Privacy Policy
1. About us
We are Payor Limited. Payor is a trading name of Payor Limited.
Our registered office address is 34 Fordingbridge Road, Southsea ,PO4 9JW and our company number is 13538204.
We are authorised and regulated by the Financial Conduct Authority for the issuing of electronic money and provision of payment services.
We are registered with the Information Commissioner’s Office (ICO), the data protection regulator in the UK, to use personal data and our registration number is.
We are committed to protecting and respecting your privacy.
It is important that you read this Privacy Policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you, so that you are fully aware of how and why we are using it.
When you visit our website, or use any of our applications; or provide information to us via our website, or any of our applications, you are accepting and consenting to our processing of your information in accordance with this Privacy Policy, our Cookie Policy, our Website Terms and Conditions and any other contract we may have with you including, without limitation, our Terms and Conditions.
2. Getting in touch with us
The personal data we hold about you needs to be accurate and current. Please keep us informed if this information changes during your relationship with us. You can get in touch with us at dataprotection@Payorworld.com.
If you have any questions about this Privacy Policy or how we handle privacy, please contact us at dataprotection@payorworld.com.
You have the right to make a complaint to the ICO (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance at dataprotection@payorworld.com.
3. Information we hold about you
Under data protection laws, we are known as the data controller of your personal data and this Privacy Policy relates only to our activities as a data controller. We are a data controller whenever we decide how, why, and by what means personal data is to be processed.
Personal data means any information about you that could be used to help identify you. In this Privacy Policy we use ‘personal data’ and ‘information’ interchangeably.
This includes personal and financial information about you that we collect, use, share and store. This may include your name, date of birth, address, contact information, financial information, details about your health and lifestyle, employment details and device identifiers including internet protocol (IP) address. It may include information about any other Payor products and services (or products and services provided by our partners) you currently have, you’ve applied for or you’ve had in the past.
Processing of this information occurs whenever any action is taken in relation to it, regardless of whether the action is automated or not. Some common examples of processing include collection, organisation, storing and deletion.
4. What information do we collect from you?
We collect, use, share and store information about you to provide you with the services you have asked us for and to share information with you about services that may be of interest to you. We use a variety of channels to do so, including via our team of payment consultants. Our payment consultants are not permanent employees of Payor Ltd and are self-employed. We take care to ensure your information is appropriately protected when used by our payment consultants.
You may provide this information direct to us, for example by the way you communicate or do business with us, such as:
- applying for our products or services;
- using our branches, telephone services, websites or mobile applications;
- writing to us;
- entering competitions or promotions;
- downloading any of our mobile applications or using our websites or digital services, in which case we may gather information about how you access and use these services, such as your IP address and information about the devices or software you use (we may also make other requests or give you more details about how we use your information, for example, we may ask for your location to help find nearby services);
- using and managing your accounts, (we may take information such as the date, amount and currency of payments made to your account); and
- giving information to us at any other time, including through social media.
This information may also come from other organisations or people, such as other Payor companies, other organisations you have a relationship with, joint account holders, credit reference agencies, employers, and/or fraud prevention agencies.
If you do not provide the information that we tell you must provide, this may mean that we are unable to properly provide our products and services and/or carry out all our obligations under our contractual agreements with you.
Checking your identity
If you are a merchant or a corporate, we will need to confirm your identity as part of our KYB/KYC process. We will ask you to provide documents, and will also collect information from third-parties, such as commercial registers, for this purpose.
5. How do we use your information?
We use this information to:
- to provide our services to you;
- to help us develop new and improved products and services to meet our customers’ needs;
- to carry out checks for security purposes, to prevent fraud and money laundering, and to confirm your identity before we provide services to you;
- for training;
- to communicate with you;
- to meet the obligations we have by law and under any regulations that apply;
- where we have a legitimate interest in using your information, for example to protect our commercial interests or to prevent fraud; and
- to keep you informed about products and services you hold with us and to send you information about products or services (including those of other companies where you have consented for us to do so) which may be of interest to you.
An example of how we use your information to provide our services:
If any changes we make to our services affect you, we’ll normally contact you using the email address you gave us when you signed up, or through our customer portal, to tell you about the changes.
Under data protection laws, whenever we process your personal data, we must meet at least one set condition for processing. These conditions are set out in data protection laws and we rely on a number of different conditions for the activities we carry out.
