Última atualização: 19.06.2019

Privacy Policy

This privacy policy describes how we use your personal data.

    1. Who we are; how to contact us

      We are ePayments Systems Limited (EPS), Electronic Payments Association (EPA) and ePayments Merchant Services Limited (EMS) (or we / us / our) and we are "data controllers" of your personal data under European Union (EU) and UK data protection laws. EMS is also a “data processor” of certain personal data, as described in more detail in the terms and conditions applicable to EMS.

      EPS is a company registered in England and Wales with company number 08134141. EPS is registered with the Information Commissioner’s Office and its registration number is ZA113687.

      EPA is a company registered in England and Wales with company number 07637944. EPA is registered with the Information Commissioner’s Office and its registration number is Z2890553.

      EMS is a company registered in England and Wales with company number 10507944. EMS is registered with the Information Commissioner’s Office and its registration number is ZA237612.

      Our contact details are as follows:

      Post: Palladium House, 1-4 Argyll Street, London W1F 7LD, United Kingdom.

      Email: [email protected]

      Telephone: +44 (0)20 7873 2383

      If you have any questions regarding this privacy policy, please contact our Data Protection Officer at [email protected]

    2. This notice

      This notice describes how we use your personal data in connection with:

      • Customer and/or member services: This means the provision of payment and e-money products and services (including through our online platform and/or our ePayments card) by us to actual and prospective customers and/or members (collectively known as “customers”)
      • Affiliate or introducer schemes: This is where you take part in our affiliate or introducer schemes such as when you introduce us to your friends who register to use our services
      • Supplier services: This means the provision of products and services by suppliers to us
      • Website activities: This means the provision of personal data you provide through your use of our website(s)
      • Recruitment activities: This means the provision of personal data of a candidate (whether by you or a third party including a recruitment agency) for a position with us

      Please note that any references to customers, suppliers, agents or other third parties include their staff whose personal details we process as part of our business relationship with such parties.

      This notice tells you what personal data we collect about you, how we collect it, how we use it, why we use it, whom we share it with, and the rights to which you may be entitled.

      Your privacy is important to us. We aim to be open about how we use your personal data.

      If you have any questions or need any further clarity, please contact our Data Protection Officer.

      This notice relates only to use of your personal data by EPS, EPA and EMS. If you also use services of our business partner, Digital Securities Exchange Limited (DSX), please refer to DSX's privacy policy.

    3. Personal data collection and usage

      We will collect, store and use your personal data for the purposes set out in Section2. Personal data includes any information about a living individual from which a person may be identified.

      Certain types of personal data are more sensitive than others. Special categories of personal data includes information about your race, ethnicity, sex life, sexual orientation, political opinions, religious or philosophical beliefs, trade union membership, health, genetic and biometric data. In specific circumstances, we may collect, receive and use special category data about you.

      We may also collect and use personal data about your criminal offences (or alleged offences).

      We have identified the types of personal data we may use about you, the method of collection and how and why we will use them in the table below.

      We may process your personal data for more than one legal basis depending on the purpose for which we are using your personal data. Separately, please note that where we base our use of your personal data on legitimate interests, as indicated in the table below, this will apply only where we consider that our legitimate interest is not overridden by the individual's interests or rights which require protection of their personal data. You can obtain further information about this from our Data Protection Officer.

      What personal data we collect and how we collect itHow we use your personal dataLegal basis for processing
      a.

      Personal data that our customers give us to register with us:

      • your contact details including: your name, address, email address, and telephone number(s);
      • your identification details, including your date of birth, gender, country of residence.

      We use this personal data to:

      • process your application or registration request;
      • on-board you as a customer;
      • provide our products and services;
      • manage and administer our services including your account with us;
      • communicate with you about your account and our services, including informing you of changes to our fees and our terms and conditions related to our services;
      • send personalised offers of services and products.

      We use this personal data because:

      • it's necessary to enter into or perform a contract with you;
      • it's in our legitimate business interests of managing and administering our services;
      • we have a legitimate business interest in promoting our products and services, and in personalising the information that our website sends to you about these things.
      b.

