InComm Payments UK Limited CyberSource Privacy Notice

PURPOSE. We respect your concerns about privacy and value the relationship we have with you. This Privacy Notice describes the types of Personal Information that InComm Payments UK (“we”) may collect in order to provide our unique alternative payment and settlement services to our customers, how we may use that information collected, and with whom we may share it. This Privacy Notice also describes the measures that we take to protect the security of the information. In addition, we describe the choices you can make about how we use the information that you provide to us and how to exercise your rights over your Personal Information. We also tell you how you can reach us to update certain information that you have given us, ask us not to send you future communications, or answer any questions you may have about our privacy practices.

 

 

INFORMATION WE COLLECT AND HOW WE USE IT.

 

Settlement Services and Program Management Services

In the course of supporting alternative payment and settlement services in the European Territory, we may collect, either directly or indirectly through a third party, Personal Information1 from any Beneficial Owner2/Director/Officer of a Payment Service Provider (“PSP”) or Merchant who is party to a transaction in order to comply with Anti-Money Laundering/Know Your Customer (“AML/KYC”) legal and regulatory requirements. Under GDPR, Article 4(1), Personal Information or ‘Personal Data’ means any information relating to an identified or identifiable natural person.

 

Beneficial Owners includes individuals possessing a 10%+ equity in the PSP or Merchant that is party to the transaction.

 

Typically, we engage a third party with instructions to facilitate collection of Personal Information from Owners/Directors/Officers in order to complete the required due diligence application. Once we receive a completed due diligence application from the third party, we will conduct the AML/KYC investigation associated with the underlying payment transaction. In the event that the due diligence application is incomplete or requires further explanation, we will communicate requests for additional information through the third party. We do not receive any information related to payment transactions.

 

The information we may collect to carry out AML/KYC due diligence activities may include the following information:

  • first and last name
     
  • address;
     
  • country of residence;
     
  • date of birth;
     
  • percentage of ownership in company;
     
  • job title;
     
  • email;
     
  • company information;
     
  • company director name;
     
  • VAT number;
     
  • PSP license number; and
     
  • W9 taxpayer form.

 

LAWFUL GROUNDS TO PROCESS. We process information related to Owners/Directors/Officers due 2 diligence as necessary to comply with our legal obligations to which we are subject under relevant AML/KYC laws and regulations.

 

INFORMATION WE RETAIN. InComm has a formal Data Retention Standard which contains a comprehensive data retention schedule. Generally, we retain business-related information for 10 years unless no longer needed to serve the purpose for which the information was originally collected.

 

DISCLOSURE OF YOUR INFORMATION. We may share your Personal Information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.

 

We may share your information with selected third parties including business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you.

 

In the event we go through a business transition, for example, a merger, acquisition by another company, or sale of part or all of our assets, we may disclose your Personal Information to third parties and your Personal Information held may be among one of the assets transferred.

 

Finally, we may share your information if we are under a duty to disclose or share your Personal Information to comply with any legal obligation, or to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of InComm Payments UK Ltd., our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

 

WHERE WE TRANSFER YOUR PERSONAL INFORMATION. Information that we collect may be transferred outside of the EEA, including to countries, such as the United States, which have not been deemed as having “adequate” security measures by the European Commission. To facilitate adequate safeguards for information we transfer outside of the EEA, we have executed Model Clauses in our contracts, pursuant to European Commission Decision 2010/87/EC, to facilitate the legitimate, secure transfer of Personal Information outside the EEA as necessary. By submitting your Personal Information, you agree to this transfer, storing or processing. InComm will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Notice.

 

PROTECTING YOUR INFORMATION. We take protection of your Personal Information seriously and we deploy administrative, technical, and physical security measures to ensure a level of security appropriate to the risk including:

  • pseudonymization and encryption of Personal Information where appropriate based on the risk to the data;
     
  • the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
     
  • the ability to restore the availability and access to Personal Information in a timely manner in the event of a physical or technical incident; and
     
  • regularly testing, assessing, and evaluating the effectiveness of our technical and organizational measures for ensuring the security of all processing activities.

 

All Personal Information that we collect is stored on our secure servers.

 

YOUR RIGHTS. All individuals whose Personal Information is held by us have the right to:

  • ask what information we hold about them and why;
     
  • ask for a copy of such information or access to such information;
     
  • be informed how to correct or keep that information up to date; and
     
  • be informed on how we are meeting our data protection obligations.

 

Furthermore, for data collected in the EEA, data subjects have the right to: 3

  • ask for a copy of such information to be sent to a third party;
     
  • ask for data to be erased if possible and required under GDPR;
     
  • ask for processing of Personal Information to be restricted if possible and required under GDPR;
     
  • object to processing of Personal Information if possible and required under GDPR;
     
  • object to automated decision-making where applicable; and
     
  • contact a supervisory authority in the EEA to lodge a complaint regarding InComm Payments UK Ltd.’s processing of your Personal Information.

 

You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at InComm Payments UK Limited.

 

CHANGES TO OUR PRIVACY NOTICE. Any changes we may make to this Privacy Notice in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to this Privacy Notice.

 

COMPLIANCE AND COOPERATION WITH REGULATORY AUTHORITIES. We regularly review our compliance with this Privacy Notice. When we receive a formal written complaint regarding the processing of Personal Information, we try to resolve it directly with the person who has made the complaint. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding our processing of Personal Information that we cannot resolve with a complainant directly.

 

CONTACT. All questions, comments and queries relating to our use of your information or regarding this Privacy Notice are welcomed and should be addressed to:

 

Attn: Data Privacy Officer

InComm Payments UK Limited

1600 Parkway Solent Business Park

Whiteley

Hampshire PO15 7AH

Email: privacyofficer@incomm-europe.com

Telephone: +44 (0) 1489 588200

 

 

 

Last updated: April 20, 2018