We may use your information for the following purposes and under the following legal bases which are described below.
6. What is the legal basis for using your information?
We must have a legal basis (a valid legal reason) for using your personal data. Our legal basis will be one of the following outlined below.
Keeping to our contracts and agreements with you:
We need certain personal data to provide our services and cannot provide them without this information.
Legal obligations:
In some cases, we have a legal responsibility to collect and store your personal data (for example, under AML laws and regulations we must hold certain information about our customers).
Legitimate interests:
We sometimes collect and use your personal data, or share it with other organisations, because we or they have a legitimate reason to have it and this is reasonable when balanced against your right to privacy.
Consent:
Where you’ve agreed to us collecting your information, for example by using our customer portal we provide, or when you have ticked a box to indicate you are happy for us to use your personal data in a certain way.
7. Information we collect from you and the legal bases for doing so
Merchants
For the purposes of data protection we consider a physical person (as opposed to a company) that is a sole trader or individual and who registers for/uses our services or buys products from us (such as a card reader) to be a merchant. The personal data we collect from merchants includes:
Category of personal data
Non-exhaustive examples of personal data from each category
Account identification information
Merchant ID number, passwords and equivalent account security information
Contact details
Name, address, phone numbers, email
Financial information
Bank details, transaction history, credit history and credit score, information relevant to invoices issued by us to a merchant
Information required to be obtained and kept by law
Information required for customer identification and verification (e.g. government issued IDs)
Technical and behavioural tracking data
IP address, location data, pages viewed on our website or applications, whether email communications (including embedded links within them) are opened, cookie identifiers, the types of devices you are using to access or connect to our applications, unique device IDs, device attributes, network connection type and provider, network and device performance, browser type, operating system, and application version
The purpose and legal basis for processing the personal data outlined above will be:
Purpose of processing the personal data
Legal basis for processing the personal data
To administer any account or registration you may have with us
● To fulfil our contractual agreement with you
● To comply with applicable law
● To pursue our legitimate interests
To carry out our obligations arising from any contracts entered into between you and us
● To fulfil our contractual agreement with you
● To comply with applicable law
● To pursue our legitimate interests
To provide you with the products and services that you request from us
● To fulfil our contractual agreement with you
● To comply with applicable law
● To pursue our legitimate interests
To administer your participation in any competitions or prize draws we may run from time to time
● To pursue our legitimate interests
To provide you with our newsletter, if you have subscribed to receive it, and any other information that you request from us from time to time
● To pursue our legitimate interests
To communicate with you (via the use of surveys or by other means) about any comments, queries or feedback you might have about us, our website or our applications
● To fulfil our contractual agreement with you
● To pursue our legitimate interests
For publication on our website (for example, in connection with your listing or advertisement or for review or testimonial purposes), but only if you have either provided it to us for that purpose or if you have consented to this
● To pursue our legitimate interests
● When you have provided consent
To enable you to participate in interactive features of our website or our applications, when you choose to do so
● To fulfil our contractual agreement with you
● To pursue our legitimate interests
To ensure that content on our website or in our applications is presented in the most effective manner for you and for your computer
● To fulfil our contractual agreement with you
● To pursue our legitimate interests
To provide you with information about products and services we offer that we feel may interest you by post, telephone, SMS, email or via in-application notifications
● To pursue our legitimate interests
● Where we are required by law to obtain your consent to provide this information, we will obtain your consent. If consent is not required we will provide you an option to opt-out of receiving this information each time that we send information to you
To administer our site and applications and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes
● To pursue our legitimate interests
To keep our website or our applications safe and secure
● To fulfil our contractual agreement with you
● To comply with applicable law
● To pursue our legitimate interests
To measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you
● To pursue our legitimate interests
To make suggestions and recommendations to you and other users of our website and our applications about goods or services that may interest you or them
● To pursue our legitimate interests
To verify your identity as well as your personal and contact information
● To fulfil our contractual agreement with you
● To comply with applicable law
● To pursue our legitimate interests
To record and prove that transactions have been executed
● To fulfil our contractual agreement with you
● To comply with applicable law
● To pursue our legitimate interests
To initiate, exercise and defend any legal claim or collection procedure
● To fulfil our contractual agreement with you
● To comply with applicable law
● To pursue our legitimate interests
To comply with internal compliance procedures
● To comply with applicable law
● To pursue our legitimate interests
To prevent misuse of our services
● To comply with applicable law
● To pursue our legitimate interests
To carry out risk management and fraud prevention processes
● To fulfil our contractual agreement with you
● To comply with applicable law
● To pursue our legitimate interests
To comply with applicable KYB/KYC and AML, book-keeping and capital adequacy laws and to report to tax authorities and other relevant law enforcement agencies
