FCA FRN 900925) for the issuing of electronic money and provision of payment services.

We are registered with the Information Commissioner’s Office (ICO), the data protection regulator in the UK, to use personal data and our registration number is Z1683152.

We are committed to protecting and respecting your privacy.

It is important that you read this Privacy Policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you, so that you are fully aware of how and why we are using it.

When you visit our website, or use any of our applications; or provide information to us via our website, or any of our applications, you are accepting and consenting to our processing of your information in accordance with this Privacy Policy, our Cookie Policy, our Terms of Use and any other contract we may have with you including, without limitation, our Terms and Conditions. 

If you do not agree to the terms set out in these terms and policies, we do not give you permission to use our website or any of our applications and you must cease to do so immediately.

Getting in touch with us

The personal data we hold about you needs to be accurate and current.  Please keep us informed if this information changes during your relationship with us.  You can get in touch with us at dataprotection@paymentsense.com or by phone on 0800 103 2959.

If you have any questions about this Privacy Policy or how we handle privacy, please contact us at dataprotection@paymentsense.com or by phone on 0800 103 2959.

You have the right to make a complaint to the ICO (www.ico.org.uk).  We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance at dataprotection@paymentsense.com or by phone on 0800 103 2959.

Information we hold about you

Under data protection laws, we are known as the data controller of your personal data and this Privacy Policy relates only to our activities as a data controller. We are a data controller whenever we decide how, why, and by what means personal data is to be processed. 

Personal data means any information about you that could be used to help identify you. In this Privacy Policy we use ‘personal data’ and ‘information’ interchangeably.

This includes personal and financial information about you that we collect, use, share and store.  This may include your name, date of birth, address, contact information, financial information, details about your health and lifestyle, employment details and device identifiers including internet protocol (IP) address. It may include information about any other Paymentsense products and services (or products and services provided by our partners) you currently have, you’ve applied for or you’ve had in the past.

Processing of this information occurs whenever any action is taken in relation to it, regardless of whether the action is automated or not. Some common examples of processing include collection, organisation, storing and deletion.

What information do we collect from you?

We collect, use, share and store information about you to provide you with the services you have asked us for and to share information with you about services that may be of interest to you. We use a variety of channels to do so, including via our team of payment consultants. Our payment consultants are not permanent employees of Paymentsense Ltd and are self-employed. We take care to ensure your information is appropriately protected when used by our payment consultants. 

You may provide this information direct to us, for example by the way you communicate or do business with us, such as: 

  • applying for our products or services;
  • using our branches, telephone services, websites or mobile applications;
  • writing to us;
  • entering competitions or promotions;
  • downloading any of our mobile applications or using our websites or digital services, in which case we may gather information about how you access and use these services, such as your IP address and information about the devices or software you use (we may also make other requests or give you more details about how we use your information, for example, we may ask for your location to help find nearby services);
  • using and managing your accounts, (we may take information such as the date, amount and currency of payments made to your account); and
  • giving information to us at any other time, including through social media.

This information may also come from other organisations or people, such as other Paymentsense companies, other organisations you have a relationship with, joint account holders, credit reference agencies, employers, and/or fraud prevention agencies.

If you do not provide the information that we tell you must provide, this may mean that we are unable to properly provide our products and services and/or carry out all our obligations under our contractual agreements with you.

Checking your identity

If you are a merchant or a corporate, we will need to confirm your identity as part of our KYB/KYC process. We will ask you to provide documents, and will also collect information from third-parties, such as commercial registers, for this purpose.

How do we use your information?

We use this information to:

  • to provide our services to you;
  • to help us develop new and improved products and services to meet our customers’ needs;
  • to carry out checks for security purposes, to prevent fraud and money laundering, and to confirm your identity before we provide services to you;
  • for training;
  • to communicate with you;
  • to meet the obligations we have by law and under any regulations that apply;
  • where we have a legitimate interest in using your information, for example to protect our commercial interests or to prevent fraud; and
  • to keep you informed about products and services you hold with us and to send you information about products or services (including those of other companies where you have consented for us to do so) which may be of interest to you.

An example of how we use your information to provide our services:

If any changes we make to our services affect you, we’ll normally contact you using the email address you gave us when you signed up, or through our customer portal, to tell you about the changes.

