Our Privacy Notice
We appreciate the trust you place in us when sharing your personal data. The security of that data is very important to us. Please read this document carefully, as in it we will explain:
- How to contact us
- Who we are
- Companies and websites this document applies to
- What Personal Data We Collect About You
- How We Collect Personal Data
- How and Why We Use Your Personal Data
- Your consent to marketing
- Your rights
- How to exercise your rights
- How to make a complaint
- How and why we share your personal data
- Transferring your personal data overseas
- How we keep your personal data secure
- How long we keep your personal data
- Links to other websites
- Changes to the Privacy Notice
Please note that our websites are not intended for children, and we do not knowingly collect data relating to children.
1. How to Contact Us
If you have any questions about this privacy notice, data protection generally you wish to exercise your legal rights or you need extra help please contact our data protection officer (DPO) using the details set out below.
Data Protection Officer
1 Westleigh Office Park, Scirocco Close, Moulton Park, Northampton, NN3 6BW
2. Who we are
Richmond International Limited (trading as Paya Group), is the holding company for a number of organisations, such as Acceptacard Limited, Cornerstone North Limited, QixPay Limited, and LibertyPay Limited. The full list can be found below along with our websites.
Richmond International Limited is the data controller for all the organisations within the group. This means that Richmond International Limited determines what data is collected by each organisation within the group, how this data is going to be used and how this data is protected.
Our registered office address is:
Richmond International Limited
1 Westleigh Office Park, Scirocco Close, Moulton Park, Northampton, NN3 6BW
3. Companies and websites this document applies to
This notice applies to the following companies and websites, all the companies' trading brands and includes any other 'Paya' URLs that link to our websites.
- Acceptacard Limited (trading as Paya Group Limited)
- Cornerstone North Limited
- QixPay Limited
- LibertyPay Limited
This notice covers personal data that is collected through our websites, web applications, by telephone, live chat and through any related social media applications.
4. What Personal Data We Collect About You
We may collect, use, store and/or transfer different kinds of personal data about you.
What we mean by personal data is any information about you from which you can be identified. We will limit the collection and processing of your personal data to what is necessary to achieve one or more of the purposes.
The personal data we collect may include:
- Basic personal data - to identify you such as your first name, maiden name, last name, username or similar identifier, marital status, title, date of birth;
- Your contact information - including your email address, address and telephone numbers;
- Financial information – including bank account details, card payment details and transactional information and history;
- Products and services - provided to you;
- Online information and activity - based on your interaction with us, our websites, and applications for example your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types, searches, site visits and versions, operating system and platform, and other technology on the devices you use to access this website;
- Images - such as copies of your passport or drivers’ licence, and other proof of identity documents.
- Profile Data - which may include your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses;
- Usage Data - including statistical data including information about how you use our website, products and services; and
- Marketing and Communications Data - includes your preferences in receiving marketing from us and our third parties and your communication preferences.
It is important that the personal data we hold about you is accurate and current.
Please keep us informed if your personal data changes during your relationship with us.
Where permitted by law, we may process information about criminal convictions or offences and alleged offences for specific and limited activities and purposes such as to perform checks to prevent and/or detect crime and to comply with laws relating to anti money laundering, bribery and corruption, fraud, terrorist financing and international sanctions. It may involve investigating and gather information in relation to suspicious activity and sharing data with banks, law enforcement agencies and/or regulatory bodies.
5.How we collect your personal data
Your personal data comprises both personal and financial information and includes information provided to us including;
- Information you give to us directly where you:
- contact us directly via telephone, letters or email;
- use our online contact forms, applications, emails;
- search for our products and services;
- apply for our products or services electronically or otherwise;
- take part in discussion boards or other forms of social media;
- request marketing material to be sent to you;
- enter a competition, promotion or survey; and/or
- give us feedback or contact us.
