Privacy Policy

1. Background

1.1. At E-comprocessing, a division of emerchantpay ltd., 29 Howard Street, North Shields, Tyne And Wear, NE30 1AR, United Kingdom, England, (“ECP”, “our”, “us” or “we”), we regard the fair and lawful treatment of personal information as a critical factor in the success of our operations and a key to the maintenance of the confidence that exists between those with whom we deal and ourselves. We, therefore, acknowledge our legal obligations under the General data protection regulation (GDPR) and endorse its requirements.

1.2. We understand that you are aware of and care about your personal privacy interests, and we take that seriously. “You” in this policy means the private individual who is using or otherwise requesting to use the products and services offered by us either on his/her own account or on behalf of a legal entity. This Privacy Policy defines our approach regarding the collection and use of your personal data and sets forth your privacy rights.

1.3. From time to time, we may develop new or offer additional services, so we may update this Privacy Policy accordingly. We recommend that you download or print a copy of this Privacy Policy and store it for your records and future reference.

2. Data collection

2.1. In accordance with the applicable laws and regulations, we only collect and process a limited amount of data, including personal information, about you that is necessary to perform our business operations and provide you with our products and services. Personal information as used in the context of this Privacy Policy, applies to any information that identifies or that can be used to identify you as a private individual, such as your name, mobile phone number, email address, date of birth, and possible further information for the purpose of responding to your request or delivering a specific product or service.

2.2. We may also require other identification information if you send or receive certain high-value transactions or high overall payment volumes through our services or as is otherwise required in order for us to comply with our anti-money laundering and counter-terrorism financing obligations under the respectively applicable laws.

2.3. We therefore collect three types of data:

A. Information that you voluntarily provide

We collect personal data when you provide it to us:

  • information that you provide by filling in forms on our website, which includes information provided at the time of registering to use our website, subscribing to our newsletter, and reporting a problem;
  • information provided via electronic means of communication, i.e. when you contact us, we may keep a record of our correspondence;
  • information regarding an enquiry from you about our products or services;
  • information that you provide in the context of your job application.

B. Information that you voluntarily provide

  • information received by one of emerchantpay group members;
  • information received by the card associations, credit reference agencies, fraud prevention agencies, government and law enforcement agencies;
  • information received via public sources like company registers and filings.

C. Information collected from your computer or your electronic device by our website

As with most websites, the following non-personal data is routinely collected during visits to our website and use of our online resources. This information may include the name of your internet service provider (IP address), the website that directed you to our website, browser and/or device type, date, time and length of your visit. This information cannot be used to personally identify visitors. When collecting and processing your IP address, the latter will be fully anonymised right after collection by deleting the last three figures. That way we are no longer able to identify you as a person. We will delete the IP address within no more than 12 months.

Information collected through the use of cookies

Our website uses cookies. Cookies are text files containing small amounts of information which are downloaded to your device when you visit this website. Cookies are then sent back to this website on each subsequent visit allowing this website to recognise your device. Cookies are typically assigned to one of three categories, depending on their function and intended purpose:

Cookie type Purpose
Strictly necessary cookies Strictly necessary cookies are first-party session cookies that are essential in order to enable you to move around this website and use its features. Without these cookies services you have asked for cannot be provided. They are used to store a unique identifier to manage and identify you as unique to other users currently viewing the website, in order to provide you with a consistent and accurate service. These cookies will not be used to gather information that could be used for marketing purposes or to remember your preferences or ID outside a single session.
Performance cookies The performance cookies are first-party session or persistent cookies. These cookies collect information about how you, as a visitor, use this website, for instance which pages you go to most often, and if you get error messages from web pages. These cookies don’t collect information that identifies you. All information these cookies collect is aggregated and, therefore, anonymous. It is only used to improve how our website works. Within this category we use Google Analytics [cookie names: _ga, _gid, _gat] and Piwik Analytics [cookie names: _pk_id, pk_ref and _pk_ses].
Functionality cookies These cookies remember choices you make to improve your experience. The functionality cookies are first-party session or persistent cookies. These cookies allow this website to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise. They may also be used to provide services you have asked for such as watching a video or commenting on a blog. The information these cookies collect may be anonymised and they cannot track your browsing activity on other websites. Some of these cookies provide the technology behind our “live chat” system. Within this category we use WordPress Multilingual Plugin [cookie names: _icl_current_language, wpml_referer_url and __zlcmid].

