INTRODUCTION
Welcome to Eisen Pay privacy notice.
Eisen Pay respects your privacy and is committed to protecting your personal
data.
This privacy notice will inform you as to how we look after your personal
data when you
visit our website (regardless of where you visit it from) and tells you
about your privacy
rights and how the law protects you.
This privacy notice is provided in a layered format so you can click through
to the specific
areas set out below. Please also use the Glossary to understand the meaning
of some of the
terms used in this privacy notice.
- Important information and who we are
- Purpose of this privacy notice
This privacy notice aims to give you information on how Eisen Pay collects
and
processes personal data we collect from you or that you provide to us or
that we obtain from
third parties through your use of this website, through providing you with
our services in
accordance with our terms and conditions and when you make an application to
use of services
through the website or when you lodge a query through the website.
This website and our services are not intended for children and we do not
knowingly collect
data relating to children.
It is important that you read this privacy notice together with our terms of
service and any
other privacy notice or fair processing notice we may provide on specific
occasions when we
are collecting or processing personal data about you so that you are fully
aware of how and
why we are using your data. This privacy notice supplements the other
notices and is not
intended to override them.
Eisen Pay is the controller and responsible for your personal data
(collectively
referred to as “Eisen Pay“, “we“,
“us” or
“our” in this privacy notice).
We have appointed a data privacy manager who is responsible for overseeing
questions in
relation to this privacy notice. If you have any questions about this
privacy notice,
including any requests to exercise your legal rights, please contact the
data privacy
manager using the details set out below.
Our full details are:
| Full name of legal entity: |
Eisen Pay |
| Name or title of data privacy manager: |
Aditya Oberoi |
| Email address: |
dataprotection@eisenpay.com
|
| Postal address: |
111 Buckingham Palace Rd, Victoria, London, SW1W 0SR |
| Telephone number: |
+44 (0)749 123 9098 |
- Changes to the privacy notice and your duty to inform us of
changes
The data protection law in the UK will changed on 25 May 2018. Although this
privacy notice
sets out most of your rights under the new laws
It is important that the personal data we hold about you is accurate and
current. Please keep
us informed if your personal data changes during your relationship with us.
This website may include links to third-party websites, plug-ins and
applications. Clicking
on those links or enabling those connections may allow third parties to
collect or share
data about you. We do not control these third-party websites and are not
responsible for
their privacy statements. When you leave our website, we encourage you to
read the privacy
notice of every website you visit.
- The data we collect about you
Personal data, or personal information, means any information about an
individual from which
that person can be identified. It does not include data where the identity
has been removed
(anonymous data).
We may collect, use, store and transfer different kinds of personal data
about you which we
have grouped together as follows:
- Identity Data includes first name, maiden name,
last name,
username or similar identifier, marital status, title, date of birth and
gender.
- Contact Data includes billing address, delivery
address, email
address and telephone numbers.
- Financial Data includes Electronic Money Accounts
and payment card
details.
- Transaction Data includes details about payments
to and from you
and details of contracts you have entered into.
- Technical Data includes internet protocol (IP)
address, your login
data, browser type and version, time zone setting and location, browser
plug-in types
and versions, operating system and platform and other technology on the
devices you use
to access this website.
- Profile Data includes your username and
password,
preferences, feedback and survey responses.
- Usage Data includes information about how you use
our website,
products and services.
- Marketing and Communications Data includes your
preferences in
receiving marketing from us and our third parties and your communication
preferences.
We also collect, use and share Aggregated Data such as statistical or
demographic data for
any purpose. Aggregated Data may be derived from your personal data but is
not considered
personal data in law as this data does not directly or indirectly reveal
your identity. For
example, we may aggregate your Usage Data to calculate the percentage of
users accessing a
specific website feature. However, if we combine or connect Aggregated Data
with your
personal data so that it can directly or indirectly identify you, we treat
the combined data
as personal data which will be used in accordance with this privacy notice.
