It applies to information Handepay Ltd collects about:
Merchant means any merchant retailer, business or other organisation either receiving services by or through Handepay Ltd or have registered their interest in receiving services by or through Handepay Ltd.
PayPoint Group means the group of companies which comprises of Handepay Ltd and other PayPoint companies.
References to “personal data”; “data subject” or “controller” shall have the meaning assigned to them in the Data Protection Act 2018 (as may be amended from time to time).
Handepay Ltd. is part of the PayPoint group companies (PayPoint Group). References to ‘we’, ‘us’ and/or ‘our’ are references to Handepay Ltd. or another company in the PayPoint Group as appropriate.
INFORMATION WE MAY COLLECT FROM YOU
All personal data and any other information which we may collect from you and about you will be processed fairly and lawfully in accordance with our obligations under current UK data protection legislation.
We may, depending on the service you use, collect and process data about you.
HOW WE USE THE INFORMATION WE COLLECT
We will only use your information where we have your consent or we have another lawful reason for using it. These reasons include where we:
Provision of Services - In order to receive services by or through Handepay, a Merchant is required to provide personal data to Handepay. Handepay will need to receive and maintain this information in order to consider requests to enter into contracts and to carry out any obligations we have to you arising from any contract. This information will also be shared with third parties where necessary in order for those third parties to provide the relevant services to you.
Checks and Validation – In order for you to receive services or, where you already receive services, we may require personal information in order to verify the identity of the Merchant (or its directors and/or shareholders and any guarantors as appropriate) and make certain checks for regulatory purposes.
We may also use your personal data to undertake credit checks, to trace debtors, recover debt and to manage individuals’ accounts as necessary in relation to the services you receive.
Service Updates - We will use information provided by you to provide you with service updates and information to enable you to provide services to us or for us to provide services to you. We request you provide us with your business e-mail address or business contact details for these communications.
Disclosures - We may disclose information you supply to regulatory bodies, investigatory authorities such as the police, HMRC, your acquirer (if you use our card services) and public health authorities. We may also disclose your information to provide you with operational support for products and/or services such as maintenance call outs or your bank details to our payment service providers so you can make and receive payments from us.
Handepay and PayPoint Group Offers – We may use your personal data, and/or share your personal data with other members of the PayPoint Group in order for us and/or them to provide you with information about other products and services provided by us or other members of the PayPoint Group that are relevant to your business.
Third Party Offers – We may give you the opportunity to participate in offers and services provided by third parties.
If you decide to participate in a third party offer you will contract on the third-party terms but we may disclose your information to the third party to enable them to offer their services to you. We may need to provide such third parties with information when you change, amend or update your personal details and/or your services with Handepay as it may impact the terms they offer. You should review any third-party terms to make sure they are suitable for your needs.
Marketing to a Merchant
Handepay may use Merchant contact information to provide services to, market to or enhance services to the Merchant.
We may use your information to provide you with details of promotions available to Merchants from third parties supporting our Handepay Loyalty Programme.
Handepay does not provide your information to third parties for marketing purposes without your consent.
If you have agreed, Handepay may from time to time share the Merchant contact information with third parties to offer services to the Merchant. If a Merchant contact does not wish to receive such communications they can unsubscribe by emailing [email protected] or writing to us.
Disclosure of Personal Information
We may share your personal information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We may share your information with selected third parties including:
We may disclose your personal information to third parties:
In order to provide services to Handepay, a Supplier may be required to provide personal data to Handepay. Handepay will need to maintain this information in relation to the Supplier to use the Supplier’s services and make certain checks. Handepay may also be required to disclose this information to the appropriate regulatory authorities. Handepay may use this personal data to perform checks and obtain reports in relation to the Supplier’s business.
Supplier Contact Information
In order to use the Supplier’s services Handepay will collect information including personal data relating to Supplier’s contacts this is needed for operational purposes. Handepay is the data controller of such information once it is provided to Handepay. Please ensure you have the consent from any data subject prior to providing such information to us.
Marketing to a Supplier
Handepay may use Supplier contact information to provide services to, market to or enhance services to the Supplier. Handepay will not use such information to market or sell services to the data subject as an individual without the data subject’s consent.
WHERE WE STORE YOUR PERSONAL DATA
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using TLS 1.2 technology.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
You have a number of rights in relation to your personal information. These are –
You may contact us if:
If this is the case, or if you have any other enquiry relating to your data, please write to us at the address listed above.
You are also able to withdraw any consent you have provided for use to use your data at any time. You may also opt out of any marketing consents. These are both opting out and you can undertake this at any time by contacting us at the contact details set out below.
Individuals can find out if we hold any personal information by making a “subject access request” under the Data Protection Act 2018. If we do hold information about you we will:
To make a request to for any personal information we may hold, you need to put the request in writing addressing it to the Privacy team at the address provided below. We cannot disclose information in relation to other data subjects, client information or client customer information under such a request. We will remove information relating to other data subject or other organisation from the information we send you.
If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone. If you have e-mailed us we will respond by e-mail. Please note e-mail communications are no guaranteed to be secure due to the nature of the communication method.
The Information Commissioner has provided a guide on its website to data subject access requests. This provides indications of the circumstances when an access request can be limited or declined. For example, a data subject access request does not entitle the data subject to information relating to or confidential to a third party. Data subject access requests are available to individuals but not businesses.
Other use of your rights
Under the Data Protection Act 2018, you have rights as an individual which you can exercise in relation to the information we hold about you. You can read more about these rights here https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/.
Visitors to our websites
When you visit our website www.handepay.co.uk please see the website legal notices for details of cookies and other information specific to the website.
Links to other Sites
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Keeping your information secure
PayPoint takes its obligations to keep data secure seriously. It is ISO 27001 accredited and a PCI compliant organisation for the purpose of processing card payment data.
This Privacy Notice shall be governed by and construed in accordance with English law and the parties hereby submit to the exclusive jurisdiction of the English courts in respect of all matters arising in connection herewith.
Information we hold in relation to payments is retained for statutory and regulatory purposes. Information may be retained for periods of 3, 5 and as applicable 10 years or such other period as required by law. Information relating to tax records may be held for 7 years or such other period are required by law. Our retention policy is updated from time to time to reflect changes in our obligations and legal duties.
How to contact us
If you want to request information about our privacy policies or a complaint you can e-mail us at [email protected] or write to us at:
Privacy- Handepay Ltd
1 The Boulevard
Welwyn Garden City
If you are not happy with our response to any query or wish to complain you may also contact the Information Commissioner’s Office via https://ico.org.uk/concerns/ or by using the contact details at https://ico.org.uk/global/contact-us/.
Revised: 10 February 2022 (v1.2)