Privacy and cookies notice
Home » Privacy and cookies notice
1. Introduction
Pay.UK Limited (Pay.UK) understands the importance of protecting your personal information. This Privacy Notice sets out how and why we collect and use your personal information and your rights in relation to your personal information, when you interact with us whether via the Pay.UK website or otherwise.
For the purpose of this notice, “we” or Pay.UK refers to Pay.UK Limited (CRN 10842779). With effect from 11th June 2024, this Privacy and Cookie Notice replaces all Privacy and Cookie Notices relating to the Image Clearing Scheme of Cheque & Credit Clearing Company, Bacs Payment Schemes, Faster Payments Scheme and UKPA (“Group Companies “). This is because Pay.UK acts as the new payment systems operator and carries the overall responsibility for all data privacy matters.
In some scenarios, Pay.UK will be acting in the capacity of data controller and in others as data processor. This Privacy Notice is applicable when we act in the capacity of data controller. If you need further details, have a query or have a complaint about our use of your personal information, please contact our Data Protection Team:
- By email at DPO@wearepay.uk
- By post at 2 Thomas More Square, London E1W 1YN
- By telephone on 0203 217 8200.
We review our Data Protection Policy regularly. Where the Data Protection Policy has been updated and results in a change to this notice this will be clearly identified by reference to the date of this notice.
1.1. About this Notice
Your privacy is important to us, so we developed this Privacy Notice to explain how we manage and look after your personal information. The UK data protection law (UK GDPR and the Data Protection Act 2018) provides individuals with a number of rights including right of access to their personal information, called a “Data Subject Access Request” (“DSAR”) as well as right to rectification, erasure (right to be forgotten), restriction, objection and data portability. These rights are described in more detail below.
We refer in this notice variously to “personal information” and “personal data”. This refers to personal data as defined in UK GDPR, namely data that directly identifies an individual, such as their name, address and contact details, or also indirectly identifies an individual with less obvious identifiers, such as website cookies images and IP addresses.
Pay.UK processes a wide range of personal data about its clients, agents, staff, suppliers and other third parties.
Where we refer to “processing” we mean any operation carried out on personal data, including collecting, organising, storing, disclosing and erasing it.
2. How Pay.UK obtains and collects your personal information
This Privacy Notice tells you what to expect when we collect personal information about you. It applies to information we collect about:
- Visitors to Pay.UK premises
- Visitors to Pay.UK’s website
- People who contact Pay.UK via post, email, or telephone
- People who contact Pay.UK via social media
- People invited to join Pay.UK hosted online meetings (Microsoft Teams) where transcribed or recorded
- Job applicants
- External users such as clients, participants and service users of our Group Companies.
In relation to our website, it also contains
- Our monitoring activity and
- How we use cookies.
Pay.UK may use your personal information:
- To identify you
- To administer, maintain and host the website and related business service lines
- To administer any services we provide to you, including service line updates
- To compile statistical analysis of the pages of the website you visit
- To help us develop our business, products, services and our website
- To ensure accuracy of notes recorded during meetings (Microsoft Teams)
- For internal administration and/or analysis
- To consider any applications or requests for information or advice made by you
- If applicable, to consider your application for employment
- To communicate with you in any way and
- To comply with any legal or regulatory obligations.
The above are the purposes for which we process your personal information. In most cases the legal basis for the processing is that it is in Pay.UK’s interests which is not overridden by your rights and freedoms – we refer to this below as “Pay.UK’s legitimate business interests”. In some cases, the legal basis is that the processing is necessary to perform a contract with you or to comply with a legal obligation.
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and will explain the legal basis which allows us to do so.
Where your personal information is collected by us, it will be stored on our and/or or third-party servers located in the UK.
2.1 Visitors to Pay.UK’s premises
When you visit Pay.UK’s premises, Pay.UK processes information requested by Pay.UK and provided by you or the company you are representing, including:
- Name
- Company being represented
- Date of the visit
- Who you are visiting / Meeting and
- Information collected during the meeting by recording meeting, its attendees and comments made.