We do not collect any Special Categories of Personal Data about you (this
includes details
about your race or ethnicity, religious or philosophical beliefs, sex life,
sexual
orientation, political opinions, trade union membership, information about
your health and
genetic and biometric data). Nor do we collect any information about
criminal convictions
and offences.
If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a
contract we have with
you and you fail to provide that data when requested, we may not be able to
perform the
contract we have or are trying to enter into with you (for example, to
provide you with
goods or services). In this case, we may have to terminate the contract you
have with us but
we will notify you if this is the case at the time.
- How is your personal data collected?
-
- We use different methods to collect data from and about you
including through:
- Direct interactions. You may give us your
Identity, Contact,
Transaction and Financial Data by filling in forms or by corresponding
with us via our
website or API or by post, phone, email or otherwise. This includes
personal data you
provide when you:
-
- Automated technologies or interactions. As you
interact with our
website, we may automatically collect Technical Data about your
equipment, browsing
actions and patterns. We collect this personal data by using cookies,
server logs and
other similar technologies. We may also receive Technical Data about you
if you visit
other websites employing our cookies. Please see our cookie policy for
further details.
- Third parties or publicly available sources. We
may receive
personal data about you from various third parties and public sources as
set out below:
-
-
- Identity, Contact Transaction and Financial Data. Our
client who shares
your personal data with us so that (a) you can use our
services on their
behalf; and (b) they can pay money to you (for example,
your salary if
you are their employee or payment for goods and/or
services if you are
their supplier).
- Technical Data from the following parties:
- analytics providers such as Google based outside
the EU;
- advertising networks such as Google based
inside OR outside the
EU; and
- search information providers Google based
inside OR outside the
EU.
- Electronic Identity Verification providers from data brokers or
aggregators based
inside OR outside the EU.
- We may also record and verify personal identity documents such as
passports
electronically including screen grabs
- Identity and Contact Data from publicly availably sources such as
Companies House and
the Electoral Register based inside the EU.
- In order to provide contracted services, we may need verify details with
Credit
Reference agencies, anti-Fraud agencies, Sanction screening and
politically exposed
persons listings
- How we use your personal data
We will only use your personal data when the law allows us to. Most commonly,
we will use
your personal data in the following circumstances:
- where we need to perform the contract we are about to enter into or have
entered into
with you;
- where it is necessary for our legitimate interests (or those of a third
party) and your
interests and fundamental rights do not override those interests; and
- where we need to comply with a legal or regulatory obligation.
Please see paragraph 4.2 (purposes for which we will use your personal data)
to find out more
about the types of lawful basis that we will rely on to process your
personal data.
Generally, we do not rely on consent as a legal basis for processing your
personal data other
than in relation to sending third party direct marketing communications to
you via email or
text message. You have the right to withdraw consent to marketing at any
time by contacting
us.
- Purposes for which we will use your personal data
We have set out below, in a table format, a description of all the ways we
plan to use your
personal data, and which of the legal bases we rely on to do so. We have
also identified
what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground
depending on the
specific purpose for which we are using your data. Please contact
us if
you need details about the specific legal ground we are relying on to
process your personal
data where more than one ground has been set out in the table below.
| Purpose/Activity |
Type of data |
Lawful basis for processing including basis of
legitimate
interest |
| To register you or your employer / company as a new client |
(a) Identity
(b) Contact
|
Performance of a contract with your employer / company |
| To process and deliver the services including:
(a) Manage payments, fees and charges
(b) Collect and recover money owed to us
|
(a) Identity
(b) Contact
(c) Financial
(d) Transaction
(e) Marketing and Communications
|
(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to recover debts
due to us)
|
| To execute payments on your behalf (send money to
beneficiaries). |
(a) Identity
(b) Transaction
|
(a) Performance of a contract with you.
