We use cookies

We use cookies and other tracking technologies to improve your browsing experience on our website, to show you personalised content, to analyze our website traffic, and to understand where our visitors are coming from. To find out more, please visit our group privacy policy.


Our Privacy Notice

We appreciate the trust you place in us when sharing your personal data. The security of that data is very important to us. Please read this document carefully, as in it we will explain:

  1. How to contact us
  2. Who we are
  3. Companies, brands and websites this document applies to
  4. What Personal Data We Collect About You
  5. How We Collect Personal Data
  6. How and Why We Use Your Personal Data
  7. Your consent to marketing
  8. Your rights
  9. How to exercise your rights
  10. How to make a complaint
  11. How and why we share your personal data
  12. Transferring your personal data overseas
  13. How we keep your personal data secure
  14. How long we keep your personal data
  15. Links to other websites
  16. Changes to the Privacy Notice

Please note that our websites are not intended for children, and we do not knowingly collect data relating to children.

1. How to Contact Us

If you have any questions about this privacy notice, data protection generally you wish to exercise your legal rights or you need extra help please contact our data protection officer (DPO) using the details set out below.

Data Protection Officer
1 Westleigh Office Park, Scirocco Close, Moulton Park, Northampton, NN3 6BW

Email: dpo@payagroup.co.uk Telephone: 0333 123 1243

2. Who we are

Richmond International Limited (trading as PAYA Group), is the holding company for a number of organisations, such as Acceptacard Limited, Cornerstone North Limited, QixPay Limited, Interactive Transaction Solutions (ITS) and LibertyPay Limited. The full list, including website addresses, can be found below.

Richmond International Limited is the data controller for all the organisations within the PAYA group. This means that Richmond International Limited determines what data is collected by each organisation within the group, how this data is going to be used and how this data is protected.

Our registered office address is:
Richmond International Limited
1 Westleigh Office Park, Scirocco Close, Moulton Park, Northampton, NN3 6BW

3. Companies, brands and websites this document applies to

This notice applies to the following companies and websites, all the companies' trading brands and includes any other 'Paya' URLs that link to our websites.


  • Acceptacard Limited (trading as PAYA Group Limited)
  • Cornerstone North Limited
  • QixPay Limited
  • LibertyPay Limited
  • Interactive Transaction Solutions Ltd

Group Brands

  • PayaCharity
  • PayaCardServices
  • MyGivingHub
  • Toucan
  • Thyngs
  • Good Thyngs


  • Payagroup.co.uk
  • Payacardservices.com
  • Payatrader.com
  • Payataxi.com
  • Payacharity.com
  • MyGivingHub.com
  • QixPay.com
  • LibertyPay.co.uk
  • InteractiveTS.com
  • TheToucan.app
  • Thyngs.net
  • GoodThyngs.com

This notice covers personal data that is collected through our websites, web applications, by telephone, live chat and through any related social media applications.

4. What Personal Data We Collect About You

We may collect, use, store and/or transfer different kinds of personal data about you.

What we mean by personal data is any information about you from which you can be identified. We will limit the collection and processing of your personal data to what is necessary to achieve one or more of the purposes.

The personal data we collect may include:

  • Basic personal data - to identify you such as your first name, maiden name, last name, username or similar identifier, marital status, title, date of birth;
  • Your contact information - including your email address, address and telephone numbers;
  • Financial information – including bank account details, card payment details and transactional information and history;
  • Products and services - provided to you;
  • Online information and activity - based on your interaction with us, our websites, and applications for example your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types, searches, site visits and versions, operating system and platform, and other technology on the devices you use to access this website;
  • Images - such as copies of your passport or drivers’ licence, and other proof of identity documents
  • Profile Data - which may include your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses;
  • Usage Data - including statistical data including information about how you use our website, products and services; and
  • Marketing and Communications Data - includes your preferences in receiving marketing from us and our third parties and your communication preferences.

It is important that the personal data we hold about you is accurate and current.

Please keep us informed if your personal data changes during your relationship with us.

Where permitted by law, we may process information about criminal convictions or offences and alleged offences for specific and limited activities and purposes such as to perform checks to prevent and/or detect crime and to comply with laws relating to anti money laundering, bribery and corruption, fraud, terrorist financing and international sanctions. It may involve investigating and gathering information in relation to suspicious activity and sharing data with banks, law enforcement agencies and/or regulatory bodies.