      Know Your Client (KYC) personal data from you, third parties and/or publicly available sources including:

      • passport or other government-issued identity document;
      • your photograph;
      • documents establishing your source of funds;
      • results of KYC or Politically Exposed Person (PEP) checks, including information collected by our suppliers;
      • intended use of our services;
      • your turnover (where this is personal data for example, because you are a sole trader)

      We use this personal data to:

      • carry out regulatory checks and meet our obligations to our regulators;
      • help us ensure that our customers are genuine and to prevent and detect fraud, money laundering and other crime (such as terrorist financing and offences involving identity theft).

      We use this personal data because:

      • it's necessary to enter into or perform a contract with you;
      • we are legally required to do so under UK financial services law;
      • it's in our legitimate business interests of protecting our business against damage.
      c.

      Personal data you provide as part of your account with us including:

      • your password;
      • your account and marketing preferences.

      We use this personal data to:

      • provide our services to you;
      • manage and administer your account with us;
      • communicate with you regarding your account and our services.

      We use this personal data because:

      • it's necessary to enter into or perform a contract with you;
      • it's in our legitimate business interests of managing and administering our services;
      • we have a legitimate business interest in promoting our products and services, and in personalising the information that our website sends to you about these things.
      d.

      Personal data relating to your use of our payment and e-money services including:

      • your instructions to us;
      • your transactions using your payment accounts with us, including your bank account and payment card details, the amount, currency, originator or beneficiary, and time/date of the payments you make and receive;
      • your use of and transactions relating to our affiliate and introducer schemes, and any rewards you earn from those schemes;
      • information about the digital device through which you access our services, such as device type, operating system, screen resolution, unique device identifiers, the mobile network system;
      • IP address;
      • date and time of log-in and requests;
      • personal data in your correspondence with us, by email, telephone, messaging, texts, on-line chats, via social media, or otherwise;
      • whether you've clicked on links in electronic communications from us, including the URL clickstream to our website;
      • personal data that you provide in response to our surveys.

      We use this personal data to:

      • provide our services to you;
      • manage and administer our services and systems;
      • check if you are in a location or using a device consistent with our records in order to help prevent fraud;
      • develop and improve our services based on analysing this information, the behaviours of our users and the technical capabilities of our users;
      • improve our services to better suit the behaviours and technical capabilities of the users of our service;
      • answer any issues or concerns;
      • monitor customer communications for quality and training purposes.

      We use this personal data because:

      • it's necessary to enter into or perform a contract with you;
      • it's in our legitimate business interests of managing and administering our services;
      • it's in our legitimate business interests of protecting our customers and our services against fraud and damage;
      • it's in our legitimate business interests of developing and improving our services and attempting to meet our customers' needs;
      • it's in our legitimate business interests to understand customer feedback and in respond to customer communications in a consistent way, and to ensure our staff deal properly with calls and communications and to train our staff to do so.
      e.

      Personal data that we collect from third parties in order to be able to register you as a customer or to provide services to you:

      • personal data related to payments to or from your accounts with us, provided by payment processing services, banks, card schemes and other financial services firms;
      • personal data from credit reference agencies or fraud prevention agencies.

      We use this personal data to:

      • provide our services to you;
      • manage and administer our services and systems;
      • help us to prevent and detect fraud.

      We use this personal data because:

      • it's necessary to enter into or perform a contract with you;
      • it's in our legitimate business interests of managing and administering our services;
      • it's in our legitimate business interests of protecting our customers and our services against fraud and damage.
      f.

      Personal data that we collect through your use of our website (whether or not you have registered for our services) including:

      • device information such as operating system, unique device identifiers, the mobile network system;
      • hardware and browser settings;
      • date and time of visits;
      • the pages you visit, the length of the visit, your interactions with the page (such as scrolling, clicks and mouse-overs), methods to browse away from our website, and search engine terms you use;
      • IP address.

      Please also see our Cookie Notice, which explains our use of cookies to collect the above personal data.

      We use this personal data to:

      • develop new services based on the information being collected, the behaviours of our users and the technical capabilities of our users;
      • identify issues with the website, including website security, and user's experience of it;
      • monitor the way our website is used (including locations it is accessed from, devices it is accessed from, understanding peak usage times and analysing what functionality and information is most and least accessed).
        where our customers have come from online (such as from links on other websites or advertising banners), and the way in which our website is used by different users groups;
      • do statistical analysis and research with the purpose of better understanding the breakdown of our customers, their use of our services, and what attracts our customers to our services.

      We use this personal data because:

      • it's in our legitimate business interests of understanding how our website is accessed, how it is used and any problems users have with it across multiple devices, and ensuring it is secure;
      • we have a legitimate business interest in improving and developing our services.
      g.

