Privacy policy
Introduction
Ecommpay Limited and its group companies and affiliates (hereinafter – “Ecommpay” or “we”) understand that You are aware of and care about Your personal data protection, and we take that seriously. This Privacy Policy describes policies and practices regarding our collection and use of Your personal data, as well as sets forth Your privacy rights. We recognise that personal data protection is an ongoing responsibility, and we may from time to time update this Privacy Policy, as we undertake new personal data processing practices. We are fully dedicated to ensuring that our personal data processing practices are in line with the requirements of UK GDPR, Data Protection Act 2018, as well as GDPR.
“You” in this Privacy Policy may refer to a visitor of our Website (hereinafter – “Visitor”), a merchant, who intends to use or already uses our products or services, including any shareholders, beneficial owners, principals, directors, and staff members accessing our Website (hereinafter – “Merchant”), or a customer of a Merchant (hereinafter – “Customer”). “Visitor” may include “Merchant” and/or “Customer” where appropriate. We will do our best to clarify who we are referring to at various points in this Privacy Policy.
Information we may collect from you
Personal data:
- Information and documentation that You as a Visitor, Merchant or Customer provide by filling in the Application form or the Contact Us form available at https://ecommpay.com (hereinafter – the “Website”). Such information may include Your name, surname, e-mail address, telephone number and the name of Your company and other information which You provide;
- Information and documentation that You as a Merchant provide to us in order to conclude an agreement. Such information may include, but is not limited to, Your name, date of birth, home, work or other physical address, country, telephone number, e-mail address, company name, company number, current position, previous places of employment, education, passport or ID data; payment account number, information regarding the beneficial ownership in other companies;
- Information and documentation that You as a Visitor provide to us during the process of applying for a job vacancy. Such information may include Your name, date of birth, home address, country, telephone number, e-mail address, company name, current position, previous places of employment, education and other information which You provide;
- A record of correspondence / communication and/or the telephone call in the event You contact us. Such record may include Your name, surname, e-mail address, telephone number, name of Your company and other personal data You may disclose to us during such communication;
- Where You as a Merchant have been granted access to the Client Interface – details of Your visits, including, but not limited to, location data, weblogs, other communication data and the resources that are accessed by You;
- Where You as a Customer use the payment page in connection to our services in order to initiate a transaction and/or the Merchant initiates a transfer of funds to You – Your personal data, including, but not limited to, name, surname, e-mail address, telephone number, details of Your payment instrument, including, but not limited to, card number, card expiry date, CVC/CVV code, credit/financial institution and/or issuer details and information relating to the purchased products or services, including the location and time of the transaction;
- Information about You as a Customer or as a Merchant, which we receive from other sources, including, but not limited to, our business partners, service providers and subcontractors. Such information may include the data provided by the card organisations, payment service providers, credit reference agencies and other third parties, as well as publicly available information.
Other data:
- Browser and device data, for instance, IP address, operating system and browser type. This is statistical data about the Website users’ browsing actions and patterns and does not identify any individual;
- Cookie data, such as time spent on the Website, pages visited, language preferences, and other anonymous traffic data;
- Company data, such as a company’s name, product and service offerings, jurisdiction.
How we use personal data
We use Your personal data in order to provide our services/products to You, in the capacity of a Merchant, and to respectively conclude contracts and carry out our contractual obligations. In this regard, we rely on a contract entered into by You and Ecommpay as the valid ground for the processing of Your personal data.
We use Your personal data to enable You, in the capacity of a Customer, to make use of our services/products which we provide to the Merchant, e.g. make payments on the Merchant’s website. In this regard, we rely on the legitimate interests pursued by us.
We are also required by law to constantly carry out various activities for the prevention of fraud, money laundering and terrorism financing, as well as for compliance with other legal obligations. In this regard, we rely on the necessity to comply with legal obligations as the valid ground for the processing of Your personal data.
In addition, we process personal data in order to carry out various marketing activities and in this regard, we rely on Your consent as the valid ground for the processing of Your personal data.
Examples of how we may use Your personal data include:
- to provide You with information, products or services requested from us;
- to provide You with information, which we feel may interest You, provided that You have consented to be contacted for such purposes;
- to notify You about changes to our products or services;
- to process transactions/payments;
- to ensure that content from the Website is presented in the most effective manner and to keep our Website safe and secure;
- to allow You to use interactive features of our Website;
- to administer our Website;
- to verify Your identity for legal/regulatory compliance purposes;
- to conduct monitoring against any possible fraud, money laundering, terrorism financing or crime risks;
- to respond to Your inquiries and provide customer support;
- to conduct market research and carry out marketing activities.
