Pay.UK Limited (Pay.UK) understands the importance of protecting your personal information. This privacy notice sets out how and why we collect and use your personal information and your rights in relation to your personal information, when you interact with us whether via the Pay.UK website or otherwise.
For the purpose of this notice, “we” or Pay.UK refers to Pay.UK Limited (CRN 10842779). With effect from 1 March 2019, this Privacy and Cookie Notice replaces all Privacy and Cookie Notices relating to the Image Clearing Scheme of Cheque & Credit Clearing Company, Bacs Payment Schemes, Faster Payments Scheme and UKPA (“Group Companies “). This is because Pay.UK acts as the new payment systems operator and carries the overall responsibility for all data privacy matters.
In some scenarios, Pay.UK will be acting in the capacity of data controller and in others as data processor. This policy is applicable when we act in the capacity of data controller. If you need further details, have a query or have a complaint about our use of your personal information, please contact our Data Privacy Team:
- By email at DPO@wearepay.uk
- By post at 2 Thomas More Square, London E1W 1YN
- By telephone on 0203 217 8200.
We review our policy regularly. Where the policy has been updated and results in a change to this notice this will be clearly identified by reference to the date of this notice above.
1.1. About this Notice
Your privacy is important to us, so we developed this privacy notice to explain how we manage and look after your personal information. The EU General Data Protection Regulation (“GDPR”) provides individuals with a number of rights including right of access to their personal information, called a “Data Subject Access Request” (“DSAR”) as well as right to rectification, erasure (right to be forgotten), restriction, objection and data portability. These rights are described in more detail below.
We refer in this notice variously to “personal information” and “personal data”. This refers to personal data as defined in GDPR, namely data that directly identifies an individual, such as their name, address and contact details, or also indirectly identifies an individual with less obvious identifiers, such as website cookies and IP addresses. Pay.UK processes a wide range of personal data about its clients, agents, staff, suppliers and other third parties.
Where we refer to “processing” we mean any operation carried out on personal data, including collecting, organising, storing, disclosing and erasing it.
2. How Pay.UK obtains and collects your personal information
This privacy notice tells you what to expect when we collect personal information about you. It applies to information we collect about:
- visitors to Pay.UK premises
- visitors to Pay.UK’s website
- people who contact Pay.UK via post, email, or telephone
- people who contact Pay.UK via social media
- job applicants
- external users such as clients, participants and service users of our Group Companies.
In relation to our website, it also explains;
- our monitoring activity and
Pay.UK may use your personal information:
- to identify you
- to administer, maintain and host the website and related business service lines
- to administer any services we provide to you, including service line updates
- to compile statistical analysis of the pages of the website you visit
- to help us develop our business, products, services and our website
- for internal administration and/or analysis
- to consider any applications or requests for information or advice made by you
- if applicable, to consider your application for employment
- to communicate with you in any way and
- to comply with any legal or regulatory obligations.
The above are the purposes for which we process your personal information. In most cases the legal basis for the processing is that it is in Pay.UK’s interests which is not overridden by your rights and freedoms – we refer to this below as “Pay.UK’s legitimate business interests”. In some cases the legal basis is that the processing is necessary to perform a contract with you or to comply with a legal obligation.
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and will explain the legal basis which allows us to do so.
Where your personal information is collected by us, it will be stored on our and/or or third party servers located in the UK.
2.1 Visitors to Pay.UK’s premises
When you visit Pay.UK’s premises, Pay.UK processes information requested by Pay.UK and provided by you or the company you are representing, including:
- Company being represented
- Date of the visit
- Who you are visiting and
- Information collected on closed circuit television (CCTV).
The processing is carried out on the basis of Pay.UK’s legitimate business interests. These interests include maintaining the security of the organisation and transparency of visitors’ actions to all Pay.UK personnel; the processing is necessary to maintain security, comply with local fire regulations, and comply with the Health and Safety at Work Act 1974.
The information is also shared with the landlord to enable general building security.
2.2. Monitoring activity
When you visit the Pay.UK website, Pay.UK logs the visit and captures data. The processing is carried out on the basis of Pay.UK’s legitimate business interests. Accordingly, information is processed to enable Pay.UK to identify security related events. It is necessary to compile log files and analyse traffic to its site for malicious activity. This information is generally not capable of personally identifying you.
2.3. Visiting our website
When you visit Pay.UK’s website wearepay.uk, we place cookies on your device (e.g. computer hard drive, mobile phone). Cookies are small text files that are placed on your device by websites that you visit. They are widely used to make websites work, or work more efficiently, as well as to provide information to the owners of the site. Pay.UK does this so that it can improve its website’s functionality and performance. For example, enabling the site to load quickly, making it easier to move between different pages and remembering you have been shown a one off message.
Pay.UK may collect information about your computer including your operating system and browser type for the purposes of, but not limited to, system administration, aggregating information, statistical and auditing purposes.
You may refuse to accept cookies or be alerted as to when a cookie is being sent by activating the relevant setting on your browser. If you choose not to accept cookies, this website may not function properly or may be considerably slower.
On your first visit to this website you will have seen a cookie notice banner to inform you about the purposes for which cookies are being used and the means to manage your cookie preferences. At any point you can change your cookie consent preferences. Please be aware that some areas of our website may not function after you have changed your cookie settings.
The table below lists the cookies used on this site and why we use them.
|Cookie type||Source||Cookie name and purpose||Expiration date|
|Strictly necessary||Azure windows cloud platform
|ARRAffinity and ARRAffinitySameSite
This cookie is used for load balancing to make sure visitors page requests are routed to the same server in any browsing session.