      Special category data or criminal offences (or alleged offences) data that you give us directly or that we receive from third parties and/or publicly available sources:

      • special category data which might be revealed by KYC or other background checks (for example, because it has been reported in the press);
      • special category data implied by your payment transactions that we perform in providing our services;
      • special category data that is revealed by photographic ID although we do not intentionally process this personal data;
      • biometric data that you give us or a fraud prevention agency for the purpose of identity verification;
      • criminal offences (or alleged offences) data which might be revealed by KYC or other background checks because it has been reported in the press or is available in public registers

      We use this personal data to:

      • comply with our regulatory obligations to conduct KYC which may sometimes reveal this special category data or criminal offence (or alleged offences) data;
      • provide you with our services.

      We use this personal data because:

      • you have given your consent,
      • it's necessary for reasons of substantial public interest under UK financial services law, and we have taken measures to safeguard your rights;
      • it's necessary to perform our contract with you.
      h.

      Personal data that we collect from individuals representing organisations such as our corporate customers and suppliers, including:

      • names, roles, and contact details of individuals working for organisations;
      • other personal data regarding such individuals;
      • any personal data contained in correspondence with those individuals.

      We use this personal data to:

      • build relationships with other organisations;
      • provide marketing communications to these individuals;
      • improve our services and develop new services based on the preferences and behaviours of these individuals;
      • obtain services for our business.

      We use this personal data because:

      • we have a legitimate business interest in promoting and providing our services to our business customers;
      • we have a legitimate business interest in obtaining products and services required to operate our business.
      i.

      Personal data that we collect from individuals representing organisations in connection with our promotional or marketing activities, including:

      • names, roles and contact details of individuals working for organisations;
      • personal data provided in response to our surveys; and
      • other personal data regarding such individuals.

      We use this personal data to:

      • build relationships with other organisations;
      • provide marketing communications to these individuals;
      • do statistical analysis and research with the purpose of better understanding our potential market, trends in the information provided and what attracts our customers to our services;
      • publish the results of the surveys on an anonymised basis;
      • improve our services and develop new services based on the preferences and behaviours of these individuals;

      We use this personal data because:

      • we have a legitimate business interest in promoting our services.
      j.

      Personal data that we collect directly from individuals applying for job vacancies on our website, from third parties including recruitment agencies or data about candidates that is available publicly including on professional networking sites:

      • name and contact details
      • CV including your professional history and academic qualifications

      We use this personal data to:

      • assess your application for the available role in our organisation, invite you to interview and if successful make an offer to you for a role with our organisation

      We use this personal data because:

      • it's necessary to enter into a contract with you

      Direct Marketing

      Please note that you if you have given explicit consent for marketing communications, this can be withdrawn at any time. You can also unsubscribe from our marketing communications. You can opt out of receiving electronic communications by clicking on the unsubscribe link at the bottom of any electronic communication or through following the opt-out instructions provided in any marketing communication. You can also contact us to unsubscribe using the details listed in Section 1.

      Please be aware that from time to time we may need to contact you regarding operational issues or to adhere to the performance requirements of our contract with you. These will not be marketing communications and we will operate under legitimate interests in order to contact you for these reasons.

      Automated Decision Making

      We will make automated decisions regarding you and using your personal data.

      We make automated decisions regarding you in the following situations:

      • When you instruct us to make a payment from your account, or to request a payment into your account from a bank or other payment services provider, our systems (or systems provided to us by our suppliers) will conduct certain automated checks to help us prevent or detect fraud. These checks are made using algorithms to see if the instructed payment indicates an unusual transaction pattern or location. However, in many cases the decision to withhold or execute the payment is made by a natural person rather than our systems.
      • Our systems (or systems provided to us by our suppliers) also make an automated check for authorisation when you use the card allocated to your account. The authorisation is automatically provided or declined by us if there are insufficient funds in your account to pay for the transaction or if your card has been reported as lost or stolen.

      If you disagree with the decision you are entitled to contest this by contacting us as described in Section 1.

      Legal requirements

      We need to collect certain types of personal data for compliance with legal requirements relating to our anti-fraud / anti-money laundering / know your customer obligations. If this personal data is not provided we cannot agree to provide a service to you but we shall notify you if this is the case at the time your personal data is collected.