How long we will keep your personal data
Use of services by minors
How we disclose personal data
- Our group companies. In order to provide our services/products, we share personal data with our group companies. Ecommpay Limited is the entity responsible for the general use of personal data by other group companies in relation to the services/products provided by Ecommpay Limited. Our group companies are responsible for the use of personal data in relation to the services provided respectively by them. This includes our partner ECOMMBX Ltd, with whom we may share data for the purpose of enabling service provision. You can get acquainted with the Privacy Statement of ECOMMBX Ltd here;
- Third-party financial institutions. This may include card organisations, payment systems and credit/financial institutions where You as a Merchant or a Customer maintain Your payment account or any other type of account;
- Credit reference agencies. We may share personal data with credit reference agencies to conduct credit checks and obtain credit reports;
- Third-party service providers. We disclose personal data to service providers only when it is necessary to ensure the provision of our services, including, but not limited to processing of payments/transactions.
- Third-parties in relation to transfer of business. For instance, if we sell any business or assets or merge with another business entity, it may be necessary to disclose personal data to the prospective business owners or partners.
- Our Merchants. We may disclose certain personal data, which you have provided to us or which we have received about you as a Customer, to the relevant Merchants, in order to assist them with carrying out their legal obligations or their obligations towards you as their Customer.
- Third-parties in relation to a legal obligation or if we are permitted to do so by law. In certain circumstances we may be under an obligation to disclose or share Your personal data with auditors, regulatory authorities or law enforcement bodies in order to comply with a legal obligation. We may also disclose personal data, if it is permitted by law, in order to enforce or apply the WEBSITE TERMS OF USE or other agreements or to protect our rights, property, customers or others.
Your personal data may be transferred to and processed at a destination outside the European Economic Area (hereinafter – “EEA”). It may also be processed by staff operating outside the EEA who work for us or one of our service providers. Where such transfers of personal data take place, we have concluded either Standard Contractual Clauses or other appropriate safeguards, in order to ensure that Your personal data is treated in a secure manner and in line with this Privacy Policy.
We have also concluded Standard Contractual Clauses with all our group companies and relevant service providers that are located in the EEA, to ensure safe data transfers from EEA to UK.
Your rights
- You are entitled to access Your personal data and receive information regarding Your personal data that we process. You can do so by either signing in to Your Client Interface account or by contacting us at dpo@ecommpay.com;
- You are entitled to rectify the information we have about You if it is inaccurate. You can do so by either signing in to Your Client Interface account or by contacting us at dpo@ecommpay.com;
- You are entitled to object to the processing of Your personal data; You have the right to revoke Your consent for processing of Your personal data for the marketing purposes. We will inform You (before collecting Your data) if we intend to use Your data for such purposes or if we intend to disclose Your information to any third party for such purposes;
- You may also request us to erase Your personal data or cease the processing of Your personal data. However, please note that this right may be subject to certain exemptions. Namely, in situations, where we are under a legal obligation to retain Your personal data, we will not be able to fulfil Your request and, in such an event, we will inform You accordingly;
- You may also request us to provide Your personal data to You or transmit it directly to another controller and we will comply with such request, provided that the personal data processing previously carried out by us was based on Your consent or was necessary for the performance of a contract and where it is technically feasible;
- You have the right to lodge a complaint to the Information Commissioners’ Office if You believe that we have not complied with the requirements of the General Data Protection Regulation with regard to Your personal data.
Cookies
Security
Ecommpay Limited complies with the Payment Card Industry Data Security Standard (PCI DSS). Ecommpay Ltd (Cyprus), a company within the Ecommpay group, is PCI DSS Level 1 certified. All information provided by You to us is stored on secure servers and we use appropriate organisational, technical and administrative measures to protect Your personal data. Once Your information is received, we use strict procedures and security features to prevent any unauthorised access. In accordance with the recommendations of the Payment Card Industry Security Standards Council, Customer card details are protected using Transport Layer encryption — TLS 1.2 and application layer with algorithm AES and key length 256 bit.
However, please note that no transmission of information via the internet is completely secure and no storage system is guaranteed to be entirely secure. If You have any reason to believe that Your interaction with us is no longer secure, please contact us immediately.
Changes to the privacy policy
We may change or update this Privacy Policy. Any changes we may make to this Privacy Policy in the future will be posted on the Website and any such changes will be effective starting from the date when we post the revised Privacy Policy.
We may provide You with notifications regarding the changes in the Privacy Policy by posting them on our Website.
Data protection officer
Contact
If You wish to contact us regarding this Privacy Policy, please use the e-mail address dpo@ecommpay.com or the following address:
Ecommpay LIMITED,
5th floor, Churchill House, 142-146 Old Street, London, EC1V 9BW