Last update: 23 July 2021

1. 1. Introduction
   1. 1.1. Please read this Privacy Policy carefully to understand our policies and practices regarding your personal data and how we will treat it.
   2. 1.2. Payinter LTD (“Payinter”, “we”, “us”, or “our” in this Policy) respects your privacy and is committed to protecting your personal data. This Privacy Policy describes how we use your personal data in connection with:
      1. 1.2.1. Customer services: This means the provision of payment and e-money products and services by us to actual and prospective customers (both “customers”).
      2. 1.2.2. Affiliate or introducer schemes: This is where you take part in our affiliate or introducer schemes such as when you introduce us to your friends who register to use our services.
      3. 1.2.3. Supplier services: This means the provision of products and services by suppliers to us.
      4. 1.2.4. Website activities: This means the provision of personal data you provide through your use of our Website.
      5. 1.2.5. Recruitment activities: This means the provision of personal data of a candidate (whether by you or a third party including a recruitment agency) for a position with us.
   3. 1.3. Please note that any references to customers, suppliers, agents or other third parties include their staff whose personal data we process as part of our business relationship with such parties.
   4. 1.4. This Privacy Policy tells you what personal data we collect about you, how we collect it, how we use it, whom we share it with, and the rights to which you may be entitled.
2. 2. Who we are and how to contact us
   1. 2.1. We are Payinter LTD. Payinter LTD is a company limited by shares incorporated in England and Wales with registered number 13498500 whose registered office is at 9 Parkway, London, United Kingdom, NW1 7PG, who is EMD agent of a principal partner organisation, i.e., Electronic money institution authorised by the Financial Conduct Authority (“FCA”) under the Electronic Money Regulations for the issuing of electronic money and the provision of payment services.
   2. 2.2. You may submit your questions, requests, and complaints to our data privacy department by email to support@payinter.me or by post to Payinter LTD., 9 Parkway, London, United Kingdom, NW1 7PG.
3. 3. Personal data collection and usage
   1. 3.1. We collect and process personal and non-personal data relating to you for the purposes set out in Section 1. We may collect and process individually identifiable information, namely information that identifies a person or can, with reasonable efforts to, identify a person directly or indirectly (“personal data”).
   2. 3.2. We also collect non-personal data or may anonymise personal data in order to make it non-personal. Non-personal data is data that does not enable specific individual to be identified, either directly or indirectly. We may collect, create, store, and disclose such non-personal data for any reasonable business purpose. For example, we may use aggregated transactional data for commercial purposes, such as trend analysis and the use of data analytics to obtain learnings and insight around payment transaction patterns and usage.
   3. 3.3. Certain types of personal data are more sensitive that others. Special categories of personal data include information about your race, ethnicity, sex life, sexual orientation, political opinions, religious or philosophical beliefs, trade union membership, health, genetic and biometric data, in specific circumstances, we may collect, receive, and use special category data about you. We may also collect and use personal data about your criminal offences (or alleged offences).
   4. 3.4. We have identified the types of personal data we may use about you, the method of collection and how and why we will use them in below. We may process your personal data for more than one legal basis depending on the purpose for which we are using your personal data. Separately, please note that where we base our use of your personal data on legitimate interests, as indicated below, this will apply only where we consider that our legitimate interest is not overridden by the individual’s interests or rights which require protection of their personal data.
   5. 3.5. We collect, process, and store the following personal data through the following means:
      1. 3.5.1. Personal data that our customers give us to register with us:
         • your contact details including: your name, address, email address, and telephone number(s);
         • your identification details, including your date of birth, gender, country of residence.

We use this personal data to:

1. 1. 1. • process your application or registration request;
         • on-board you as a customer;
         • provide our products and services;
         • manage and administer our services including your account with us;
         • communicate with you about your account and our services, including informing you of changes to our fees and our terms and conditions related to our services and sending surveys to you regarding your satisfaction of our products and services;
         • send personalised offers of services and products.

We use this personal data on the following legal basis:

1. 1. 1. • it’s necessary to enter into or perform a contract with you;
         • it’s in our legitimate interests of managing and administering our services;
         • we have a legitimate interest in obtaining feedback from you in order to improve our products and services;
         • we have a legitimate interest in promoting our products and services, and in personalising the information that our website sends to you about these things;
         • your consent to the personal data processing.

