Get a quote

Privacy Policy

Version 2.0 (September 2020)

About us

We are Paymentsense Ireland Limited. Our registered office address is 9 Clare Street, Dublin 2 and our company number is 542166.

We are committed to protecting and respecting your privacy.

At Paymentsense, we understand that your privacy is very important and we are committed to safeguarding the privacy of all our visitors.

Our Privacy Policy, which is set out below, explains how we will look after the information, including personal data, that we collect from you or that you provide to us and what we will do with it. Nothing in this Privacy Policy limits your legal rights in relation to your personal data.

When you visit the website or use any of our applications or provide information to us via the website or any of our applications, you are accepting and consenting to our processing of your information in accordance with this Privacy Policy, our Cookie Policy, our Terms of Use and any other contract we may have with you including, without limitation, a Merchant Services Agreement. If you do not agree to the terms set out in these terms and policies, we do not give you permission to use the website or any of our applications and you must cease to do so immediately.

Please read each of the following sections carefully to understand our views and practices regarding your personal data. Reading this Privacy Policy will allow you to make informed decisions regarding your personal data.

Please contact us if you have any questions about this Privacy Policy or the information we hold about you:

 

What is personal data?

"Personal Data", means any information about you that could be used to help identify you. The term "Personal Data" is defined more fully in Article 9 of the General Data Protection Regulation (Regulation (EU) 2016/679) ("GDPR")), which you can read here. Examples of Personal Data may include: names, addresses, phone numbers, but also computer log data and other types of electronic IDs (for example, your IP address) in so far as they can be associated with a physical person.

How is Personal Data processed?

Processing of Personal Data occurs whenever any action is taken in relation to that Personal Data, regardless of whether the action is automated or not. Some common examples of processing include collection, organisation, storing and deletion.

Does this Privacy Policy cover all our processing activities?

Processing of Personal Data occurs whenever any action is taken in relation to that Personal Data, regardless of whether the action is automated or not. Some common examples of processing include collection, organisation, storing and deletion.

In relation to whom is Paymentsense a data controller?

Merchants (customers that are sole traders/individuals)

For the purposes of data protection we consider a physical person (as opposed to a company) that is a sole trader or individual and who registers for/uses our services or buys products from us (such as a card reader) to be a "Merchant". We will process Personal Data from a Merchant when they:

 

In addition, the following information will also be collected automatically from Merchants:

 

Executives, directors, beneficial owners and authorised signatories of corporate customers

If a customer is not a sole trader or individual (i.e. they are a company), or a business has a beneficial owner of some kind, we will process information (as data controller) about the company or business. The information we process may include Personal Data about the individuals involved with that company or business. We may process Personal Data from executives, directors, beneficial owners and authorised signatories of customers when they:

 

 

Customer Representatives

 

Customers and potential customers sometimes use a representative when communicating with us via our website or otherwise. We will process Personal Data from a customer representative when they:

 

 

In addition, the following information will also be collected automatically from customer representatives:

 

 

End-customers

 

When a customer of a Merchant chooses to pay using one of our payment gateways or when a customer requests a receipt for the services provided by any of our Merchants we will process Personal Data regarding that "End customer".

 

Individuals contacting our customer support team or Paymentsense generally via email, phone, online chat or any other communication channel.

 

For existing customers visiting our website or using our applications, we will, in our role as data collector, process a variety of information including location data, the identity of the device used to access the website, behaviour patterns, IP address, cookie identifiers and personal preferences.

 

In addition, Personal Data will be processed by us when someone telephones us, uses our website, uses our applications or otherwise contacts us through one of the available channels. As a result, an individual who is not a customer will also have their Personal Data processed. For example we may process Personal Data from an individual when they:

 

 

In addition, the following information will also be collected automatically from the relevant individual:

 

 

What information do we collect from you, for what purposes and on what legal basis?