● To comply with applicable law
● To pursue our legitimate interests
To communicate with you in relation to our services
● To fulfil our contractual agreement with you
● To pursue our legitimate interests
End-customers
For end-customers who use services provided by our merchants, we will collect and process the following information:
Category of personal data
Non-exhaustive examples of personal data from each category
Contact details
Name, address, phone numbers, email
Financial information
Card details, Transaction history
Information required to be obtained and kept by law
Book-keeping relevant information
Technical and behavioural tracking data
IP address, location data, pages viewed on our website or applications, whether email communications (including embedded links within them) are opened, cookie identifiers, the types of devices you are using to access or connect to our applications, unique device IDs, device attributes, network connection type and provider, network and device performance, browser type, operating system, and application version
The purpose and legal basis for processing the personal data outlined above will be:
Purpose of processing the personal data
Legal basis for processing the personal data
To process a payment made by the end-customer via a card or through the use of any method that we offer from time to time
● To comply with applicable law
● To pursue our legitimate interests
To ensure that the payment transaction is carried out in a secure manner, mitigating the risk of fraud and other criminal activities
● To comply with applicable law
● To pursue our legitimate interests
To enable the merchant to fulfil the end-customer’s order and mitigate the risk of fraud and other criminal activities. The personal data will also be processed when handling potential complaints and disputes
● To comply with applicable law
● To pursue our legitimate interests
To provide a receipt to an end-customer. We will only use the end-customer’s email address or mobile number to send receipts and will not use or share the contact details for any other purpose unless we obtain the end-customer’s consent in writing, or inform the end-customer prior to processing for a new purpose or for a purpose that is compatible with the purpose for which initially we collected the personal data
● To comply with applicable law
● To pursue our legitimate interests
Individuals and customer representatives
For individuals and customer representatives contacting our customer support team or us generally, via email, telephone, online chat, SMS or any other communication channel, we will collect and process the following information:
Category of personal data
Non-exhaustive examples of personal data from each category
Contact details
Name, address, phone numbers, email
Technical and behavioural tracking data
IP address, location data, pages viewed on our website, whether email communications (including embedded links within them) are opened, cookie identifiers, the types of devices you are using to access or connect to our applications, unique device IDs, device attributes, network connection type and provider, network and device performance, browser type, operating system, and application version
The purpose and legal basis for processing the personal data outlined above will be:
Purpose of processing the personal data
Legal basis for processing the personal data
To administer our site and applications and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes
● To pursue our legitimate interests
To verify your identity as well as your personal and contact information
● To comply with applicable law
● To pursue our legitimate interests
To provide and market services and products to the individual
● To pursue our legitimate interests
● When you have provided consent
To respond to the individual and provide any support that is required
● To pursue our legitimate interests
To communicate with you in relation to our services
● To pursue our legitimate interests
● When you have provided consent
Individuals within corporates
In the case of an executive, director, beneficial owner or authorised signatory of a corporate customer that communicates with us we will collect and process the following information:
Category of personal data
Non-exhaustive examples of personal data from each category
Account identification information
Merchant ID number, passwords and equivalent account security information
Contact details
Name, address, phone numbers, email
Information required to be obtained and kept by law
Information required for customer identification and verification (e.g. government issued IDs)
Technical and behavioural tracking data
IP address, location data, pages viewed on our website, whether email communications (including embedded links within them) are opened, cookie identifiers, the types of devices you are using to access or connect to our applications, unique device IDs, device attributes, network connection type and provider, network and device performance, browser type, operating system, and application version
The purpose and legal basis for processing the personal data outlined above will be:
Purpose of processing the personal data
Legal basis for processing the personal data
To administer our site and applications and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes
● To pursue our legitimate interests
To provide you with our newsletter, if you have subscribed to receive it, and any other information that you request from us from time to time
● To pursue our legitimate interests
To communicate with you (via the use of surveys or by other means) about any comments, queries or feedback you might have about us, our website or our applications
● To pursue our legitimate interests
To keep our website and our applications safe and secure
● To comply with applicable law
● To pursue our legitimate interests
To verify your identity as well as your personal and contact information
● To comply with applicable law
● To pursue our legitimate interests
To initiate, exercise and defend any legal claim or collection procedure
● To comply with applicable law
● To pursue our legitimate interests
To provide you with information about products and services we offer that we feel may interest you by post, telephone, SMS, email or via in-application notifications
● To pursue our legitimate interests
● Where we are required by law to obtain your consent to provide this information, we will obtain your consent. If consent is not required we will provide you an option to opt-out of receiving this information each time that we send information to you.
