Paysme Limited incorporated and registered in United Kingdom under company registration number 07435577 and the registered office of which is at Rise London, 41 Luke Street, London EC2A 4DP (“Our company” or “we” or “Paysme”) recognises the importance of your privacy. We carry out our activities in line with the applicable data protection regulation including the EU General Data Protection Regulation (“GDPR”) and other related laws.
1. Personal Data We Collect
We collect and process your personal data such as:
· identity information including your name, surname, photo of the identity document, citizenship, date and place of birth, age, gender, passport or other identity documents such as UK full photocard driving license, UK provisional photocard driving license or EU member state National ID photocard,
· contact information including your phone number and e-mail address,
· location information including your address and current location,
· visual and biometric information including your photo and video,
· legal transaction information including whether you have capacity to enter into legally binding contracts,
· customer transaction information including live chat messages, transactional information and payment details,
· financial and payment information including your IBAN number, bank account and other necessary data for processing payments and fraud prevention and other related billing information.
Unless specifically requested, we ask you to not send us, and not disclose, on or through the Services or otherwise to us, any Sensitive Personal Data (e.g. racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric, data concerning health or data concerning a natural person's sex life or sexual orientation).
2. Collection Method of Your Personal Data
We collect your personal data in a number of ways, including:
· directly from you via e-mail, telephone, mobile application, SMS, printed form and/or other electronic devices.
· from publicly available sources of information,
· from our own records of how you use Paysme services
3. Use of Your Personal Data
We collect, hold, use and disclose your personal data for the purposes including to:
· process your registration by verifying your identification,
· provide you with a better and more personalized level of service,
· review your requests, suggestions and complaints regarding our service,
· set up your bank accounts such as E-Wallets,
· enable you to transfer money and make other transactions,
· send you marketing communications and promotional offers (including push notifications), as well as periodic customer satisfaction, market research or quality assurance surveys,
· identify and resolve errors, problems or bugs in our products and services,
· fulfil contractual obligations to you and anyone involved in the process,
· meet legal and regulatory requirements including compliance with applicable law, respond to requests from public and government authorities, including authorities outside your country of residence and to meet national security or law enforcement requirements.
We collect and process your personal data on the following bases which are stated in Article 6(1) of the GDPR:
to comply with our contractual obligation (for example, providing you with our service), to comply with our legal obligations as well as to keep records of our compliance processes and tax records, because of our company’s legitimate interests which include the provision of our mobile application and/or relevant services, provided always that our legitimate interests are not outweighed by any prejudice or harm your rights and freedoms, to establish, exercise or defend our legal claims before the courts, arbitrations, authorized data protection authorities or similar legal proceedings, · because you have explicitly given us your consent to process your personal data in that manner.
We collect and process your special categories of personal data on the following bases which are stated in Article 9(2) of the GDPR:
· because you have explicitly given us your consent to process your personal data in that manner (for example, in order to verify our users, we process their biometric data),
· because processing is necessary for our company to establish, exercise or defend our legal claims before the courts, arbitrations, authorized data protection authorities or similar legal proceedings.
We will only provide you with marketing related information after you have, where legally required to do so, opted in to receive those communications and having provided the opportunity for you to opt out at any time.
4. Disclosure of Your Personal Data
We disclose your personal data
· with our team members, other Paysme users, company executives, representatives, suppliers, service providers, business partners and solution partners for the purposes specified in Section 3,
· with government and regulatory authorities and other organizations to meet legal and regulatory requirements, or to protect or defend our rights or property in accordance with applicable laws.
For the compliance with GDPR, we ensure that our suppliers and business or solution partners whether they are located outside the EEA or not, takes appropriate technical and organizational security measures in accordance with applicable data protection laws and use it solely for the purposes specified by us.
5. Your Rights
If you are from the European Economic Area or in certain countries, you are also entitled (with some exceptions and restrictions) to:
· Access: You have the right to request information about how we process your personal data and to obtain a copy of that personal data.
· Rectification: You have the right to request the rectification of inaccurate personal data about you and for any incomplete personal information about you to be completed.
· Objection: You have the right to object to the processing of your personal information, which is based on our legitimate interests (as described above).
· Deletion: You can delete your account by using the corresponding functionality directly on the service.
· Automated decision-making: You have the right to object a decision made about you that is based solely on automated processing if that decision produces legal or similarly significant effects concerning you.
· Restriction: You have the right to ask us to restrict our processing of your personal data, so that we no longer process that personal data until the restriction is lifted.