The processing is carried out on the basis of Pay.UK’s legitimate business interests. These interests include maintaining the security of the organisation and transparency of visitors’ actions to all Pay.UK personnel; the processing is necessary to maintain security, comply with local fire regulations, and comply with the Health and Safety at Work Act 1974.
The information is also shared with the landlord to enable general building security.
2.2. Monitoring activity
When you visit the Pay.UK website, Pay.UK logs the visit and captures data. The processing is carried out on the basis of Pay.UK’s legitimate business interests. Accordingly, information is processed to enable Pay.UK to identify security related events. It is necessary to compile log files and analyse traffic to its site for malicious activity. This information is generally not capable of personally identifying you.
2.3. Visiting our website
When you visit Pay.UK’s website wearepay.uk , we place cookies on your device (e.g. computer hard drive, mobile phone). Cookies are small text files that are placed on your device by websites that you visit. They are widely used to make websites work, or work more efficiently, as well as to provide information to the owners of the site. Pay.UK does this so that it can improve its website’s functionality and performance. For example, enabling the site to load quickly, making it easier to move between different pages and remembering you have been shown a one-off message.
Pay.UK may collect information about your computer including your operating system and browser type for the purposes of, but not limited to, system administration, aggregating information, statistical and auditing purposes.
2.3.1. Use of cookies on this site
You may refuse to accept cookies or be alerted as to when a cookie is being sent by activating the relevant setting on your browser. If you choose not to accept cookies, this website may not function properly or may be considerably slower.
On your first visit to this website you will have seen a cookie notice banner to inform you about the purposes for which cookies are being used and the means to manage your cookie preferences. At any point you can change your cookie consent preferences. Please be aware that some areas of our website may not function after you have changed your cookie settings.
The table below lists the cookies used on this site and why we use them.
Cookie type | Source | Cookie name and purpose | Expiration date |
Strictly necessary | Microsoft Azure – cloud platform | ARRAffinity, ApplicationGatewayAffinity, ARRAffinitySameSite and ApplicationGatewayAffinityCORS These cookies are used for load balancing to make sure visitors page requests are routed to the same server in any browsing session. | Duration of the session |
Civic UK | CookieControl This cookie is used to remember a user’s preferences in regards to cookies. | 90 days | |
Umbraco | __RequestVerificationToken This is an anti-forgery token designed to stop unauthorised posting of content to a website. | Duration of the session | |
ASP.NET | ASP.NET_SessionId This cookie serves two functions on the site: (i) Remembers the selections and data you have entered into one of our online forms so when progressing through the form you won’t be required to re-enter information you have already given (ii) Enables the parts of the form which have been completed to be redisplayed if the page is reloaded after pressing ‘submit’, for example if the form is incomplete or the information given is the wrong format. | Duration of the session | |
Performance
| Google Analytics
| _ga _gat _gidThese cookies are used to collect information about how visitors use our website. We use the information to compile reports and to help us improve the website. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from, and the pages they have visited.Google Analytics privacy policy | 2 years 1 minutes 24 hours |
Functionality | Vimeo
| We embed videos from our official Vimeo channel. When you press play Vimeo will drop third party cookies to enable the video to play and to collect analytics data such as how long a viewer has watched the video. These cookies do not track individuals. Vuid This cookie collects information about your actions on embedded Vimeo videos. Player This cookie saves your settings before you play an embedded Vimeo video. This means that the next time you watch a Vimeo video, you will get your preferred settings back. _abexps, continuous_play_v3 These additional cookies are only set if you interact with the video. They store information about how you use Vimeo. We embed videos from our official Vimeo channel. When you press play Vimeo will drop third party cookies to enable the video to play and to collect analytics data such as how long a viewer has watched the video. These cookies do not track individuals. |
2 years
1 year
1 year |
Strictly necessary | stackpath | adOtr Used in order to detect spam and improve the website’s security. Does not store visitor specific data. | Duration of session |
Strictly necessary | stackpath | PRLST Used in order to detect spam and improve the website’s security. Does not store visitor specific data. | Duration of session |
Strictly necessary | stackpath | SPSI Sets a unique ID for the session. This allows the website to obtain data on visitor behaviour for statistical purposes. This cookie is required in order for the WAF to function properly. | Duration of session |
Strictly necessary | stackpath | spcsrf Used in order to detect spam and improve the website’s security. Does not store visitor specific data. | 2 hours |
Strictly necessary | stackpath | SPSE Ensures visitor browsing-security by preventing cross-site request forgery. This cookie is essential for the security of the website and visitor. | Duration of session |
Strictly necessary | stackpath | sp_lit Used in order to detect spam and improve the website’s security. Does not store visitor specific data | 5 mins / session |
Strictly necessary | stackpath | UTGv2 Used in order to detect spam and improve the website’s security. Does not store visitor specific data. | Persistance 179 days |
2.3.2. Changing your cookies preferences
At any point you can change your cookie consent preferences.