To make suggestions and recommendations to you and other users of our website and our applications about goods or services that may interest you or them
● To pursue our legitimate interests
To comply with internal compliance procedures
● To comply with applicable law
● To pursue our legitimate interests
To prevent misuse of our services
● To comply with applicable law
● To pursue our legitimate interests
To carry out risk management and fraud prevention processes
● To comply with applicable law
● To pursue our legitimate interests
To comply with applicable KYB/KYC, AML, book-keeping and capital adequacy laws and to report to tax authorities and other relevant law enforcement agencies
● To comply with applicable law
● To pursue our legitimate interests
To communicate with you in relation to our services
● To pursue our legitimate interests
● When you have provided consent
In the case of an executive, director, beneficial owner or authorised signatory of a corporate customer that communicates with us we will collect and process the following information:
Category of personal data
Non-exhaustive examples of personal data from each category
Account identification information
Merchant ID number, passwords and equivalent account security information
Contact details
Name, address, phone numbers, email
Information required to be obtained and kept by law
Information required for customer identification and verification (e.g. government issued IDs)
Technical and behavioural tracking data
IP address, location data, pages viewed on our website, whether email communications (including embedded links within them) are opened, cookie identifiers, the types of devices you are using to access or connect to our applications, unique device IDs, device attributes, network connection type and provider, network and device performance, browser type, operating system, and application version
The purpose and legal basis for processing the personal data outlined above will be:
Purpose of processing the personal data
Legal basis for processing the personal data
To administer our site and applications and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes
● To pursue our legitimate interests
To provide you with our newsletter, if you have subscribed to receive it, and any other information that you request from us from time to time
● To pursue our legitimate interests
To communicate with you (via the use of surveys or by other means) about any comments, queries or feedback you might have about us, our website or our applications
● To pursue our legitimate interests
To keep our website and our applications safe and secure
● To comply with applicable law
● To pursue our legitimate interests
To verify your identity as well as your personal and contact information
● To comply with applicable law
● To pursue our legitimate interests
To initiate, exercise and defend any legal claim or collection procedure
● To comply with applicable law
● To pursue our legitimate interests
To provide you with information about products and services we offer that we feel may interest you by post, telephone, SMS, email or via in-application notifications
● To pursue our legitimate interests
● Where we are required by law to obtain your consent to provide this information, we will obtain your consent. If consent is not required we will provide you an option to opt-out of receiving this information each time that we send information to you.
To make suggestions and recommendations to you and other users of our website and our applications about goods or services that may interest you or them
● To pursue our legitimate interests
To comply with internal compliance procedures
● To comply with applicable law
● To pursue our legitimate interests
To prevent misuse of our services
● To comply with applicable law
● To pursue our legitimate interests
To carry out risk management and fraud prevention processes
● To comply with applicable law
● To pursue our legitimate interests
To comply with applicable KYB/KYC, AML, book-keeping and capital adequacy laws and to report to tax authorities and other relevant law enforcement agencies
● To comply with applicable law
● To pursue our legitimate interests
To communicate with you in relation to our services
● To pursue our legitimate interests
● When you have provided consent
Collecting information from third-parties
To ensure that the services we provide are secure and efficient we process personal data from selected third-parties. These third-party sources (and the categories of information) include:
Category of third-party
Category of personal data
Credit rating agencies
● Financial information
● Information required to be obtained and kept by law
Fraud detection agencies
● Information required to be obtained and kept by law
Financial institutions such as banks and card networks
● Financial information
● Information required to be obtained and kept by law
Tax authorities
● Information required to be obtained and kept by law
Publicly available registries maintained by or on behalf of national authorities
● Contact details
● Information required to be obtained and kept by law
Companies in the same corporate group as us
● Contact details
Sharing information with named third-parties
We currently share personal data with the following named third-parties for the following purposes:
Third-party name
Why we share personal data with them
Ingenico