· Portability: You have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format and to have that personal data transmitted to another organization in certain circumstances.
· Complaint: You have a right to lodge a complaint with the authorized data protection authority if you have concerns about how we process your personal data. The data protection authority you can lodge a complaint with notably may be that of your habitual residence, where you work or where we are established.
You may, at any time, exercise any of the above rights, by contacting us via firstname.lastname@example.org together with a proof of your identity, i.e. a copy of your ID card, or passport, or any other valid identifying document.
In some cases, we may not be able to give you access to your personal data that we hold, if making such a disclosure would breach our legal obligations to our other customers or if prevented by any applicable law or regulation.
6. Right to Withdraw Consent
If you have provided your consent to the collection, processing and transfer of your personal data, you have the right to fully or partly withdraw your consent. To withdraw your consent please follow the opt-out links on any marketing message sent to you or contact us via email@example.com
Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there are compelling legitimate grounds for further processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
7. Collection of Children’s Personal Data
We attach great importance of protecting children’s privacy. Therefore, we make an effort to not collect personal data of any children under the age of 16. If you have any concerns about your child’s privacy with respect to our services, or if you believe that your child may have provided his/her personal data to us, please contact us using the details provided below. We ensure to delete such personal data from our records immediately.
8. Security of Your Personal Data
We take appropriate and reasonable technical and organizational measures to protect your personal data from loss, misuse, unauthorized access, disclosure, alteration, and destruction, taking into account the risks involved in the processing and the nature of the personal data. Such technical and organizational measures include:
· Ensuring network security and application security,
· Using closed system network for personal data transfers via network,
· Implementing security measures with regard to supply, development and maintenance of information systems,
· Ensuring security of personal data stored in the cloud,
· Having disciplinary regulations that contain data security provisions for our team members,
· Providing regular trainings and awareness-raising activities on data security to our team members,
· Creating authorization matrix for our team members,
· Regular recording of access logs,
· Preparing and implementing corporate policies on access, information security, usage, retention and disposal,
· Making confidentiality commitments,
· Blocking the authority of the team members who have changed or left their jobs,
· Using current anti-virus systems,
· Using firewalls,
· Having data security provisions in the agreements signed,
· Determining personal data security policies and procedures,
· Reporting personal data security issues immediately,
· Monitoring personal data security,
· Implementing necessary security measures for the entries and exits of environments containing personal data,
· Providing the security of physical environments containing personal data against external risks (fire, flood, etc.),
· Providing the security environments containing personal data,
· Ensuring data minimisation when possible,
· Backing up personal data and providing the security of such back-ups,
· Implementing and monitoring user account management and authorization control system,
· Making or having made (by third parties) internal periodic or/and random audits,
· Keeping log records without user intervention,
· Determining current risk and threats,
· Determining and implementing protocols and procedures for special categories of personal data,
· Using secure encryption/cryptographic keys for special categories of personal data and having such keys,
· Using attack detection and prevention systems,
· Performing penetration testing,
· Implementing cyber security measures and monitoring such measures consistently,
· Using encryption,
· Encrypting special categories of personal data transferred on USB, CD, DVD,
· Making periodic audits of data processing service providers on data security,
· Raising awareness of data processing service providers on data security,
· Using data loss prevention software.
9. Retention of Your Personal Data
We will only retain your personal data for as long as necessary to fulfil our collection purposes, including for the purposes of satisfying any legal, accounting, or reporting requirements, and where required for our company to provide services, until the end of the relevant retention period. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. Upon expiry of the applicable retention period, we will securely delete, destroy or anonymise your personal data in accordance with applicable laws and regulations.
We reserve the right to update and change this Policy from time to time in order to reflect any changes to the way in which we process your personal data or changing legal requirements. Any changes we may make to our Policy in the future will be posted on this page and, where appropriate, notified to you by e-mail or push notification. Please check back frequently to see any updates or changes to our Policy.
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.
We use the following cookies:
· Strictly necessary: These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website.
· Analytical/performance: They allow us to recognise and count the number of visitors to our website and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily. This is statistical information and does not identify any individual.
· Functionality: These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
· Targeting: These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
If you wish, you can set your browser to notify you before you receive a cookie so you have the chance to accept it and you can also set your browser to refuse to receive or send all cookies. The website www.allaboutcookies.org (run by the Interactive Marketing Bureau) contains step-by-step guidance on how cookies can be switched off by users. Please be aware that if you do not accept cookies our website may not function correctly.
You block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.
12. Contact us