上次更新: 25.05.2018

Electronic Payments Association Limited and Epayments Systems Limited: Privacy Policy

This policy describes how we use your personal information.

This Privacy Policy was last changed 25 May 2018.
    1. Who we are; how to contact us

      We are Epayments Systems Limited (EPS) and Electronic Payments Association (EPA) (or we / us / our) and are "data controllers" of your personal information under European Union (EU) data protection law.

      EPS is a company registered in England and Wales with company number 08134141.

      EPS's contact details are as follows:

      Post: Palladium House, 1-4 Argyll Street, London W1F 7LD, United Kingdom.

      Email: [email protected]

      Telephone: +44 (0)20 7873–2383


      EPA is a company registered in England and Wales with company number 07637944.

      EPA's contact details are as follows:

      Post: Palladium House, 1-4 Argyll Street, London W1F 7LD, United Kingdom.

      Email: [email protected]

      Telephone: +44 (0)20 7873–2383

      If you have questions, please contact the Privacy Manager at:

      Post: Privacy Manager, Epayments Systems Limited, Palladium House, 1-4 Argyll Street, London W1F 7LD, United Kingdom.

      Email: [email protected]

      Telephone: +44 (0)20 7873–2383

    2. This notice

      This notice describes how we use your personal information when:

      • You use our website(s)
      • You use our payment and e-money services, including through our online platform
      • You use your pre-paid card provided by us
      • You take part in our affiliate or introducer schemes, such as when you introduce us to your friends who register to use our services
      • Your business supplies services or products to us or we provide services to your business.

      This notice tells you what personal information we collect about you, how we collect it, how we use it, why we use it, whom we share it with, and the rights to which you may be entitled.

      Your privacy is important to us. We aim to be open about we use your information.

      If you have any questions or need any further clarity please contact our Privacy Manager.

      This notice relates only to use of your data by EPS and EPA. If you also use services of our business partner, Digital Securities Exchange Limited (DSX), please refer to DSX's privacy notice.

    3. Data collection and usage

      We will collect, store and use your personal information to allow access to this website, register our customers, and provide our services and for purposes set out in more detail in this Section.

      Certain types of personal information are more sensitive than others. "Special information" about you includes information about political opinions or religious or philosophical beliefs, and health and lifestyle. We may collect and receive special information about you. We may also use information about criminal offences (or alleged offences). We have identified these types of information we may use about you, and how and why we will use them.

      Where we base our use of your personal data on legitimate interests, as indicated in the table below, this will apply only where we consider that our legitimate interest is not overridden by the individual's interests or rights which require protection of their personal data. You can obtain further information about this from our Privacy Manager.

      What information we collectHow we use your dataWhy we use your information
      a

      Information that our customers or (for EPA) members give us to register with us:

      • your contact details including: your name, address, email address, and telephone number(s);
      • your identification details, including your date of birth, gender, country of residence.

      We use this information to :

      • process your application or registration request;
      • on-board you as a customer;
      • provide our products and services;
      • manage and administer our services including your account with us;
      • communicate with you about your account and our services, including informing you of changes to our fees and our terms and conditions related to our services;
      • send personalised offers of services and products.

      We use this information because:

      • it's necessary to enter into or perform a contract with you;
      • it's in our legitimate business interests of managing and administering our services;
      • we have a legitimate business interest in promoting our products and services, and in personalising the information that our website sends to you about these things. If required under applicable law, we will not send you marketing communications unless you first consent to this. You can withdraw such consent at any time by changing your account preferences or contacting us as described in Section 1.
      b

      Know Your Client (KYC) information including:

      • passport or other government-issued identity document;
      • your photograph;
      • documents establishing your source of funds;
      • results of KYC or Politically Exposed Person (PEP) checks, including information collected by our service providers;
      • intended use of our services;
      • where this is personal information (for example, because you are a sole trader), your turnover.

      We use this information to:

      • carry out regulatory checks and meet out obligations to our regulators;
      • help us ensure that our customers are genuine and to prevent and detect fraud, money laundering and other crime (such as terrorist financing and offences involving identity theft).

      We use this information because:

      • it's necessary to enter into or perform a contract with you;
      • we are legally required to do so under UK financial services law;
      • it's in our legitimate business interests of protecting our business against damage.
      c

      Information you provide as part of your account with us including:

      • your password;
      • our account and marketing preferences.

