Cornerstone Merchant Services (North) Limited (“we”, “us” or “our”) is committed to protecting and respecting your privacy.
This policy applies to all our trading brands and websites including Payacardservices.com, Payatrader.com, Payataxi.com, Payacharity.com and any other ‘Paya’ URLs that link to our websites.
We may process your Personal information in the country where it was collected, as well as other countries where laws regarding processing of Personal information may be less stringent than the laws in your country.
For the purpose of the Data Protection Act 1998, the General Data Protection Regulations 2016, and any and all other applicable laws and regulations relating to the processing of personal data and privacy (the “Data Protection legislation”), we act as the data controller and data processor. For clarity;
- A controller determines the purposes and means of processing personal data.
- A processor is responsible for processing personal data on behalf of a controller.
Notification of changes
This policy is effective from the 25th May 2018.
- INFORMATION WE COLLECT
We may collect and process the following data about you:
- Information that you provide by filling in forms on our websites. This includes information provided at the time of applying for our service(s), requesting a quote for services, or completing an online contact or other request form. In addition we may also ask you for information when you report a problem with our website or your services.
- By “Your Information” we mean the personal and financial information we obtain from you or from third parties (such as credit reference and fraud prevention agencies, joint account holders, your employees or officers of your business, other organisations who introduced us, or act on your behalf) which, where you are a sole trader or partnership, may relate to you and/or your business partners and guarantors and where you are a company or limited liability partnership, may relate to your officers, shareholders, partners, owners and guarantors.
- We use your information for the following purposes:
- Online Client Portal (Merchants and Partners).
The online client portal allows merchants and partners to manage their accounts, including invoicing, transactional information, product & service ordering, personal information & preferences and access to payment channels and user guides. The client portal also displays company generated messages of a legal, regulatory and other nature, including updates to Terms & Conditions, procedural notices and matters affecting the provision of service and announcements about new products & services including third party offers. We may use your information for internal marketing purposes unless you have asked us not to. We will always give you the opportunity to stop receiving material from us within any marketing materials we send.
- E-Newsletters and Promotional Email.
We use a third party provider, Mailing Manager, to deliver our periodic e-newsletters and other promotional communications. We gather statistics around email opening and clicks using industry standard technologies. For more information, please see https://www.mailingmanager.co.uk/privacy-policy.php
We use a third-party service, WordPress.com, to publish our blog. These websites are hosted at WordPress.com, which is run by Automattic Inc. we use a standard WordPress service to collect anonymous information about users’ activity on the website, for example, the number of users viewing pages on the website, to monitor and report on the effectiveness of the website and help us improve it. WordPress requires visitors that want to post a comment to enter a name and email address. For more information about how WordPress processes data, please see Automattic’s privacy notice at https://automattic.com/privacy/
- People who contact us via social media.
We use a third-party provider, Hootsuite to manage our social media interactions. If you send us a private or direct message via social media the message will be stored by Hootsuite for three months. It will not be shared with any other organisations. For more information, please see https://hootsuite.com/legal/privacy
- People who call our helpline or email us.
When you call or email us about your service(s) we may need to access your online account and the information you provided when you applied for our service(s) or since. The information we hold about you is only visible on a ‘need to know’ basis.
Purpose Legal Basis Where it is necessary to use your information in order to provide our services to you and to respond to any queries or complaints. Contractual necessity
To conduct anti-money laundering checks and fulfil our regulatory obligations in connection with the services. Legal obligation To comply with legal requirements and Card Scheme Rules. Legal obligation, contractual necessity and legitimate interests To carry out credit checks and other enquiries to help us make decisions about whether to enter into a contract with you and to evaluate our ongoing relationship with you. Legitimate interests For the prevention, investigation and detection of crime & fraud and for security reasons. Legitimate interests For the prevention, investigation and detection of crime & fraud and for security reasons. Legitimate interests To analyse and improve the running of our business, including contacting you for market research purposes. Legitimate interests To keep you informed about changes to your service e.g. notification of price changes, changes in the way we provide our services and any other legal or regulatory information. Legitimate interests To provide you with information, products or services that you request from us or which we feel may interest you, where you have expressly consented (new customers) or have not unsubscribed from our previous communications (existing customers before 25th May 2018) to be contacted for such purposes. You may unsubscribe at any time from receiving further communications from us for such purposes. Legitimate interests
For analytical purposes and we may share this aggregated information with others from time to time. This regards use of records of the transactions in combination with the records of our customers in an aggregated form. Legitimate interests
- HOW WE SHARE YOUR INFORMATION
- We may disclose your personal information to any member of our group, which means our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006 where we have a legitimate interest in doing so such as where a decision has been made to consolidate support services or where required by such companies professional advisers in the performance of their services.
- We may disclose your personal information to third parties in the following circumstances, where we have a legitimate interest for doing so or where it is necessary for our performance of our contract with you or where we are legally obliged to do so.