(b) Necessary for our legitimate interests (for running our
business,
provision of administration and IT services, network
security, to prevent
fraud and in the context of a business reorganisation or
group restructuring
exercise)
(c) Necessary to comply with a legal obligation including
Regulation (EU)
2015/847 on information accompanying transfers of funds
(commonly referred
to as the revised wire transfer regulation).
|
| To manage our relationship with you which will include:
(a) Notifying you about changes to our terms or privacy
policy
(b) Asking you to leave a review or take a survey
|
(a) Identity
(b) Contact
(c) Profile
(d) Marketing and Communications
|
(a) Performance of a contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to keep our
records updated and
to study how clients use our services)
|
| To enable you to partake in a prize draw, competition or
complete a survey |
(a) Identity
(b) Contact
(c) Profile
(d) Usage
(e) Marketing and Communications
|
(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to study how
clients use our
services, to develop them and grow our business)
|
| To administer and protect our business and this website
(including
troubleshooting, data analysis, testing, system maintenance,
support, reporting
and hosting of data) |
(a) Identity
(b) Contact
(c) Technical
|
(a) Necessary for our legitimate interests (for running our
business, provision
of administration and IT services, network security, to prevent
fraud and in the
context of a business reorganisation or group restructuring
exercise)
(b) Necessary to comply with a legal obligation
|
| To deliver relevant website content and advertisements to you
and measure or
understand the effectiveness of the advertising we serve to you
|
(a) Identity
(b) Contact
(c) Profile
(d) Usage
(e) Marketing and Communications
(f) Technical
|
Necessary for our legitimate interests (to study how clients use
our services,
to develop them, to grow our business and to inform our
marketing strategy) |
| To use data analytics to improve our website, products/services,
marketing,
client relationships and experiences |
(a) Technical
(b) Usage
|
Necessary for our legitimate interests (to define types of
clients for our
products and services, to keep our website updated and relevant,
to develop our
business and to inform our marketing strategy) |
| To make suggestions and recommendations to you about goods or
services that may
be of interest to you |
(a) Identity
(b) Contact
(c) Technical
(d) Usage
(e) Profile
|
Necessary for our legitimate interests (to develop our
products/services and
grow our business) |
We strive to provide you with choices regarding certain personal data uses,
particularly
around marketing and advertising. You have the right at any time to stop us
from contacting
you for marketing purposes. If you wish to exercise these rights you can do
so by selecting
your contact preferences at the point where you provide us with your
information on our
website or by contacting us (see contact information at paragraph 1.3
above). You can also
unsubscribe from any email marketing using the links provided in the emails
we send to you.
- Promotional offers from us
We may use your Identity, Contact, Technical, Usage and Profile Data to form
a view on what
we think you may want or need, or what may be of interest to you. This is
how we decide
which products, services and offers may be relevant for you (we call this
marketing).
We will get your express opt-in consent before we share your personal data
with any company
outside the Eisen Pay group of companies for marketing purposes.
You can set your browser to refuse all or some browser cookies, or to alert
you when websites
set or access cookies. If you disable or refuse cookies, please note that
some parts of this
website may become inaccessible or not function properly. For more
information about the
cookies we use, please see our cookie policy.
We will only use your personal data for the purposes for which we collected
or received it,
unless we reasonably consider that we need to use it for another reason and
that reason is
compatible with the original purpose. If you wish to get an explanation as
to how the
processing for the new purpose is compatible with the original purpose,
please contact us.
If we need to use your personal data for an unrelated purpose, we will notify
you and we will
explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or
consent, in
compliance with the above rules, where this is required or permitted by law.
- Disclosures of your personal data
- We may have to share your personal data with the parties set out below
for the purposes
set out in the table in paragraph 4.2 (purposes for which we will use
your personal
data) above.
-
- Internal Third Parties as set out in the paragraph 10
(Glossary).
- External Third Parties as set out in paragraph 10 (Glossary).
- Third parties to whom we may choose to sell, transfer, or merge
parts of our
business or our assets. Alternatively, we may seek to acquire
other businesses
or merge with them. If a change happens to our business, then
the new owners may
use your personal data in the same way as set out in this
privacy notice.
