PURPOSE. We respect your concerns about privacy and value the relationship we have with you. This Privacy Notice describes the types of Personal Information that InComm Payments UK (“we”) may collect in order to provide our unique alternative payment and settlement services to our customers, how we may use that information collected, and with whom we may share it. This Privacy Notice also describes the measures that we take to protect the security of the information. In addition, we describe the choices you can make about how we use the information that you provide to us and how to exercise your rights over your Personal Information. We also tell you how you can reach us to update certain information that you have given us, ask us not to send you future communications, or answer any questions you may have about our privacy practices.
INFORMATION WE COLLECT AND HOW WE USE IT.
Settlement Services and Program Management Services
In the course of supporting alternative payment and settlement services in the European Territory, we may collect, either directly or indirectly through a third party, Personal Information1 from any Beneficial Owner2/Director/Officer of a Payment Service Provider (“PSP”) or Merchant who is party to a transaction in order to comply with Anti-Money Laundering/Know Your Customer (“AML/KYC”) legal and regulatory requirements. 1 Under GDPR, Article 4(1), Personal Information or ‘Personal Data’ means any information relating to an identified or identifiable natural person.
2 Beneficial Owners includes individuals possessing a 10%+ equity in the PSP or Merchant that is party to the transaction.
Typically, we engage a third party with instructions to facilitate collection of Personal Information from Owners/Directors/Officers in order to complete the required due diligence application. Once we receive a completed due diligence application from the third party, we will conduct the AML/KYC investigation associated with the underlying payment transaction. In the event that the due diligence application is incomplete or requires further explanation, we will communicate requests for additional information through the third party. We do not receive any information related to payment transactions.
The information we may collect to carry out AML/KYC due diligence activities may include the following information:
LAWFUL GROUNDS TO PROCESS. We process information related to Owners/Directors/Officers due 2 diligence as necessary to comply with our legal obligations to which we are subject under relevant AML/KYC laws and regulations.
INFORMATION WE RETAIN. InComm has a formal Data Retention Standard which contains a comprehensive data retention schedule. Generally, we retain business-related information for 10 years unless no longer needed to serve the purpose for which the information was originally collected.
DISCLOSURE OF YOUR INFORMATION. We may share your Personal Information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We may share your information with selected third parties including business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you.
In the event we go through a business transition, for example, a merger, acquisition by another company, or sale of part or all of our assets, we may disclose your Personal Information to third parties and your Personal Information held may be among one of the assets transferred.
WHERE WE TRANSFER YOUR PERSONAL INFORMATION. Information that we collect may be transferred outside of the EEA, including to countries, such as the United States, which have not been deemed as having “adequate” security measures by the European Commission. To facilitate adequate safeguards for information we transfer outside of the EEA, we have executed Model Clauses in our contracts, pursuant to European Commission Decision 2010/87/EC, to facilitate the legitimate, secure transfer of Personal Information outside the EEA as necessary. By submitting your Personal Information, you agree to this transfer, storing or processing. InComm will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Notice.
PROTECTING YOUR INFORMATION. We take protection of your Personal Information seriously and we deploy administrative, technical, and physical security measures to ensure a level of security appropriate to the risk including:
All Personal Information that we collect is stored on our secure servers.
YOUR RIGHTS. All individuals whose Personal Information is held by us have the right to:
Furthermore, for data collected in the EEA, data subjects have the right to: 3
You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at InComm Payments UK Limited.
CHANGES TO OUR PRIVACY NOTICE. Any changes we may make to this Privacy Notice in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to this Privacy Notice.
COMPLIANCE AND COOPERATION WITH REGULATORY AUTHORITIES. We regularly review our compliance with this Privacy Notice. When we receive a formal written complaint regarding the processing of Personal Information, we try to resolve it directly with the person who has made the complaint. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding our processing of Personal Information that we cannot resolve with a complainant directly.
CONTACT. All questions, comments and queries relating to our use of your information or regarding this Privacy Notice are welcomed and should be addressed to:
Attn: Data Privacy Officer
InComm Payments UK Limited
1600 Parkway Solent Business Park
Hampshire PO15 7AH
Telephone: +44 (0) 1489 588200
Last updated: April 20, 2018