Handepay's Privacy Policy

Handepay Ltd are committed to protecting and respecting your privacy.

 

This Privacy Policy (“Policy”) (together with our terms of use and any other documents referred to in it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read this Policy carefully to understand our practices regarding your personal data and how we will treat it.

It applies to information Handepay Ltd collects about:

  • Merchant customers of Handepay
  • Suppliers and organisations of Handepay
  • Visitors to our website


DEFINITIONS

For the purpose of this Privacy Policy:

Merchant means any merchant retailer, business or other organisation either receiving services by or through Handepay Ltd or have registered their interest in receiving services by or through Handepay Ltd.

PayPoint Group means the group of companies which comprises of Handepay Ltd and other PayPoint companies.

References to “personal data”; “data subject” or “controller” shall have the meaning assigned to them in the Data Protection Act 2018 (as may be amended from time to time).


Handepay Ltd. is part of the PayPoint group companies (PayPoint Group). References to ‘we’, ‘us’ and/or ‘our’ are references to Handepay Ltd. or another company in the PayPoint Group as appropriate.

 

INFORMATION WE MAY COLLECT FROM YOU

All personal data and any other information which we may collect from you and about you will be processed fairly and lawfully in accordance with our obligations under current UK data protection legislation.

We may, depending on the service you use, collect and process data about you.

  • Information you give us – You may give us information about you by filling in forms on our site or by corresponding with us by phone, e-mail or otherwise. This may include information you provide when you use our site, subscribe to any service which we provide, search for a product, obtain a quote, place an order with us or via our site, participate in discussion boards or other social media functions on our site (where available), and when you report any problem with our site or the services which we provide via our site. The information you give us may include your name, address, e-mail address and phone number, financial and credit card information, personal description and business requirements.

 

  • Information we receive from other sources – We may receive information about you from third parties who refer clients to us who may need our services. They will provide us with information including your name, contact details and requirements. When considering credit applications, we will also obtain information from credit reference agencies who will provide information on your credit history. We are also working closely with payment services providers and may receive information about payments your business receives from them.

 

HOW WE USE THE INFORMATION WE COLLECT


We will only use your information where we have your consent or we have another lawful reason for using it. These reasons include where we:

  • need to pursue our legitimate interests;
  • need to process the information to carry out an agreement we have with you;
  • need to process the information to comply with a legal obligation;
  • believe the use of your information as described is in the public interest, e.g. for the purpose of preventing or detecting crime;
  • need to establish, exercise or defend our legal rights; or
  • need to use your information for our insurance purposes.

 

MERCHANT INFORMATION

Provision of Services -  In order to receive services by or through Handepay, a Merchant is required to provide personal data to Handepay. Handepay will need to receive and maintain this information in order to consider requests to enter into contracts and to carry out any obligations we have to you arising from any contract. This information will also be shared with third parties where necessary in order for those third parties to provide the relevant services to you.

Checks and Validation – In order for you to receive services or, where you already receive services, we may require personal information in order to verify the identity of the Merchant (or its directors and/or shareholders and any guarantors as appropriate) and make certain checks for regulatory purposes.

We may also use your personal data to undertake credit checks, to trace debtors, recover debt and to manage individuals’ accounts as necessary in relation to the services you receive.

Service Updates - We will use information provided by you to provide you with service updates and information to enable you to provide services to us or for us to provide services to you.  We request you provide us with your business e-mail address or business contact details for these communications.

Disclosures - We may disclose information you supply to regulatory bodies, investigatory authorities such as the police, HMRC, your acquirer (if you use our card services) and public health authorities.  We may also disclose your information to provide you with operational support for products and/or services such as maintenance call outs or your bank details to our payment service providers so you can make and receive payments from us.  

Handepay and PayPoint Group Offers – We may use your personal data, and/or share your personal data with other members of the PayPoint Group in order for us and/or them to provide you with information about other products and services provided by us or other members of the PayPoint Group that are relevant to your business.