We do not use cookies to collect information about your browsing habits in order to make advertising relevant to you and your interests (so called “targeting cookies” or “advertising cookies”). However, you can, at all times, manage website cookies in your browser settingsand change these settings by accepting, rejecting, or deleting cookies. For more information, please visit our Cookie Policy.

3. Use of personal information

3.1. We collect, store and process your personal information as described hereunder, primarily to provide you with safe, smooth, efficient, and customised experience, and specifically, for the following business-related purposes:

  • Account setup and administration. Your personal information is required to set up and manage your account, provide technical and customer support, verify your identity, and send important account and service information.
  • Provision of products and services. To ensure our customers are genuine and that we are paid for the products and services we provide, we use your personal information for identification and verification purposes, i.e. to confirm your identity and conduct appropriate due diligence checks.
  • Contractual obligations. We need your personal information in order to carry out our obligations arising from any contracts entered into between you and us.
  • Surveys and polls. If you participate in a survey or a poll, the information you provide to us may be used for market and historical research purposes.
  • Email alerts. Where you have explicitly consented, we use your personal data to provide you with information about our products and services, to inform you about important changes to this Privacy Policy or other relevant business news.
  • Job applications. If you wish to apply for an advertised vacancy, we need your personal information in order to administer the recruitment process.
  • Legal obligations. We may be required to collect and retain personal information about you for legal and compliance reasons, i.e. to manage risk, or to detect, prevent, and/or remediate fraud or other potentially illegal or prohibited activities.

3.2. Consistent with our commitment to protect your personal data, we only conduct such processing where a valid lawful basis exists. In particular, we use your personal data in line with our contractual and/or legal obligation, or when we have a legitimate interest. Where our reason for processing is based on your consent, you may withdraw that consent at any time.

4. Security of personal information

4.1. We are committed to make sure your information is protected. Once we receive your information, we use various security features and strict procedures, taking into account industry standards, to ensure the privacy and confidentiality of data and personally identifiable information. We maintain physical, technical and administrative safeguards that comply with regulatory requirements. Specifically, we use a combination of firewall barriers, data encryption techniques and authentication procedures to prevent unauthorised access to your data and to our systems. We also enforce physical access controls to our buildings and files. We test our systems regularly and also contract with outside companies to audit and test our security systems and processes.

4.2. We authorise access to your personal data only for those employees who require it to fulfil their job responsibilities and provide benefits, goods or services to you. We educate our employees about the importance of confidentiality and maintaining the privacy and security of personal data.

4.3. Our security procedures are constantly revised based on new technological developments in order to ensure the highest level of protection of your personal information. However, there are also a number of things that you can help with. We encourage you to use a strong password and make sure it is not the same one for all your accounts. You may not share it with anyone. Our representatives will never ask you for your password, so any e-mail or other communication containing such request should be treated as unauthorised or suspicious and forwarded to dpo@e-comprocessing.com.

5. Data storage and retention

We take appropriate technical and organisational measures, both at the time of the design of the processing system and at the time of the processing itself, in order to maintain security and prevent unauthorised processing. We adhere to internationally recognised security standards and our information security management system has been independently certified as complying with the requirements of ISO/IEC 27001:2013 and PCI DSS Level 1.

Your personal information will be retained by our company for as long as is necessary for the specific purpose or purposes for which it was collected, unless a longer retention period is required or permitted by law. When we no longer need personal information, we securely delete or destroy it.

6. Disclosure of information to third parties

6.1. In order to provide our services, some of the information we collect may be required to be disclosed to our subsidiaries and affiliates or other entities within our organisation. As a payment service provider, we work with numerous third parties in order to perform our operations in the most efficient way. We may therefore disclose personal information to those entities in order to respond to your requests or inquiries, or when necessary to fulfil the services they provide to us such as software, system, and platform support, cloud hosting services, etc.

