Privacy Policy

Revision Date
October 7, 2021
  1. 1. About us

    We are Payor Limited. Payor is a trading name of Payor Limited.

    Our registered office address is 34 Fordingbridge Road, Southsea ,PO4 9JW and our company number is 13538204.

    We are authorised and regulated by the Financial Conduct Authority for the issuing of electronic money and provision of payment services.

    We are registered with the Information Commissioner’s Office (ICO), the data protection regulator in the UK, to use personal data and our registration number is.

    We are committed to protecting and respecting your privacy.

    It is important that you read this Privacy Policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you, so that you are fully aware of how and why we are using it.

    When you visit our website, or use any of our applications; or provide information to us via our website, or any of our applications, you are accepting and consenting to our processing of your information in accordance with this Privacy Policy, our Cookie Policy, our Website Terms and Conditions and any other contract we may have with you including, without limitation, our Terms and Conditions.

    2. Getting in touch with us

    The personal data we hold about you needs to be accurate and current. Please keep us informed if this information changes during your relationship with us. You can get in touch with us at dataprotection@Payorworld.com.

    If you have any questions about this Privacy Policy or how we handle privacy, please contact us at dataprotection@payorworld.com.

    You have the right to make a complaint to the ICO (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance at dataprotection@payorworld.com.

    3. Information we hold about you

    Under data protection laws, we are known as the data controller of your personal data and this Privacy Policy relates only to our activities as a data controller. We are a data controller whenever we decide how, why, and by what means personal data is to be processed.

    Personal data means any information about you that could be used to help identify you. In this Privacy Policy we use ‘personal data’ and ‘information’ interchangeably.

    This includes personal and financial information about you that we collect, use, share and store. This may include your name, date of birth, address, contact information, financial information, details about your health and lifestyle, employment details and device identifiers including internet protocol (IP) address. It may include information about any other Payor products and services (or products and services provided by our partners) you currently have, you’ve applied for or you’ve had in the past.

    Processing of this information occurs whenever any action is taken in relation to it, regardless of whether the action is automated or not. Some common examples of processing include collection, organisation, storing and deletion.

    4. What information do we collect from you?

    We collect, use, share and store information about you to provide you with the services you have asked us for and to share information with you about services that may be of interest to you. We use a variety of channels to do so, including via our team of payment consultants. Our payment consultants are not permanent employees of Payor Ltd and are self-employed. We take care to ensure your information is appropriately protected when used by our payment consultants.

    You may provide this information direct to us, for example by the way you communicate or do business with us, such as:

    • applying for our products or services;
    • using our branches, telephone services, websites or mobile applications;
    • writing to us;
    • entering competitions or promotions;
    • downloading any of our mobile applications or using our websites or digital services, in which case we may gather information about how you access and use these services, such as your IP address and information about the devices or software you use (we may also make other requests or give you more details about how we use your information, for example, we may ask for your location to help find nearby services);
    • using and managing your accounts, (we may take information such as the date, amount and currency of payments made to your account); and
    • giving information to us at any other time, including through social media.

    This information may also come from other organisations or people, such as other Payor companies, other organisations you have a relationship with, joint account holders, credit reference agencies, employers, and/or fraud prevention agencies.

    If you do not provide the information that we tell you must provide, this may mean that we are unable to properly provide our products and services and/or carry out all our obligations under our contractual agreements with you.

    Checking your identity

    If you are a merchant or a corporate, we will need to confirm your identity as part of our KYB/KYC process. We will ask you to provide documents, and will also collect information from third-parties, such as commercial registers, for this purpose.

    5. How do we use your information?

    We use this information to:

    • to provide our services to you;
    • to help us develop new and improved products and services to meet our customers’ needs;
    • to carry out checks for security purposes, to prevent fraud and money laundering, and to confirm your identity before we provide services to you;
    • for training;
    • to communicate with you;
    • to meet the obligations we have by law and under any regulations that apply;
    • where we have a legitimate interest in using your information, for example to protect our commercial interests or to prevent fraud; and
    • to keep you informed about products and services you hold with us and to send you information about products or services (including those of other companies where you have consented for us to do so) which may be of interest to you.

    An example of how we use your information to provide our services:

    If any changes we make to our services affect you, we’ll normally contact you using the email address you gave us when you signed up, or through our customer portal, to tell you about the changes.

    Under data protection laws, whenever we process your personal data, we must meet at least one set condition for processing. These conditions are set out in data protection laws and we rely on a number of different conditions for the activities we carry out.

    We may use your information for the following purposes and under the following legal bases which are described below.

