1 PURPOSE OF OUR POLICY
Shieldpay Ltd (Company number 10061792) with a registered office at 3rd Floor, 1 Ashley Road, Altrincham, Cheshire, WA14 2DT, United Kingdom (ShieldPay, we, us or our) provides the products and services offered on the ShieldPay website and/or mobile application www.www.shieldpay.com (Platform).
We have adopted this policy to ensure that we have standards in place to protect the data that we collect, record, obtain and process about individuals and individuals provide to us that is necessary and incidental to:
providing the products and services that we offer;
the normal day-to-day operations of our business; and
Pursuing the legitimate interests of ShieldPay and that of any other third parties in connection with (a) and (b) above.
By using www.shieldpay.com, including our products and services, individuals consent to how we obtain and process personal data, including the purposes for which we process data and how we share data internally and with third parties.
We handle data in our own right and also for and on behalf of our customers and users.
Our policy does not apply to information we collect about businesses or companies, however it does apply to information about the people in those businesses or companies which we store.
The policy applies to all forms of information, physical and digital, whether collected or stored electronically or in hardcopy.
If, at any time, an individual provides data or other information about someone other than himself or herself, the individual warrants that they have that person's consent and authorisation to provide such information for the purpose specified.
ShieldPay is not available to children (persons under the age of 18 years).
3 THE INFORMATION WE COLLECT
In the course of business it is necessary for us to collect data. This information allows us to identify who an individual is for the purposes of our business, share data when asked of us, contact the individual in the ordinary course of business and transact with the individual. For more information about how we specifically use personal data please see below, How and When is Data Used. Without limitation, the type of information we may collect is:
Personal Information. We may collect personal details such as an individual’s name, location, date of birth, passport, driver’s licence and other information that allows us to identify who and where the individual is;
Contact Information. We may collect information such as an individual’s email address, mobile and/or landline telephone number, third-party usernames (i.e. social media profile information), residential and business address, and other information that allows us to contact the individual;
Financial Information. We may collect financial information related to an individual’s bank account and debit/credit card details, individual payments made and received, such as the date, amount, currency, bank account, sort code, IBAN, BIC, SWIFT Codes and the details of the payee or payer and other information that allows us to transact with the individual and/or provide them with our services;
Statistical, Analytical and Behavioural Information. We may collect information about an individual’s online and offline preferences, habits, errors, length of time to respond or visit certain pages, participation on discussion boards on blogs posted on or social media functions on www.shieldpay.com, movements, trends, decisions, associations, memberships, finances, purchases and other information for statistical purposes;
Device and Technical Information. We collect device-specific and other technical information, such as the hardware model, operating system version, browser type and version, Internet Protocol (IP) address, advertising identifier, unique application identifiers, unique device identifiers, browser type, language, wireless network, and mobile network information (including the mobile phone number); and
Information an individual sends us. We may collect and store any personal information and correspondence that an individual freely sends us, or that is sent to us by others (such as credit reference or fraud prevention agencies) about the individual’s activities, including activities with our third party partners.
We may collect other data about an individual, which we will maintain in accordance with this policy.
We may also collect anonymous non-data about an individual.
4 HOW INFORMATION IS COLLECTED
4.1 Most information will be collected in association with an individual’s use of ShieldPay, our products and services, an enquiry about ShieldPay or generally dealing with us. However, we may also receive data from other sources such as advertising, an individual’s own promotions, credit reference agencies, public records, sub-contractors in technical, payment and delivery services, analytics providers, search information providers, mailing lists, staff, recruitment agencies and our business partners. In particular, information is likely to be collected as follows:
Registrations/Subscriptions/Purchases. When an individual registers, subscribes and or purchases a product, service, list, account, connection or other process whereby they enter data details or grant access to information in order to receive or access something, including a transaction or services;
Accounts/Memberships. When an individual submits their details to open an account and/or become a member with us;
Partners. When an individual grants us access to their accounts or allows information to be shared by our business partners.
Legitimate third party data sources. When an individual is granted access to use the products and services of ShieldPay, we obtain and perform searches with legitimate third party data sources to ensure validity and verification of data and other legitimate interests.
Verification of identity. When an individual registers with ShieldPay whether as payer or payee we will obtain information from credit reference agencies and other public sources, including electoral roll and social media, to verify your identity and bank account information.
Supply/Contact. When an individual supplies us with goods or services. or contacts us in any way;
Pixel Tags. Pixel tags and web beacons may enable us to send email messages in a format customers can read and they tell us whether mail has been opened.
Shareholder Information. We collect information from each of our shareholders, such as name, date of birth and address.
As there are many circumstances in which we may collect information both electronically and physically, we will endeavour to ensure that an individual is always aware of their data being collected, in particular by third parties.
We may also collect anonymous non-data, which may be used and shared on an aggregated and anonymous basis.
5 HOW DATA IS STORED
The data that we collect from you will be stored and processed in the European Economic Area (EEA), but may be transferred to, stored, and processed at a destination outside the EEA, with and by third parties. Where we do transfer, store or otherwise process personal data outside the EEA, we will make sure that we have the organisational and technical measures in place to ensure personal data is securely treated and safeguarded and prevent any unauthorised disclosure or processing.
Data may also be processed by third parties and/or staff operating outside the EEA who work for us or for one of our third party partners. Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services By submitting your personal data, you agree to this transfer, storing or processing.