      We use this information to:

      • provide our services to you;
      • manage and administer your account with us;
      • communicate with you regarding your account and our services.

      We use this information because:

      • it's necessary to enter into or perform a contract with you;
      • it's in our legitimate business interests of managing and administering our services;
      • we have a legitimate business interest in promoting our products and services[, and in personalising the information that our website sends to you about these things]. If required under applicable law, we will not send you marketing communications unless you first consent to this. You can withdraw such consent at any time by changing your account preferences or contacting us as described in Section 1.
      d

      Information relating to your use of our payment and e-money services including:

      • your instructions to us;
      • your transactions using your payment accounts with us, including your bank account and p[payment card details, the amount, currency, originator or beneficiary, and time/date of the payments you make and receive;
      • your use of and transactions relating to our affiliate and introducer schemes, and any rewards your earn from those schemes;
      • information about the digital device through which you access our services, such as device type, operating system, screen resolution, unique device identifiers, the mobile network system;
      • IP address;
      • date and time of log-in and requests;
      • information in your correspondence with us, by email, telephone, messaging, texts, on-line chats, via social media, or otherwise;
      • whether you've clicked on links in electronic communications from us, including the URL clickstream to our website;
      • information that you provide in response to our surveys.

      We use this information to:

      • provide our services to you;
      • manage and administer our services and systems;
      • check if your are in a location or using a device consistent with our records in order to help prevent fraud;
      • develop and improve our services based on analysing this information, the behaviours of our users and the technical capabilities of our users;
      • improve our services to better suit the behaviours and technical capabilities of the users of our service;
      • answer any issues or concerns;
      • monitor customer communications for quality and training purposes.

      We use this information because:

      • it's necessary to enter into or perform a contract with you;
      • it's in our legitimate business interests of managing and administering our services;
      • it's in our legitimate business interests of protecting our customers and our services against fraud and damage;
      • it's in our legitimate business interests of developing and improving our services and attempting to meet our customers' needs;
      • it's in our legitimate business interests to understand customer feedback and in respond to customer communications in a consistent way, and to ensure our staff deal properly with calls and communications and to train our staff to do so.
      e

      Information that we collect from third parties in order to be able to register you as a customer or member or to provide services to you:

      • information related to payments to or from your accounts with us, provided by payment processing services, banks, card schemes and other financial services firms;
      • information from fraud prevention agencies.

      We use this information to:

      • provide our services to you;
      • manage and administer our services and systems;
      • help us to prevent and detect fraud.

      We use this information because:

      • it's necessary to enter into or perform a contract with you;
      • it's in our legitimate business interests of managing and administering our services;
      • it's in our legitimate business interests of protecting our customers and our services against fraud and damage.
      f

      Information that we collect through your use of our website (whether or not you have registered for our services) including:

      • device information such as operating system, unique device identifiers, the mobile network system;
      • hardware and browser settings;
      • date and time of visits;
      • the pages you visit, the length of the visit, your interactions with the page (such as scrolling, clicks and mouse-overs), methods to browse away from our website, and search engine terms you use;
      • IP address.

      Please also see our Cookie Notice, which explains our use of cookies to collect the above information.

      We use this information to:

      • develop new services based on the information being collected, the behaviours of our users and the technical capabilities of our users;
      • identify issues with the website, including website security, and user's experience of it;
      • monitor the way our website is used (including locations it is accessed from, devices it is accessed from, understanding peak usage times and analysing what functionality and information is most and least accessed). where our customers have come from online (such as from links on other websites or advertising banners), and the way in which our website is used by different users groups;
      • do statistical analysis and research with the purpose of better understanding the breakdown of our customers, their use of our services, and what attracts our customers to our services.

      We use this information because:

      • it's in our legitimate business interests of understanding how our website is accessed, how it is used and any problems users have with it across multiple devices, and ensuring it is secure;
      • we have a legitimate business interest in improving and developing our services.
      g

      Special information that you give us or that we receive when using our services:

      • information revealing your religious, political or philosophical beliefs revealed, or relating to offences (or alleged offences), which might be revealed by KYC (for example, because it has been reported in the press);
      • information revealing your religious, political or philosophical beliefs, or your ethnic background, or about your health, trade union membership or sex life or sexual orientation, implied by your payment transactions that we perform in providing our services.

      We use this information to:

      • comply with our regulatory obligations to conduct KYC which may sometimes reveal this special information;
      • provide you with our services.