In the case of a Merchant we will collect and process the following information:

 

Category of personal data

Non-exhaustive examples of personal data from each category

Account identification information

Merchant ID number, passwords and equivalent account security information

Contact details

Name, address, phone numbers, email

Financial information

Bank details, transaction history, credit history and credit score, information relevant to invoices issued by us to a merchant

Information required to be obtained and kept by law

Information required for customer identification and verification (e.g. government issued IDs)

Technical and behavioural tracking data

IP address, location data, pages viewed on our website or applications, whether email communications (including embedded links within them) are opened, cookie identifiers, the types of devices you are using to access or connect to our applications, unique device IDs, device attributes, network connection type and provider, network and device performance, browser type, operating system, and application version

 

 

The purpose and legal basis for processing the Personal Data outlined above will be:

 

 

Purpose of processing the personal data

Legal basis for processing the personal data

To administer any account or registration you may have with us

●        To fulfil our contractual agreement with you

●        To comply with applicable law

●        To pursue our legitimate interests

To carry out our obligations arising from any contracts entered into between you and us

●        To fulfil our contractual agreement with you

●        To comply with applicable law

●        To pursue our legitimate interests

To provide you with the products and services that you request from us

●        To fulfil our contractual agreement with you

●        To comply with applicable law

●        To pursue our legitimate interests

To administer your participation in any competitions or prize draws we may run from time to time

●        To pursue our legitimate interests

To provide you with our newsletter, if you have subscribed to receive it, and any other information that you request from us from time to time

●        To pursue our legitimate interests

To communicate with you (via the use of surveys or by other means) about any comments, queries or feedback you might have about us, our website or our applications

●        To fulfil our contractual agreement with you

●        To pursue our legitimate interests

For publication on our website (for example, in connection with your listing or advertisement or for review or testimonial purposes), but only if you have either provided it to us for that purpose or if you have consented to this

●        To pursue our legitimate interests

●        When you have provided consent

To enable you to participate in interactive features of our website or our applications, when you choose to do so

●        To fulfil our contractual agreement with you

●        To pursue our legitimate interests

To ensure that content on our website or in our applications is presented in the most effective manner for you and for your computer

●        To fulfil our contractual agreement with you

●        To pursue our legitimate interests

To provide you with information about products and services we offer that we feel may interest you by post, telephone, SMS, email or via in-application notifications

●        To pursue our legitimate interests

●        Where we are required by law to obtain your consent to provide this information, we will obtain your consent. If consent is not required we will provide you an option to opt-out of receiving this information each time that we send information to you

To administer our site and applications and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes

●        To pursue our legitimate interests

To keep our website or our applications safe and secure

●        To fulfil our contractual agreement with you

●        To comply with applicable law

●        To pursue our legitimate interests

To measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you

●        To pursue our legitimate interests

To make suggestions and recommendations to you and other users of our website and our applications about goods or services that may interest you or them

●        To pursue our legitimate interests

To verify your identity as well as your personal and contact information

●        To fulfil our contractual agreement with you

●        To comply with applicable law

●        To pursue our legitimate interests

To record and prove that transactions have been executed

●        To fulfil our contractual agreement with you

●        To comply with applicable law

●        To pursue our legitimate interests

To initiate, exercise and defend any legal claim or collection procedure

●        To fulfil our contractual agreement with you

●        To comply with applicable law

●        To pursue our legitimate interests

To comply with internal compliance procedures

●        To comply with applicable law

●        To pursue our legitimate interests

To prevent misuse of our services

●        To comply with applicable law

●        To pursue our legitimate interests

To carry out risk management and fraud prevention processes

●        To fulfil our contractual agreement with you

●        To comply with applicable law

●        To pursue our legitimate interests

To comply with applicable “Know Your Customer” (“KYC”), “Anti-Money Laundering” (“AML”), book-keeping and capital adequacy laws and to report to tax authorities and other relevant law enforcement agencies

●        To comply with applicable law

●        To pursue our legitimate interests

To communicate with you in relation to our services

●        To fulfil our contractual agreement with you

●        To pursue our legitimate interests

 

