1.1. At E-comprocessing, a division of emerchantpay ltd., 29 Howard Street, North Shields, Tyne And Wear, NE30 1AR, United Kingdom, England, (“ECP”, “our”, “us” or “we”), we regard the fair and lawful treatment of personal information as a critical factor in the success of our operations and a key to the maintenance of the confidence that exists between those with whom we deal and ourselves. We, therefore, acknowledge our legal obligations under the General data protection regulation (GDPR) and endorse its requirements.
2. Data collection
2.2. We may also require other identification information if you send or receive certain high-value transactions or high overall payment volumes through our services or as is otherwise required in order for us to comply with our anti-money laundering and counter-terrorism financing obligations under the respectively applicable laws.
2.3. We therefore collect three types of data:
A. Information that you voluntarily provide
We collect personal data when you provide it to us:
- information that you provide by filling in forms on our website, which includes information provided at the time of registering to use our website, subscribing to our newsletter, and reporting a problem;
- information provided via electronic means of communication, i.e. when you contact us, we may keep a record of our correspondence;
- information regarding an enquiry from you about our products or services;
- information that you provide in the context of your job application.
B. Information that you voluntarily provide
- information received by one of emerchantpay group members;
- information received by the card associations, credit reference agencies, fraud prevention agencies, government and law enforcement agencies;
- information received via public sources like company registers and filings.
C. Information collected from your computer or your electronic device by our website
As with most websites, the following non-personal data is routinely collected during visits to our website and use of our online resources. This information may include the name of your internet service provider (IP address), the website that directed you to our website, browser and/or device type, date, time and length of your visit. This information cannot be used to personally identify visitors. When collecting and processing your IP address, the latter will be fully anonymised right after collection by deleting the last three figures. That way we are no longer able to identify you as a person. We will delete the IP address within no more than 12 months.
|Strictly necessary cookies||Strictly necessary cookies are first-party session cookies that are essential in order to enable you to move around this website and use its features. Without these cookies services you have asked for cannot be provided. They are used to store a unique identifier to manage and identify you as unique to other users currently viewing the website, in order to provide you with a consistent and accurate service. These cookies will not be used to gather information that could be used for marketing purposes or to remember your preferences or ID outside a single session.|
|Performance cookies||The performance cookies are first-party session or persistent cookies. These cookies collect information about how you, as a visitor, use this website, for instance which pages you go to most often, and if you get error messages from web pages. These cookies don’t collect information that identifies you. All information these cookies collect is aggregated and, therefore, anonymous. It is only used to improve how our website works. Within this category we use Google Analytics [cookie names: _ga, _gid, _gat] and Piwik Analytics [cookie names: _pk_id, pk_ref and _pk_ses].|
|Functionality cookies||These cookies remember choices you make to improve your experience. The functionality cookies are first-party session or persistent cookies. These cookies allow this website to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise. They may also be used to provide services you have asked for such as watching a video or commenting on a blog. The information these cookies collect may be anonymised and they cannot track your browsing activity on other websites. Some of these cookies provide the technology behind our “live chat” system. Within this category we use WordPress Multilingual Plugin [cookie names: _icl_current_language, wpml_referer_url and __zlcmid].|
3. Use of personal information
3.1. We collect, store and process your personal information as described hereunder, primarily to provide you with safe, smooth, efficient, and customised experience, and specifically, for the following business-related purposes:
- Account setup and administration. Your personal information is required to set up and manage your account, provide technical and customer support, verify your identity, and send important account and service information.
- Provision of products and services. To ensure our customers are genuine and that we are paid for the products and services we provide, we use your personal information for identification and verification purposes, i.e. to confirm your identity and conduct appropriate due diligence checks.
- Contractual obligations. We need your personal information in order to carry out our obligations arising from any contracts entered into between you and us.
- Surveys and polls. If you participate in a survey or a poll, the information you provide to us may be used for market and historical research purposes.
- Job applications. If you wish to apply for an advertised vacancy, we need your personal information in order to administer the recruitment process.
- Legal obligations. We may be required to collect and retain personal information about you for legal and compliance reasons, i.e. to manage risk, or to detect, prevent, and/or remediate fraud or other potentially illegal or prohibited activities.
3.2. Consistent with our commitment to protect your personal data, we only conduct such processing where a valid lawful basis exists. In particular, we use your personal data in line with our contractual and/or legal obligation, or when we have a legitimate interest. Where our reason for processing is based on your consent, you may withdraw that consent at any time.