Dispatch terminal to our customers
Spire
Dispatch terminal to our customers
Lantec
Dispatch terminal to our customers and arrange an engineer installation
HMRC
personal data for payment of PAYE, student loan deductions, tax code notices and related matters
ONS (Office of National Statistics)
Sharing of corporate data, staff numbers, payroll totals
Adobe Sign
Adobe makes contracts that we autofill with our customer’s data and Adobe sends the contracts to our customer’s email addresses
Talkdesk
Provides contact centre software to us. This allows us to answer, transfer, monitor and record customer calls
Sysnet
Provides service to our customers to help them become Payment Card Industry compliant. This includes phone based support, filling out questionnaires and related matters
Experian
Background checks as part of regulatory and other requirements
UKPR
Dispatch till rolls to our customers
Epay
Provide mobile phone card top up service for our customers
AI Corp
Provide ecommerce and MOTO payment services
GoCardless
To set up direct debit payments for our services
Lloyds Bank plc
Personal banking details for the purpose of making payroll related payments and expense reimbursement. Corporate credits in the name of staff
HSBC Bank plc
Personal banking details for the purpose of making payroll related payments and expense reimbursement. Corporate credits in the name of staff
Amex
Corporate credit cards which are held in the name of senior staff in the business
Pure Print
To provide printed materials to our sales agents, customers and partners
Jaden Press
To provide printed materials to our sales agents, customers and partners
UKPR
To provide printed materials to our sales agents, customers and partners
PHD Mail
To provide printed materials to our sales agents, customers and partners
Colour Company
To provide printed materials to our sales agents, customers and partners and Provides our customers with a bag to return terminals to us
Emarsys
An email service provider that enables us to provide marketing and transactional emails to our customers, partners and prospects
Mail Chimp
An email service provider that enables us to provide marketing and transactional emails to our customers, partners and prospects
Reward Gateway
Provides a rewards platform offered to our customers
Golley Slater
Provides telephony support for partners
Google
Enhanced targeting/exclusions from advertising
Linkedin
Enhanced targeting/exclusions from advertising
Facebook
Enhanced targeting/exclusions from advertising
Twitter
Enhanced targeting/exclusions from advertising
Microsoft
Enhanced targeting/exclusions from advertising
ResponseTap
Provides call tracking, call recording and campaign measurement through the allocation of bespoke phone numbers
Contis
Provides gift card services to our customers
TransUnion
Provides background checks as part of
regulatory and other requirementsEmailage
Provides risk scoring services in relation to our customers
Cifas
Fraud protection and background checks as part of regulatory and other requirements
B2BCollections
Debt-collection activity where this applies
NICE (inContact)
Contact centre software
Workday
Financial and human resources management for our employees
UPS
Postal and delivery services
Yodel
Postal and delivery services
Prolog
Order fulfilment infrastructure
Segment
Customer data infrastructure
Mimecast
Cybersecurity services
Banking Circle
Lending services for merchants
YouLend
Lending services for merchants
Slack
Internal communications to enable instant messaging
VidCruiter
Video recruiting platform used in talent acquisition activities
Sharing your information with third-parties
We may also share your information with the following third-parties:
- companies that are in the same corporate group as us;
- suppliers and subcontractors who provide, for example, IT support, logistics, communication, customer support, marketing, acquiring and PCI compliance services and our business partners who we may share personal data with in order for them to provide you with information about similar goods and services (with your consent);
- advertisers and advertising networks that require anonymised data to select and serve relevant adverts to you and others. We shall provide them with aggregate information about our users (for example, we may inform them that 150 men aged 35-45 have clicked on their advertisement on any given day). We shall also use such aggregate information to help advertisers reach the kind of audience they want to target (for example, men in a particular location). We shall make use of the information we have collected from you to enable us to comply with our advertisers’ wishes by displaying their advertisement to that target audience;
- user experience, service design and market research agencies that assist us in the improvement and optimisation of the products and services that we offer to customers as well as with other market research projects;
- analytics and search engine providers that assist us in the improvement and optimisation of our website and our applications;
- credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you (please see earlier in this Privacy Policy for detail on this);
- sharing your information with a party we assign our rights to, under applicable contractual arrangements; and
- sharing information with our funding partners in circumstances concerning our financial affairs.