 

In the case of a party that is an End-customer we will collect and process the following information:

 

 

Category of personal data

Non-exhaustive examples of personal data from each category

Contact details

Name, address, phone numbers, email

Financial information

Card details, Transaction history

Information required to be obtained and kept by law

Book-keeping relevant information

Technical and behavioural tracking data

IP address, location data, pages viewed on our website or applications, whether email communications (including embedded links within them) are opened, cookie identifiers

 

 

The purpose and legal basis for processing the Personal Data outlined above will be:

 

 

Purpose of processing the personal data

Legal basis for processing the personal data

To process a payment made by the end-customer via a card or through the use of any method that we offer from time to time.

●        To comply with applicable law

●        To pursue our legitimate interests

To ensure that the payment transaction is carried out in a secure manner, mitigating the risk of fraud and other criminal acts.

●        To comply with applicable law

●        To pursue our legitimate interests

To enable the merchant to fulfil the end-customer’s order and mitigate the risk of fraud and other criminal activities. The personal data will also be processed when handling potential complaints and disputes.

●        To comply with applicable law

●        To pursue our legitimate interests

To provide a receipt to an end-customer. We will only use the end-customer’s email address or mobile number to send receipts and will not use or share the contact details for any other purpose unless we obtain the end-customer’s consent in writing, or inform the end-customer prior to processing for a new purpose or for a purpose that is compatible with the purpose for which initially we collected the personal data.

●        To comply with applicable law

●        To pursue our legitimate interests

 

 

In the case of individuals contacting our customer support team or Paymentsense generally, via email, telephone, online chat, SMS or any other communication channel, we will collect and process the following information from:

 

 

Category of personal data

Non-exhaustive examples of personal data from each category

Contact details

Name, address, phone numbers, email

Technical and behavioural tracking data

IP address, location data, pages viewed on our website, whether email communications (including embedded links within them) are opened, cookie identifiers, the types of devices you are using to access or connect to our applications, unique device IDs, device attributes, network connection type and provider, network and device performance, browser type, operating system, and application version

 

The purpose and legal basis for processing the personal data outlined above will be:

 

Purpose of processing the personal data

Legal basis for processing the personal data

To administer our site and applications and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes

●        To pursue our legitimate interests

To verify your identity as well as your personal and contact information

●        To comply with applicable law

●        To pursue our legitimate interests

To provide and market services and products to the individual

●        To pursue our legitimate interests

●        When you have provided consent

To respond to the individual and provide any support that is required

●        To pursue our legitimate interests

To communicate with you in relation to our services

●        To pursue our legitimate interests

●        When you have provided consent

 

 

In the case of an executive, director, beneficial owner or authorised signatory of a corporate customer that communicates with us we will collect and process the following information:

 

 

Category of personal data

Non-exhaustive examples of personal data from each category

Account identification information

Merchant ID number, passwords and equivalent account security information

Contact details

Name, address, phone numbers, email

Information required to be obtained and kept by law

Information required for customer identification and verification (e.g. government issued IDs)

Technical and behavioural tracking data

IP address, location data, pages viewed on our website, whether email communications (including embedded links within them) are opened, cookie identifiers, the types of devices you are using to access or connect to our applications, unique device IDs, device attributes, network connection type and provider, network and device performance, browser type, operating system, and application version

 

The purpose and legal basis for processing the Personal Data outlined above will be:

 

Purpose of processing the personal data

Legal basis for processing the personal data

To administer our site and applications and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes

●        To pursue the legitimate interests of Paymentsense

To provide you with our newsletter, if you have subscribed to receive it, and any other information that you request from us from time to time

●        To pursue the legitimate interests of Paymentsense

To communicate with you (via the use of surveys or by other means) about any comments, queries or feedback you might have about us, our website or our applications