1. 1. 1. 3.5.2. Know Your Customer (KYC) personal data from you, third parties and/or publicly available sources including:

1. 1. 1. • • passport or other government issued identity document and the data within that document (such as document number, date of issue, and term of validity);
           • your photograph or video (whether provided by you or a third party or captured by us through our online functionality);
           • documents establishing your source of funds;
           • results of KYC or Politically Exposed Person (PEP) checks, including information collected by our suppliers. For example, we will automatically compare data derived from your identity documents against data available in independent external registers to verify your identity;
           • intended use of our services;
           • your turnover (where this is personal data, e.g., if you are sole trader);
           • your computer or device data (such as device signature) – this data may be compared against previous sessions from the same IP address and/or the same device.

We use this personal data to:

1. 1. 1. • • carry out regulatory checks and meet our obligations to our regulators and principal partner;
           • help us ensure that our customers are genuine and to detect and prevent fraud, money laundering and other crime (such as terrorist financing and offences involving identity theft).

We use this personal data on the following legal basis:

1. 1. 1. • • it’s necessary to enter into or perform a contract with you;
           • we are legally required to do so under applicable law and regulation;
           • it’s in our legitimate interests of protecting our business against damage;
           • your consent to the personal data processing.

1. 1. 1. 3.5.3.Personal data you provide as part of your account with us including:

1. 1. 1. • • your password;
           • your account and marketing preferences.

We use this personal data to:

1. 1. 1. • • provide our services to you;
           • manage and administer your account with us;
           • communicate with you regarding your account and our services.

We use this personal data on the following legal basis:

1. 1. 1. • • it’s necessary to enter into or perform a contract with you;
           • it’s in our legitimate interests of managing and administering our services;
           • we have a legitimate interest in promoting our products and services, and in personalising the information that our website sends to you about these things.

1. 1. 1. 3.5.4.Personal data relating to your use of our payment and e-money services including:

1. 1. 1. • • your instructions to us;
           • your transactions using your payment accounts with us, including your bank account, the amount, currency, originator or beneficiary, and time/date of the payments you make and receive;
           • your use of and transactions relating to our affiliate and introduces schemes, and any rewards you earn from those schemes;
           • information about the digital device through which you access our services, such as device type, operating system, screen resolution, unique device identifiers, the mobile network system;
           • IP address;
           • date and time of log-in requests;
           • personal data in your correspondence with us, by email, telephone, messaging, texts, online chats, via social media, or otherwise;
           • whether you’ve clicked on links in electronic communications from us, including clickstream to our website;
           • personal data that you provide in response to our surveys.

We use this personal data to:

1. 1. 1. • • provide our services to you;
           • manage and administer our services and systems;
           • check if you are in a location or using a device consistent with our records in order to help prevent fraud;
           • develop and improve our services based on analysing this information, the behaviours of our users and the technical capabilities of our users;
           • improve our services to better suit the behaviours and technical capabilities of the users of our service;
           • answer any issues or concerns;
           • monitor customer communications for quality and training purposes.

We use this personal data on the following legal basis:

1. 1. 1. • • it’s necessary to enter into or perform a contract with you;
           • it’s in our legitimate interests of managing and administering our services;
           • it’s in our legitimate interests of protecting our customers and our services against fraud and damage;
           • it’s in our legitimate interests to understand customer feedback and to respond to customer communications in a consistent way, and to ensure our employees deal properly with calls and communications and to train our employees to do so.

1. 1. 1. 3.5.5.Personal data that we collect from third parties in order to be able to register you as a customer or to provide services to you:

1. 1. 1. • • personal data related to payments to or from your account with us, provided by payment processing services, banks, card schemes and other financial services firms;
           • personal data from fraud prevention agencies.

We use this personal data to:

1. 1. 1. • • provide our services to you;
           • manage and administer our services and systems;
           • help us to detect and prevent fraud.

We use this personal data on the following legal basis:

1. 1. 1. • • it’s necessary to enter into or perform a contract with you;
           • it’s in our legitimate interests of managing and administering our services;
           • it’s in our legitimate interests of protecting our customers and our services against fraud and damage.

1. 1. 1. 3.5.6.Personal data that we collect through your use of our website (whether or not you have registered for our services) including:

1. 1. 1. • • device information such as operating system, unique device identifiers, the mobile network system;
           • hardware and browser settings;
           • date and time of visits;
           • the pages you visit, the length of the visit, your interactions with the page (such as scrolling, clicks and mouse-overs), methods to browse away from our website, and search engine terms you use;
           • IP address.

We use this personal data to:

1. 1. 1. • • develop new services based on the information being collected, the behaviours of our users and the technical capabilities of our users;
           • identify issues with the website security, and user’s experience of it;
           • monitor the way our website is used;
           • do statistical analysis and research with the purpose of better understanding the breakdown of our customers, their use of our services, and what attracts our customers to our services.