An example of when we may share your personal data with our partners:
If you apply for a merchant instant settlement product, we or our lending partner (the provider of this product) will carry out a credit check to better understand your financial circumstances and repayment history.
An example of how we use your personal data for marketing:
If you are a Payor customer, we may contact you about optional extras, loyalty bonuses or promotional offers where you have consented to this. We may use information we gather about you through your use of our services to tailor these offers to you.
We may also disclose your personal data to third-parties:
- in the event that we sell or buy any business or assets, to the prospective seller or buyer of such business or assets and their advisors;
- if we or substantially all of the company’s assets are acquired by a third-party, in which case personal data held by the company about our customers will be one of the transferred assets;
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our various terms, policies and other agreements; or to protect the rights, property, or safety of us, our customers, or others. This includes exchanging information with other companies and organisations for AML and fraud prevention, and credit risk purposes
We shall share an end-customer’s personal data with a merchant when it is to enable the merchant to fulfil the end-customer’s order and mitigate the risk of fraud and other criminal activities. The personal data will also be processed when handling potential complaints and disputes. Personal data shared with a merchant will be subject to the merchant’s data protection policy and not this Privacy Policy.
Where merchants process card transaction data and cardholder data, they must process this in line with our Terms and Conditions. Please refer to these Terms and Conditions for further information.
If a third-party processes personal data on our instruction they are likely to be a data processor. An example of this will be in relation to our suppliers of IT and marketing services. In such cases, we only share personal data for purposes that are compatible with the reasons contained in this Privacy Policy. All data processors are subject to written agreements that ensure the security of personal data and limit the transfer of personal data to third countries.
If a third-party is considered to be a data controller, we are not able to dictate how that third-party will process the data that has been provided. Examples of common third-party data controllers would be credit rating agencies or financial institutions. In such cases, the data protection policies of the third-party data controller will apply.
Links to third-party websites
Our website features third-party advertising which provides links to and from third-party websites. If you follow a link to any of these third-party websites, you should be aware that these websites have their own privacy policies and the operators of those websites will handle your information in accordance with such policies and not with this Privacy Policy. We have no control over such third-parties or their websites or privacy policies. These third-parties may contact you or permit third-parties to contact you for marketing purposes in accordance with their own privacy policies, unless you opt out of such communications.
We do not accept any responsibility or liability for third-party websites or their privacy policies. We strongly advise you to check such policies and the reputation of the website before you submit your information to, or carry out any transaction on, any third-party website.
We welcome any feedback you may have about third-party websites linked to from our website. Please email us at dataprotection@payorworld.com.
Our relationship with Apple and Google Play
We acknowledge that when you use our application, as provided on Apple’s App Store and Google’s Play Store, any end-user licence agreement is concluded between us and you – and not with either Apple or Google. You further agree to observe the App Store Terms of Service and the Google Play Terms of Service.
8. Sharing your information with others
Sharing your information with credit reference and fraud prevention agencies
When processing your application, we will carry out credit and identity checks on you with one or more credit reference agencies. To do this, we will give the credit reference agencies your personal data and they will give us information about you. This may make it difficult for you to get credit in the future. We will also continue to exchange information about you with credit reference agencies while you have a relationship with us, for example, if we have asked you to pay an amount you owe us and we do not receive a satisfactory reply from you within our stated time limit, or if you give us false or inaccurate information. The credit reference agencies may share your personal data with other organisations.
The credit reference agencies, and the ways in which they use and share personal data, are explained in more detail at www.experian.co.uk/crain/ and www.equifax.co.uk/crain/.
Records we share with credit reference agencies will stay on your file for six years after your file is closed, whether you’ve settled the debt or failed to pay it off.
If you’d like to know about the information credit reference agencies hold about you, you should contact them directly (please note, they will charge you a fee for this service). Not every agency will hold the same information, so you should consider contacting them all.
Their contact details are as follows:
TransUnion: www.transunion.co.uk/contact-us
Equifax PLC: www.equifax.co.uk/support/en_gb/
Experian: www.experian.co.uk/contact-us/
We will share your information with fraud prevention agencies who will use it to prevent fraud and money laundering, and to confirm your identity. We and fraud prevention agencies may also allow law enforcement agencies to access and use your personal data to detect, investigate and prevent crime. If fraud is detected, you could be refused certain services or finance.
Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to present a fraud or money-laundering risk, they can hold your information for up to six years.
