1. Who are we?
Payment Rails (‘we’ or ‘us’ or ‘our’) gather and process your personal information in accordance with this privacy notice and in compliance with the relevant data protection Regulation and law. This notice provides you with the necessary information regarding your rights and obligations, and explains how, why and when we collect and process your personal data.
Payment Rails Ltd’s registered office is at Aldgate Tower, 2 Leman St, London, E1 8FA, United Kingdom, and we are a company registered in England and Wales under company number 10318200. We are registered on the Information Commissioner’s Office Register of Data Controllers under registration number ZA259566 and act as the data processor, with the designated Data Protection Officer/Appointed Person for the organisation that can be contacted at firstname.lastname@example.org.
2. Information that we collect
Payment Rails processes your personal information to meet our legal, statutory and contractual obligations and to provide you with our products and services. We will never collect any unnecessary personal data from you and do not process your information in any other way than already specified in this notice.
The personal data that we collect from you may include:
- Date of Birth
- Residential Address
- Personal Email
- Business Email
- Home Telephone Number
- Work Telephone Number
- Mobile Telephone Number
- Skype Username
- National Insurance Number (SSN, SIN, etc)
- Passport Number
- Driver’s License Number
- National ID number
We collect information in the below ways:
a.) Information you give us “Submitted Information”: This is information you give us about you by filling in forms on the Site, or by corresponding with us (for example, by e-mail or via the chat functions on the Site). It includes information you provide when you subscribe to any of our services, enter into any transaction the Site (such as a Bank Transfer, Account Opening), participate in discussion boards or other social media functions on the Site, enter a competition, promotion or survey and when you report a problem with the Services, or the Site. If you contact us, we will keep a record of that correspondence. The information you give us may include your name, address, date of birth, e-mail address, phone number, username, password and other registration information, financial, details of your bank account(s) including the bank account number, bank sort code, IBAN, identification document numbers, copies of identification documents (for example, passport, driving licence and utility bill) personal description and photograph and any other information you provide us in order to prove your eligibility to use our services.
b.) Information we collect about you and your device. Each time you visit our Site we will automatically collect the following information:
(i) technical information, including the internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, device information and the type of mobile device you use, a unique device identifier (for example, your Device’s IMEI number, the MAC address of the Device’s wireless network interface, or the mobile phone number used by the Device), mobile network information, your mobile operating system, the type of mobile browser you use, time zone setting “Device Information”;
(ii) information about your visit, including the full uniform resource locators (URL), clickstream to, through and from our site (including date and time), services you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, device information;
(iii) transaction information including date, time, amount, currencies used, exchange rate, beneficiary details, details and location of the merchant or ATMs associated with the transaction, IP address of sender and receiver, sender’s and receiver’s name and registration information, messages sent or received with the payment, device information used to facilitate the payment and the payment instrument used;
c.) Information to help us deliver our service to you. We work closely with third parties in order to help us deliver our Service to you. These third parties are business partners (such as those we partner with to offer local payouts), sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies, fraud prevention agencies, customer service providers and developers. Information we may collect about you from such parties can include credit search information, information which helps us to verify your identity or information relating to your payment transactions. Please see the ‘Disclosure of your Information’ section for more information.
3. How we use your personal data
Payment Rails takes your privacy very seriously and will never disclosure, share or sell your data without your consent, unless required to do so by law. We only retain your data for as long as is necessary and for the purposes specified in this notice. Where you have consented to us providing you with promotional offers and marketing, you are free to withdraw such consent at any time.
We will disclose the data we collect from you to certain third parties who use personal data in delivering their services to us, they use data securely and confidentially and under strict contractual controls in accordance with data protection laws and enforced by Payment Rails.