We use this personal data on the following legal basis:

1. 1. 1. • • it’s in our legitimate interests of understanding how our website is accessed, how it is used and any problems users have with it across multiple devices, and ensuring it is secure;
           • we have a legitimate interest in improving and developing our services.

1. 1. 1. 3.5.7.Special category data or criminal offences (or alleged criminal offences) data that you give us directly or that we receive from third parties and/or publicly available sources:

1. 1. 1. • • special category data which might be revealed by KYC or other background checks (for example, because it has been reported in the press);
           • special category data implied by your payment transactions that we perform in providing our services;
           • special category data that is revealed by photographic ID although the processing of this personal data is incidental to the main purposes of that data processing (which are identity verification, fraud detection and prevention and KYC purposes);
           • biometric data that you give us or a fraud prevention agency for the purpose of identity verification. For example, we will read and verify the biometric data from a supported identity document where we capture a photograph of that document;
           • criminal offences (or alleged offences) data which might be revealed by KYC or other background checks because it has been reported in the press or is available in public registers;
           • special category data that we capture by taking a portrait photo or video of you, or a photo or video of you holding supported identity document.

We use this personal data to:

1. 1. 1. • • comply with our regulatory obligations to conduct anti-fraud and anti-money laundering activities. Conducting KYC may sometimes reveal certain special category data or criminal offense (or alleged offense) data;
           • provide you with our services;
           • in the case of portrait photos of you and photos of your identity documents that we capture through our online functionality, we will check if your portrait photograph matches the facial image on your identity document for the purposes of verifying your identity.

We use this personal data on the following legal basis:

1. 1. 1. • • your consent on the personal data processing;
           • it’s necessary for reasons of substantial public interest under applicable law and regulations, and we have taken measures to safeguard your rights;
           • it’s necessary to perform our contract with you.

1. 1. 1. 3.5.8.Personal data that we collect from individuals representing organisations such as our corporate customers and suppliers, including:

1. 1. 1. • • names, roles, and contact details of individuals working for organisations;
           • other personal data regarding such individuals;
           • any personal data contained in correspondence with those individuals.

We use this personal data to:

1. 1. 1. • • build relationships with other organisations;
           • provide marketing communications to these individuals;
           • improve our services and develop new services based on the preferences and behaviours of these individuals;
           • obtain services for our business.

We use this personal data on the following legal basis:

1. 1. 1. • • we have a legitimate interest in promoting and providing our services to our business customers;
           • we have a legitimate interest in obtaining products and services required to operate our business;
           • your consent on personal data processing.

1. 1. 1. 3.5.9.Personal data that we collect from individuals representing organisations in connection with our promotional or marketing activities, including:

1. 1. 1. • • names, roles and contact details of individuals working for organisations;
           • personal data in response to our surveys; and
           • other personal data regarding such individuals.

We use this personal data to:

1. 1. 1. • • build relationships with other organisations;
           • provide marketing communications to these individuals;
           • do statistical analysis and research with the purpose of better understanding our potential market, trends in the information provided and what attracts our customers to our services;
           • publish the results of the surveys on an anonymised basis;
           • improve our services and develop new services based on the preferences and behaviours of these individuals.

We use this personal data on the following legal basis:

1. 1. 1. • • we have a legitimate interest in promoting our services;
           • your consent on personal data processing.

1. 1. 1. 3.5.10.Personal data that we collect directly from individuals applying for job vacancies on our website, from third parties including recruitment agencies or data about candidates that is available publicly including on professional networking sites:

1. 1. 1. • • name and contact details;
           • CV including your professional history and academic qualifications.

We use this personal data to:

1. 1. 1. • • assess your application for the available role in our organisation, invite you to interview and if successful make an offer to you for a role with our organisation.

We use this personal data on the following legal basis:

1. 1. 1. • • it’s necessary to enter into a contract with you.