5.How we collect your personal data

Your personal data comprises both personal and financial information and includes information provided to us including;

  1. Information you give to us directly where you:
    • contact us directly via telephone, letters or email;
    • use our online contact forms, applications, emails;
    • search for our products and services;
    • apply for our products or services electronically or otherwise;
    • take part in discussion boards or other forms of social media;
    • request marketing material to be sent to you;
    • enter a competition, promotion or survey; and/or
    • give us feedback or contact us.
  2. Information we learn about you through our relationship and the way you interact with us;
  3. Information we may receive from third parties which may include other Richmond International Group companies who provide services to you or us, credit reference, fraud prevention or government agencies;
  4. Information we gather using technology, which you may use to access our services (an IP address for example or telephone number), and how you use technology (for example recognising behavioural patterns);
  5. Information we gather from publicly available sources, such as the press, the electoral register, company registers and online search engines.

6. How and why we use your personal data

We will only use your personal data where it is necessary to carry out our business activities and we are required to have one or more of the following reasons for using your personal data:

  • Performance of a contract – the personal data we may need to deliver our services to you;
  • Legal obligation – where we are required by law to process your personal data;
  • Legitimate interest – where we are permitted to use your personal data where on balance the benefits of us doing so is not outweighed by your legal rights;
  • Consent – where your agreement is sought prior to utilising your personal data. Wherever consent is the only reason for using your personal data you have the right to change your mind and/or withdraw your consent.

We will mainly use your personal data in the following ways:

  1. When you apply for a product or a service (and throughout your relationship with us), we are required by law to collect and process certain personal data about you. Please note that if you do not agree to provide information requested, it may affect service provision as we may be unable to continue to operate your account and/or deliver our services or products to you.
  2. To perform checks and monitor transactions and location data for the purposes of detecting and preventing criminal activity in compliance with laws relating to anti money laundering, fraud, terrorist financing, bribery and corruption and international sanctions.
  3. To check and share information held by us with fraud prevention agencies, law enforcement and other government agencies for the purpose of preventing, detecting, and prosecuting financial crime and funding of terrorism.
  4. To confirm your identity and check you meet the eligibility criteria to receive our products and services.
  5. To check the information, you have provided to us via credit reference agencies and publicly available information.
  6. To register you as a new customer.
  7. To administer your account and deliver our services to you including:
    • Managing payments, fees and charges;
    • Keeping an accurate history of transactions and sending you relevant statements;
    • Communicating with you in relation to your account for instance notifying you of any changes to our charges, processing limits or settlement periods
    • Helping to resolve any problems or complaints you may have;
    • Administering any offers or promotions you have agreed to participate;
    • Collect and recover monies where appropriate.
  8. To manage our relationship with you including:
    • Keeping you informed about changes to your service e.g., notification of price changes, changes in the way we provide our services and any other legal or regulatory information.
    • Notifying you of changes to our terms and conditions;
    • Notifying you of changes to this document;
    • Asking you to leave a review or respond to a survey.
  9. To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we provide to you.
  10. To analyse and improve the running of our business, including contacting you for market research purposes.
  11. To use data analytics to improve our website, products/services, marketing, customer relationships and experiences.
  12. To make suggestions and recommendations to you about our services which may be of interest to you.
  13. To ensure that each visitor to any of our websites can use and navigate the site effectively.

7. Your consent to marketing

Generally, we do not rely on consent as a legal basis for processing your personal data, in certain circumstances, we are required to obtain your consent to the processing of your personal data and that includes when marketing products and services to you.

Your consent can either be opt in consent or soft opt in consent depending on whether you are an existing customer and what the consent is for.

We will always get your opt in consent before sending third party direct marketing communications to you.

  1. Opt-in Consent
    • you have to give us your consent freely, without us putting you under any type of pressure;
    • you have to know what you are consenting to – so we’ll make sure we give you enough information;
    • you should have control over which processing activities you consent to and which you do not. We provide these finer controls within our privacy preference centre; and
    • you need to take positive and affirmative action in giving us your consent – we are likely to provide an opt-in consent tick box for you to check so that this requirement is met in a clear and unambiguous fashion.
  2. Soft Opt-in Consent
    • In some cases, we will be able to rely on soft opt-in consent. We are allowed to market products or services to you if you are an existing customer who bought (or negotiated to buy) a similar product or service from us in the past, and we gave you a simple way to opt out both when we first collected your details and in every message we have sent, which are related to the services we provided, as long as you do not actively opt-out from these communications.
    • For most people, this is beneficial as it allows us to suggest other products and services to you alongside the specific one you contacted us for. This significantly increases the likelihood of us being able to provide you with a better level of product or service which you may require. For other types of e-marketing, we are required to obtain your explicit consent.

You have the right to withdraw consent to marketing at any time by contacting us or changing your marketing preferences in your online account.