Under data protection laws, whenever we process your personal data, we must meet at least one set condition for processing. These conditions are set out in data protection laws and we rely on a number of different conditions for the activities we carry out.

We may use your information for the following purposes and under the following legal bases which are described below.

What is the legal basis for using your information?

We must have a legal basis (a valid legal reason) for using your personal data. Our legal basis will be one of the following outlined below.

Keeping to our contracts and agreements with you:

We need certain personal data to provide our services and cannot provide them without this information.

Legal obligations:

In some cases, we have a legal responsibility to collect and store your personal data (for example, under AML laws and regulations we must hold certain information about our customers).

Legitimate interests:

We sometimes collect and use your personal data, or share it with other organisations, because we or they have a legitimate reason to have it and this is reasonable when balanced against your right to privacy.

Consent:

Where you’ve agreed to us collecting your information, for example by using our customer portal we provide, or when you have ticked a box to indicate you are happy for us to use your personal data in a certain way.

Information we collect from you and the legal bases for doing so

Merchants

For the purposes of data protection we consider a physical person (as opposed to a company) that is a sole trader or individual and who registers for/uses our services or buys products from us (such as a card reader) to be a merchant. The personal data we collect from merchants includes:

Category of personal dataNon-exhaustive examples of personal data from each category
Account identification informationMerchant ID number, passwords and equivalent account security information
Contact detailsName, address, phone numbers, email
Financial informationBank details, transaction history, credit history and credit score, information relevant to invoices issued by us to a merchant
Information required to be obtained and kept by lawInformation required for customer identification and verification (e.g. government issued IDs)
Technical and behavioural tracking dataIP address, location data, pages viewed on our website or applications, whether email communications (including embedded links within them) are opened, cookie identifiers, the types of devices you are using to access or connect to our applications, unique device IDs, device attributes, network connection type and provider, network and device performance, browser type, operating system, and application version

The purpose and legal basis for processing the personal data outlined above will be:

Purpose of processing the personal dataLegal basis for processing the personal data
To administer any account or registration you may have with us●        To fulfil our contractual agreement with you●        To comply with applicable law●        To pursue our legitimate interests
To carry out our obligations arising from any contracts entered into between you and us●        To fulfil our contractual agreement with you●        To comply with applicable law●        To pursue our legitimate interests
To provide you with the products and services that you request from us●        To fulfil our contractual agreement with you●        To comply with applicable law●        To pursue our legitimate interests
To administer your participation in any competitions or prize draws we may run from time to time●        To pursue our legitimate interests
To provide you with our newsletter, if you have subscribed to receive it, and any other information that you request from us from time to time●        To pursue our legitimate interests
To communicate with you (via the use of surveys or by other means) about any comments, queries or feedback you might have about us, our website or our applications●        To fulfil our contractual agreement with you●        To pursue our legitimate interests
For publication on our website (for example, in connection with your listing or advertisement or for review or testimonial purposes), but only if you have either provided it to us for that purpose or if you have consented to this●        To pursue our legitimate interests●        When you have provided consent
To enable you to participate in interactive features of our website or our applications, when you choose to do so●        To fulfil our contractual agreement with you●        To pursue our legitimate interests
To ensure that content on our website or in our applications is presented in the most effective manner for you and for your computer●        To fulfil our contractual agreement with you●        To pursue our legitimate interests
To provide you with information about products and services we offer that we feel may interest you by post, telephone, SMS, email or via in-application notifications●        To pursue our legitimate interests●        Where we are required by law to obtain your consent to provide this information, we will obtain your consent. If consent is not required we will provide you an option to opt-out of receiving this information each time that we send information to you
To administer our site and applications and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes●        To pursue our legitimate interests
To keep our website or our applications safe and secure●        To fulfil our contractual agreement with you●        To comply with applicable law●        To pursue our legitimate interests
To measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you●        To pursue our legitimate interests
To make suggestions and recommendations to you and other users of our website and our applications about goods or services that may interest you or them●        To pursue our legitimate interests
To verify your identity as well as your personal and contact information●        To fulfil our contractual agreement with you●        To comply with applicable law●        To pursue our legitimate interests
To record and prove that transactions have been executed●        To fulfil our contractual agreement with you●        To comply with applicable law●        To pursue our legitimate interests
To initiate, exercise and defend any legal claim or collection procedure●        To fulfil our contractual agreement with you●        To comply with applicable law●        To pursue our legitimate interests
To comply with internal compliance procedures●        To comply with applicable law●        To pursue our legitimate interests
To prevent misuse of our services●        To comply with applicable law●        To pursue our legitimate interests
To carry out risk management and fraud prevention processes●        To fulfil our contractual agreement with you●        To comply with applicable law●        To pursue our legitimate interests
To comply with applicable KYB/KYC and AML, book-keeping and capital adequacy laws and to report to tax authorities and other relevant law enforcement agencies●        To comply with applicable law●        To pursue our legitimate interests
To communicate with you in relation to our services●        To fulfil our contractual agreement with you●        To pursue our legitimate interests