●        To pursue the legitimate interests of Paymentsense

To keep the website and our applications safe and secure

●        To comply with applicable law

●        To pursue the legitimate interests of Paymentsense

To verify your identity as well as your personal and contact information

●        To comply with applicable law

●        To pursue the legitimate interests of Paymentsense

To initiate, exercise and defend any legal claim or collection procedure

●        To comply with applicable law

●        To pursue the legitimate interests of Paymentsense

To make suggestions and recommendations to you and other users of our website and our applications about goods or services that may interest you or them;

●        To pursue the legitimate interests of Paymentsense

To provide you with information about products and services we offer that we feel may interest you by post, telephone, SMS, email or via in-application notifications;

 

●        To pursue the legitimate interests of Paymentsense

●        Where we are required by law to obtain your consent to provide this information, we will obtain your consent. If consent is not required we will provide you an option to opt-out of receiving this information each time that we send information to you.

 

To comply with internal compliance procedures

●        To comply with applicable law

●        To pursue the legitimate interests of Paymentsense

To prevent misuse of Paymentsense’s services

●        To comply with applicable law

●        To pursue the legitimate interests of Paymentsense

To carry out risk management and fraud prevention processes

●        To comply with applicable law

●        To pursue the legitimate interests of Paymentsense

To comply with applicable KYB/KYC, AML, book-keeping and capital adequacy laws and to report to tax authorities and other relevant law enforcement agencies

●        To comply with applicable law

●        To pursue the legitimate interests of Paymentsense

To communicate with you in relation to our services

●        To pursue the legitimate interests of Paymentsense

●        When you have provided consent

 

 

Collecting Personal Data from third parties

 

In order to ensure that the services we provide are secure and efficient we process Personal Data from selected third parties. These third-party sources (and the categories of information) include:

 

Category of third-party

Category of personal data

Credit rating agencies

●        Financial information

●        Information required to be obtained and kept by law

Fraud detection agencies

●        Information required to be obtained and kept by law

Financial institutions such as banks and card networks

●        Financial information

●        Information required to be obtained and kept by law

Tax authorities

●        Information required to be obtained and kept by law

Publicly available registries maintained by or on behalf of national authorities

●        Contact details

●        Information required to be obtained and kept by law

Companies in the same corporate group as Paymentsense

●        Contact details

 

Please feel free to contact us if you have a question as to which specific third parties we process Personal Data from in a given circumstance.

 

 

 

Sharing Personal Data with third parties

 

We currently share Personal Data with the following named third parties for the following purposes:

 

 

Third-party name

Why we share personal data with them

Ingenico

Dispatch terminal to our customers

Spire

Dispatch terminal to our customers

Lantec

Dispatch terminal to our customers and arrange an engineer installation

HMRC

personal data for payment of PAYE, student loan deductions, tax code notices and related matters

ONS (Office of National Statistics)

Sharing of corporate data, staff numbers, payroll totals

Adobe Sign

Adobe makes contracts that we autofill with our customer's data and Adobe sends the contracts to our customer's email addresses

Talkdesk

Provides contact centre software to us. This allows us to answer, transfer, monitor and record customer calls

Sysnet

Provides service to our customers to help them become Payment Card Industry compliant. This includes phone based support, filling out questionnaires and related matters

CIFAS

Background checks as part of regulatory and other requirements

Experian

Background checks as part of regulatory and other requirements

UKPR

Dispatch till rolls to our customers

Epay

Provide mobile phone card top up service for our customers

AI Corp

Provide ecommerce and MOTO payment services

GoCardless

To set up direct debit payments for our services

Lloyds Bank plc

Personal banking details for the purpose of making payroll related payments and expense reimbursement. Corporate credits in the name of staff

HSBC Bank plc

Personal banking details for the purpose of making payroll related payments and expense reimbursement. Corporate credits in the name of staff

Amex

Corporate credit cards which are held in the name of senior staff in the business