If you have opted out from our marketing communications, it is possible that your details may be recaptured through public sources in an unconnected marketing campaign. We will try to make sure this does not happen, but if it does, we are sorry, and we would ask that in those circumstances you opt out again.

8. Your rights

You have several rights under data protection laws, the rights available to you depend on our reason for processing your information and are set out below:

  1. Your right of access - You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information. In most cases, this will be free of charge, however in some limited circumstances, for example, repeated requests for further copies, we may apply an administration fee;
  2. Your right to rectification - You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.
  3. Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
  4. Your right to restriction of processing - You have the right to ask us to restrict the processing of your information in certain circumstances.
  5. Your right to object to processing - You have the right to object to processing if we are able to process your information because the process forms part of our public tasks or is in our legitimate interests. As above, you always have the right to object to receiving direct marketing.
  6. Your right to data portability - The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.

9. How to exercise your rights

In most circumstances you are not required to pay any charge for exercising your rights. We have one month to respond to you. To exercise your rights:

  • email, call or write to us
  • let us have enough information to identify you e.g., account number, full name and address
  • let us have proof of your identity and address (a copy of your driving licence or passport, and a recent utility or credit card bill); and
  • let us know the information to which your request relates, including any account or reference numbers, if you have them.

If you would like to unsubscribe from any marketing communication, you can click on the ‘unsubscribe’ button at the bottom of the communication. It may take up to 7 days for this to take place. You can also change your marketing preferences within your online account.

You can access any of these rights at any time and if you wish to do so or require further information about your rights, please contact us using the details above.

10. How to make a complaint

If you are unhappy with the way we have handled your personal data and/or wish to complain about how your personal data is being processed, please contact our Data Protection Officer using the details provided above.

If you’re not satisfied with our response, you can raise a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work or normally live, or where any alleged infringement of data protection laws occurred.

The supervisory authority in the UK is the Information Commissioner, who may be contacted at: https://ico.org.uk/concerns/ or telephone: 0303 123 1113.

11. How and why we share your personal data

We may from time to time share your personal data with the following organisations who are also required to keep your information confidential, safe and secure:

  1. any member of our group, which means any subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006;
  2. third parties, business partners, agents, professionals and suppliers and subcontractors for the performance of any contract we enter into with them or you;
  3. analytics and search engine providers that assist us in the improvement and optimisation of our site, although ordinarily only non-personal information is shared;
  4. credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you;
  5. where required as part of any proposed sale, reorganisation, transfer, financial arrangement, asset disposal or other transaction relating to our business and/or business assets;
  6. if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or otherwise permitted under law to do so, or in order to enforce or apply our terms of use and other agreements; or to protect our, our customers and the rights of others, property, or safety. This includes exchanging information with other companies and organisations for the purposes of fraud/crime protection and investigation and credit risk reduction.
  7. Anyone else with your permission.

12. Transferring your personal data overseas

From time to time, we may share your personal data with organisations in other countries including organisations within the Richmond International Group.

Personal data may be transferred inside and outside the UK and/or the European Economic Area (EEA which includes countries within the EU and Iceland, Liechtenstein, and Norway). For those countries within the EEA processing of personal data is subject to a similar standard of legal protection as is found in the UK.

In circumstances where personal data is transferred outside the EEA we will only do so where:

  1. The European Commission has decided that country has an adequate legal framework for the protection of personal data or
  2. We have entered into a contractual arrangement which includes terms approved by the European Commission imposing the highest standards of protection of personal data and where we have carried out an appropriate data transfer impact assessment.

13. How we keep your personal data secure

We have appropriate security measures in place to prevent personal information from being accidentally lost or being used or accessed in an unauthorised way.

We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted. Where we have given you (or where you have chosen) a password, which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Please note, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

14. How long we keep your personal data

We retain your personal data for no longer than is necessary. The time periods for retaining data are determined by several factors including but not limited to the nature and type of record, the nature of the activity, the product or service, the country where companies may be located and any applicable legal or regulatory requirements.

15. Links to other websites

Within our websites we may have links to third party websites, plug-ins and applications. Clicking those links may enable third parties to share or collect your personal data. We do not control such third-party websites and are not responsible for their privacy statements or the contents of those websites. We would encourage you to read the privacy notice of every website you visit.

16. Changes to the Privacy Notice

We keep this document under regular review and any changes in the future will be posted on this page. We encourage you to review this page regularly to identify any updates or changes to our privacy notice.

Version GPP-0623-CB

To find out more about generating additional revenue from referrals, co-branding or white labelling, call a member of our Business Development team.

Call 0333 123 1246 today