• the website features and services provided to you when you visit our websites;
• when you apply to use and/or use our products and services (including any loyalty or reward schemes, whether points-based or otherwise (‘Loyalty’));
• email, other electronic messages including SMS, telephone, web chat, website and other communications between you and us.
Together these are all referred to in this policy as “Services”.
Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. By accessing and using the Services, you consent to the collection, use and transfer of your information as set out in this Policy. Contact details are provided at the end of this Policy, for feedback or any privacy enquiries you may have.
INFORMATION WE MAY COLLECT FROM YOU
We may collect and process personal and non-personal information collected from you.
Personal and non-personal information
Collecting your information
We collect the following information:
Information you give us: we receive and store any information including personal and financial information you provide to us including when you enquire of the Services; register to use and/or use any Services; upload and/or store information with us using the Services; and when you communicate with us through email, SMS, a website, or the telephone or other electronic means. Such information may include your name, email address, telephone number, username, password or […].
Information we collect about you: We receive and store certain information whenever you interact with us; for example by way of “cookies” or similar technology. We also obtain certain information when your web browser accesses the Services or advertisements and other content provided by or on behalf of us on other web sites, or when clicking on emails including:
• Technical information, including the Internet protocol (IP) address used to connect your computer or device to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system platform;
• Information about your visit or whether you opened an email, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products or services you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs) and methods used to browse away from the site page and any phone number used to call our customer service number.
Please also refer to our Cookies Policy, below, for more information and see the separate Cookies section of this policy, also below. Where cookies are set, information about individual cookies is specific to the email/website and can be obtained directly from links in such emails/websites. Otherwise, please use the Contact Us link.
Email and Other Communications: we may receive information about you and your use of the Services when we communicate with each other, including when you open messages from us and from the use of electronic identifiers (sometimes known as ‘device fingerprints’), including IP addresses or telephone numbers.
Information from Other Sources: we may share or receive information about you with or from other sources, including when you use any of the other websites we operate or other services we provide. We also work with third parties (including, for example, business partners, advertising networks, analytics providers and search information providers) and may receive information about you from them or provide such information to them.
USES MADE OF THE INFORMATION
Your information (as above) will include information about you and your interactions with us. If you give us information, including sensitive personal information, about yourself or other people, you agree (and confirm that the person the information is about has agreed) that we can use this information in the way set out in this Policy.
We may use and share your information with other companies within our group, its directors, employees, professional advisors, sub-contractors and third party service providers to help us and them:
• Provide our Services to you;
• To improve and develop our business, including to optimise our websites and services;
• To provide you with the information and services you have requested or we think may be of interest to you;
o record and track details of interactions you make by using the Services;
o analyse and report on your use of any Loyalty service;
o facilitate the collection or redemption of any points or other rewards currency in respect of any Loyalty programme;
o manage any circumstances where transactions, rewards or points are disputed; or
o manage, investigate and resolve complaints.
• To prevent, detect and prosecute fraud or crime or to assist others in doing so;
• To mitigate information security risk;
• To obtain your views on our services and our website/s;
• To notify you about important changes or developments to our website or our services;
• To understand our customers’ requirements, perform analysis and comparisons, create profiles and create marketing opportunities (including how you use our services and to better align our services and marketing offers to your interests); this may include the aggregation and sharing of non-personal information to facilitate cross-industry analysis, customer-level insight and usage;
• To send you information we believe you would find interesting including marketing and promotional materials; by post, email, telephone, SMS text or other means, including electronic means. You can object to marketing at any time, as explained below;
• To develop and test products and services;
• To comply with local and national laws and requests from law enforcement and regulatory authorities or other third parties for the purposes of preventing, detecting and/or prosecuting financial crime; and
• In respect of marketing, market research and similar activities, we may use your personal information for such purposes whether or not you are accepted as or continue to receive the Services. If you no longer wish to receive marketing or promotional information from us, please let us know via the Contact Us section.
DISCLOSURE OF YOUR INFORMATION
We do not disclose information which could identify you personally, to anyone except as described in this Policy, including
• Within our group of companies.
• Third Party Service Providers: suppliers who assist us with the provision of the Services, including managing risk, marketing, market research and survey activities carried out on our behalf;
• Where we are required or permitted to do so by law: we may be required by law to pass information about you to regulatory authorities and law enforcement bodies worldwide, or we may otherwise determine that it is appropriate or necessary to do so. Such disclosures may also include requests from governmental or public authorities, or with commercial organisations with whom you may have had dealings and whom are seeking to mitigate fraud risk, or for the purposes of litigation or legal process, national security or where we deem it in the national or public interest or otherwise lawful to do so;
• Business transfers: We may buy or sell business units or affiliates. In such circumstances, we may transfer customer information as a business asset. If our business enters into a joint venture with or is sold to or merged with another business entity, your information may be disclosed to our new business partners or owners; and
• With your permission: Your information may also be used for other purposes for which you give your specific permission, or when required by law or where permitted under the terms of the UK’s Data Protection Act 1998 or the laws of any relevant jurisdiction. Except where permitted as stated, we do not sell, rent, share or otherwise disclose personal information about our customers to third parties for commercial purposes.