1. 1. 3.6. You don’t have to share information about yourself if you don’t want to. But if you don’t, you may not be able to use some or any of our services.
2. 4. Direct marketing
   1. 4.1. Please note that if you have given explicit consent for marketing communications, this can be withdrawn at any time. You can also unsubscribe from our marketing communications. You can opt out of receiving electronic communications by clicking on the unsubscribe link at the bottom of any electronic communication or through following the opt-out instructions provided in any marketing communication. You can also contact us to unsubscribe using the details listed in Section 1.
   2. 4.2. Please be aware that from time to time we may need to contact you regarding operational issues or to adhere to the performance requirements of our contract with you. These will not be marketing communications and we will operate under legitimate interests in order to contact you for these reasons.
3. 5. Automated decision making
   1. 5.1. In some instances, our use of your personal data may result in automated decisions being taken (including profiling) that legally affect you or similarly significantly affect you.
   2. 5.2. We may process of personal data by automated means for the purposes of legislation relating to risk management and continuous and periodic monitoring of transactions in order to prevent fraud, money-laundering and terrorist financing events.
   3. 5.3. If you are using our services in the EEA, when we make an automated decision about you, you have the right to contest the decision, to express your point of view, and to require a human review of the decision. You can exercise this right by contacting us at the details below. Privacy laws continue to develop and if you think or are unsure as to whether such right may apply to you, please also contact us, so we can assess and advise.
4. 6. Legal requirements
   1. 6.1. We need to collect certain types of personal data for compliance with legal requirements relating to our anti-fraud / anti-money laundering / know your customer obligations. If this personal data is not provided, we cannot agree to provide a service to you, but we shall notify you if this is the case at the time your personal data is collected.
   2. 6.2. Your personal data may also be processed if it is necessary on reasonable request by law enforcement or regulatory authority, body or agency, or in the defence of legal claims. We will not delete personal data if relevant to an investigation or a dispute. It will continue to be stored until those issues are fully resolved.
5. 7. How long we keep your personal data
   1. 7.1. Customers: We will keep customers’ personal data for the period you have an account with us and a further five years in accordance with anti-money laundering laws and for our legitimate business interests in maintaining contractual records. Otherwise, we will not keep your personal data for any longer period except where necessary in case of any claim or as necessary to comply with legal, regulatory, accounting, or reporting requirements.
   2. 7.2. Website visitors: We will keep website visitors’ personal data for up to 12 months from each visit in order to understand how people use our website and any technical issues they have.
   3. 7.3. Suppliers: We will keep suppliers’ personal data for the duration of our relationship with the relevant supplier and a further six years for contractual, legal, and tax reasons.
   4. 7.4. Job applicants: We will keep job applicants’ personal data for the duration the application is live and six months after the closure of the application for employment law purposes. For job applicants who are subsequently employed or otherwise engaged by us, your personal data from that point will be processed under a separate privacy policy.
   5. 7.5. Separately please note that we may convert personal data into anonymous or aggregated data in which case it will cease to be personal data (as it will no longer be able to identify a living individual) and we may use this information indefinitely without further notice.
   6. 7.6. We reserve the right to erase specific information before the expiry of the set period if this is not prohibited by the applicable legal acts.
6. 8. Disclosure of your personal data
   1. 8.1. We do not disclose your personal data to anyone except as described in this Privacy Policy, as permitted, or required by law, and/or for the purposes described in this Privacy Policy, including:
      1. 8.1.1.members of management bodies, employees, representatives, authorised persons of Payinter;
      2. 8.1.2.internet/computer software services providers, companies specializing in IT and marketing services;
      3. 8.1.3.IT infrastructure services providers;
      4. 8.1.4.customer support services providers and helpdesk services providers;
      5. 8.1.5.public institutions, public officials, investigatory authorities, courts, prosecutor’s office, subjects of operational activities, orphans’ courts, notaries, law enforcement officials, judicial and investigatory authorities of other member states and foreign countries, tax authorities, arbitration courts, out-of-court dispute resolution bodies;
      6. 8.1.6.financial and payments market participants (global financial messaging infrastructures, correspondent banks, insurance companies, payment systems, payment service providers and technical and non-technical processors, agency companies, business partners of Payinter or customers, financial service intermediaries etc.);
      7. 8.1.7.companies that carry out KYC database checks and fraud database checks;
      8. 8.1.8.our cooperation partners, agents, suppliers and service providers, auditors, financial management and legal advisors;
      9. 8.1.9.Other persons connected with the provision of our services.
   2. 8.2. We may monitor or record telephone calls, emails, web chat or other communications with you for regulatory, security, quality assurance or training purposes.
   3. 8.3. We may also share your details with people or companies if there’s a corporate restructuring, merger, acquisition, or takeover.
7. 9. Where your personal data will be stored
   1. 9.1. Usually, we do not transfer your personal information to countries outside the UK or the European Economic Area (“UK or EEA”). However, we, our service providers, and other parties with whom we may share your personal data (as described above) may process your personal data in territories that are outside the UK or EEA, or otherwise outside of the territory in which you reside. These countries may have data protection standards that are different to (and, in some cases, lower than) those of the territory in which you reside.