Alternatively, most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org
3. IP addresses
Pay.UK does not collect nor process IP addresses. However, IP addresses are stored on our servers and might be accessed for security purposes and technical analysis, for security related incidents.
4. People who contact us via post, email, or telephone
Where enquiries are submitted to us, whether via post, email or telephone, we will only use the information supplied to us to deal with the enquiry. The processing is carried out on the basis of our legitimate business interests. Accordingly, this information is processed as necessary to enable efficient communication with clients, potential clients, job applicants, previous employees, members of the public, statutory bodies and regulatory bodies.
We will also monitor emails sent to us, including file attachments, for viruses or malicious software.
5. Job applicants, consultants, contractors, secondees and temporary workers
Pay.UK will, in the course of its business, advertise and receive applications for jobs. It may provide from time to time a facility on its website to users to apply for Pay.UK’s advertised jobs.
When you apply for a role, whether via a facility on our website or otherwise, we ask for your name, phone numbers, and email address. Pay.UK will also ask you about your previous experience, education, referees, most recent job title, current employer, current salary and salary expectations, skills, competencies, CV and for answers to questions relevant to the role you have applied for.
Pay.UK’s recruitment team will have access to all of this information.
You will also be asked to provide equal opportunities information. This is not mandatory information – if you do not provide it, it will not affect your application. This information will not be made available to anyone outside of our recruitment team, including hiring managers, in a way which can identify you. Any information you do provide will only be used to produce and monitor equal opportunities statistics.
The processing of job applications submitted via the website follows the same process as applications submitted via any other channel. The data privacy standards used in processing website job applications are set out in our Privacy Notice (Staff), which will be made available to you during the job application process.
The processing of personal information of job applicants, whether provided via the Pay.UK website or otherwise, is carried out on the basis of Pay.UK’s legitimate business interests of attracting and recruiting personnel, maintaining our business services model and/or fulfilling contractual obligations.4. With whom do we share your personal information?
6. With whom do we share your personal information?
6.1. Third parties
Other than to those third parties listed below, Pay.UK will not disclose your personal information to any third party unless either Pay.UK has your permission to do so, or Pay.UK is, or consider itself to be, under a legal or regulatory obligation to do so.
Your personal information may be disclosed to the following recipients, though Pay.UK will use its reasonable endeavours to control the use of your personal information:
- UK’s third-party service providers for the purposes of carrying out their services (including those used by Pay.UK to complete your orders for products and/or services).
- Any person to whom Pay.UK proposes to transfer any of its rights and obligations under any agreement Pay.UK has with you.
- UK’s professional advisers and external auditors
- Any of Pay.UK’s agents.
When Pay.UK administers certain systems or services used by you or the company you represent, Pay.UK processes information relating to you, being your name, contact information and system access information. In accordance with this section, your information may be shared with our third-party service providers (which includes our identity verification providers) and with relevant regulators including the Payment Services Regulator (PSR). This processing is necessary to comply with a legal obligation to which Pay.UK is subject.”