Pure Print

To provide printed materials to our sales agents, customers and partners

Jaden Press

To provide printed materials to our sales agents, customers and partners

UKPR

To provide printed materials to our sales agents, customers and partners

PHD Mail

To provide printed materials to our sales agents, customers and partners

Colour Company

To provide printed materials to our sales agents, customers and partners and Provides our customers with a bag to return terminals to us

Emarsys

An email service provider that enables us to provide marketing and transactional emails to our customers, partners and prospects

Mail Chimp

An email service provider that enables us to provide marketing and transactional emails to our customers, partners and prospects

Reward Gateway

Provides a rewards platform offered to our customers

Golley Slater

Provides telephony support for partners

Google

Enhanced targeting/exclusions from advertising

Linkedin

Enhanced targeting/exclusions from advertising

Facebook

Enhanced targeting/exclusions from advertising

Twitter

Enhanced targeting/exclusions from advertising

Microsoft

Enhanced targeting/exclusions from advertising

ResponseTap

Provides call tracking, call recording and campaign measurement through the allocation of bespoke phone numbers

Contis

Provides Gift Card services to our customers

TransUnion (whose policy is available at www.transunion.co.uk/legal-information/privacy-centre )

 

Provides background checks as part of
regulatory and other requirements

Emailage

Provides risk scoring services in relation to our customers

Cifas (whose fair processing notice is available at www.cifas.org.uk/fpn)

Fraud protection and background checks as part of regulatory and other requirements

 

 

The Personal Data we have collected from you may be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance, or employment. Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights, can be found at https://www.cifas.org.uk/fpn.

 

 

We also, from time to time, share your Personal Data with the following third parties:

 

 

 

 

 

 

 

In addition to the instances set out at above, Paymentsense may also disclose your Personal Data to third parties:

 

We shall share an End-customer’s Personal Data with a Merchant when it is to enable the Merchant to fulfil the End-customer’s order and mitigate the risk of fraud and other criminal acts. The Personal Data will also be processed when handling potential complaints and disputes. Personal Data shared with a Merchant will be subject to the Merchant’s data protection policy and not this Privacy Policy.

 

If a third party processes Personal Data on the instruction of Paymentsense they are likely to be a data processor. An example of this will be in relation to our suppliers of IT and marketing services. In such cases, we only share Personal Data for purposes that are compatible with the reasons contained in this Privacy Policy. All data processors are subject to written agreements that ensure the security of Personal Data and limit the transfer of Personal Data to third countries.

 

If a third party is considered to be a data controller, Paymentsense are not able to dictate how that third party will process the data that have been provided. Examples of common third party data controllers would be credit rating agencies or financial institutions. In such cases, the data protection policies of the third party data controller will apply.

 

 

Links to third-party websites

 

Our website features third-party advertising which provides links to and from third-party websites. If you follow a link to any of these third-party websites, you should be aware that these websites have their own privacy policies and the operators of those websites will handle your information in accordance with such policies and not with this Privacy Policy. We have no control over such third parties or their websites or privacy policies. For example, such operators might contact you or permit third parties to contact you for marketing purposes in accordance with their own privacy policies, unless you opt out of such communications.

 

We do not accept any responsibility or liability for third-party websites or their privacy policies and we strongly advise you to check such policies and the reputation of the website before you submit your information to, or carry out any transaction on, any third-party website. We welcome any feedback you may have about third-party websites linked to from our website.

 

Securing and storing your information

 

Security

 

We have in place a level of security appropriate to the nature of the information stored and the harm that might result from a breach of security. Your information is stored on our secure servers. The transmission of any payment transactions will be encrypted using TLS technology.

 

All environments that are used in the transmission of payment transactions are hosted in an environment that has passed PCI-DSS Level 1 service provider accreditation, and are therefore required to adhere to all the requirements stated by the PCI Security Standards Council. To get more information about the different requirements of the PCI Security Standards Council please read more here.

 

Unfortunately, the transmission of information via the internet is not completely secure and, although we will do our best to protect your information, we cannot guarantee the security of any of your information transmitted via the website or our applications. Consequently, any transmission is at your own risk. If we become aware that the security of your information has been compromised, we will notify you by email or as otherwise required by law.

