1. Introduction
Welcome to The Payment Firm (TPF). The Payment Firm is an Electronic Money Institution developing easy-to-use customer-centric payment solutions with fair pricing. We are a e-money payments business offering services and solutions created for the user. We are an Financial Conduct Authority (FCA) regulated institution providing a wide range of e-money payment services to individuals, fintechs and businesses including: Cross border, Merchant services (acquiring, especially for the SMB), Card Issuing, Account to Account Payments, EMD Services, Real-time Onboarding.
We provide the technical and regulatory infrastructure for our users. We are licensed in the UK under the FCA for all activity within our business. Our holding company is in the United Kingdom.
Please read this privacy policy carefully as it contains important information on why we collect, store, use and share your personal information. It also explains your rights in relation to your personal information and how to contact us in the event you have a complaint.
We may not be the party who initially collected your personal information—please see Section 4. How your personal information is collected below for more information about how you can identify who initially collected your personal information.
If you provide personal information to us regarding other individuals, you agree: (a) to inform the individual about the content of this privacy policy; and (b) to obtain any legally-required consent for use of personal information about the individual in accordance with this privacy policy.
2. Key terms
In this privacy policy:
Personal information | means any information relating to an identified or identifiable individual |
We, us, our | means: The Payment firm limited, 15 St Helens Place, London, EC3A 6DQ |
You, your | means the individual to whom the personal information relates. |
3. Personal information we collect about you
The personal information we collect about you depends on the particular services we provide to you or which otherwise concern you. We may collect and use the following personal information about you:
General data | includes your name, date of birth, marital status, country of residence/citizenship and your relationships to other people |
Contact data | includes your address, telephone number and e-mail address |
Identification data | includes government issued identification numbers e.g. your national insurance number, passport number, driving licence number and other identifiers |
Fraud and sanctions related data | includes information obtained as a result of our investigations, e.g. carrying out checks of publicly available sources and information obtained from checks of fraud databases and sanctions lists such as relationships/close associations with politically exposed persons |
Education and employment-related data | includes your education, vocational and professional qualifications, employment status, job title, employment and educational history, disciplinary/grievance history and investigations into professional conduct and compliance with professional standards |
Financial data | includes credit and payment card numbers, bank account details, payment information, tax information, details of income and assets |
Credit assessment data | includes information received from credit agencies |
Authentication data | includes account log-in information, passwords and memorable data for accessing our services |
Telephone recordings and online chat transcripts | includes information obtained during recordings of telephone calls or online chats with our representatives |
Marketing and communication preferences, promotion entries and customer feedback | includes marketing and communication preferences, information relating to promotions, responses to surveys, complaints and details of your customer experience |
Device data | includes mobile device number, device type, operating system, browser, MAC address, IP address, location and account activity obtained through our use of cookies |
Criminal data | includes details of criminal convictions |
We collect and use this personal information for the purposes described in Section 5. Howand why we use your personal information below. If you do not provide personal informationwe ask for, it may delay or prevent us from providing services to you or which otherwiseconcern you.
4. How your personal information is collected
We collect personal information directly from you—in person, by email and/or via our website and platforms. However, we may also collect information from:
- third parties who provide you with services relating to e-money business;
- credit reference agencies;
- financial crime or fraud agencies, databases and sanctions lists;
- government agencies and regulatory bodies including the police and the courts;
- regulators who regulate how we operate including the Financial Conduct Authority;
- third parties who provide us with details of individuals who have expressed an interest in hearing about e-money products;
- third parties that help us maintain the accuracy of our data e.g. payment card providers who provide us with updated payment card details;
- other third party suppliers including lawyers and other professional service firms and sanctions checking service providers;
- data suppliers;
- publicly available sources including internet searches, news articles, online marketplaces and social media sites, apps and networks;
- providers of marketing and advertising services; and
- third parties in connection with any acquisition of a business by us.
5. How and why we use your personal information
Under data protection law we can only use your personal information if we have a lawful basis, including:
- to comply with our legal and regulatory obligations;
- for the performance of a contract with you or to take steps at your request before entering into a contract;
- for our legitimate interests or those of a third party; or
- where you have given consent.
A legitimate interest is when we have a business or commercial reason to use your personal information, so long as this is not overridden by your own rights and interests.
The table below explains what we use your personal information for and why.