      We use this information because:

      • your have given your consent, it's necessary for reasons of substantial public interest under UK financial services law, and we have taken measures to safeguard your rights;
      • it's necessary to perform our contract with you and you have provided us with your consent to use this information for this purpose.
      h

      Information that we collect from individuals representing organisations such as our corporate customers and suppliers, including:

      • names, roles, and contact details of individuals working for organisations;
      • other personal information regarding such individuals;
      • any personal information contained in correspondence with those individuals.

      We use this information to:

      • build relationships with other organisations;
      • provide marketing communications to these individuals;
      • improve our services and develop new services based on the preferences and behaviours of these individuals;
      • obtain services for our business.

      We use this information because:

      • we have a legitimate business interest in promoting and providing our services to our business customers;
      • if required under applicable law, we will not send you marketing communications unless you first consent to this. You can withdraw such consent at any time by changing your account preferences or contacting us as described in Section 1;
      • we have a legitimate business interest in obtaining products and services required to operate our business.

      Automated Decision Making

      We will make automated decisions regarding you and using your information.

      We make automated decisions regarding you in the following situations.

      When you instruct us to make a payment from your account, or to request a payment into your account from a bank or other payment services provider, our systems (or systems provided to us by our suppliers) will conduct certain automated checks to help us prevent or detect fraud. These checks are made using algorithms to see if the instructed payment indicates an unusual transaction pattern or location.

      Our systems (or systems provided to us by our suppliers) also make an automated check for authorisation. The authorisation is provided by the financial firm or card issuer from which the payment is to be made.

      If you disagree with the decision you are entitled to contest this by contacting us as described in Section 1.

      Legal requirements

      We need to collect certain types of information for compliance with legal requirements relating to our anti-fraud / anti-money laundering / know your customer obligations. If this information is not provided we cannot agree to provide a service to you.

      Your personal information may also be processed if it is necessary on reasonable request by a law enforcement or regulatory authority, body or agency or in the defence of a legal claims. We will not delete personal information if relevant to an investigation or a dispute. It will continue to be stored until those issues are fully resolved.

    4. How long do we keep your information

      We will keep customer and account application information for the period when the customer has an account with us, and a further five years, and such further period during which you may bring a claim against us and for us to be able to defend ourselves. Where you apply for an account but we do not proceed, we will store your information for a reasonable period in case you make a repeat application.

      We will keep information about visitors to our websites (not being customers) for a reasonable length of time that lets us understand how people use our website and any technical issues they have. Usually this will not exceed 12 months.

      We will keep information about individuals who are our contacts at our business customer and suppliers for the duration of our relationship with the relevant business and where we are not made aware that the individual no longer works for it. We may keep our correspondence with these individuals for longer where relevant to our transactions with the business.

    5. Information we share

      There are certain circumstances where we may transfer your personal data to our employees, contractors and to other parties, as indicated below.

      In addition, we may convert your personal information into anonymous or aggregated form, in which case it will cease to be personal data.

      Type of recipientIndustry / sectorActivitiesLocation
      Agents – DSX and ePayments Merchant Services Limited (EMS)DSX provides a currency conversion service. EMS provides payment processing services to merchantsDSX and EMS act as agents for EPS's provision of payment services and e-money DSX also provides its currency conversion services to some of our customersDSX and EMS are established in England and Wales but store user data in other countries in the EEA.
      Customer support and other customer operations servicesOur affiliated companies and other vendors which provides us with technical services.Provides us with technical services including to operate our payment services platform and provide administration and customer support.Swiftcom Networks is established in England and Wales
      Payment Services and banks.Financial servicesPayment services, acquiring services or bank transfers; card scheme.EEA, USA, and other countries outside the EEA.
      Suppliers related to financial services or operations.Technical / operational services for financial firms.KYC and sanctions screening, customer communications, card supplyEEA, USA and other countries outside the EEA.
      Internal messaging services suppliersMessaging servicesMessaging services for our staff or Swiftcom Network's staffLocations of our staff, USA.
      Communications services.Translations and emails/SMS marketing servicesServices to assist us to communicate with our customersEEA, US (Privacy Shield) and other locations outside the EEA
      IT services suppliersDisaster recovery, website hosts, data centres/cloud services, IT tracking systems, customer databases, CRM systemsDisaster recovery, website hosting, data and applications hosting, software application provision and maintenance.EEA, US
      Analytics suppliers.AnalyticsAnalytics, usually of de-identified data.EEA, USA and other countries outside the EEA
      Credit reference agencies, payment processors and banksCredit reference; financial servicesCredit checking; processing payments.EEA, USA and other countries outside the EEA

      We may also transfer your personal information to potential buyers of our business, and to our professional advisers (such as lawyers, accountants, auditors, IT consultants, management consultants), located in and outside the EEA.