    6. What is the legal basis for using your information?

    We must have a legal basis (a valid legal reason) for using your personal data. Our legal basis will be one of the following outlined below.

    Keeping to our contracts and agreements with you:

    We need certain personal data to provide our services and cannot provide them without this information.

    Legal obligations:

    In some cases, we have a legal responsibility to collect and store your personal data (for example, under AML laws and regulations we must hold certain information about our customers).

    Legitimate interests:

    We sometimes collect and use your personal data, or share it with other organisations, because we or they have a legitimate reason to have it and this is reasonable when balanced against your right to privacy.

    Consent:

    Where you’ve agreed to us collecting your information, for example by using our customer portal we provide, or when you have ticked a box to indicate you are happy for us to use your personal data in a certain way.

    7. Information we collect from you and the legal bases for doing so

    Merchants

    For the purposes of data protection we consider a physical person (as opposed to a company) that is a sole trader or individual and who registers for/uses our services or buys products from us (such as a card reader) to be a merchant. The personal data we collect from merchants includes:

    Category of personal data

    Non-exhaustive examples of personal data from each category

    Account identification information

    Merchant ID number, passwords and equivalent account security information

    Contact details

    Name, address, phone numbers, email

    Financial information

    Bank details, transaction history, credit history and credit score, information relevant to invoices issued by us to a merchant

    Information required to be obtained and kept by law

    Information required for customer identification and verification (e.g. government issued IDs)

    Technical and behavioural tracking data

    IP address, location data, pages viewed on our website or applications, whether email communications (including embedded links within them) are opened, cookie identifiers, the types of devices you are using to access or connect to our applications, unique device IDs, device attributes, network connection type and provider, network and device performance, browser type, operating system, and application version

     The purpose and legal basis for processing the personal data outlined above will be:

    Purpose of processing the personal data

    Legal basis for processing the personal data

    To administer any account or registration you may have with us

    ●        To fulfil our contractual agreement with you

    ●        To comply with applicable law

    ●        To pursue our legitimate interests

    To carry out our obligations arising from any contracts entered into between you and us

    ●        To fulfil our contractual agreement with you

    ●        To comply with applicable law

    ●        To pursue our legitimate interests

    To provide you with the products and services that you request from us

    ●        To fulfil our contractual agreement with you

    ●        To comply with applicable law

    ●        To pursue our legitimate interests

    To administer your participation in any competitions or prize draws we may run from time to time

    ●        To pursue our legitimate interests

    To provide you with our newsletter, if you have subscribed to receive it, and any other information that you request from us from time to time

    ●        To pursue our legitimate interests

    To communicate with you (via the use of surveys or by other means) about any comments, queries or feedback you might have about us, our website or our applications

    ●        To fulfil our contractual agreement with you

    ●        To pursue our legitimate interests

    For publication on our website (for example, in connection with your listing or advertisement or for review or testimonial purposes), but only if you have either provided it to us for that purpose or if you have consented to this

    ●        To pursue our legitimate interests

    ●        When you have provided consent

    To enable you to participate in interactive features of our website or our applications, when you choose to do so

    ●        To fulfil our contractual agreement with you

    ●        To pursue our legitimate interests

    To ensure that content on our website or in our applications is presented in the most effective manner for you and for your computer

    ●        To fulfil our contractual agreement with you

    ●        To pursue our legitimate interests

    To provide you with information about products and services we offer that we feel may interest you by post, telephone, SMS, email or via in-application notifications

    ●        To pursue our legitimate interests

    ●        Where we are required by law to obtain your consent to provide this information, we will obtain your consent. If consent is not required we will provide you an option to opt-out of receiving this information each time that we send information to you

    To administer our site and applications and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes

    ●        To pursue our legitimate interests

    To keep our website or our applications safe and secure

    ●        To fulfil our contractual agreement with you

    ●        To comply with applicable law

    ●        To pursue our legitimate interests

    To measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you

    ●        To pursue our legitimate interests

    To make suggestions and recommendations to you and other users of our website and our applications about goods or services that may interest you or them

    ●        To pursue our legitimate interests

    To verify your identity as well as your personal and contact information

    ●        To fulfil our contractual agreement with you

    ●        To comply with applicable law

    ●        To pursue our legitimate interests

    To record and prove that transactions have been executed

    ●        To fulfil our contractual agreement with you

    ●        To comply with applicable law

    ●        To pursue our legitimate interests

    To initiate, exercise and defend any legal claim or collection procedure

    ●        To fulfil our contractual agreement with you

    ●        To comply with applicable law

    ●        To pursue our legitimate interests

    To comply with internal compliance procedures

    ●        To comply with applicable law

    ●        To pursue our legitimate interests

    To prevent misuse of our services

    ●        To comply with applicable law

    ●        To pursue our legitimate interests

    To carry out risk management and fraud prevention processes

    ●        To fulfil our contractual agreement with you

    ●        To comply with applicable law

    ●        To pursue our legitimate interests

    To comply with applicable KYB/KYC and AML, book-keeping and capital adequacy laws and to report to tax authorities and other relevant law enforcement agencies