- Information we learn about you through our relationship and the way you interact with us;
- Information we may receive from third parties which may include other Richmond International Group companies who provide services to you or us, credit reference, fraud prevention or government agencies;
- Information we gather using technology, which you may use to access our services (an IP address for example or telephone number), and how you use technology (for example recognising behavioural patterns);
- Information we gather from publicly available sources, such as the press, the electoral register, company registers and online search engines.
6. How and why we use your personal data
We will only use your personal data where it is necessary to carry out our business activities and we are required to have one or more of the following reasons for using your personal data:
- Performance of a contract – the personal data we may need to deliver our services to you;
- Legal obligation – where we are required by law to process your personal data;
- Legitimate interest – where we are permitted to use your personal data where on balance the benefits of us doing so is not outweighed by your legal rights;
- Consent – where your agreement is sought prior to utilising your personal data. Wherever consent is the only reason for using your personal data you have the right to change your mind and/or withdraw your consent.
We will mainly use your personal data in the following ways:
- When you apply for a product or a service (and throughout your relationship with us), we are required by law to collect and process certain personal data about you. Please note that if you do not agree to provide information requested, it may affect service provision as we may be unable to continue to operate your account and/or deliver our services or products to you.
- To perform checks and monitor transactions and location data for the purposes of detecting and preventing criminal activity in compliance with laws relating to anti money laundering, fraud, terrorist financing, bribery and corruption and international sanctions.
- To check and share information held by us with fraud prevention agencies, law enforcement and other government agencies for the purpose of preventing, detecting, and prosecuting financial crime and funding of terrorism.
- To confirm your identity and check you meet the eligibility criteria to receive our products and services.
- To check the information, you have provided to us via credit reference agencies and publicly available information.
- To register you as a new customer.
- To administer your account and deliver our services to you including:
- Managing payments, fees and charges;
- Keeping an accurate history of transactions and sending you relevant statements;
- Communicating with you in relation to your account for instance notifying you of any changes to our charges, processing limits or settlement periods
- Helping to resolve any problems or complaints you may have;
- Administering any offers or promotions you have agreed to participate;
- Collect and recover monies where appropriate.
- To manage our relationship with you including:
- Keeping you informed about changes to your service e.g. notification of price changes, changes in the way we provide our services and any other legal or regulatory information.
- Notifying you of changes to our terms and conditions;
- Notifying you of changes to this document;
- Asking you to leave a review or respond to a survey.
- To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we provide to you.
- To analyse and improve the running of our business, including contacting you for market research purposes.
- To use data analytics to improve our website, products/services, marketing, customer relationships and experiences.
- To make suggestions and recommendations to you about our services which may be of interest to you.
- To ensure that each visitor to any of our websites can use and navigate the site effectively.
7. Your consent to marketing
Generally, we do not rely on consent as a legal basis for processing your personal data, in certain circumstances, we are required to obtain your consent to the processing of your personal data and that includes when marketing products and services to you.
Your consent can either be opt in consent or soft opt in consent depending on whether you are an existing customer and what the consent is for.
We will always get your opt in consent before sending third party direct marketing communications to you.
- Opt-in Consent
- you have to give us your consent freely, without us putting you under any type of pressure;
- you have to know what you are consenting to – so we’ll make sure we give you enough information;
- you should have control over which processing activities you consent to and which you do not. We provide these finer controls within our privacy preference centre; and
- you need to take positive and affirmative action in giving us your consent – we are likely to provide an opt-in consent tick box for you to check so that this requirement is met in a clear and unambiguous fashion.
- Soft Opt-in Consent
- In some cases, we will be able to rely on soft opt-in consent. We are allowed to market products or services to you if you are an existing customer who bought (or negotiated to buy) a similar product or service from us in the past, and we gave you a simple way to opt out both when we first collected your details and in every message we have sent, which are related to the services we provided, as long as you do not actively opt-out from these communications.
- For most people, this is beneficial as it allows us to suggest other products and services to you alongside the specific one you contacted us for. This significantly increases the likelihood of us being able to provide you with a better level of product or service which you may require. For other types of e-marketing, we are required to obtain your explicit consent.