This cookie is used to remember a user’s preferences in regards to cookies.
|Duration of the session
|We embed videos from our official Vimeo channel. When you press play Vimeo will drop third party cookies to enable the video to play and to collect analytics data such as how long a viewer has watched the video. These cookies do not track individuals.
This cookie collects information about your actions on embedded Vimeo videos.
This cookie saves your settings before you play an embedded Vimeo video. This means that the next time you watch a Vimeo video, you will get your preferred settings back.
These additional cookies are only set if you interact with the video. They store information about how you use Vimeo.
2.3.2. Changing your cookies preferences
At any point you can change your cookie consent preferences.
Alternatively, most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org.
3. IP addresses
Pay.UK does not collect nor process IP addresses. However, IP addresses are stored on our servers and might be accessed for security purposes and technical analysis, for security related incidents.
4. People who contact us via post, email, or telephone
Where enquiries are submitted to us, whether via post, email or telephone, we will only use the information supplied to us to deal with the enquiry. The processing is carried out on the basis of our legitimate business interests. Accordingly, this information is processed as necessary to enable efficient communication with clients, potential clients, job applicants, previous employees, members of the public, statutory bodies and regulatory bodies.
We will also monitor emails sent to us, including file attachments, for viruses or malicious software.
5. Job applicants, consultants, contractors, secondees and temporary workers
Pay.UK will, in the course of its business, advertise and receive applications for jobs. It may provide from time to time a facility on its website to users to apply for Pay.UK’s advertised jobs.
When you apply for a role, whether via a facility on our website or otherwise, we ask for your name, phone numbers, and email address. Pay.UK will also ask you about your previous experience, education, referees, most recent job title, current employer, current salary and salary expectations, skills, competencies, CV and for answers to questions relevant to the role you have applied for.
Pay.UK’s recruitment team will have access to all of this information.
You will also be asked to provide equal opportunities information. This is not mandatory information – if you do not provide it, it will not affect your application. This information will not be made available to anyone outside of our recruitment team, including hiring managers, in a way which can identify you. Any information you do provide will only be used to produce and monitor equal opportunities statistics.
The processing of job applications submitted via the website follows the same process as applications submitted via any other channel. The data privacy standards used in processing website job applications are set out in our Privacy Notice (Staff), which will be made available to you during the job application process.
The processing of personal information of job applicants, whether provided via the Pay.UK website or otherwise, is carried out on the basis of Pay.UK’s legitimate business interests of attracting and recruiting personnel, maintaining our business services model and/or fulfilling contractual obligations.
7. How long do we keep your personal information for?
We retain your data primarily to meet statutory and regulatory obligations. Secondly, your data is retained to enable us to pursue our legitimate business interests in relation to our clients, current and future requirements. We retain documents in accordance with our data retention policy, a copy of which is available upon request.
8. How does Pay.UK protect your personal information?
Pay.UK understands the importance of ensuring its systems are secure from unauthorised access, use or disclosure so that emails and forms that contain your personal information are safe. It has internal policies, procedures and controls in place to ensure this, of both a technical and organisational nature.
9. Your Rights
GDPR gives you a number of rights regarding your personal information that is processed by us:
- The right to be informed: our obligation to provide fair processing information;
- The right of access: allows you to be aware of and verify the lawfulness of the processing;
- The right to rectification: allows you to request the data is rectified if it is inaccurate or incomplete;
- The right to erasure: allows you to request the deletion or removal of personal data where there is no compelling reason for its continued processing;
- The right to restrict processing: allows you to ‘block’ or suppress processing of personal data in certain circumstances;
- The right to data portability: allows you to obtain and reuse your personal data for your own purposes across different services; and
- The right to object: you must have an objection on grounds relating to your particular situation.
- You can contact Pay.UK directly by post, email, or telephone, to exercise your rights, as set out below.
10. Subscribing to emails and marketing
From time to time, our service lines issue email communications about changes to guides and rules, service updates, operational and product information, and payments industry news. To receive these email communications you need to subscribe via our website choosing which communications you would like to receive as part of that process. Subscription requires you to provide as a minimum, your name, email address and stakeholder type. We will only send you the email communications you have registered for.
In addition, from time to time, our service lines hold events relevant to specific audiences. The registration form captures your name personal information, which is stored on our website server. We use event registration information to secure a place, send information relating to the event and to survey attendees to obtain feedback to improve future events.
If you wish to unsubscribe at any time you can do so using the unsubscribe link at the bottom of each email communication. You can either unsubscribe from all email communications or individual email communications that you no longer wish to receive.
11. Queries or complaints
This privacy notice does not provide exhaustive detail of all aspects of Pay.UK processing of personal information. However, Pay.UK is happy to provide any additional information or explanation needed.
Pay.UK tries to meet the highest standards when processing personal information. For this reason, we take any complaints we receive about this very seriously. Pay.UK encourages people to bring it to its attention if they think that Pay.UK’s collection or use of information is unfair, misleading or inappropriate.
If you would like to exercise any of these choices, please get in touch via our Data Privacy Team
- By email at DPO@wearepay.uk
- By post at 2 Thomas More Square, London E1W 1YN
- By telephone on 0203 217 8200
or use the contact us form on our website. Where we have shared your personal information with other companies, we will let them know if you exercise any of these choices.
If you believe that we have not complied with your data protection rights, you can complain to the Information Commissioner who can be contacted at www.ico.org.uk, by telephone on 0303 123 1113 or by post:
Information Commissioner’s Office