We may also share your information with the following third-parties:
- companies that are in the same corporate group as us;
- suppliers and subcontractors who provide, for example, IT support, logistics, communication, customer support, marketing, acquiring and PCI compliance services and our business partners who we may share personal data with in order for them to provide you with information about similar goods and services (with your consent);
- advertisers and advertising networks that require anonymised data to select and serve relevant adverts to you and others. We shall provide them with aggregate information about our users (for example, we may inform them that 150 men aged 35-45 have clicked on their advertisement on any given day). We shall also use such aggregate information to help advertisers reach the kind of audience they want to target (for example, men in a particular location). We shall make use of the information we have collected from you to enable us to comply with our advertisers’ wishes by displaying their advertisement to that target audience;
- user experience, service design and market research agencies that assist us in the improvement and optimisation of the products and services that we offer to customers as well as with other market research projects;
- analytics and search engine providers that assist us in the improvement and optimisation of our website and our applications;
- credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you (please see earlier in this Privacy Policy for detail on this);
- sharing your information with a party we assign our rights to, under applicable contractual arrangements; and
- sharing information with our funding partners in circumstances concerning our financial affairs.
An example of when we may share your personal data with our partners:
If you apply for a merchant instant settlement product, we or our lending partner (the provider of this product) will carry out a credit check to better understand your financial circumstances and repayment history.
An example of how we use your personal data for marketing:
If you are a Payor customer, we may contact you about optional extras, loyalty bonuses or promotional offers where you have consented to this. We may use information we gather about you through your use of our services to tailor these offers to you.
Sharing with third-parties
We may also disclose your personal data to third-parties:
- in the event that we sell or buy any business or assets, to the prospective seller or buyer of such business or assets and their advisors;
- if we or substantially all of the company’s assets are acquired by a third-party, in which case personal data held by the company about our customers will be one of the transferred assets;
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our various terms, policies and other agreements; or to protect the rights, property, or safety of us, our customers, or others. This includes exchanging information with other companies and organisations for AML and fraud prevention, and credit risk purposes
We shall share an end-customer’s personal data with a merchant when it is to enable the merchant to fulfil the end-customer’s order and mitigate the risk of fraud and other criminal activities. The personal data will also be processed when handling potential complaints and disputes. Personal data shared with a merchant will be subject to the merchant’s data protection policy and not this Privacy Policy.
Where merchants process card transaction data and cardholder data, they must process this in line with our Terms and Conditions. Please refer to these Terms and Conditions for further information.
If a third-party processes personal data on our instruction they are likely to be a data processor. An example of this will be in relation to our suppliers of IT and marketing services. In such cases, we only share personal data for purposes that are compatible with the reasons contained in this Privacy Policy. All data processors are subject to written agreements that ensure the security of personal data and limit the transfer of personal data to third countries.
If a third-party is considered to be a data controller, we are not able to dictate how that third-party will process the data that has been provided. Examples of common third-party data controllers would be credit rating agencies or financial institutions. In such cases, the data protection policies of the third-party data controller will apply.
9. How we secure your information
We have in place a level of security appropriate to the nature of the information stored and the harm that might result from a breach of security. Your information is stored on our secure servers. The transmission of any payment transactions will be encrypted using TLS technology.
All environments that are used in the transmission of payment transactions are hosted in an environment that has passed PCI DSS Level 1 service provider accreditation, and are therefore required to adhere to all the requirements stated by the PCI Security Standards Council.
To get more information about the different requirements of the PCI Security Standards Council please read more here.
Please note that the transmission of information via the internet is not completely secure and, although we will do our best to protect your information, we cannot guarantee the security of any of your information transmitted via our website or our applications. Any transmission is at your own risk. If we become aware that the security of your information has been compromised, we will notify you by email or as otherwise required by law.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website or our applications, you are responsible for keeping this password confidential and you must not share it with anyone.
If you think your password or any other aspect of your account has become compromised, you must inform us immediately at dataprotection@payorworld.com.
10. How long will we will keep your information
We will keep your information for as long as is needed for the purposes set out above or as required by any laws that apply.
If you close your account, if we refuse your application for an account or product, or you decide not to go ahead with your application for an account or product, we’ll still keep your information. We may also continue to collect information from credit reference agencies to use after your account is closed. We’ll do this for as long as we’re allowed to for legitimate business purposes, to help prevent fraud and other financial crime, and for other legal and regulatory reasons.