Third Party Offers – We may give you the opportunity to participate in offers and services provided by third parties.

If you decide to participate in a third party offer you will contract on the third-party terms but we may disclose your information to the third party to enable them to offer their services to you.  We may need to provide such third parties with information when you change, amend or update your personal details and/or your services with Handepay as it may impact the terms they offer.  You should review any third-party terms to make sure they are suitable for your needs.


Marketing to a Merchant

Handepay may use Merchant contact information to provide services to, market to or enhance services to the Merchant.   


We may use your information to provide you with details of promotions available to Merchants from third parties supporting our Handepay Loyalty Programme. 

 

Handepay does not provide your information to third parties for marketing purposes without your consent. 

 

If you have agreed, Handepay may from time to time share the Merchant contact information with third parties to offer services to the Merchant.  If a Merchant contact does not wish to receive such communications they can unsubscribe by emailing [email protected] or writing to us.


Disclosure of Personal Information

We may share your personal information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.

We may share your information with selected third parties including:

  • Business partners, suppliers and sub-contractors for the performance of any contract we enter into (or considering entering into) with them or you.

 

  • When searching your record at one or more credit reference agencies from time to time for the purpose of assessing your credit score where this is a condition of us entering into a contract with you. You should be aware that these agencies will add to your record details of our searches and this will be seen by other organisations carrying out later searches.

 

  • When checking your details with one or more fraud prevention agencies and recording any false or inaccurate information; if we suspect fraud, we will record this.


We may disclose your personal information to third parties:

  • In order to fulfil the terms of any contract you have entered into with Handepay or for the provision and/or fulfilment of any contract you have entered into with a third party organised by or through Handepay.

 

  • In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.

 

  • If Handepay Ltd or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.

 

  • If you wish to transfer to any business providing a similar service to ours, including (without limitation) insurers, guarantors and professional advisors to whom you may wish to transfer, any business to which we may wish to transfer our rights or duties and any merchant acquirer who we consider may be suitable for your business.

 

  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of useand other agreements; or to protect the rights, property, or safety of Handepay Ltd, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

 

  • By adding to your record with any relevant credit reference agency the details of any agreement with us and your performance under it.

 

  • To help us make decisions about credit and credit-related services for individuals and members of their household.

 

  • To help us make decisions about the suitability of certain products or services. Where appropriate, and where you have consented, this may include a credit

  • To trace debtors, recover debt, prevent fraud and to manage individuals’ accounts or insurance policies.

 

  • To check individuals’ identity to prevent money laundering and/or other crime.

 

  • For statistical analysis relating to credit, insurance and fraud.

 

  • For regulatory, legislative and/or compliance purposes including but not limited to HMRC, Financial Conduct Authority, Financial Services Ombudsman, and/or applicable investigatory authorities.


SUPPLIER INFORMATION

In order to provide services to Handepay, a Supplier may be required to provide personal data to Handepay.  Handepay will need to maintain this information in relation to the Supplier to use the Supplier’s services and make certain checks.  Handepay may also be required to disclose this information to the appropriate regulatory authorities.  Handepay may use this personal data to perform checks and obtain reports in relation to the Supplier’s business.

 

Supplier Contact Information

In order to use the Supplier’s services Handepay will collect information including personal data relating to Supplier’s contacts this is needed for operational purposes.  Handepay is the data controller of such information once it is provided to Handepay.  Please ensure you have the consent from any data subject prior to providing such information to us.

 

Marketing to a Supplier


Handepay may use Supplier contact information to provide services to, market to or enhance services to the Supplier.  Handepay will not use such information to market or sell services to the data subject as an individual without the data subject’s consent. 


WHERE WE STORE YOUR PERSONAL DATA

The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff maybe engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to its transfer, storing or processing, in accordance with this privacy policy. All data transferred outside the EEA is done so under contracts with our data processors to ensure they meet the appropriate standards.