   2. 9.2. We will take appropriate steps to protect your personal data in accordance with this Privacy Policy and applicable data protection laws; including through the use of any appropriate safeguards required by law to ensure that any international data transfers are lawful. When we do this, we make sure that your personal data is protected and that:
      1. 9.2.1.the UK and European Commission says the country or organisation has adequate data protection, or
      2. 9.2.2.we’ve agreed to standard data protection clauses approved by the European Commission with the organisation.
8. 10. Your rights
   1. 10.1.You have certain rights in relation to your personal data. The availability of these rights and the ways in which you can use them are set out below in more detail.
   2. 10.2.Some of these rights will only apply in certain circumstances. If you would like to exercise or discuss, any of these rights, please contact us as described in Section 1. You will not have to pay a fee to access your personal data or to exercise any of these rights although we may charge a reasonable fee if your request is manifestly unfounded, excessive, or repetitive. Alternatively, we may refuse to comply with your request in these specific limited circumstances.
   3. 10.3.Please be aware that for security reasons, we cannot deal with your request if we are not sure of your identity so we may ask you for proof of your ID. This is to protect your and other individuals’ personal data from unlawful disclosure to third parties.
   4. 10.4.You have the following rights:
      1. 10.4.1.your personal data may be processed on the basis of your consent or some other legitimate basis;
      2. 10.4.2.to receive information on the processing of personal data performed by Payinter and exercise your rights;
      3. 10.4.3.to receive a confirmation if your personal data are not processed;
      4. 10.4.4.to access your personal data and receive information on the purpose and legal basis of data processing, category of data, recipient of data, storage period, information on other sources of data if personal data are obtained from third parties, and guarantees, if the data have been sent to a third party or international organisation;
      5. 10.4.5.to receive information on whether the provision of personal data is related to the law or an agreement, whether the provision of data is a precondition for the conclusion of an agreement, as well as information that the subject is required to provide personal data, and consequences in case such data are not provided;
      6. 10.4.6.to be informed about a new purpose of data processing in advance;
      7. 10.4.7.to object to data processing and withdraw your consent to data processing;
      8. 10.4.8.to request rectification of data if data are incorrect;
      9. 10.4.9.to data portability;
      10. 10.4.10.to request erasure of data if this does not contradict the UK and EU laws.
9. 11. Security
   1. 11.1.We are committed to keeping your personal data safe. Our website is hosted on servers in the EEA. We have physical, technical, and administrative measures in place to prevent unauthorised access or use of your personal data including:
      1. 11.1.1.encryption;
      2. 11.1.2.restricted access measures;
      3. 11.1.3.reviewing, auditing and improving plans for the ongoing confidentiality, integrity, availability and resilience of processing systems and services
      4. 11.1.4.business continuity plans to ensure the ability to restore personal data in the event of a physical or technical incident; and
      5. 11.1.5.training programmes for all our employees.
   2. 11.2.We have put in place procedures to deal with any suspected personal data breach and will notify you and the UK Information Commissioner’s Office where we are legally required do so in the event of a personal data breach.
10. 12. Links to third party websites
    1. 12.1.Our website, newsletters, email updates and other communications may, from time to time, contain links to and from the websites of others including our partner networks, advertisers, suppliers, other companies and/or social networks.
    2. 12.2.The personal data that you provide through these websites is not subject to this Privacy Policy and the treatment of your personal data by such websites is not our responsibility. If you follow a link to any of these websites, please note that these websites have their own privacy policies which will set out how your personal data is collected and processed when visiting those sites. For more information, please visit the privacy policies of these websites to learn more about how your personal data is collected and used.
11. 13. Children
    1. 13.1.We do not knowingly collect information from children or other persons who are under 18 years old. If you are under 18 (eighteen) years old, you may not submit any personal data to us or subscribe to the services. If you believe we might have any personal data from or about a person under the age of 18 (eighteen), please contact us.
12. 14. Cookies
    1. 14.1.Please also refer to our Cookie Policy for details on how we collect, use, or disclose information in respect of cookies. Otherwise, please contact us.
13. 15. How to make a complaint
    1. 15.1.If you have a complaint about how we use your personal information, please contact us through the app or send an email to support@payinter.me and we’ll do our best to fix the problem.
    2. 15.2.If you’re still not happy, you can refer your complaint to a data protection supervisory authority in the EEA country you live or work, or where you think a breach has happened. The UK’s supervisory authority is the Information Commissioner’s Office (ICO). For more details, you can visit their website at ico.org.uk.
14. 16. Updates
    1. 16.1.We may update, change or replace any part of this Privacy Policy from time to time to ensure that it remains accurate by posting updates, amendments and/or alterations (all collectively “changes”) on our website. Please check back from time to time for changes. If you continue to use and/or access the website following the posting of any changes, this automatically constitutes acceptance of those changes. In the event, you disagree with any changes you shall immediately terminate the use of our website and/or services.