Sharing your information outside the European Economic Area (EEA)
When we or fraud prevention agencies transfer your information outside the EEA, we or the fraud prevention agencies will:
- make sure that the organisations we transfer your information to apply an equivalent level of protection;
- include conditions in the contract with the organisations receiving your personal data to protect it to the standard required in the EEA; and
- possibly ask the organisations receiving your information to subscribe to international frameworks intended to allow information to be shared securely.
If we are transferring your information, we may also transfer it to either a country considered by the European Commission to provide adequate protection of your information, or to a different country if you agree to this. If we transfer your information outside the EEA in other circumstances (for example, because we have to reveal the information to help prevent or detect a crime), we’ll make sure we share that information lawfully.
11. What happens regarding Brexit?
As the UK has left the European Union (EU), it has ceased to be an EU member state. We may still be required (for the purposes described in this Privacy Policy) to:
- transfer personal data from the UK to the EU, the EEA or elsewhere; and
- receive personal data from outside the UK (including from the EU/EEA) into the UK.
Where we make or receive such transfers, we will ensure that those transfers are lawful and (where necessary) we shall put in place appropriate measures, such as contractual commitments or other valid data transfer mechanisms, to ensure that personal data is sent and received in accordance with applicable law.
What are my rights?
Your right to:
What this means
ask us to send you (or someone you nominate) a copy of the information we hold about you
We provide this privacy notice to explain how we use your personal data
access your personal data with us
If you make a ‘data subject access request’ to us, we will provide a copy of the personal data we hold about you. We can’t give you any information about other people, information which is linked to an ongoing criminal or fraud investigation, or information which is linked to settlement negotiations with you. We also won’t provide you with any communication we’ve had with our legal advisers
ask us to correct or delete any incorrect or incomplete information we hold about you (we will correct any information we believe is incorrect or incomplete)
You can have incomplete or inaccurate information corrected. Before we update your records with us, we may need to check the accuracy of the new information you have provided
ask us to stop using your information
We will stop using your information if there is no legal reason for us to continue to hold or use it
object to any automated decision-making
In the event that you request the deletion of personal data or for the use of personal data to be restricted, we reserve the right to no longer provide services and products to you under any applicable contract
ask us to transfer certain personal data to you or to another organisation, including service providers, in a format they can use where this is technically possible (known as the ‘right to data portability’)
We will transmit personal data in structured, commonly used and machine readable formats
ask us to transfer a copy of some of your information to you or to another organisation, including service providers, where this is technically possible
We will transmit personal data in structured, commonly used and machine readable formats
withdraw any permission you have previously given to allow us to use your information
If you have given us any consent we need to use your personal data, you can withdraw your consent at any time by contacting us at: dataprotection@payorworld.com
ask us to stop or start sending you marketing messages at any time
Please get in touch with us on dataprotection@payorworld.com or by phone on 0800 103 2959 to do this
12. How we use cookies
Our website uses cookies to distinguish you from other website users. Cookies help to provide a more personalised experience when you browse our website and also allows us to improve our website. Please take a look at our Cookie Policy for detailed information on the cookies we use and the purposes for which we use them.
13. Other legal information
Children
We do not knowingly collect information from individuals who are under the age of 16. If you are under the age of 16, please do not register an account with our website or provide any information about yourself on our website. If you have already done so, please contact us.
14. Changes to our Privacy Policy
By submitting your information to us, you consent to the use of the information as set out in this Privacy Policy.
If we change our Privacy Policy, we will post the changes on this page and may place notices elsewhere on our website (such as the home page) for a reasonable period of time.
Your continued use of our website and our services following any changes to this Privacy Policy will mean you accept those changes.
15. Glossary
What words and phrases in bold mean
AML means anti-money laundering.
customer portal means the portal you use to access information regarding your use of the services through the Payor website.
data controller has the meaning given in the GDPR.
data processor has the meaning given in the GDPR.
data protection laws means the GDPR and other laws or regulations that apply to the processing of personal data.
data subject has the meaning given in the GDPR.
GDPR means the General Data Protection Regulation (EU 2016/679) or substantially equivalent laws enacted later in the UK.
KYB means Know Your Business.
KYC means Know Your Customer.
MOTO means mail order telephone order.
PCI DSS means the Payment Card Industry Data Security Standard.