    ●        To comply with applicable law

    ●        To pursue our legitimate interests

    To communicate with you in relation to our services

    ●        To fulfil our contractual agreement with you

    ●        To pursue our legitimate interests

    End-customers

    For end-customers who use services provided by our merchants, we will collect and process the following information:

    Category of personal data

    Non-exhaustive examples of personal data from each category

    Contact details

    Name, address, phone numbers, email

    Financial information

    Card details, Transaction history

    Information required to be obtained and kept by law

    Book-keeping relevant information

    Technical and behavioural tracking data

    IP address, location data, pages viewed on our website or applications, whether email communications (including embedded links within them) are opened, cookie identifiers, the types of devices you are using to access or connect to our applications, unique device IDs, device attributes, network connection type and provider, network and device performance, browser type, operating system, and application version

     The purpose and legal basis for processing the personal data outlined above will be:

    Purpose of processing the personal data

    Legal basis for processing the personal data

    To process a payment made by the end-customer via a card or through the use of any method that we offer from time to time

    ●        To comply with applicable law

    ●        To pursue our legitimate interests

    To ensure that the payment transaction is carried out in a secure manner, mitigating the risk of fraud and other criminal activities

    ●        To comply with applicable law

    ●        To pursue our legitimate interests

    To enable the merchant to fulfil the end-customer’s order and mitigate the risk of fraud and other criminal activities. The personal data will also be processed when handling potential complaints and disputes

    ●        To comply with applicable law

    ●        To pursue our legitimate interests

    To provide a receipt to an end-customer. We will only use the end-customer’s email address or mobile number to send receipts and will not use or share the contact details for any other purpose unless we obtain the end-customer’s consent in writing, or inform the end-customer prior to processing for a new purpose or for a purpose that is compatible with the purpose for which initially we collected the personal data

    ●        To comply with applicable law

    ●        To pursue our legitimate interests

    Individuals and customer representatives

    For individuals and customer representatives contacting our customer support team or us generally, via email, telephone, online chat, SMS or any other communication channel, we will collect and process the following information:

    Category of personal data

    Non-exhaustive examples of personal data from each category

    Contact details

    Name, address, phone numbers, email

    Technical and behavioural tracking data

    IP address, location data, pages viewed on our website, whether email communications (including embedded links within them) are opened, cookie identifiers, the types of devices you are using to access or connect to our applications, unique device IDs, device attributes, network connection type and provider, network and device performance, browser type, operating system, and application version

    The purpose and legal basis for processing the personal data outlined above will be:

    Purpose of processing the personal data

    Legal basis for processing the personal data

    To administer our site and applications and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes

    ●        To pursue our legitimate interests

    To verify your identity as well as your personal and contact information

    ●        To comply with applicable law

    ●        To pursue our legitimate interests

    To provide and market services and products to the individual

    ●        To pursue our legitimate interests

    ●        When you have provided consent

    To respond to the individual and provide any support that is required

    ●        To pursue our legitimate interests

    To communicate with you in relation to our services

    ●        To pursue our legitimate interests

    ●        When you have provided consent

    Individuals within corporates

    In the case of an executive, director, beneficial owner or authorised signatory of a corporate customer that communicates with us we will collect and process the following information:

    Category of personal data

    Non-exhaustive examples of personal data from each category

    Account identification information

    Merchant ID number, passwords and equivalent account security information

    Contact details

    Name, address, phone numbers, email

    Information required to be obtained and kept by law

    Information required for customer identification and verification (e.g. government issued IDs)

    Technical and behavioural tracking data

    IP address, location data, pages viewed on our website, whether email communications (including embedded links within them) are opened, cookie identifiers, the types of devices you are using to access or connect to our applications, unique device IDs, device attributes, network connection type and provider, network and device performance, browser type, operating system, and application version

     The purpose and legal basis for processing the personal data outlined above will be:

    Purpose of processing the personal data

    Legal basis for processing the personal data

    To administer our site and applications and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes

    ●        To pursue our legitimate interests

    To provide you with our newsletter, if you have subscribed to receive it, and any other information that you request from us from time to time