End-customers

For end-customers who use services provided by our merchants, we will collect and process the following information:

Category of personal dataNon-exhaustive examples of personal data from each category
Contact detailsName, address, phone numbers, email
Financial informationCard details, Transaction history
Information required to be obtained and kept by lawBook-keeping relevant information
Technical and behavioural tracking dataIP address, location data, pages viewed on our website or applications, whether email communications (including embedded links within them) are opened, cookie identifiers, the types of devices you are using to access or connect to our applications, unique device IDs, device attributes, network connection type and provider, network and device performance, browser type, operating system, and application version

The purpose and legal basis for processing the personal data outlined above will be:

Purpose of processing the personal dataLegal basis for processing the personal data
To process a payment made by the end-customer via a card or through the use of any method that we offer from time to time●        To comply with applicable law●        To pursue our legitimate interests
To ensure that the payment transaction is carried out in a secure manner, mitigating the risk of fraud and other criminal activities●        To comply with applicable law●        To pursue our legitimate interests
To enable the merchant to fulfil the end-customer’s order and mitigate the risk of fraud and other criminal activities. The personal data will also be processed when handling potential complaints and disputes●        To comply with applicable law●        To pursue our legitimate interests
To provide a receipt to an end-customer. We will only use the end-customer’s email address or mobile number to send receipts and will not use or share the contact details for any other purpose unless we obtain the end-customer’s consent in writing, or inform the end-customer prior to processing for a new purpose or for a purpose that is compatible with the purpose for which initially we collected the personal data●        To comply with applicable law●        To pursue our legitimate interests

Individuals and customer representatives

For individuals and customer representatives contacting our customer support team or us generally, via email, telephone, online chat, SMS or any other communication channel, we will collect and process the following information:

Category of personal dataNon-exhaustive examples of personal data from each category
Contact detailsName, address, phone numbers, email
Technical and behavioural tracking dataIP address, location data, pages viewed on our website, whether email communications (including embedded links within them) are opened, cookie identifiers, the types of devices you are using to access or connect to our applications, unique device IDs, device attributes, network connection type and provider, network and device performance, browser type, operating system, and application version

The purpose and legal basis for processing the personal data outlined above will be:

Purpose of processing the personal dataLegal basis for processing the personal data
To administer our site and applications and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes●        To pursue our legitimate interests
To verify your identity as well as your personal and contact information●        To comply with applicable law●        To pursue our legitimate interests
To provide and market services and products to the individual●        To pursue our legitimate interests●        When you have provided consent
To respond to the individual and provide any support that is required●        To pursue our legitimate interests
To communicate with you in relation to our services●        To pursue our legitimate interests●        When you have provided consent

Individuals within corporates

In the case of an executive, director, beneficial owner or authorised signatory of a corporate customer that communicates with us we will collect and process the following information:

Category of personal dataNon-exhaustive examples of personal data from each category
Account identification informationMerchant ID number, passwords and equivalent account security information
Contact detailsName, address, phone numbers, email
Information required to be obtained and kept by lawInformation required for customer identification and verification (e.g. government issued IDs)
Technical and behavioural tracking dataIP address, location data, pages viewed on our website, whether email communications (including embedded links within them) are opened, cookie identifiers, the types of devices you are using to access or connect to our applications, unique device IDs, device attributes, network connection type and provider, network and device performance, browser type, operating system, and application version

The purpose and legal basis for processing the personal data outlined above will be:

Purpose of processing the personal dataLegal basis for processing the personal data
To administer our site and applications and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes●        To pursue our legitimate interests
To provide you with our newsletter, if you have subscribed to receive it, and any other information that you request from us from time to time●        To pursue our legitimate interests
To communicate with you (via the use of surveys or by other means) about any comments, queries or feedback you might have about us, our website or our applications●        To pursue our legitimate interests
To keep our website and our applications safe and secure●        To comply with applicable law●        To pursue our legitimate interests
To verify your identity as well as your personal and contact information●        To comply with applicable law●        To pursue our legitimate interests
To initiate, exercise and defend any legal claim or collection procedure●        To comply with applicable law●        To pursue our legitimate interests
To provide you with information about products and services we offer that we feel may interest you by post, telephone, SMS, email or via in-application notifications●        To pursue our legitimate interests●        Where we are required by law to obtain your consent to provide this information, we will obtain your consent. If consent is not required we will provide you an option to opt-out of receiving this information each time that we send information to you.
To make suggestions and recommendations to you and other users of our website and our applications about goods or services that may interest you or them●        To pursue our legitimate interests
To comply with internal compliance procedures●        To comply with applicable law●        To pursue our legitimate interests
To prevent misuse of our services●        To comply with applicable law●        To pursue our legitimate interests
To carry out risk management and fraud prevention processes●        To comply with applicable law●        To pursue our legitimate interests
To comply with applicable KYB/KYCAML, book-keeping and capital adequacy laws and to report to tax authorities and other relevant law enforcement agencies●        To comply with applicable law●        To pursue our legitimate interests
To communicate with you in relation to our services●        To pursue our legitimate interests●        When you have provided consent

Collecting information from third-parties

To ensure that the services we provide are secure and efficient we process personal data from selected third-parties. These third-party sources (and the categories of information) include:

Category of third-partyCategory of personal data
Credit rating agencies●        Financial information●        Information required to be obtained and kept by law
Fraud detection agencies●        Information required to be obtained and kept by law
Financial institutions such as banks and card networks●        Financial information●        Information required to be obtained and kept by law
Tax authorities●        Information required to be obtained and kept by law
Publicly available registries maintained by or on behalf of national authorities●        Contact details●        Information required to be obtained and kept by law
Companies in the same corporate group as us●        Contact details

Sharing information with named third-parties

We currently share personal data with the following named third-parties for the following purposes:

Third-party nameWhy we share personal data with them
IngenicoDispatch terminal to our customers
SpireDispatch terminal to our customers
LantecDispatch terminal to our customers and arrange an engineer installation
HMRCpersonal data for payment of PAYE, student loan deductions, tax code notices and related matters
ONS (Office of National Statistics)Sharing of corporate data, staff numbers, payroll totals
Adobe SignAdobe makes contracts that we autofill with our customer’s data and Adobe sends the contracts to our customer’s email addresses
TalkdeskProvides contact centre software to us. This allows us to answer, transfer, monitor and record customer calls
SysnetProvides service to our customers to help them become Payment Card Industry compliant. This includes phone based support, filling out questionnaires and related matters
ExperianBackground checks as part of regulatory and other requirements
UKPRDispatch till rolls to our customers
EpayProvide mobile phone card top up service for our customers
AI CorpProvide ecommerce and MOTO payment services
GoCardlessTo set up direct debit payments for our services
Lloyds Bank plcPersonal banking details for the purpose of making payroll related payments and expense reimbursement. Corporate credits in the name of staff
HSBC Bank plcPersonal banking details for the purpose of making payroll related payments and expense reimbursement. Corporate credits in the name of staff
AmexCorporate credit cards which are held in the name of senior staff in the business
Pure PrintTo provide printed materials to our sales agents, customers and partners
Jaden PressTo provide printed materials to our sales agents, customers and partners
UKPRTo provide printed materials to our sales agents, customers and partners
PHD MailTo provide printed materials to our sales agents, customers and partners
Colour CompanyTo provide printed materials to our sales agents, customers and partners and Provides our customers with a bag to return terminals to us
EmarsysAn email service provider that enables us to provide marketing and transactional emails to our customers, partners and prospects
Mail ChimpAn email service provider that enables us to provide marketing and transactional emails to our customers, partners and prospects
Reward GatewayProvides a rewards platform offered to our customers
Golley SlaterProvides telephony support for partners
GoogleEnhanced targeting/exclusions from advertising
LinkedinEnhanced targeting/exclusions from advertising
FacebookEnhanced targeting/exclusions from advertising
TwitterEnhanced targeting/exclusions from advertising
MicrosoftEnhanced targeting/exclusions from advertising
ResponseTapProvides call tracking, call recording and campaign measurement through the allocation of bespoke phone numbers
ContisProvides gift card services to our customers
TransUnionProvides background checks as part of
regulatory and other requirements
EmailageProvides risk scoring services in relation to our customers
CifasFraud protection and background checks as part of regulatory and other requirements
B2BCollectionsDebt-collection activity where this applies
NICE (inContact)Contact centre software
WorkdayFinancial and human resources management for our employees
UPSPostal and delivery services
YodelPostal and delivery services
PrologOrder fulfilment infrastructure
SegmentCustomer data infrastructure
MimecastCybersecurity services
Banking CircleLending services for merchants
YouLendLending services for merchants
SlackInternal communications to enable instant messaging