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using TLS 1.2 technology.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

 

YOUR RIGHTS


You have a number of rights in relation to your personal information. These are –

  • The right to confirm if we are using data about you and to access details about what we are using and how;
  • The right to lodge a complaint with the Information Commissioners Office;
  • The right to request we rectify any inaccurate data corrected or to have data which is incomplete for the purpose we hold it completed;
  • The right to be forgotten, which is the right to ask us to delete information about you and if it is appropriate to do so we will do so;
  • The right to restrict what we do with data in specific circumstances, including where the accuracy of the data is contested, processing is unlawful but you do not want us to erase the data or if we only need the data to meet legal requirements;
  • The right to receive the data we hold about you in a format you can use to transfer the data electronically elsewhere.

 You may contact us if:

  • You may wish us to amend or delete information we hold;
  • to ask us for details of the credit reference and fraud prevention agencies from whom we obtain data; or
  • to ask us to stop our using your data for one or more of the purposes set out above.

If this is the case, or if you have any other enquiry relating to your data, please write to us at the address listed above.

You are also able to withdraw any consent you have provided for use to use your data at any time. You may also opt out of any marketing consents. These are both opting out and you can undertake this at any time by contacting us at the contact details set out below.

 

ACCESS REQUESTS

Individuals can find out if we hold any personal information by making a “subject access request” under the Data Protection Act 2018.  If we do hold information about you we will:

  • give you a description of it;
  • tell you why we are holding it;
  • tell you who it could be disclosed to; and
  • let you have a copy of the information in an intelligible form.


To make a request to for any personal information we may hold, you need to put the request in writing addressing it to the Privacy team at the address provided below.  We cannot disclose information in relation to other data subjects, client information or client customer information under such a request.  We will remove information relating to other data subject or other organisation from the information we send you.

 

If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.  If you have e-mailed us we will respond by e-mail.  Please note e-mail communications are no guaranteed to be secure due to the nature of the communication method.

 

The Information Commissioner has provided a guide on its website to data subject access requests.  This provides indications of the circumstances when an access request can be limited or declined.  For example, a data subject access request does not entitle the data subject to information relating to or confidential to a third party.  Data subject access requests are available to individuals but not businesses.

 

Other use of your rights

 

Under the Data Protection Act 2018, you have rights as an individual which you can exercise in relation to the information we hold about you.  You can read more about these rights here https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/.

 

GENERAL

Visitors to our websites

 

When you visit our website www.handepay.co.uk please see the website legal notices for details of cookies and other information specific to the website.

 

Cookies

 

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. For detailed information on the cookies we use and the purposes for which we use them see our Cookie policy.

Links to other Sites

Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

Changes to our Privacy Policy

Any changes we may make to our privacy policy in the future will be posted on this page. Please check back frequently to see any updates or changes to our privacy policy.

Keeping your information secure

PayPoint takes its obligations to keep data secure seriously.  It is ISO 27001 accredited and a PCI compliant organisation for the purpose of processing card payment data.

 

Governing Law

This Privacy Notice shall be governed by and construed in accordance with English law and the parties hereby submit to the exclusive jurisdiction of the English courts in respect of all matters arising in connection herewith.

 

Retention

Information we hold in relation to payments is retained for statutory and regulatory purposes.  Information may be retained for periods of 3, 5 and as applicable 10 years or such other period as required by law.  Information relating to tax records may be held for 7 years or such other period are required by law. Our retention policy is updated from time to time to reflect changes in our obligations and legal duties.

 

How to contact us

If you want to request information about our privacy policies or a complaint you can e-mail us at [email protected] or write to us at:

 

Privacy- Handepay Ltd

1 The Boulevard

Shire Park

Welwyn Garden City

Hertfordshire
AL7 1EL

 

If you are not happy with our response to any query or wish to complain you may also contact the Information Commissioner’s Office via https://ico.org.uk/concerns/ or by using the contact details at https://ico.org.uk/global/contact-us/.

Revised: 10 February 2022 (v1.2)

GET A FREE QUOTE