      Your personal information may be transferred to other third party organisations if we're required to by law, or under any regulatory code or practice we follow, or if we are asked by any public or regulatory authority.

    6. Where your information will be held

      Your information may be transferred outside the European Economic Area (EEA) as indicated in Section 5.

      Some of those countries do not have equivalent data protection laws to those applicable in the EEA.

      However, to ensure your personal information is properly protected in line with EU and UK data protection law, the transfer of this information is, in general, governed by a contract including Standard Contractual Clauses approved by the European Commission in accordance with Article 46(2)(c) of the General Data Protection Regulation (GDPR) or (where indicated in Section 5) transferred to a business certified under the US Privacy Shield in accordance with Article 46(2)(e) of the GDPR.

      In some limited circumstances, we may also transfer you information outside the EEA if the GDPR (under Article 49) allows this. This includes where it is necessary for the performance of a contract between us and you. This also includes where the transfer is necessary in connection with legal proceedings.

      Your Rights

      You have certain rights in relation to your information. The availability of these rights and the ways in which you can use them are set out below in more detail.

      Some of these rights will only apply in certain circumstances. If you would like to exercise, or discuss, any of these rights, please contact Privacy Manager as described in Section 1.

      • Access: you are entitled to ask us if we are processing your information and, if we are, you can request access to your personal information. This enables you to receive a copy of the personal information we hold about you and certain other information about it. We do not have to provide this information if this would adversely affect the rights and freedoms of others.
      • Correction: you are entitled to request that any incomplete or inaccurate personal information we hold about you is corrected.
      • Erasure: you are entitled to ask us to delete or remove personal information in certain circumstances, including where you have withdrawn consent to our using it or we no longer need it in connection with your account or for other legitimate reasons. There are also certain exceptions where we may refuse a request for erasure, for example, where the personal data is required for compliance with law or in connection with claims.
      • Restriction: you are entitled to ask us to suspend the processing of certain of your personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
      • Transfer: you may request the transfer of certain of your personal information to another party. This is we use it based on your consent or on a contract with you personally. To help with that you have a right to ask that we provide your information in an easily readable format to another company.
      • Objection: where we are processing your personal information based on a legitimate interests (or those of a third party) you may challenge this. However we may be entitled to continue processing your information based on the our legitimate interests or where this is relevant to legal claims. You also have the right to object where we are processing your personal information for direct marketing purposes.
      • Automated decisions: you may contest any automated decision made about you where this has a legal or similar significant effect and ask for it to be reconsidered.

        You also have a right to lodge a complaint with a supervisory authority, in particular in the Member State in the European Union where you are habitually resident where we are based or where an alleged infringement of Data Protection law has taken place. In the UK you can make a complaint to the Information Commissioner's Office (Tel: 0303 123 1113 or at www.ico.org.uk).

    7. Security

      We are committed to keeping your personal information safe. We've got physical, technical and administrative measures in place to prevent unauthorised access or use of your information.

    8. Links to third party website

      Our website, newsletters, email updates and other communications may, from time to time, contain links to and from the websites of others including our partner networks, advertisers and other group companies and/or social networks as offered to you and supported by your browser.

      The personal data that you provide through these websites is not subject to this Privacy Policy and the treatment of your personal data by such websites is not our responsibility. If you follow a link to any of these websites, please note that these websites have their own privacy notices which will set out how your information is collected and processed when visiting those sites. For more information about the purpose and scope of data collection and processing in connection with social sharing features, please visit the privacy notices of entities through which you chose to share.

    9. Children

      We do not knowingly collect information from children or other persons who are under 18 years old. If you are under 18 years old, you may not submit any personal information to us or subscribe for the services. If you believe we might have any personal information from or about a person under the age of 18, please contact the Privacy Manager.

    10. Changes to this Notice

      This notice will be changed from time to time.

      If we change anything important about this policy (the information we collect, how we use it or why) we will highlight those changes at the top of the policy and provide a prominent link to it for a reasonable length of time following the change.