InComm Payments UK Limited Privacy Statement

PURPOSE. We respect your concerns about privacy and value the relationship we have with you. This Privacy Statement (“Privacy Statement”) describes the types of Personal Information that InComm Payments UK (“we”) may collect to provide our unique alternative payment and settlement services to our customers, how we may use that information collected, and with whom we may share it. This Privacy Statement also describes the measures we take to protect the security of the information. In addition, this Privacy Statement describes the choices you can make about how we use the information that you provide to us and how to exercise your rights over your Personal Information. We also tell you how you can reach us to update certain information that you have given to us, ask us not to send you future communications, or answer any questions that you may have about our privacy practices.

 

 

INFORMATION WE COLLECT AND HOW WE USE IT. We may collect, either directly or indirectly through a third party, Personal Information1 of customers.

 

Personal Information that we collect may include the following:

  • first and last name;
     
  • country of residence;
     
  • date of birth;
     
  • percentage of ownership in company;
     
  • job title;
     
  • address,
     
  • email;
     
  • PSP license # (if applicable);
     
  • W9 taxpayer form;
     
  • company name;
     
  • company physical address; and
     
  • company VAT number.

 

LAWFUL GROUNDS TO PROCESS. We typically process2 Personal Information only when it is necessary to comply with our legal obligations.

 

INFORMATION WE RETAIN. InComm has a formal Data Retention Standard which contains a comprehensive data retention schedule. Generally, we retain business-related information for 10 years unless no longer needed to serve the purpose for which the information was originally collected.

 

DISCLOSURE OF YOUR INFORMATION. We may share your Personal Information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.

 

We may share your information with selected third parties including business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you.

 

Additionally, we may share your information if we are under a duty to disclose or share your Personal Information in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of InComm Payments UK Ltd., our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

 

WHERE WE TRANSFER YOUR PERSONAL INFORMATION. Information that we collect may be transferred outside of the European Economic Area (“EEA”), including to countries, such as the United States, and to organizations, which have not been deemed as having “adequate” security measures by the European Commission. To facilitate adequate safeguards for information we transfer outside of the EEA, we have executed Model Clauses in our contracts, pursuant to European Commission Decision 2010/87/EC, to facilitate the legitimate, secure transfer of Personal Information outside the EEA as necessary. By submitting your Personal Information, you agree to this transfer, storing or processing. InComm will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Statement.

 

PROTECTING YOUR INFORMATION. We take protection of your Personal Information seriously and we deploy administrative, technical, and physical security measures to ensure a level of security appropriate to the risk including:

  • pseudonymization and encryption of Personal Information where appropriate based on the risk to the data;
     
  • the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
     
  • the ability to restore the availability and access to Personal Information in a timely manner in the event of a physical or technical incident; and
     
  • regularly testing, assessing, and evaluating the effectiveness of our technical and organizational measures for ensuring the security of all processing activities.
     

All Personal Information that we collect is stored on our secure servers.

 

 

YOUR RIGHTS. All individuals whose Personal Information is held by us have the right to:

  • ask what information we hold about them and why;
     
  • ask for a copy of such information or access to such information;
     
  • be informed how to correct or keep that information up to date; and
     
  • be informed on how we are meeting our data protection obligations. Furthermore, for data collected in the EEA, data subjects have the right to:
     
  • ask for a copy of such information to be sent to a third party;
     
  • ask for data to be erased if possible and required under the GDPR;
     
  • ask for processing of Personal Information to be restricted if possible and required under GDPR;
     
  • object to processing of Personal Information if possible and required under GDPR;
     
  • object to automated decision-making where applicable; and
     
  • contact a supervisory authority in the EEA to lodge a complaint regarding InComm Payments UK Ltd.’s processing of your Personal Information.
     
  • You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at InComm Payments UK Limited.

 

CHANGES TO THIS PRIVACY STATEMENT. Any changes we may make to this Privacy Statement in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check 3 back frequently to see any updates or changes to this Privacy Statement.

 

COMPLIANCE AND COOPERATION WITH REGULATORY AUTHORITIES. We regularly review our compliance with this Privacy Statement. When we receive a formal written complaint regarding the processing of Personal Information, we try to resolve it directly with the person who has made the complaint. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding our processing of Personal Information that we cannot resolve with a complainant directly.

 

CONTACT. All questions, comments and queries relating to our use of your information or regarding this Privacy Statement are welcomed and should be addressed to: Attn: Data Privacy Officer InComm Payments UK Limited 1600 Parkway Solent Business Park Whiteley Hampshire PO15 7AH Email: privacyofficer@incomm-europe.com Telephone: +44 (0) 1489 588200

 

 

 

Last updated: April 20, 2018
 

1 Under GDPR, Article 4(1), Personal Information or ‘personal data’ means any information relating to an identified or identifiable natural person. 2 Under GDPR, Article 4(2), ‘process’ or ‘processing’ means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.