- We require all third parties to respect the security of your personal
data and to treat
it in accordance with the law. We do not allow our third-party service
providers to use
your personal data for their own purposes and only permit them to
process your personal
data for specified purposes and in accordance with our instructions.
- Some of our external third parties are based outside the European
Economic Area (EEA) so
their processing of your personal data will involve a transfer of data
outside the EEA.
- Whenever we transfer your personal data out of the EEA, we ensure a
similar degree of
protection is afforded to it by ensuring at least one of the following
safeguards is
implemented:
- We will only transfer your personal data to countries that have
been deemed to
provide an adequate level of protection for personal data by the
European
Commission. For further details, see European Commission:
Adequacy of the
protection of personal data in non-EU countries.
- Where we use certain service providers, we may use specific
contracts approved
by the European Commission which give personal data the same
protection it has
in Europe. For further details, see European Commission: Model
contracts for the
transfer of personal data to third countries.
- Where we use providers based in the US, we may transfer data to
them if they are
part of the Privacy Shield which requires them to provide
similar protection to
personal data shared between the Europe and the US. For further
details, see
European Commission: EU-US Privacy Shield.
- Please contact
us if you want further information on the specific
mechanism used
by us when transferring your personal data out of the EEA.
- We have put in place appropriate security measures to prevent your
personal data from
being accidentally lost, used or accessed in an unauthorised way,
altered or disclosed.
In addition, we limit access to your personal data to those employees,
agents,
contractors and other third parties who have a business need to know.
They will only
process your personal data on our instructions and they are subject to a
duty of
confidentiality.
- We have put in place procedures to deal with any suspected personal data
breach and will
notify you and any applicable regulator of a breach where we are legally
required to do
so.
- How long will you use my personal data for?
We will only retain your personal data for as long as necessary to fulfil the
purposes we
collected it for, including for the purposes of satisfying any legal,
accounting, or
reporting requirements.
To determine the appropriate retention period for personal data, we consider
the amount,
nature, and sensitivity of the personal data, the potential risk of harm
from unauthorised
use or disclosure of your personal data, the purposes for which we process
your personal
data and whether we can achieve those purposes through other means, and the
applicable legal
requirements.
By law we have to keep basic information (including Contact, Identity,
Financial and
Transaction Data) about our clients, their directors, partners and ultimate
beneficial
owners and payees for five years after they cease being clients for the
purpose of
compliance with the Money Laundering, Terrorist Financing and Transfer of
Funds (Information
on the Payer) Regulations 2017.
In some circumstances you can ask us to delete your data: see “Request
erasure”
below for further information.
In some circumstances we may anonymise your personal data (so that it can no
longer be
associated with you) for research or statistical purposes in which case we
may use this
information indefinitely without further notice to you.
- Under certain circumstances, you have the following rights under data
protection laws in
relation to your personal data:
- Request access to your personal data.
- Request correction of your personal data.
- Request erasure of your personal data.
- Object to processing of your personal data.
- Request restriction of processing your personal data.
- Request transfer of your personal data.
- Right to withdraw consent.
Paragraph 11 provides more detail about these rights.
If you wish to exercise any of the rights set out above, please contact
us.
You will not have to pay a fee to access your personal data (or to exercise
any of the other
rights). However, we may charge a reasonable fee if your request is clearly
unfounded,
repetitive or excessive. Alternatively, we may refuse to comply with your
request in these
circumstances.
- What we may need from you
We may need to request specific information from you to help us confirm your
identity and
ensure your right to access your personal data (or to exercise any of your
other rights).
This is a security measure to ensure that personal data is not disclosed to
any person who
has no right to receive it. We may also contact you to ask you for further
information in
relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally
it may take us
longer than a month if your request is particularly complex or you have made
a number of
requests. In this case, we will notify you and keep you updated.