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets as part of the sale or purchase process and to allow this transaction to proceed;
2.3.3 if Cornerstone Merchant Services (North) or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets; and
- On occasion we may need to engage third party suppliers, web hosts and developers for the purpose of the maintenance, management and improvement of the services, which we provide to you and to our other customers. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
- We may at any time give your information to:
- Any organisation who introduced you to us to allow us to provide services to you
- Service providers, advisors and agents providing services to us (including our group companies and affiliates);
- Card Schemes covered by the Terms of Service
- Anyone who has a legal right to require disclosure of your information or to whom we are permitted by law to disclose your information (this may include third parties such as bailiffs, receivers, the police and the courts)
- Regulatory bodies where required for regulatory purposes
- Credit reference agencies and fraud prevention
- Our professional advisors in order to obtain advice in relation to our relationship with you;
- Any person to whom we assign or sub-contract any of the rights or obligations under our agreement with you
- Third party investors or potential investors in Cornerstone Merchant Services (North)
- Cornerstone Merchant Services (North) cooperates with law enforcement inquiries, as well as other third parties to enforce laws, such as: intellectual property rights, fraud, theft, harassment and other rights. We can (and you authorise us to) disclose any information about you if we believe in good faith that such disclosure is necessary to (a) comply with relevant laws or to respond to subpoenas or warrants served on us; (b) protect or defend the rights or property of Cornerstone Merchant Services (North) or third parties; or (c) assist in an investigation.
- Overseas transfers of your information
To provide certain services we may transfer your information to countries outside the European Economic Area (EEA) where data protection laws may not be as strict as they are in the EEA. If we do so we will put in place appropriate controls to ensure that your information is protected adequately, in particular through standard data protection model clauses adopted by the European Commission.
- Provision of information about other people
If you are providing personal information about other individuals in this form, you must explain to those individuals whose personal details you have disclosed, the categories of personal information that is being disclosed and all uses and processing of their personal data as detailed in this form. This explanation must be provided to other individuals before you submit the form to us.
- Credit Reference and Fraud Prevention Agencies
IMPORTANT INFORMATION ABOUT PROCEDURES FOR OPENING AND MAINTAINING OF A “MERCHANT SERVICES OR PAYA” ACCOUNT.
A “Merchant Services” account refers to the provision of a facility with one of the acquirers chosen by you, to which we are connected, which allows you to process credit and debit cards.
A “Paya Account” means a facility with an acquirer chosen by us, which allows you to process credit and debit cards.
To ensure compliance with current legal and regulatory requirements aimed at preventing financial crime, money laundering and terrorist financing and to enable us to proceed with your application, we are required to obtain, verify and record information that identifies each person who opens up a merchant services account. We shall search your records and those of the other individuals at credit reference agencies who shall supply us with information as well as information from the Electoral Register for the purpose of verifying your identity and that of the other individuals. Alternatively, we may ask you to provide physical forms of identification. Prior to our acceptance of the application and from time to time thereafter, we may investigate the individual and business history and background of the customer, each such representative and any other officers, partners, proprietors and/or owners of the customer, and obtain credit reports or other background investigation reports on each of them that we consider necessary to review the acceptance and continuation of this application.
Credit reporting agencies and other relevant agencies used by us will compile information to answer those credit inquiries and supply us with such information as well as information from the Electoral Register for the purpose of verifying your identity and that of the other. Credit reference agencies will record any credit searches on their file whether or not this application proceeds.
It is important that you give us accurate details. We shall check your details and those of the other individuals with crime prevention agencies and if you give us false or inaccurate information and we suspect fraud, we shall record this. We may disclose your details and details of how you conduct your business and account to such agencies. This information may be used by other credit grantors for making decisions about you or people with whom you are financially associated. The information may also be used for prevention of financial crime and money laundering.
If upon review of the information submitted in your application (which may or may not include all of the checks specified above) it appears that we require further information from you, we shall request for this from you. Please note that unless and until we receive this additional information we cannot proceed with your application. Please note that any such checks and inquiries may occur after opening of your merchant services account, as they may be desirable or necessary to evaluate the continuance of the agreement.
HOW LONG WE KEEP YOUR INFORMATION
We will keep your information for as long as we have a contract with you and for as long as we need your information for regulatory or evidential purposes for up to 6 years after expiry of termination of your contract.
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted. Where we have given you (or where you have chosen) a password, which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Please note, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
- YOUR RIGHTS
- Individuals have the following rights under data protection legislation:
- Where any processing is based on consent you have a right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
- You can request any amendments or rectifications to your data by contacting us and to notify us if you would like us to delete or erase your data or, in certain circumstances, if you would like us to restrict the way in which we process your data. Please note that, in certain circumstances, we may not be able to delete or erase your personal data such as where this is still required for the purpose for which it was provided or where we have overriding legitimate interests in retaining your data.
- You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data or by clicking the unsubscribe link on any marketing communications we send to you by email or by updating your preferences in the client portal.
- Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
- If you are unhappy with the way in which we have collected or processed your data or have any other complaint in relation to our handling of your data you can make a complaint to the Information Commissioner, further information can be found on the Information Commissioner’s website at www.ico.org.uk or via their helpline on 0303 123 1113.
- A right to ask for a copy of their personal data
- A right to ask us to delete or correct any information we hold about them that is inaccurate
- A right to request erasure of information in certain circumstances
- A right to data portability
- A right to restrict processing and a right to object to processing activities in certain circumstances
- A right to stop your information from being used for direct marketing purposes; and
- A right to lodge a complaint with the Data Protection Commissioner (or other supervisory authority in
the European Union) if you believe that your information has not been processed in accordance with the requirements of the data protection legislation.
- GOVERNING LAW
- This Policy and any dispute or claim arising out of it or in connection with it or its subject matter shall be governed by and construed in accordance with the laws of England and Wales and the parties irrevocably agree that the courts of England have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with this policy or its subject matter.
- CONTACTING US
Effective from 7th October 2019
PayaCharity is a Paya Group brand operated by Cornerstone Merchant Services (North) Limited, (company registration number 07373392) registered office address: 7 Billing Road, Northampton, NN1 5AN. Authorised with the FCA for rental of hardware, firm number 710416.