What we use your personal information for | Our reasons and lawful basis |
---|---|
Communicating with you and others | To perform our contract with you or to take steps at your request before entering
into a contract
For our legitimate interests Compliance with a legal/regulatory obligation |
Providing services to you | To perform our contract with you or to take steps at your request before entering
into a contract
For our legitimate interests |
Managing third party relationships e.g. banks | To perform our contract with you or to take steps at your request before entering
into a contract
For our legitimate interests |
Preventing and detecting fraud against you or us | For our legitimate interest
Compliance with a legal/regulatory obligation |
Conducting checks to identify our customers and verify their identity
Screening for financial and other sanctions or embargoes Other activities necessary to comply with legal and regulatory obligations that apply to our business |
For our legitimate interests
Compliance with a legal/regulatory obligation |
To enforce legal rights or defend or undertake legal proceedings | Depending on the circumstances: - to comply with our legal and regulatory obligations; - in other cases, for our legitimate interests, i.e. to protect our business, interests and rights |
Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies | Compliance with a legal/regulatory obligation |
Ensuring business policies are adhered to, e.g. policies covering security | For our legitimate interests, i.e. to make sure we are following our own internal procedures so we can deliver the best service |
Operational reasons, such as improving efficiency, training and quality control | For our legitimate interests, i.e. to be as efficient as we can so we can deliver the best service |
Ensuring the confidentiality of commercially sensitive information | Depending on the circumstances: - for our legitimate interests, i.e. to protect trade secrets and other commercially valuable information; - to comply with our legal and regulatory obligations |
Statistical analysis to help us manage our business, e.g. in relation to our financial performance, customer base, service performance or other efficiency measures | For our legitimate interests, i.e. to be as efficient as we can so we can deliver the best service |
Preventing unauthorised access and modifications to systems | Depending on the circumstances: - for our legitimate interests, i.e. to prevent and detect criminal activity that could be damaging for you and/or us; - to comply with our legal and regulatory obligations |
Protecting the security of systems and data used to provide the services | To comply with our legal and regulatory obligations.
We may also use your personal information to ensure the security of systems and data to a standard that goes beyond our legal obligations, and in those cases our reasons are for our legitimate interests, i.e. to protect systems and data and to prevent and detect criminal activity that could be damaging for you and/or us |
Updating and enhancing customer records | Depending on the circumstances: - to perform our contract with you or to take steps at your request before entering into a contract; - to comply with our legal and regulatory obligations; - for our legitimate interests, e.g. making sure that we can keep in touch with our customers about our services |
Statutory returns | Compliance with a legal/regulatory obligation |
Ensuring safe working practices, staff administration and assessments | Depending on the circumstances: - to comply with our legal and regulatory obligations; - sfor our legitimate interests, e.g. to make sure we are following our own internal procedures and working efficiently so we can deliver the best service to you |
Marketing our services and those of selected third parties to: - existing and former customers; - third parties who have previously expressed an interest in our services; - third parties with whom we have had no previous dealings |
For our legitimate interests, i.e. to promote our business to existing and former customers |
To share your personal information with members of our group and third parties that
will or may take control or ownership of some or all of our business (and
professional advisors acting on our or their behalf) in connection with a
significant corporate transaction or restructuring, including a merger, acquisition,
asset sale, initial public offering or in the event of our insolvency.
In such cases information will be anonymised where possible and only shared where necessary |
Depending on the circumstances: - to comply with our legal and regulatory obligations; - in other cases, for our legitimate interests, i.e. to protect, realise or grow the value in our business and assets |
6. Whom we share your personal information with
In connection with Section 5. How and why we use your personal information above we will sometimes share your personal information with third parties including:
- third parties who provide you with services relating to a financial transactions;
- legal advisers, accountants, auditors, financial institutions and professional service firms who act on our or your behalf, or who represent a third-party claimant;
- data analysts and providers of data services who support us with developing our services and measuring the effectiveness of marketing;
- third parties that help us maintain the accuracy of our data;
- financial crime detection agencies, sanctions checking providers and third parties who maintain fraud detection databases or provide assistance with investigation in cases of suspected fraud;
- regulators who regulate how we operate, including the FCA.
- government agencies and regulatory bodies including the police;
- credit reference agencies;
- service providers, including those who help operate our IT and back office systems, and our information security controls, and card payment processors;
- research agencies and providers of market research services, including customer feedback surveys;
- providers of marketing and advertising services, including delivering and administering marketing, ensuring you receive marketing content that’s relevant to you and in accordance with your preferences and analysing marketing campaigns. These may include media agencies, fulfilment partners, social media and other online platforms and advertising technology companies. You can find further information about this in Section 10. Marketing below;
- third parties in connection with any sale, transfer or disposal of our business.
7. Where your personal information is held
Personal information may be held at our offices and those of our third party agencies,
service providers and representatives as described above in Section 6. Whom we share
your personal information with.
Some of these third parties may be based
outside of the UK. For more information, including
on how we safeguard your personal information when this happens, see below -
Section 10.Transferring your personal information internationally.
8. How long your personal information will be kept
We will not keep your personal information for longer than we need it for the purposes
explained in this privacy policy.