      Your personal data may also be processed if it is necessary on reasonable request by a law enforcement or regulatory authority, body or agency or in the defence of a legal claims. We will not delete personal data if relevant to an investigation or a dispute. It will continue to be stored until those issues are fully resolved.

    4. How long do we keep your personal data

      Customers: We will keep customers personal data for the period you have an account with us and a further five years in accordance with anti-money laundering laws and for our legitimate business interests in maintaining contractual records. Otherwise, we will not keep your personal data for any longer period except where necessary in case of any claim or as necessary to comply with legal, regulatory, accounting or reporting requirements.

      Website visitors: We will keep website visitors personal data for up to 12 months from each visit in order to understand how people use our website and any technical issues they have.

      Suppliers: We will keep suppliers personal data for the duration of our relationship with the relevant supplier and a further six years for contractual, legal and tax reasons.

      Job applicants: We will keep job applicants’ personal data for the duration the application is live and six months after the closure of the application for employment law purposes. For job applicants who are subsequently employed or otherwise engaged by us, your personal data from that point will be processed under a separate privacy policy.

      Separately please note that we may convert personal data into anonymous or aggregate data in which case it will cease to be personal data (as it will no longer be able to identity a living individual) and we may use this information indefinitely without further notice.

    5. Personal data we share

      There are certain circumstances where we may disclose and transfer your personal data to persons and entities as indicated below.

      In addition, we may convert your personal data into anonymous or aggregated form prior to disclosing and/or transferring your personal data, in which case it will cease to be personal data and is not required to be protected under data protection laws.

      Type of recipientIndustry / sectorActivitiesLocation
      Agents – DSX and EMSDSX provides a currency conversion service. EMS provides payment processing services to merchantsDSX and EMS act as agents for EPS's provision of payment services and e-money DSX also provides its currency conversion services to some of our customersDSX and EMS are established in England and Wales but store user data in other countries in the EEA.
      Customer support and other customer operations servicesOur affiliated companies and other suppliers which provide us with technical services.Provides us with technical services including to operate our payment services platform and provide administration and customer support.Our affiliated companies are incorporated in England and Wales, EEA and other countries outside the EEA. Our suppliers are located in the EEA and in other countries outside the EEA.
      Payment Services and banks.Financial servicesPayment services, acquiring services or bank transfers; card schemes.EEA, USA, and other countries outside the EEA.
      Suppliers related to financial services or operations.Technical / operational services for financial firms.KYC and sanctions screening, customer communications, card supplyEEA, USA and other countries outside the EEA.
      Internal messaging services suppliersMessaging servicesMessaging services for our staff or our affiliated companies’ staffEEA, USA and other countries outside the EEA.
      Communications services.Translations and emails/SMS marketing servicesServices to assist us to communicate with our customersEEA, USA and other locations outside the EEA
      IT services suppliersDisaster recovery, website hosts, data centres/cloud services, IT tracking systems, customer databases, CRM systemsDisaster recovery, website hosting, data and applications hosting, software application provision and maintenance.EEA, USA
      Analytics suppliers.AnalyticsAnalytics, usually of de-identified data.EEA, USA and other countries outside the EEA
      Credit reference agencies, fraud prevention agencies, payment processors and banksCredit reference; financial servicesCredit checking; processing payments.EEA, USA and other countries outside the EEA

      We will share your personal data with our affiliated companies for operational, administrative and management reasons as well as to provide you with efficient and effective services and products that meet your requirements.

      We may also transfer your personal data to potential buyers of our business, and to our professional advisers (such as lawyers, accountants, auditors, IT consultants, management consultants), located in and outside the EEA.

      Your personal data may be transferred to other third party organisations if we're required to by law, or under any regulatory code or practice we follow, or if we are asked by any public or regulatory authority, for example the police.

    6. Where your personal data will be held

      Your personal data may be transferred outside the European Economic Area (EEA) as indicated in Section 5.

      Some of those countries do not have equivalent data protection laws to those applicable in the EEA.

      However, to ensure your personal data is properly protected in line with EU and UK data protection law, the transfer of this personal data is, in general, governed by a contract including Standard Contractual Clauses approved by the European Commission in accordance with Article 46(2)(c) of the General Data Protection Regulation (GDPR) or (where indicated in Section 5) transferred to a business certified under the US Privacy Shield in accordance with Article 46(2)(e) of the GDPR.