LAWFUL BASIS
Legitimate Interest means the interest of our business
in conducting
and managing our business to enable us to give you the best service/product
and the best and
most secure experience. We make sure we consider and balance any potential
impact on you
(both positive and negative) and your rights before we process your personal
data for our
legitimate interests. We do not use your personal data for activities where
our interests
are overridden by the impact on you (unless we have your consent or are
otherwise required
or permitted to by law). You can obtain further information about how we
assess our
legitimate interests against any potential impact on you in respect of
specific activities
by contacting
us.
Performance of Contract means processing your data
where it is
necessary for the performance of a contract to which you are a party or to
take steps at
your request before entering into such a contract.
Comply with a legal or regulatory obligation means
processing your personal
data where it is necessary for compliance with a legal or regulatory
obligation that we are
subject to.
THIRD PARTIES
Internal Third Parties
Eisen Pay Systems UAB is a wholly owned subsidiary of Eisen Pay which
provides payment
processing services to Eisen Pay
External Third Parties
- Agreement Express Inc (https://agreementexpress.com/)
who act as a
processor for applications received through the website and are based in
the United
Kingdom;
- “Act-On Software Inc” (https://www.act-on.com/) who
act as a
processor for enquiries received through the website and are based in
the United States;
- Our banking providers and their compliance auditors who require access
to your personal
data to ensure that we and they are complying with each of our
regulatory obligations;
- Other payment service providers and intermediaries to comply with the
Wire Transfer
Regulations;
- Other service providers acting as payment processors based within the
UK, EEA, Canada
and the USA who provide IT and system administration services;
- Professional advisers acting as processors or joint controllers
including lawyers,
bankers, auditors and insurers based within the UK, EEA, Canada and the
USA who provide
consultancy, banking, legal, insurance and accounting services; and
- The Financial Conduct Authority and HM Revenue Customs, regulators and
other authorities
acting as processors or joint controllers based in the United Kingdom
who require
reporting of processing activities in certain circumstances.
- The Central Bank of the Republic of Lithuania and the Department of
Finance of the
Republic of Lithuania in relation to the provision of SEPA transfers.
- Your legal rights (further information)
You have the right to:
Request access to your personal data (commonly known as
a “data subject
access request”). This enables you to receive a copy of the personal data we
hold about you
and to check that we are lawfully processing it.
Request correction of the personal data that we hold about
you. This enables
you to have any incomplete or inaccurate data we hold about you corrected,
though we may
need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to
ask us to delete
or remove personal data where there is no good reason for us continuing to
process it. You
also have the right to ask us to delete or remove your personal data where
you have
successfully exercised your right to object to processing (see below), where
we may have
processed your information unlawfully or where we are required to erase your
personal data
to comply with local law. Note, however, that we may not always be able to
comply with your
request of erasure for specific legal reasons which will be notified to you,
if applicable,
at the time of your request.
Object to processing of your personal data where we are relying on a
legitimate
interest (or those of a third party) and there is
something about your
particular situation which makes you want to object to processing on this
ground as you feel
it impacts on your fundamental rights and freedoms. You also have the right
to object where
we are processing your personal data for direct marketing purposes. In some
cases, we may
demonstrate that we have compelling legitimate grounds to process your
information which
override your rights and freedoms.
Request restriction of processing of your personal
data. This enables
you to ask us to suspend the processing of your personal data in the
following scenarios:
(a) if you want us to establish the data’s accuracy; (b) where our use of
the data is
unlawful but you do not want us to erase it; (c) where you need us to hold
the data even if
we no longer require it as you need it to establish, exercise or defend
legal claims; or (d)
you have objected to our use of your data but we need to verify whether we
have overriding
legitimate grounds to use it.
Request the transfer of your personal data to you or to a third
party. We
will provide to you, or a third party you have chosen, your personal data in
a structured,
commonly used, machine-readable format. Note that this right only applies to
automated
information which you initially provided consent for us to use or where we
used the
information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to
process your personal
data. However, this will not affect the lawfulness of any
processing carried
out before you withdraw your consent. If you withdraw your consent, we may
not be able to
provide certain products or services to you. We will advise you if this is
the case at the
time you withdraw your consent.
