PURPOSE. We respect your concerns about privacy and value the relationship we have with you. This Privacy Statement (“Privacy Statement”) describes the types of Personal Information that InComm Payments UK (“we”) may collect to provide our unique alternative payment and settlement services to our customers, how we may use that information collected, and with whom we may share it. This Privacy Statement also describes the measures we take to protect the security of the information. In addition, this Privacy Statement describes the choices you can make about how we use the information that you provide to us and how to exercise your rights over your Personal Information. We also tell you how you can reach us to update certain information that you have given to us, ask us not to send you future communications, or answer any questions that you may have about our privacy practices.
INFORMATION WE COLLECT AND HOW WE USE IT. We may collect, either directly or indirectly through a third party, Personal Information1 of customers.
Personal Information that we collect may include the following:
LAWFUL GROUNDS TO PROCESS. We typically process2 Personal Information only when it is necessary to comply with our legal obligations.
INFORMATION WE RETAIN. InComm has a formal Data Retention Standard which contains a comprehensive data retention schedule. Generally, we retain business-related information for 10 years unless no longer needed to serve the purpose for which the information was originally collected.
DISCLOSURE OF YOUR INFORMATION. We may share your Personal Information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We may share your information with selected third parties including business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you.
WHERE WE TRANSFER YOUR PERSONAL INFORMATION. Information that we collect may be transferred outside of the European Economic Area (“EEA”), including to countries, such as the United States, and to organizations, which have not been deemed as having “adequate” security measures by the European Commission. To facilitate adequate safeguards for information we transfer outside of the EEA, we have executed Model Clauses in our contracts, pursuant to European Commission Decision 2010/87/EC, to facilitate the legitimate, secure transfer of Personal Information outside the EEA as necessary. By submitting your Personal Information, you agree to this transfer, storing or processing. InComm will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Statement.
PROTECTING YOUR INFORMATION. We take protection of your Personal Information seriously and we deploy administrative, technical, and physical security measures to ensure a level of security appropriate to the risk including:
All Personal Information that we collect is stored on our secure servers.
YOUR RIGHTS. All individuals whose Personal Information is held by us have the right to:
CHANGES TO THIS PRIVACY STATEMENT. Any changes we may make to this Privacy Statement in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check 3 back frequently to see any updates or changes to this Privacy Statement.
COMPLIANCE AND COOPERATION WITH REGULATORY AUTHORITIES. We regularly review our compliance with this Privacy Statement. When we receive a formal written complaint regarding the processing of Personal Information, we try to resolve it directly with the person who has made the complaint. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding our processing of Personal Information that we cannot resolve with a complainant directly.
CONTACT. All questions, comments and queries relating to our use of your information or regarding this Privacy Statement are welcomed and should be addressed to: Attn: Data Privacy Officer InComm Payments UK Limited 1600 Parkway Solent Business Park Whiteley Hampshire PO15 7AH Email: firstname.lastname@example.org Telephone: +44 (0) 1489 588200
Last updated: April 20, 2018
1 Under GDPR, Article 4(1), Personal Information or ‘personal data’ means any information relating to an identified or identifiable natural person. 2 Under GDPR, Article 4(2), ‘process’ or ‘processing’ means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.