6.2. We may also share personal information when we are required to comply with legal obligations and respond to requests from government agencies. This includes exchanging data with other organisations for the purpose of fraud prevention and anti-money laundering measures.

6.3. We may share your personal information if we believe it’s reasonably necessary to protect the rights, property and safety of our company or its customers.

6.4. We do not collect or compile personal information for dissemination, rent or sale to external parties for their marketing purposes without your explicit consent.

7. Links to other websites

7.1. Please be aware that this Privacy Policy does not cover the privacy policies of other websites, even if you accessed them using links within our website. Whilst we try to link only to websites that share our high standards and respect for privacy, we are not responsible for the security and privacy of any information collected by these third parties.

7.2. We recommend that you check the Privacy Policy of each third-party website that you visit to determine their use of your personal data.

8. Cross border transfers of data

8.1. We are committed to adequately protecting your personal information regardless of where it resides and to providing appropriate safeguards for your data where the latter is transferred to recipients located outside of the EEA.

8.2. With respect to transfers originating from the EEA to the U.S., we only contract with companies that have signed up to the EU-U.S. Privacy Shield.

9. Rights of data subjects

9.1. Whenever we process your personal data, we take reasonable steps to ensure that it is kept accurate and up to date for the purposes for which it was collected. With respect to the information related to you that ends up in our possession, and recognising that it is your choice to provide it to us, we commit to giving you the ability to do all of the following:

  • Right to be informed. You have the right to be informed about the processing (collection and use) of your personal data.
  • Right to access. You have the right to obtain confirmation whether or not we are processing personal data about you. You may also request information about: the purpose of the processing; the categories of personal data concerned; who else within our group might have received the data; and how long it will be stored.
  • Right to correction. You have the right to review and amend the record of personal data maintained by us if you believe it may be out of date or inaccurate.
  • Right to “be forgotten”. You may request that we erase your personal data if such processing is not reasonably required for a legitimate business purpose as described in this policy or our compliance with law.
  • Right to restrict processing. You have the right to restrict the processing of your personal data, e.g. to limit the way that we use your data.
  • Right to portability. When technically feasible, we will, upon request, provide your personal data to you or transmit it directly to another data controller.
  • Right to opt-out. You can opt-out of receiving electronic marketing materials from us at any time. This can be done through your account settings, by clicking the “unsubscribe” link in any email communications which we might send to you, or by contacting our DPO. Please note that this might take a few days.
  • Right to withdraw consent. You are entitled to withdraw your consent to the processing of your data.
  • Right to complaint. You have the right to lodge a complaint with the appropriate supervisory authority if you have concerns about how we process your personal data.

9.2. Reasonable access to your personal data will be provided at no cost within a month upon receiving your request to the DPO at dpo@e-comprocessing.com. If access cannot be provided within the aforementioned time frame, we will provide you with the exact date when the information will be provided.

9.3. We reserve the right to charge you a GBP10.00 fee for administrative costs if your requests are manifestly unfounded or excessive, in particular because of their repetitive character. In accordance with our security procedures we may occasionally request proof of identity before we disclose personal information to you.

9.4. Please bear in mind that there may be legal or other reasons why we cannot, or are not obliged to, fulfil a request to exercise your rights. We will confirm what they are if that is the case.

10. Data protection officer and complaints handling

10.1. We understand that you may have questions or requests regarding this Privacy Policy or your personal information. The latter are welcomed and should be addressed to our Data protection officer at dpo@e-comprocessing.com.

11. Modifications

11.1. We will only use your personal information in the manner described in this Privacy Policy effective at the time the information was collected. However, we keep this Privacy Policy under regular review and in case of any revisions, the latter will be promptly communicated on this page.

11.2. We encourage you to periodically review this page to be informed about any changes in how we are protecting your personal data. This Privacy Policy was last updated on May 25th, 2018.