      In some limited circumstances, we may also transfer your personal data outside the EEA if the GDPR (under Article 49) allows this. This includes where it is necessary for the performance of a contract between us and you. This also includes where the transfer is necessary in connection with legal proceedings.

      Your Rights

      You have certain rights in relation to your personal data. The availability of these rights and the ways in which you can use them are set out below in more detail.

      Some of these rights will only apply in certain circumstances. If you would like to exercise, or discuss, any of these rights, please contact our Data Protection Officer as described in Section 1. You will not have to pay a fee to access your personal data or to exercise any of these rights although we may charge a reasonable fee if your request is manifestly unfounded, excessive or repetitive. Alternatively, we may refuse to comply with your request in these specific limited circumstances.

      Please be aware that for security reasons, we cannot deal with your request if we are not sure of your identity so we may ask you for proof of your ID. This is to protect your and other individuals’ personal data from unlawful disclosure to third parties.

      • Access: you are entitled to ask us if we are processing your personal data and, if we are, you can request access to your personal data. This enables you to receive a copy of the personal data we hold about you and certain other information about it. We do not have to provide this information if this would adversely affect the rights and freedoms of others.
      • Correction: you are entitled to request that any incomplete or inaccurate personal data we hold about you is corrected.
      • Erasure: you are entitled to ask us to delete or remove personal data in certain circumstances, including where you have withdrawn consent to our using it or we no longer need it in connection with your account or for other legitimate reasons. There are also certain exceptions where we may refuse a request for erasure, for example, where the personal data is required for compliance with law or in connection with claims.
      • Restriction: you are entitled to ask us to suspend the processing of your personal data in certain circumstances, for example if you want us to establish its accuracy or the reason for processing it.
      • Transfer: you may request the transfer of certain of your personal data to another party. This right only applies where we use your personal data based on your consent or if the personal data is processed for the performance of a contract with you personally and we are carrying the processing out by automated means. To help with that you have a right to ask that we provide your personal data in an easily readable format to another company.
      • Objection: where we are processing your personal data based on a legitimate interests (or those of a third party) you may challenge this however we may be entitled to continue processing your personal data based on our legitimate interests. You also have the right to object where we are processing your personal data for direct marketing purposes.
      • Automated decisions: you may contest any automated decision made about you where this has a legal or similar significant effect and ask for it to be reconsidered.

        You also have a right to lodge a complaint with a supervisory authority, in particular in the Member State in the European Union where you are habitually resident where we are based or where an alleged infringement of data protection law has taken place. In the UK you can make a complaint to the Information Commissioner's Office (Tel: 0303 123 1113 or at www.ico.org.uk). However, we would encourage you to contact us in the first instance so we can try and resolve any concerns you may have in relation to our processing of your personal data. You can contact us as detailed in Section 1.

    7. Security

      We are committed to keeping your personal data safe. Our website is hosted on servers in the EEA. We have physical, technical and administrative measures in place to prevent unauthorised access or use of your personal data including:

      • encryption;
      • restricted access measures;
      • reviewing, auditing and improving plans for the ongoing confidentiality, integrity, availability and resilience of processing systems and services
      • business continuity plans to ensure the ability to restore personal data in the event of a physical or technical incident; and
      • training programmes for all our staff.

      We have put in place procedures to deal with any suspected personal data breach and will notify you and the UK Information Commissioner’s Office where we are legally required do so in the event of a personal data breach.

    8. Links to third party websites

      Our website, newsletters, email updates and other communications may, from time to time, contain links to and from the websites of others including our partner networks, advertisers, suppliers, other companies and/or social networks.

      The personal data that you provide through these websites is not subject to this privacy policy and the treatment of your personal data by such websites is not our responsibility. If you follow a link to any of these websites, please note that these websites have their own privacy policies which will set out how your personal data is collected and processed when visiting those sites. For more information, please visit the privacy policies of these websites to learn more about how your personal data is collected and used.

    9. Children

      We do not knowingly collect information from children or other persons who are under 18 years old. If you are under 18 years old, you may not submit any personal data to us or subscribe for the services. If you believe we might have any personal information from or about a person under the age of 18, please contact the Data Protection Officer.

    10. Changes to this Policy

      This policy will be changed from time to time.

      If we change anything important about this policy (the personal data we collect, how we use it or why) we will highlight those changes at the top of the policy and provide a prominent link to it for a reasonable length of time following the change.