    ●        To pursue our legitimate interests

    To communicate with you (via the use of surveys or by other means) about any comments, queries or feedback you might have about us, our website or our applications

    ●        To pursue our legitimate interests

    To keep our website and our applications safe and secure

    ●        To comply with applicable law

    ●        To pursue our legitimate interests

    To verify your identity as well as your personal and contact information

    ●        To comply with applicable law

    ●        To pursue our legitimate interests

    To initiate, exercise and defend any legal claim or collection procedure

    ●        To comply with applicable law

    ●        To pursue our legitimate interests

    To provide you with information about products and services we offer that we feel may interest you by post, telephone, SMS, email or via in-application notifications

    ●        To pursue our legitimate interests

    ●        Where we are required by law to obtain your consent to provide this information, we will obtain your consent. If consent is not required we will provide you an option to opt-out of receiving this information each time that we send information to you.

    To make suggestions and recommendations to you and other users of our website and our applications about goods or services that may interest you or them

    ●        To pursue our legitimate interests

    To comply with internal compliance procedures

    ●        To comply with applicable law

    ●        To pursue our legitimate interests

    To prevent misuse of our services

    ●        To comply with applicable law

    ●        To pursue our legitimate interests

    To carry out risk management and fraud prevention processes

    ●        To comply with applicable law

    ●        To pursue our legitimate interests

    To comply with applicable KYB/KYCAML, book-keeping and capital adequacy laws and to report to tax authorities and other relevant law enforcement agencies

    ●        To comply with applicable law

    ●        To pursue our legitimate interests

    To communicate with you in relation to our services

    ●        To pursue our legitimate interests

    ●        When you have provided consent

    In the case of an executive, director, beneficial owner or authorised signatory of a corporate customer that communicates with us we will collect and process the following information:

    Category of personal data

    Non-exhaustive examples of personal data from each category

    Account identification information

    Merchant ID number, passwords and equivalent account security information

    Contact details

    Name, address, phone numbers, email

    Information required to be obtained and kept by law

    Information required for customer identification and verification (e.g. government issued IDs)

    Technical and behavioural tracking data

    IP address, location data, pages viewed on our website, whether email communications (including embedded links within them) are opened, cookie identifiers, the types of devices you are using to access or connect to our applications, unique device IDs, device attributes, network connection type and provider, network and device performance, browser type, operating system, and application version

     The purpose and legal basis for processing the personal data outlined above will be:

    Purpose of processing the personal data

    Legal basis for processing the personal data

    To administer our site and applications and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes

    ●        To pursue our legitimate interests

    To provide you with our newsletter, if you have subscribed to receive it, and any other information that you request from us from time to time

    ●        To pursue our legitimate interests

    To communicate with you (via the use of surveys or by other means) about any comments, queries or feedback you might have about us, our website or our applications

    ●        To pursue our legitimate interests

    To keep our website and our applications safe and secure

    ●        To comply with applicable law

    ●        To pursue our legitimate interests

    To verify your identity as well as your personal and contact information

    ●        To comply with applicable law

    ●        To pursue our legitimate interests

    To initiate, exercise and defend any legal claim or collection procedure

    ●        To comply with applicable law

    ●        To pursue our legitimate interests

    To provide you with information about products and services we offer that we feel may interest you by post, telephone, SMS, email or via in-application notifications

    ●        To pursue our legitimate interests

    ●        Where we are required by law to obtain your consent to provide this information, we will obtain your consent. If consent is not required we will provide you an option to opt-out of receiving this information each time that we send information to you.

    To make suggestions and recommendations to you and other users of our website and our applications about goods or services that may interest you or them

    ●        To pursue our legitimate interests

    To comply with internal compliance procedures

    ●        To comply with applicable law

    ●        To pursue our legitimate interests

    To prevent misuse of our services

    ●        To comply with applicable law

    ●        To pursue our legitimate interests

    To carry out risk management and fraud prevention processes

    ●        To comply with applicable law

    ●        To pursue our legitimate interests

    To comply with applicable KYB/KYCAML, book-keeping and capital adequacy laws and to report to tax authorities and other relevant law enforcement agencies

    ●        To comply with applicable law

    ●        To pursue our legitimate interests

    To communicate with you in relation to our services

    ●        To pursue our legitimate interests

    ●        When you have provided consent

    Collecting information from third-parties

    To ensure that the services we provide are secure and efficient we process personal data from selected third-parties. These third-party sources (and the categories of information) include:

    Category of third-party

    Category of personal data

    Credit rating agencies

    ●        Financial information

    ●        Information required to be obtained and kept by law

    Fraud detection agencies

    ●        Information required to be obtained and kept by law

    Financial institutions such as banks and card networks

    ●        Financial information

    ●        Information required to be obtained and kept by law

    Tax authorities

    ●        Information required to be obtained and kept by law

    Publicly available registries maintained by or on behalf of national authorities

    ●        Contact details

    ●        Information required to be obtained and kept by law

    Companies in the same corporate group as us

    ●        Contact details

     Sharing information with named third-parties

    We currently share personal data with the following named third-parties for the following purposes:

    Third-party name

    Why we share personal data with them

    Ingenico

    Dispatch terminal to our customers

    Spire

    Dispatch terminal to our customers

    Lantec

    Dispatch terminal to our customers and arrange an engineer installation

    HMRC

    personal data for payment of PAYE, student loan deductions, tax code notices and related matters

    ONS (Office of National Statistics)

    Sharing of corporate data, staff numbers, payroll totals

    Adobe Sign

    Adobe makes contracts that we autofill with our customer’s data and Adobe sends the contracts to our customer’s email addresses

    Talkdesk

    Provides contact centre software to us. This allows us to answer, transfer, monitor and record customer calls

    Sysnet

    Provides service to our customers to help them become Payment Card Industry compliant. This includes phone based support, filling out questionnaires and related matters

    Experian

    Background checks as part of regulatory and other requirements

    UKPR

    Dispatch till rolls to our customers

    Epay

    Provide mobile phone card top up service for our customers

    AI Corp

    Provide ecommerce and MOTO payment services

    GoCardless

    To set up direct debit payments for our services

    Lloyds Bank plc

    Personal banking details for the purpose of making payroll related payments and expense reimbursement. Corporate credits in the name of staff

    HSBC Bank plc

    Personal banking details for the purpose of making payroll related payments and expense reimbursement. Corporate credits in the name of staff

    Amex

    Corporate credit cards which are held in the name of senior staff in the business

    Pure Print

    To provide printed materials to our sales agents, customers and partners

    Jaden Press

    To provide printed materials to our sales agents, customers and partners

    UKPR

    To provide printed materials to our sales agents, customers and partners

    PHD Mail

    To provide printed materials to our sales agents, customers and partners

    Colour Company

    To provide printed materials to our sales agents, customers and partners and Provides our customers with a bag to return terminals to us

    Emarsys

    An email service provider that enables us to provide marketing and transactional emails to our customers, partners and prospects

    Mail Chimp

    An email service provider that enables us to provide marketing and transactional emails to our customers, partners and prospects

    Reward Gateway

    Provides a rewards platform offered to our customers

    Golley Slater

    Provides telephony support for partners

    Google

    Enhanced targeting/exclusions from advertising

    Linkedin

    Enhanced targeting/exclusions from advertising

    Facebook

    Enhanced targeting/exclusions from advertising

    Twitter

    Enhanced targeting/exclusions from advertising

    Microsoft

    Enhanced targeting/exclusions from advertising

    ResponseTap

    Provides call tracking, call recording and campaign measurement through the allocation of bespoke phone numbers

    Contis

    Provides gift card services to our customers

    TransUnion

    Provides background checks as part of
    regulatory and other requirements

    Emailage

    Provides risk scoring services in relation to our customers

    Cifas

    Fraud protection and background checks as part of regulatory and other requirements

    B2BCollections

    Debt-collection activity where this applies

    NICE (inContact)

    Contact centre software

    Workday

    Financial and human resources management for our employees

    UPS

    Postal and delivery services

    Yodel

    Postal and delivery services

    Prolog

    Order fulfilment infrastructure

    Segment

    Customer data infrastructure

    Mimecast

    Cybersecurity services

    Banking Circle

    Lending services for merchants

    YouLend

    Lending services for merchants

    Slack

    Internal communications to enable instant messaging

    VidCruiter

    Video recruiting platform used in talent acquisition activities

    Sharing your information with third-parties

    We may also share your information with the following third-parties:

    • companies that are in the same corporate group as us;
    • suppliers and subcontractors who provide, for example, IT support, logistics, communication, customer support, marketing, acquiring and PCI compliance services and our business partners who we may share personal data with in order for them to provide you with information about similar goods and services (with your consent);
    • advertisers and advertising networks that require anonymised data to select and serve relevant adverts to you and others. We shall provide them with aggregate information about our users (for example, we may inform them that 150 men aged 35-45 have clicked on their advertisement on any given day). We shall also use such aggregate information to help advertisers reach the kind of audience they want to target (for example, men in a particular location). We shall make use of the information we have collected from you to enable us to comply with our advertisers’ wishes by displaying their advertisement to that target audience;
    • user experience, service design and market research agencies that assist us in the improvement and optimisation of the products and services that we offer to customers as well as with other market research projects;
    • analytics and search engine providers that assist us in the improvement and optimisation of our website and our applications;
    • credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you (please see earlier in this Privacy Policy for detail on this);
    • sharing your information with a party we assign our rights to, under applicable contractual arrangements; and
    • sharing information with our funding partners in circumstances concerning our financial affairs.