We send personal data to the following sets of data processors in order to perform the services provided by Payment Rails:
a.) Financial Crime prevention agencies & Identity verification service providers
This is in order to verify your identity, protect against fraud, comply with anti-money laundering laws and to confirm your eligibility to use our products and services;
b.) Cloud storage providers
This is in order to safely and securely store your data with Payment Rails;
c.) Banking and financial services partners
Financial services providers that help us provide the Payment Rails Services including banking partners, banking intermediaries and international payments services providers;
d.) Analytics providers
We also use analytics and search engine providers that assist us in the improvement and optimisation of our site;
e.) Email communication providers
Your Personal Information is only used for the proper sending out of email; the Third-Party Email Suppliers do not use this Personal Information for any other purpose, and will not transfer or sell your Personal Information to any other third party;
f.) Companies within the Payment Rails group of companies
In order to provide a unified service across all of our products and services, we may disclose your personal information to any member of the Payment Rails Group, which means any of our subsidiaries or related entities. Companies in the Payment Rails Group will be acting as joint controller or processor in order to provide the Payment Rails Services. For example, we may share your data with Payment Rails Inc, the Canadian parent company of Payment Rails Ltd, to provide the technical services.
We may also disclose your personal information in the following circumstances:
- If Payment Rails or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
- If we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or request.
- In order to:
(i) enforce or apply the General Terms of Service and/or any other agreements between you and us or to investigate potential breaches; or
(ii) protect the rights, property or safety of Payment Rails, our customers, employees or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and financial or credit risk mitigation and reduction.
4. Your rights
You have the right to access any personal information that Payment Rails processes about you and to request information about:
- What personal data we hold about you
- The purposes of the processing
- The categories of personal data concerned
- The recipients to whom the personal data has/will be disclosed
- How long we intend to store your personal data for
- If we did not collect the data directly from you, information about the source
If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will strive to update/correct it as quickly as possible, unless there is a valid reason for not doing so, at which point you will be notified.
You also have the right to request erasure of your personal data or to restrict processing in accordance with the data protection law, as well as to object to any direct marketing from us and to be informed about any automated decision-making that we use.
If we receive a request for any of the above rights, we may ask you to verify your identity before acting on the relevant request; this is to ensure that your data is protected and kept secure.
5. Sharing and disclosing your personal information
We do not share or disclose any of your personal information without your consent, other than for the purposes specified in this notice or where there is a legal requirement. Payment Rails uses third-parties to provide the below services and business functions, however all processors acting on our behalf only process your data in accordance with instructions from us and comply fully with this privacy notice, the data protection laws and any appropriate confidentiality and security measures.
6. Safeguarding measures
Payment Rails takes your privacy seriously and take every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place, including:
- All information you provide to us is stored on our secure servers. Any payment transactions carried out by us or our chosen third-party provider of payment processing services will be encrypted using Secured Sockets Layer technology or a secure virtual private network. Where we have given you (or where you have chosen) a password that enables you to access certain parts of our or our Site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
- The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
- Certain Services include social networking, chat room or forum features. Ensure when using these features that you do not submit any personal data that you do not want to be seen, collected or used by other users.
7. Consequences of not providing your data
You are not obligated to provide your personal information to Payment Rails, however, as this information is required for us to provide you with our services, we will not be able to offer our services without it.
8. How long we keep your data
Payment Rails only ever retains personal information for as long as is necessary and we have strict review and retention policies in place to meet these obligations. We are required under UK law to retain personal data for a minimum of 6 years after which time it will be destroyed. We therefore use this retention requirement as a benchmark for all personal data that we receive from you. In order to not hold your information for longer than is strictly necessary we will not hold any of your personal data for more than 6 years after the termination of our business relationship.
Where you have consented to us using your details for direct marketing, we will keep such data until you notify us otherwise and withdraw your consent.
9. Lodging a complaint
Payment Rails only processes your personal information in compliance with this privacy notice and in accordance with the relevant data protection laws. If, however you wish to raise a complaint regarding the processing of your personal data or are unsatisfied with how we have handled your information, you have the right to lodge a complaint with the supervisory authority.
Payment Rails Ltd
Data Protection Officer
Aldgate Tower, 2 Leman St
London, E1 8FA
+44 20 3868 6355
Information Commissioner’s Office
Telephone: 0303 123 1113 (local rate) or 01625 545 745 (national rate)
Fax: 01625 524 510
© Payment Rails 2018
Last Revised: August 23, 2018