You have the right to withdraw consent to marketing at any time by contacting us or changing your marketing preferences in your online account.
If you have opted out from our marketing communications, it is possible that your details may be recaptured through public sources in an unconnected marketing campaign. We will try to make sure this does not happen, but if it does, we are sorry, and we would ask that in those circumstances you opt out again.
8. Your rights
You have several rights under data protection laws, the rights available to you depend on our reason for processing your information and are set out below:
- Your right of access - You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information. In most cases, this will be free of charge, however in some limited circumstances, for example, repeated requests for further copies, we may apply an administration fee;
- Your right to rectification - You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.
- Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
- Your right to restriction of processing - You have the right to ask us to restrict the processing of your information in certain circumstances.
- Your right to object to processing - You have the right to object to processing if we are able to process your information because the process forms part of our public tasks or is in our legitimate interests.
- Your right to data portability - The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.
9. How to exercise your rights
In most circumstances you are not required to pay any charge for exercising your rights. We have one month to respond to you. To exercise your rights:
- email, call or write to us
- let us have enough information to identify you e.g. account number, full name and address
- let us have proof of your identity and address (a copy of your driving licence or passport, and a recent utility or credit card bill); and
- let us know the information to which your request relates, including any account or reference numbers, if you have them.
If you would like to unsubscribe from any marketing communication, you can click on the ‘unsubscribe’ button at the bottom of the communication. It may take up to 7 days for this to take place. You can also change your marketing preferences within your online account.
You can access any of these rights at any time and if you wish to do so or require further information about your rights, please contact us using the details above.
10. How to make a complaint
If you are unhappy with the way we have handled your personal data and/or wish to complain about how your personal data is being processed, please contact our Data Protection Officer using the details provided above.
If you’re not satisfied with our response, you can raise a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work or normally live, or where any alleged infringement of data protection laws occurred.
11. How and why we share your personal data
We may from time to time share your personal data with the following organisations who are also required to keep your information confidential, safe and secure:
- any member of our group, which means any subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006;
- third parties, business partners, agents, professionals and suppliers and sub-contractors for the performance of any contract we enter into with them or you;
- analytics and search engine providers that assist us in the improvement and optimisation of our site, although ordinarily only non-personal information is shared;
- credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you;
- where required as part of any proposed sale, reorganisation, transfer, financial arrangement, asset disposal or other transaction relating to our business and/or business assets;
- Anyone else with your permission.
12. Transferring your personal data overseas
From time to time we may share your personal data with organisations in other countries including organisations within the Richmond International Group.
Personal data may be transferred inside and outside the UK and/or the European Economic Area (EEA which included countries within the EU and Iceland, Liechtenstein, and Norway). For those countries within the EEA processing of personal data is subject to similar standard of legal protection as is found in the UK.
In circumstances where personal data is transferred outside the EEA we will only do so where:
- The European Commission has decided that country has an adequate legal framework for the protection of personal data or
- We have entered into a contractual arrangement which includes terms approved by the European Commission imposing the highest standards of protection of personal data.
13. How we keep your personal data secure
We have appropriate security measures in place to prevent personal information from being accidentally lost or being used or accessed in an unauthorised way.
We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted. Where we have given you (or where you have chosen) a password, which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Please note, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
14. How long we keep your personal data
We retain your personal data for no longer than is necessary. The time periods for retaining data are determined by several factors including but not limited to the nature and type of record, the nature of the activity, the product or service, the country where companies may be located and any applicable legal or regulatory requirements.
15. Links to other websites
Within our websites we may have links to third party websites, plug-ins and applications. Clicking those links may enable third parties to share or collect your personal data. We do not control such third-party websites and are not responsible for their privacy statements or the contents of those websites. We would encourage you to read the privacy notice of every website you visit.
16. Changes to the Privacy Notice
We keep this document under regular review and any changes in the future will be posted on this page. We encourage you to review this page regularly to identify any updates or changes to our privacy notice.