4. Security of personal information
4.1. We are committed to make sure your information is protected. Once we receive your information, we use various security features and strict procedures, taking into account industry standards, to ensure the privacy and confidentiality of data and personally identifiable information. We maintain physical, technical and administrative safeguards that comply with regulatory requirements. Specifically, we use a combination of firewall barriers, data encryption techniques and authentication procedures to prevent unauthorised access to your data and to our systems. We also enforce physical access controls to our buildings and files. We test our systems regularly and also contract with outside companies to audit and test our security systems and processes.
4.2. We authorise access to your personal data only for those employees who require it to fulfil their job responsibilities and provide benefits, goods or services to you. We educate our employees about the importance of confidentiality and maintaining the privacy and security of personal data.
4.3. Our security procedures are constantly revised based on new technological developments in order to ensure the highest level of protection of your personal information. However, there are also a number of things that you can help with. We encourage you to use a strong password and make sure it is not the same one for all your accounts. You may not share it with anyone. Our representatives will never ask you for your password, so any e-mail or other communication containing such request should be treated as unauthorised or suspicious and forwarded to email@example.com.
5. Data storage and retention
We take appropriate technical and organisational measures, both at the time of the design of the processing system and at the time of the processing itself, in order to maintain security and prevent unauthorised processing. We adhere to internationally recognised security standards and our information security management system has been independently certified as complying with the requirements of ISO/IEC 27001:2013 and PCI DSS Level 1.
Your personal information will be retained by our company for as long as is necessary for the specific purpose or purposes for which it was collected, unless a longer retention period is required or permitted by law. When we no longer need personal information, we securely delete or destroy it.
6. Disclosure of information to third parties
6.1. In order to provide our services, some of the information we collect may be required to be disclosed to our subsidiaries and affiliates or other entities within our organisation. As a payment service provider, we work with numerous third parties in order to perform our operations in the most efficient way. We may therefore disclose personal information to those entities in order to respond to your requests or inquiries, or when necessary to fulfil the services they provide to us such as software, system, and platform support, cloud hosting services, etc.
6.2. We may also share personal information when we are required to comply with legal obligations and respond to requests from government agencies. This includes exchanging data with other organisations for the purpose of fraud prevention and anti-money laundering measures.
6.3. We may share your personal information if we believe it’s reasonably necessary to protect the rights, property and safety of our company or its customers.
6.4. We do not collect or compile personal information for dissemination, rent or sale to external parties for their marketing purposes without your explicit consent.
7. Links to other websites
8. Cross border transfers of data
8.1. We are committed to adequately protecting your personal information regardless of where it resides and to providing appropriate safeguards for your data where the latter is transferred to recipients located outside of the EEA.
8.2. With respect to transfers originating from the EEA to the U.S., we only contract with companies that have signed up to the EU-U.S. Privacy Shield.
9. Rights of data subjects
9.1. Whenever we process your personal data, we take reasonable steps to ensure that it is kept accurate and up to date for the purposes for which it was collected. With respect to the information related to you that ends up in our possession, and recognising that it is your choice to provide it to us, we commit to giving you the ability to do all of the following:
- Right to be informed. You have the right to be informed about the processing (collection and use) of your personal data.
- Right to access. You have the right to obtain confirmation whether or not we are processing personal data about you. You may also request information about: the purpose of the processing; the categories of personal data concerned; who else within our group might have received the data; and how long it will be stored.
- Right to correction. You have the right to review and amend the record of personal data maintained by us if you believe it may be out of date or inaccurate.
- Right to “be forgotten”. You may request that we erase your personal data if such processing is not reasonably required for a legitimate business purpose as described in this policy or our compliance with law.
- Right to restrict processing. You have the right to restrict the processing of your personal data, e.g. to limit the way that we use your data.
- Right to portability. When technically feasible, we will, upon request, provide your personal data to you or transmit it directly to another data controller.
- Right to opt-out. You can opt-out of receiving electronic marketing materials from us at any time. This can be done through your account settings, by clicking the “unsubscribe” link in any email communications which we might send to you, or by contacting our DPO. Please note that this might take a few days.
- Right to withdraw consent. You are entitled to withdraw your consent to the processing of your data.
- Right to complaint. You have the right to lodge a complaint with the appropriate supervisory authority if you have concerns about how we process your personal data.
9.2. Reasonable access to your personal data will be provided at no cost within a month upon receiving your request to the DPO at firstname.lastname@example.org. If access cannot be provided within the aforementioned time frame, we will provide you with the exact date when the information will be provided.
9.3. We reserve the right to charge you a GBP10.00 fee for administrative costs if your requests are manifestly unfounded or excessive, in particular because of their repetitive character. In accordance with our security procedures we may occasionally request proof of identity before we disclose personal information to you.
9.4. Please bear in mind that there may be legal or other reasons why we cannot, or are not obliged to, fulfil a request to exercise your rights. We will confirm what they are if that is the case.
10. Data protection officer and complaints handling