    An example of when we may share your personal data with our partners:

    If you apply for a merchant instant settlement product, we or our lending partner (the provider of this product) will carry out a credit check to better understand your financial circumstances and repayment history.

    An example of how we use your personal data for marketing:

    If you are a Payor customer, we may contact you about optional extras, loyalty bonuses or promotional offers where you have consented to this. We may use information we gather about you through your use of our services to tailor these offers to you.

    We may also disclose your personal data to third-parties:

    • in the event that we sell or buy any business or assets, to the prospective seller or buyer of such business or assets and their advisors;
    • if we or substantially all of the company’s assets are acquired by a third-party, in which case personal data held by the company about our customers will be one of the transferred assets;
    • if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our various terms, policies and other agreements; or to protect the rights, property, or safety of us, our customers, or others. This includes exchanging information with other companies and organisations for AML and fraud prevention, and credit risk purposes

    We shall share an end-customer’s personal data with a merchant when it is to enable the merchant to fulfil the end-customer’s order and mitigate the risk of fraud and other criminal activities. The personal data will also be processed when handling potential complaints and disputes. Personal data shared with a merchant will be subject to the merchant’s data protection policy and not this Privacy Policy.

    Where merchants process card transaction data and cardholder data, they must process this in line with our Terms and Conditions. Please refer to these Terms and Conditions for further information.

    If a third-party processes personal data on our instruction they are likely to be a data processor. An example of this will be in relation to our suppliers of IT and marketing services. In such cases, we only share personal data for purposes that are compatible with the reasons contained in this Privacy Policy. All data processors are subject to written agreements that ensure the security of personal data and limit the transfer of personal data to third countries.

    If a third-party is considered to be a data controller, we are not able to dictate how that third-party will process the data that has been provided. Examples of common third-party data controllers would be credit rating agencies or financial institutions. In such cases, the data protection policies of the third-party data controller will apply.

    Links to third-party websites

    Our website features third-party advertising which provides links to and from third-party websites. If you follow a link to any of these third-party websites, you should be aware that these websites have their own privacy policies and the operators of those websites will handle your information in accordance with such policies and not with this Privacy Policy. We have no control over such third-parties or their websites or privacy policies. These third-parties may contact you or permit third-parties to contact you for marketing purposes in accordance with their own privacy policies, unless you opt out of such communications.

    We do not accept any responsibility or liability for third-party websites or their privacy policies. We strongly advise you to check such policies and the reputation of the website before you submit your information to, or carry out any transaction on, any third-party website.

    We welcome any feedback you may have about third-party websites linked to from our website. Please email us at dataprotection@payorworld.com.

    Our relationship with Apple and Google Play

    We acknowledge that when you use our application, as provided on Apple’s App Store and Google’s Play Store, any end-user licence agreement is concluded between us and you – and not with either Apple or Google. You further agree to observe the App Store Terms of Service and the Google Play Terms of Service.

    8. Sharing your information with others

    Sharing your information with credit reference and fraud prevention agencies

    When processing your application, we will carry out credit and identity checks on you with one or more credit reference agencies. To do this, we will give the credit reference agencies your personal data and they will give us information about you. This may make it difficult for you to get credit in the future. We will also continue to exchange information about you with credit reference agencies while you have a relationship with us, for example, if we have asked you to pay an amount you owe us and we do not receive a satisfactory reply from you within our stated time limit, or if you give us false or inaccurate information. The credit reference agencies may share your personal data with other organisations.

    The credit reference agencies, and the ways in which they use and share personal data, are explained in more detail at www.experian.co.uk/crain/ and www.equifax.co.uk/crain/.

    Records we share with credit reference agencies will stay on your file for six years after your file is closed, whether you’ve settled the debt or failed to pay it off.

    If you’d like to know about the information credit reference agencies hold about you, you should contact them directly (please note, they will charge you a fee for this service). Not every agency will hold the same information, so you should consider contacting them all.

    Their contact details are as follows:

    TransUnion: www.transunion.co.uk/contact-us

    Equifax PLC: www.equifax.co.uk/support/en_gb/

    Experian: www.experian.co.uk/contact-us/

    We will share your information with fraud prevention agencies who will use it to prevent fraud and money laundering, and to confirm your identity. We and fraud prevention agencies may also allow law enforcement agencies to access and use your personal data to detect, investigate and prevent crime. If fraud is detected, you could be refused certain services or finance.

    Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to present a fraud or money-laundering risk, they can hold your information for up to six years.

    We may also share your information with the following third-parties:

    • companies that are in the same corporate group as us;
    • suppliers and subcontractors who provide, for example, IT support, logistics, communication, customer support, marketing, acquiring and PCI compliance services and our business partners who we may share personal data with in order for them to provide you with information about similar goods and services (with your consent);
    • advertisers and advertising networks that require anonymised data to select and serve relevant adverts to you and others. We shall provide them with aggregate information about our users (for example, we may inform them that 150 men aged 35-45 have clicked on their advertisement on any given day). We shall also use such aggregate information to help advertisers reach the kind of audience they want to target (for example, men in a particular location). We shall make use of the information we have collected from you to enable us to comply with our advertisers’ wishes by displaying their advertisement to that target audience;
    • user experience, service design and market research agencies that assist us in the improvement and optimisation of the products and services that we offer to customers as well as with other market research projects;
    • analytics and search engine providers that assist us in the improvement and optimisation of our website and our applications;
    • credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you (please see earlier in this Privacy Policy for detail on this);
    • sharing your information with a party we assign our rights to, under applicable contractual arrangements; and
    • sharing information with our funding partners in circumstances concerning our financial affairs.

    An example of when we may share your personal data with our partners:

    If you apply for a merchant instant settlement product, we or our lending partner (the provider of this product) will carry out a credit check to better understand your financial circumstances and repayment history.

    An example of how we use your personal data for marketing:

    If you are a Payor customer, we may contact you about optional extras, loyalty bonuses or promotional offers where you have consented to this. We may use information we gather about you through your use of our services to tailor these offers to you.

    Sharing with third-parties

    We may also disclose your personal data to third-parties:

    • in the event that we sell or buy any business or assets, to the prospective seller or buyer of such business or assets and their advisors;
    • if we or substantially all of the company’s assets are acquired by a third-party, in which case personal data held by the company about our customers will be one of the transferred assets;
    • if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our various terms, policies and other agreements; or to protect the rights, property, or safety of us, our customers, or others. This includes exchanging information with other companies and organisations for AML and fraud prevention, and credit risk purposes

    We shall share an end-customer’s personal data with a merchant when it is to enable the merchant to fulfil the end-customer’s order and mitigate the risk of fraud and other criminal activities. The personal data will also be processed when handling potential complaints and disputes. Personal data shared with a merchant will be subject to the merchant’s data protection policy and not this Privacy Policy.

    Where merchants process card transaction data and cardholder data, they must process this in line with our Terms and Conditions. Please refer to these Terms and Conditions for further information.

    If a third-party processes personal data on our instruction they are likely to be a data processor. An example of this will be in relation to our suppliers of IT and marketing services. In such cases, we only share personal data for purposes that are compatible with the reasons contained in this Privacy Policy. All data processors are subject to written agreements that ensure the security of personal data and limit the transfer of personal data to third countries.

    If a third-party is considered to be a data controller, we are not able to dictate how that third-party will process the data that has been provided. Examples of common third-party data controllers would be credit rating agencies or financial institutions. In such cases, the data protection policies of the third-party data controller will apply.

    9. How we secure your information

    We have in place a level of security appropriate to the nature of the information stored and the harm that might result from a breach of security. Your information is stored on our secure servers. The transmission of any payment transactions will be encrypted using TLS technology.

    All environments that are used in the transmission of payment transactions are hosted in an environment that has passed PCI DSS Level 1 service provider accreditation, and are therefore required to adhere to all the requirements stated by the PCI Security Standards Council.

    To get more information about the different requirements of the PCI Security Standards Council please read more here.

    Please note that the transmission of information via the internet is not completely secure and, although we will do our best to protect your information, we cannot guarantee the security of any of your information transmitted via our website or our applications. Any transmission is at your own risk. If we become aware that the security of your information has been compromised, we will notify you by email or as otherwise required by law.

    Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website or our applications, you are responsible for keeping this password confidential and you must not share it with anyone.

    If you think your password or any other aspect of your account has become compromised, you must inform us immediately at dataprotection@payorworld.com.

    10. How long will we will keep your information

    We will keep your information for as long as is needed for the purposes set out above or as required by any laws that apply.