Sharing your information with others

Sharing your information with credit reference and fraud prevention agencies

When processing your application, we will carry out credit and identity checks on you with one or more credit reference agencies. To do this, we will give the credit reference agencies your personal data and they will give us information about you. This may make it difficult for you to get credit in the future. We will also continue to exchange information about you with credit reference agencies while you have a relationship with us, for example, if we have asked you to pay an amount you owe us and we do not receive a satisfactory reply from you within our stated time limit, or if you give us false or inaccurate information. The credit reference agencies may share your personal data with other organisations.

The credit reference agencies, and the ways in which they use and share personal data, are explained in more detail at www.experian.co.uk/crain/ and www.equifax.co.uk/crain/.

Records we share with credit reference agencies will stay on your file for six years after your file is closed, whether you’ve settled the debt or failed to pay it off.

If you’d like to know about the information credit reference agencies hold about you, you should contact them directly (please note, they will charge you a fee for this service). Not every agency will hold the same information, so you should consider contacting them all.

Their contact details are as follows:

TransUnion: www.transunion.co.uk/contact-us

Equifax PLC: www.equifax.co.uk/support/en_gb/

Experian: www.experian.co.uk/contact-us/

We will share your information with fraud prevention agencies who will use it to prevent fraud and money laundering, and to confirm your identity. We and fraud prevention agencies may also allow law enforcement agencies to access and use your personal data to detect, investigate and prevent crime. If fraud is detected, you could be refused certain services or finance.

Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to present a fraud or money-laundering risk, they can hold your information for up to six years.

Sharing your information with third-parties

We may also share your information with the following third-parties:

  • companies that are in the same corporate group as us;
  • suppliers and subcontractors who provide, for example, IT support, logistics, communication, customer support, marketing, acquiring and PCI compliance services and our business partners who we may share personal data with in order for them to provide you with information about similar goods and services (with your consent);
  • advertisers and advertising networks that require anonymised data to select and serve relevant adverts to you and others. We shall provide them with aggregate information about our users (for example, we may inform them that 150 men aged 35-45 have clicked on their advertisement on any given day). We shall also use such aggregate information to help advertisers reach the kind of audience they want to target (for example, men in a particular location). We shall make use of the information we have collected from you to enable us to comply with our advertisers’ wishes by displaying their advertisement to that target audience;
  • user experience, service design and market research agencies that assist us in the improvement and optimisation of the products and services that we offer to customers as well as with other market research projects;
  • analytics and search engine providers that assist us in the improvement and optimisation of our website and our applications;
  • credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you (please see earlier in this Privacy Policy for detail on this);
  • sharing your information with a party we assign our rights to, under applicable contractual arrangements; and
  • sharing information with our funding partners in circumstances concerning our financial affairs.

An example of when we may share your personal data with our partners:

If you apply for a merchant instant settlement product, we or our lending partner (the provider of this product) will carry out a credit check to better understand your financial circumstances and repayment history.

An example of how we use your personal data for marketing:

If you are a Paymentsense customer, we may contact you about optional extras, loyalty bonuses or promotional offers where you have consented to this. We may use information we gather about you through your use of our services to tailor these offers to you.