Monitoring: We may monitor or record telephone calls, emails, web chat or other communications with you for regulatory, security, customer services or training purposes. When visiting our offices, CCTV, access control systems and/or other monitoring systems may be in operation.
Social networking and media: We may review and use public comments and opinions made on social networking sites (e.g. Facebook and Twitter) to better understand our customers and our provision and development of the Services.
WHERE WE STORE YOUR PERSONAL DATA AND DATA SECURITY
The information that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or one of our suppliers. Such staff may be engaged in, among other things, support services in provision of the Services. By submitting personal data, you agree to such transfer, storing and processing. Where such staff are acting on our behalf we will take all steps reasonably necessary to ensure that your personal information is treated securely and in accordance with this Policy; including the use of any adequacy mechanisms required by law to ensure the transfer is lawful. We generally use ‘model clauses’ as approved by the European Commission when sending data to third parties outside of the EEA
Once you are no longer a customer, we will retain your personal information for a reasonable period, or as otherwise allowed or required by law. Further details are available on request.
We have implemented measures designed to secure your personal information from accidental loss and from unauthorised access, use, alteration and disclosure.
The safety and security of your information is also dependent upon you. If we have given you (or if you have chosen) a password or access code for access to certain parts of our website, you are responsible for keeping this password and/or access code confidential.
You must not share your password and/or access code with anyone. You must ensure that there is no unauthorised use of your password and access code. You authorise us to act upon instructions and information received from any person that enters your user id and password and you agree to be fully responsible for all use and any actions that may take place during the use of your account. You also agree to promptly notify us of any information you have provided to us which has changed.
The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your information transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
You may have certain rights under data protection legislation including the right to see the personal information held about you and you may ask us to make any necessary changes to ensure that it is accurate and up to date. If you would like a copy of the personal information we hold about you, please see the Contact Us section. There is a £10 fee in the UK, fees for other jurisdictions (where applicable) are available on request. Where applicable, data protection legislation may also provide the following rights in relation to personal information and which can also be facilitated or discussed with us by using the Contact Us section below:
• Prevent processing where it may cause damage or distress;
• To complain to the relevant Data Protection Authority;
• Commence Court action to claim compensation for damage or distress caused by our failure to comply with data protection legislation;
• To require manual re-assessment of certain automated decision-making processes;
• Object to automatic processing;
• Prevent direct marketing;
• The right to withdraw consent to certain aspects of our processing, particularly for direct marketing;
• The right to require us to rectify inaccurate or incomplete personal information.
For the UK, the above rights are set out in the Data Protection Act 1998 and such rights are generally applicable across EU member states. The laws of other territories applicable to your dealings with us may also be relevant (and may also impact the above rights) and any such rights can also be progressed via the Contact Us section below.
LEGAL BASIS FOR PROCESSING
We will only process your personal information where we have lawful authority to do so. Such laws are different across different territories and further specific information is available on request. In general, we will either process:
• on the basis of your consent, including where consent is requested ‘as a condition of business’;
• where necessary for the performance of any contract we have with you;
• where we have a legitimate interest to process data, subject to such processing not overriding your own rights and freedoms in objecting to such processing;
• where required by law or similar rule.
Our websites (and some emails) use “cookies” and other technologies, which store small amounts of information on your computer or device, to allow certain information from your web browser to be collected. Cookies (and similar technologies) are widely used on the internet and allow a website to recognise a user’s device, without uniquely identifying the individual person using the computer. These technologies help to make it easier for you to log on and use the site, provide feedback to us as to which parts of the website you visit (or whether particular emails have been read), so we can assess the effectiveness of the site or communication and provide a better user experience.
‘Do Not Track’ Signals – some web browsers may send out ‘do not track’ signals. But there is no industry standard currently in place as to what websites and other online services should do on receipt of such signals. Should such a standard be developed, we will re-visit our policy, but we currently take no action on receipt of such signals.
For more information about cookies (and similar technologies), including how to see what cookies have been set and how to manage, block and delete them, see www.allaboutcookies.org and our Cookies Policy.
Our site may, from time to time, contain links to and from the websites of our advertisers and affiliates. If you follow such a link, please note that these websites have their own privacy and cookies policies and we do not accept any responsibility or liability for these third party websites.
This Policy is global in scope, but is not intended to override any legal rights in any territory where such rights prevail. In such event, the rights and obligations set out in this policy will apply, subject only to amendment under any applicable local law having precedence.
All comments, queries and requests relating to our use of your information are welcomed. If you wish to exercise any of your rights or receive further information, you should write to the address below, marked FAO Privacy Department or Contact Us.
Our Group Privacy Officer is as stated below and can be contacted via Contact Us or at the address below:
Mr Derek A Wynne
Digital Payments Europe Limited, 27th Floor, 25 Canada Square, London, E17 4AU
This Policy was last revised on 24 November 2016.