6.2. Hyperlinks
This Policy does not cover links within the website to other third-party websites. Pay.UK is not responsible for the use of any personal information including without limitation cookies which you give directly to such third parties, or which third party websites may collect about you (using cookies or otherwise) while you visit pages hosted by them. Please refer to these third-party websites’ respective privacy policies for information about their use of your personal information and their use of cookies.
6.3. Data Export
For the purposes outlined in this Policy, Pay.UK may send your personal information (which includes transfers to other parts of Pay.UK Limited) internationally, including to countries outside the UK.
However, your personal information will only be transferred to or from countries outside the UK where appropriate safeguards are in place and compliant with UK data protection law
data protection laws and measures in place or where we have put in place adequate safeguards as approved by the European Commission, details of which will be made available on request.
7. How long do we keep your personal information for?
We retain your data primarily to meet statutory and regulatory obligations. Secondly, your data is retained to enable us to pursue our legitimate business interests in relation to our clients, current and future requirements. We retain documents in accordance with our data retention policy, a copy of which is available upon request.
8. How does Pay.UK protect your personal information?
Pay.UK understands the importance of ensuring its systems are secure from unauthorised access, use or disclosure so that emails and forms that contain your personal information are safe. It has internal policies, procedures and controls in place to ensure this, of both a technical and organisational nature.
9. Your Rights
GDPR gives you a number of rights regarding your personal information that is processed by us:
- The right to be informed: our obligation to provide fair processing information;
- The right of access: allows you to be aware of and verify the lawfulness of the processing;
- The right to rectification: allows you to request the data is rectified if it is inaccurate or incomplete;
- The right to erasure: allows you to request the deletion or removal of personal data where there is no compelling reason for its continued processing;
- The right to restrict processing: allows you to ‘block’ or suppress processing of personal data in certain circumstances;
- The right to data portability: allows you to obtain and reuse your personal data for your own purposes across different services; and
- The right to object: you must have an objection on grounds relating to your particular situation.
- You can contact Pay.UK directly by post, email, or telephone, to exercise your rights, as set out below.
10. Subscribing to emails and marketing
From time to time, our service lines issue email communications about changes to guides and rules, service updates, operational and product information, and payments industry news. To receive these email communications, you need to subscribe via our website choosing which communications you would like to receive as part of that process. Subscription requires you to provide as a minimum, your name, email address and stakeholder type. We will only send you the email communications you have registered for.
In addition, from time to time, our service lines hold events relevant to specific audiences. The registration form captures your name personal information, which is stored on our website server. We use event registration information to secure a place, send information relating to the event and to survey attendees to obtain feedback to improve future events.
If you wish to unsubscribe at any time you can do so using the unsubscribe link at the bottom of each email communication. You can either unsubscribe from all email communications or individual email communications that you no longer wish to receive.
11. Queries or complaints
This Privacy Notice does not provide exhaustive detail of all aspects of Pay.UK processing of personal information. However, Pay.UK is happy to provide any additional information or explanation needed.
Pay.UK tries to meet the highest standards when processing personal information. For this reason, we take any complaints we receive about this very seriously. Pay.UK encourages people to bring it to its attention if they think that Pay.UK’s collection or use of information is unfair, misleading or inappropriate.
If you would like to exercise any of these choices, please get in touch via our Data Privacy Team
- By email at DPO@wearepay.uk
- By post at 2 Thomas More Square, London E1W 1YN
- By telephone on 0203 217 8200
or use the contact us form on our website. Where we have shared your personal information with other companies, we will let them know if you exercise any of these choices.
If you believe that we have not complied with your data protection rights, you can complain to the Information Commissioner who can be contacted at www.ico.org.uk, by telephone on 0303 123 1113 or by post:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
SK9 5AF
12. Changes to our Privacy Policy
We review our privacy policy regularly. Where the policy has been updated and results in a change to this notice this will be clearly identified by reference to the date of this notice above.