We may also disclose your personal data to third-parties:

  • in the event that we sell or buy any business or assets, to the prospective seller or buyer of such business or assets and their advisors;
  • if we or substantially all of the company’s assets are acquired by a third-party, in which case personal data held by the company about our customers will be one of the transferred assets;
  • if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our various terms, policies and other agreements; or to protect the rights, property, or safety of us, our customers, or others. This includes exchanging information with other companies and organisations for AML and fraud prevention, and credit risk purposes

We shall share an end-customer’s personal data with a merchant when it is to enable the merchant to fulfil the end-customer’s order and mitigate the risk of fraud and other criminal activities. The personal data will also be processed when handling potential complaints and disputes. Personal data shared with a merchant will be subject to the merchant’s data protection policy and not this Privacy Policy.

Where merchants process card transaction data and cardholder data, they must process this in line with our Terms and Conditions. Please refer to these Terms and Conditions for further information.

If a third-party processes personal data on our instruction they are likely to be a data processor. An example of this will be in relation to our suppliers of IT and marketing services. In such cases, we only share personal data for purposes that are compatible with the reasons contained in this Privacy Policy. All data processors are subject to written agreements that ensure the security of personal data and limit the transfer of personal data to third countries.

If a third-party is considered to be a data controller, we are not able to dictate how that third-party will process the data that has been provided. Examples of common third-party data controllers would be credit rating agencies or financial institutions. In such cases, the data protection policies of the third-party data controller will apply.

Links to third-party websites

Our website features third-party advertising which provides links to and from third-party websites. If you follow a link to any of these third-party websites, you should be aware that these websites have their own privacy policies and the operators of those websites will handle your information in accordance with such policies and not with this Privacy Policy. We have no control over such third-parties or their websites or privacy policies. These third-parties may contact you or permit third-parties to contact you for marketing purposes in accordance with their own privacy policies, unless you opt out of such communications.

We do not accept any responsibility or liability for third-party websites or their privacy policies. We strongly advise you to check such policies and the reputation of the website before you submit your information to, or carry out any transaction on, any third-party website.

We welcome any feedback you may have about third-party websites linked to from our website. Please email us at dataprotection@paymentsense.com or by phone on 0800 103 2959.

Our relationship with Apple and Google Play

We acknowledge that when you use our application, as provided on Apple’s App Store and Google’s Play Store, any end-user licence agreement is concluded between us and you – and not with either Apple or Google. You further agree to observe the App Store Terms of Service and the Google Play Terms of Service.

How we secure your information

We have in place a level of security appropriate to the nature of the information stored and the harm that might result from a breach of security. Your information is stored on our secure servers. The transmission of any payment transactions will be encrypted using TLS technology.

All environments that are used in the transmission of payment transactions are hosted in an environment that has passed PCI DSS Level 1 service provider accreditation, and are therefore required to adhere to all the requirements stated by the PCI Security Standards Council.

To get more information about the different requirements of the PCI Security Standards Council please read more here.

Please note that the transmission of information via the internet is not completely secure and, although we will do our best to protect your information, we cannot guarantee the security of any of your information transmitted via our website or our applications. Any transmission is at your own risk. If we become aware that the security of your information has been compromised, we will notify you by email or as otherwise required by law.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website or our applications, you are responsible for keeping this password confidential and you must not share it with anyone.

If you think your password or any other aspect of your account has become compromised, you must inform us immediately at dataprotection@paymentsense.com or by phone on 0800 103 2959.

How long will we will keep your information

We will keep your information for as long as is needed for the purposes set out above or as required by any laws that apply.

If you close your account, if we refuse your application for an account or product, or you decide not to go ahead with your application for an account or product, we’ll still keep your information. We may also continue to collect information from credit reference agencies to use after your account is closed. We’ll do this for as long as we’re allowed to for legitimate business purposes, to help prevent fraud and other financial crime, and for other legal and regulatory reasons.

Sharing your information outside the European Economic Area (EEA)

When we or fraud prevention agencies transfer your information outside the EEA, we or the fraud prevention agencies will:

  • make sure that the organisations we transfer your information to apply an equivalent level of protection;
  • include conditions in the contract with the organisations receiving your personal data to protect it to the standard required in the EEA; and
  • possibly ask the organisations receiving your information to subscribe to international frameworks intended to allow information to be shared securely.

If we are transferring your information, we may also transfer it to either a country considered by the European Commission to provide adequate protection of your information, or to a different country if you agree to this. If we transfer your information outside the EEA in other circumstances (for example, because we have to reveal the information to help prevent or detect a crime), we’ll make sure we share that information lawfully.