    If you close your account, if we refuse your application for an account or product, or you decide not to go ahead with your application for an account or product, we’ll still keep your information. We may also continue to collect information from credit reference agencies to use after your account is closed. We’ll do this for as long as we’re allowed to for legitimate business purposes, to help prevent fraud and other financial crime, and for other legal and regulatory reasons.

    Sharing your information outside the European Economic Area (EEA)

    When we or fraud prevention agencies transfer your information outside the EEA, we or the fraud prevention agencies will:

    • make sure that the organisations we transfer your information to apply an equivalent level of protection;
    • include conditions in the contract with the organisations receiving your personal data to protect it to the standard required in the EEA; and
    • possibly ask the organisations receiving your information to subscribe to international frameworks intended to allow information to be shared securely.

    If we are transferring your information, we may also transfer it to either a country considered by the European Commission to provide adequate protection of your information, or to a different country if you agree to this. If we transfer your information outside the EEA in other circumstances (for example, because we have to reveal the information to help prevent or detect a crime), we’ll make sure we share that information lawfully.

    11. What happens regarding Brexit?

    As the UK has left the European Union (EU), it has ceased to be an EU member state. We may still be required (for the purposes described in this Privacy Policy) to:

    • transfer personal data from the UK to the EU, the EEA or elsewhere; and
    • receive personal data from outside the UK (including from the EU/EEA) into the UK.

    Where we make or receive such transfers, we will ensure that those transfers are lawful and (where necessary) we shall put in place appropriate measures, such as contractual commitments or other valid data transfer mechanisms, to ensure that personal data is sent and received in accordance with applicable law.

     What are my rights?

     

    Your right to:

    What this means

    ask us to send you (or someone you nominate) a copy of the information we hold about you

    We provide this privacy notice to explain how we use your personal data

    access your personal data with us

    If you make a ‘data subject access request’ to us, we will provide a copy of the personal data we hold about you. We can’t give you any information about other people, information which is linked to an ongoing criminal or fraud investigation, or information which is linked to settlement negotiations with you. We also won’t provide you with any communication we’ve had with our legal advisers

    ask us to correct or delete any incorrect or incomplete information we hold about you (we will correct any information we believe is incorrect or incomplete)

    You can have incomplete or inaccurate information corrected. Before we update your records with us, we may need to check the accuracy of the new information you have provided

    ask us to stop using your information

    We will stop using your information if there is no legal reason for us to continue to hold or use it

    object to any automated decision-making

    In the event that you request the deletion of personal data or for the use of personal data to be restricted, we reserve the right to no longer provide services and products to you under any applicable contract

    ask us to transfer certain personal data to you or to another organisation, including service providers, in a format they can use where this is technically possible (known as the ‘right to data portability’)

    We will transmit personal data in structured, commonly used and machine readable formats

    ask us to transfer a copy of some of your information to you or to another organisation, including service providers, where this is technically possible

    We will transmit personal data in structured, commonly used and machine readable formats

    withdraw any permission you have previously given to allow us to use your information

    If you have given us any consent we need to use your personal data, you can withdraw your consent at any time by contacting us at: dataprotection@payorworld.com

    ask us to stop or start sending you marketing messages at any time

    Please get in touch with us on dataprotection@payorworld.com or by phone on 0800 103 2959 to do this

     

    12. How we use cookies

    Our website uses cookies to distinguish you from other website users. Cookies help to provide a more personalised experience when you browse our website and also allows us to improve our website. Please take a look at our Cookie Policy for detailed information on the cookies we use and the purposes for which we use them.

    13. Other legal information

    Children

    We do not knowingly collect information from individuals who are under the age of 16. If you are under the age of 16, please do not register an account with our website or provide any information about yourself on our website. If you have already done so, please contact us.

    14. Changes to our Privacy Policy

    By submitting your information to us, you consent to the use of the information as set out in this Privacy Policy.

    If we change our Privacy Policy, we will post the changes on this page and may place notices elsewhere on our website (such as the home page) for a reasonable period of time.

    Your continued use of our website and our services following any changes to this Privacy Policy will mean you accept those changes.

    15. Glossary

    What words and phrases in bold mean

     AML means anti-money laundering.

    customer portal means the portal you use to access information regarding your use of the services through the Payor website.

    data controller has the meaning given in the GDPR.

     data processor has the meaning given in the GDPR.

     data protection laws means the GDPR and other laws or regulations that apply to the processing of personal data.

     data subject has the meaning given in the GDPR.

    GDPR means the General Data Protection Regulation (EU 2016/679) or substantially equivalent laws enacted later in the UK.

    KYB means Know Your Business.

    KYC means Know Your Customer.

    MOTO means mail order telephone order.

    PCI DSS means the Payment Card Industry Data Security Standard.