We also keep records—which may include personal information—to meet legal, regulatory, tax
or accounting needs. For example, we are required to retain an accurate record of your
dealings with us so we can respond to any complaints or challenges you or others might raise
later. We will also retain files if we reasonably believe there is a prospect of litigation.
The specific retention period for your personal information will depend on your relationship
with us and the reasons we hold your personal information.
If you would like more information about data retention, please contact us (see
Section 16. How to contact us below).
9. Marketing
We will use your personal information to send you updates about our services, including
exclusive offers, promotions or new services.
We have a legitimate interest in using your personal information for marketing purposes (see
Section 5. How and why we use your personal information above). This means
we do not usually need your consent to send you marketing information. If we change our
marketing approach in the future so that consent is needed, we will ask for this separately
and clearly.
You have the right to opt out of receiving marketing communications at any time by:
- contacting us (see Section 16. How to contact us below); or
- using the ‘unsubscribe’ link in emails.
We may ask you to confirm or update your marketing preferences if you ask us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.
10. Transferring your personal information internationally
Countries have different data protection laws, some of which may provide lower levels of
protection of privacy than the country in which you reside.
It is sometimes necessary for us to transfer your personal information internationally. In
those cases we will comply with applicable laws designed to ensure the privacy of your
personal information.
This might include transfers to countries that are recognised to provide adequate levels of
data protection for your personal information or putting appropriate contractual obligations
in place with the party to whom we are sending information.
11. Your rights
You have the following rights, which you can exercise free of charge:
Access | The right to be provided with a copy of your personal information |
Rectification | The right to require us to correct any mistakes in your personal information |
Erasure | The right to require us to delete your personal information in certain situations |
Restriction of processing | The right to require us to restrict processing of your personal information in certain circumstances, e.g. if you contest the accuracy of the data |
Data portability | The right to receive the personal information you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party in certain situations |
To object | The right to object: - at any time to your personal information being processed for direct marketing (including profiling); - in certain other situations to our continued processing of your personal information, e.g. processing carried out for the purpose of our legitimate interests unless there are compelling legitimate grounds for the processing to continue or the processing is required for the establishment, exercise or defence of legal claims |
Not to be subject to automated individual decision making | The right not to be subject to a decision based solely on automated processing
(including profiling) that produces legal effects concerning you or similarly
significantly affects you. This right does not apply if the decision is: - necessary for the purposes of a contract between us and you; - authorised by law (e.g. to prevent fraud); or - based on your explicit consent. You do however have a right to request human intervention, express your view and challenge the decision. |
The right to withdraw consent | If you have provided us with a consent to use your personal information you have a
right to withdraw that consent easily at any time. Withdrawing a consent will not affect the lawfulness of our use of your personal information in reliance on that consent before it was withdrawn. |
We may not always be able to do what you have asked. This is because your rights will not
always apply, e.g. if it would impact the duty of confidentiality we owe to others, or if
the law allows us to deal with your personal information in a different way. We will always
explain to you how we are dealing with your request. In some circumstances (such as the
right to erasure or withdrawal of consent), exercising a right might mean that we can no
longer provide our services to you.
If you would like to exercise any of the rights set out above, please contact us (see
Section 16. How to contact us
below).
12. Keeping your personal information secure
We have appropriate security measures to prevent personal information from being
accidentally lost, or used or accessed unlawfully. We limit access to your personal
information to those who have a genuine business need to access it. Those processing
your personal information will do so only in an authorised manner and are subject to a
duty of confidentiality.
We also have procedures to deal with any suspected data security breach. We will notify
you and any applicable regulator of a suspected data security breach where we are
legally required to do so.
13. Cookies
We use cookies and similar tracking technologies to track the activity on our website and platforms.
Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Other tracking technologies are also used such as beacons, tags and scripts to collect and track information and to improve and analyse our services.
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some of our services.
Examples of cookies we use include:
- session cookies: we use session cookies in the operation of our services;
- preference cookies: we use preference cookies to remember your preferences and various settings;
- security cookies: we use security cookies for security purposes;
- advertising cookies: we use advertising cookies to provide advertisements that may be relevant to you and your interests.
14. How to complain
Please contact us if you have any queries or concerns about our use of your personal information (see Section 16. How to contact us below). We hope we will be able to resolve any issues you may have.
You may also have a right to lodge a complaint with:
- in respect of The Payment Firm Limited, the UK Information Commissioner’s Office.
15. Changes to this privacy policy
This privacy policy was last updated on 24 August 2023 version 1.
We may change this privacy policy from time to time and so please check our website for the current version.
16. How to contact us
Our Data Protection Officer is Caroline J. Kerswell.
If you have any questions about this privacy policy, the information we hold about you, to exercise a right under data protection law or to make a complaint, you can contact us and/or our Data Protection Officer by email at complaints@thepayfirm.com