What happens regarding Brexit?

As the UK has left the European Union (EU), it has ceased to be an EU member state. We may still be required (for the purposes described in this Privacy Policy) to:

  • transfer personal data from the UK to the EU, the EEA or elsewhere; and
  • receive personal data from outside the UK (including from the EU/EEA) into the UK.

Where we make or receive such transfers, we will ensure that those transfers are lawful and (where necessary) we shall put in place appropriate measures, such as contractual commitments or other valid data transfer mechanisms, to ensure that personal data is sent and received in accordance with applicable law.

What are my rights?

Your right to:What this means
ask us to send you (or someone you nominate) a copy of the information we hold about youWe provide this privacy notice to explain how we use your personal data
access your personal data with usIf you make a ‘data subject access request’ to us, we will provide a copy of the personal data we hold about you. We can’t give you any information about other people, information which is linked to an ongoing criminal or fraud investigation, or information which is linked to settlement negotiations with you. We also won’t provide you with any communication we’ve had with our legal advisers
ask us to correct or delete any incorrect or incomplete information we hold about you (we will correct any information we believe is incorrect or incomplete)You can have incomplete or inaccurate information corrected. Before we update your records with us, we may need to check the accuracy of the new information you have provided
ask us to stop using your informationWe will stop using your information if there is no legal reason for us to continue to hold or use it
object to any automated decision-makingIn the event that you request the deletion of personal data or for the use of personal data to be restricted, we reserve the right to no longer provide services and products to you under any applicable contract
ask us to transfer certain personal data to you or to another organisation, including service providers, in a format they can use where this is technically possible (known as the ‘right to data portability’)We will transmit personal data in structured, commonly used and machine readable formats
ask us to transfer a copy of some of your information to you or to another organisation, including service providers, where this is technically possibleWe will transmit personal data in structured, commonly used and machine readable formats
withdraw any permission you have previously given to allow us to use your informationIf you have given us any consent we need to use your personal data, you can withdraw your consent at any time by contacting us at: dataprotection@paymentsense.com or by phone on 0800 103 2959
ask us to stop or start sending you marketing messages at any timePlease get in touch with us on dataprotection@paymentsense.com or by phone on 0800 103 2959 to do this

How we use cookies

Our website uses cookies to distinguish you from other website users. Cookies help to provide a more personalised experience when you browse our website and also allows us to improve our website. Please take a look at our Cookie Policy for detailed information on the cookies we use and the purposes for which we use them.

Other legal information

Children

We do not knowingly collect information from individuals who are under the age of 16. If you are under the age of 16, please do not register an account with our website or provide any information about yourself on our website. If you have already done so, please contact us.

No waiver

If we fail to exercise, or delay in exercising, any right or remedy contained in this Privacy Policy, that does not mean we have waived that right or remedy and such failure or delay shall not be construed as a waiver.

Severance

This Privacy Policy is designed to comply with applicable data protection laws. However, in the event that any provision or part-provision of this Privacy Policy is or becomes unlawful, invalid or otherwise unenforceable, the offending provision or part-provision shall be deemed severed from this Privacy Policy. In this event, the validity and enforceability of the rest of the Privacy Policy shall not be affected.

Changes to our Privacy Policy

By submitting your information to us, you consent to the use of the information as set out in this Privacy Policy.

If we change our Privacy Policy, we will post the changes on this page and may place notices elsewhere on our website (such as the home page) for a reasonable period of time.

Your continued use of our website and our services following any changes to this Privacy Policy will mean you accept those changes.

Glossary and interpretation

What words and phrases in bold mean

AML means anti-money laundering.

customer portal means the portal you use to access information regarding your use of the services through the Paymentsense website and the Paymentsense app if you have installed it.

data controller has the meaning given in the GDPR.

data processor has the meaning given in the GDPR.

data protection laws means the GDPR and other laws or regulations that apply to the processing of personal data.

data subject has the meaning given in the GDPR.

GDPR means the General Data Protection Regulation (EU 2016/679) or substantially equivalent laws enacted later in the UK.

KYB means Know Your Business.

KYC means Know Your Customer.

MOTO means mail order telephone order.

PCI DSS means the Payment Card Industry Data Security Standard.