 

Where we have given you (or where you have chosen) a password which enables you to access certain parts of the website or our applications, you are responsible for keeping this password confidential and you must not share it with anyone. If you have reason to believe that your password or any other aspect of your account has become compromised, you must inform us immediately using our contact details in section 19 below.

 

Storage

 

Personal Data will not be processed for a longer period than is necessary to fulfil the purpose of as set out in this Privacy Policy. Any Personal Data we hold will be anonymised and deleted once the purpose for which it was collected is no longer relevant.

 

The amount of data retained will be proportionate to the purpose for which the retention is required. Therefore, and always subject to applicable local law, the amount of Personal Data we retain when carrying out any contracts entered into between you and us is likely to differ from the amount of Personal Data retained for anti-money laundering or regulatory requirements.

 

We will retain Personal Data for 7 years after which it shall be deleted unless there is a valid purpose and legal basis for retaining it.

 

 

Transfers to a Third Country

 

The information that we collect from you may also be transferred to other destinations outside the European Economic Area ("EEA"). For example we do transfer information to the US (subject to the relevant protections below). If we do transfer your information outside the EEA we will take appropriate steps to protect that information, these include:

 

 

Your Rights

 

At Paymentsense, we believe that you should only have your data processed in ways that you expect and which are set out in this Privacy Policy. Under data protection law, you have rights in relation to our use of your information, including to:

 

 

If you wish to exercise your rights please contact us and we will treat your concerns with sincerity and respect.

 

Please note that Paymentsense does require a certain amount of Personal Data in order to provide customers with services or products. In the event that you request the deletion of Personal Data or for the use of Personal Data to be restricted, we reserve the right to no longer provide services and products to you under any applicable contract.

 

 

 Cookies

 

Our website uses cookies to distinguish you from other website users. Cookies help to provide a more personalised experience when you browse the website and also allows us to improve the website. For detailed information on the cookies we use and the purposes for which we use them, please take a look at our Cookie Policy.

 

Children

 

We do not knowingly collect information from individuals who are under the age of 16. If you are under the age of 16, please do not register an account with our website or provide any information about yourself on our website. If you have already done so, please contact us.

 

Information about other people

 

Where you provide information about people other than yourself, you confirm that you have their consent to provide us with such information and that they have read, understand and agree to the terms of this Privacy Policy, including how we may use such information.

 

Changes to your information

 

If any of your information featured on our website (whether relating to your account or otherwise) is incorrect, please update it. Alternatively, if you believe that any of the information we hold about you is inaccurate, you may contact us to correct it using our contact details below. It is your responsibility to ensure that any information you have provided to us remains accurate and to notify us if there are any changes.

 

No waiver

 

If we fail to exercise, or delay in exercising, any right or remedy contained in this Privacy Policy, that does not mean we have waived that right or remedy and such failure or delay shall not be construed as a waiver.

 

Severance

 

This Privacy Policy is designed to comply with the GDPR and other applicable data protection laws. However, in the event that any provision or part-provision of this Privacy Policy is or becomes unlawful, invalid or otherwise unenforceable, the offending provision or part-provision shall be deemed severed from this Privacy Policy. In this event, the validity and enforceability of the rest of the Privacy Policy shall not be affected.

 

Changes to our Privacy Policy

By submitting your information to us, you consent to the use of that information as set out in this Privacy Policy. If we change our Privacy Policy, we will post the changes on this page and may place notices elsewhere within the website (such as the home page) for a reasonable period of time, so that you may be aware of the changes.

 

In the event of any changes, we will also update the "Last updated" date at the top of this Privacy Policy. Your continued use of the website following any changes to this Privacy Policy will mean you accept those changes.

 

Contact us

 

Please contact us if you have any questions about this Privacy Notice or the information we hold about you:

 

We will usually respond using the same means of communication as you used to contact us.