All data collected, stored and processed by us will be stored on secure servers maintained by globally recognised companies with stringent data security operating procedures. Any payment transactions on our website will be encrypted using globally acceptable technology. Any passwords and PINs issued to any individual to enable access to parts of our site, such individuals will be responsible for keeping passwords and PINs confidential. We ask that individuals using ShieldPay not to share passwords and PINs with anyone.
We will retain data for the period necessary to fulfil the purposes outlined in this policy unless a longer retention period is required or permitted by law.
6 HOW DATA IS USED
In general, we will only use any data for the purpose for which it was collected, except with the individual’s permission. The purpose of collection is determined by the circumstances in which the information was collected and/or submitted.
Information is used to enable us to operate our business, especially as it relates to an individual. This may include:
the provision of ShieldPay and related services to an individual and customers, including carrying out our obligations arising from such services, and to provide our customers with information, products and services customers request from us;
To provide individuals and customers with information about other goods and services we may offer that are similar to those that you have used or enquired about with ShieldPay;
To provide, or permit selected third parties to provide individuals or customers,
with information about goods or services we may feel be of interest to individuals or customers.
If an individual is an existing customer, we will only contact a customer by electronic means (e-mail, SMS or other mobile interaction) with
information about goods and services (including competition, surveys and questionnaires) similar to those which were the subject of a previous service to you. If an individual is new to ShieldPay, and where we permit selected third parties to use individual data, we (or they) will contact you by electronic means only if you have consented to this. If you do not want us to use your data in this way, or to pass your details on to third parties for marketing purposes, please select the relevant options at the sign-up stages on which we collect data.
To notify you about any changes to our services or this policy;
To ensure that content from our site is presented in the most effective manner to individuals;
To administer our site and for internal operations, including trouble shooting, data analysis, testing, research, statistical and survey purposes;
To improve our site to ensure that content is presented in the most effective manner for the individual or customer;
To allow individuals or customers to participate in interactive features of our services, when chosen to do so;
As part of our efforts to keep our site safe and secure;
To measure or understand the effectiveness of advertising, and behaviour served to customers and others, and to deliver relevant advertising to customers;
To make suggestions and recommendations to individuals and customers and other users of our site about goods and services that may be of interest to them;
To verify an identities of individuals and customers;
investigating any complaints about or made by an individual, or if we have reason to suspect that an individual is in breach of any of our terms and conditions or that an individual is or has been otherwise engaged in any unlawful activity;
carrying out regulatory checks and meeting our obligations to our regulators;
preventing and detecting fraud, money laundering and other crime (such as identity theft);
preparing high-level anonymised statistical reports, which would contain details such as the average number of company directors being authorised signatories to a company’s accounts. The information in these reports is never personal and you will never be identifiable from them. We may share these statistical and anonymised reports with third parties including non-ShieldPay companies; and/or
as required or permitted by any law (including the Act).
If you publicly post about ShieldPay, or communicate directly with us, on a social media website,
we may collect and process the data contained in such posts or in your public profile for the purpose of addressing any customers services requests you may have and to monitor and influence public opinion ShieldPay.
7 DISCLOSURE OF PERSONAL DATA
We will disclose information upon your authorisation and instruction, to your advisers (such as accountants, lawyers, financial or other professional advisers).
It may be necessary for us to disclose an individual’s data to third parties in a manner compliant with the Act in the course of our business, such as for processing activities like verification, due diligence, website hosting, data analytics and payment processing.
We will disclose your data to credit reference agencies for the purposes of verifying your identity and bank account information.
We will not disclose or sell an individual’s data to unrelated third parties under any circumstances unless we employ other companies to perform tasks on our behalf and we need to share your information with them to provide products and services to you and we have obtained your consent to do so.
There are some circumstances in which we must disclose an individual’s information:
where we reasonably believe that an individual may be engaged in fraudulent, deceptive or unlawful activity that a governmental authority should be made aware of;
as required by any law (including the Act) including court orders;
as required by UK and overseas regulators and authorities in connection with their duties, including the regulator or authority having access payment details (including information about others involved in the payment);
fraud prevention agencies, in particular, we will always tell fraud prevention agencies if you give us false or fraudulent information. They will also allow other organisations (in the UK or abroad), including law enforcement agencies to access this information to prevent and detect fraud, money laundering or other crimes; and/or
in order to sell our business (as we may transfer data to a new owner).
If the Company gets involved in a merger, asset sale, financing, liquidation or bankruptcy, or acquisition of all or some portion of the business to another company, we may share information with that company before and after the transaction closes.
8 THIRD PARTY SERVICES, WEBSITES AND ACCOUNTS
We may share an individual’s information with third party service providers in connection with the provision of ShieldPay and related services to you, and otherwise operating our business. We may link your account with a third party to our services to enable certain functionality, which allows us to obtain information from those accounts.
we may use an individual’s information to assist marketing and promotions to other customers and prospects on social media (such as Facebook);
authentication of identity, passport and driver’s license, and bank account details;
all information may be process and stored with cloud service providers (such as Amazon Web Services);
information may be required to communicate with an individual (such as SparkPost and Gmail from Google, Inc); or
When you click on links to third party websites. We may link your account with a third party to our services to enable certain functionality, which allows us to obtain information from those accounts.
We are not responsible for the privacy practices of third parties. You must read the privacy policies of third party service providers, so you can understand the manner in which they will handle your personal information. The information we may obtain from those services often depends on their privacy policies or account settings.
These service providers may be located or have facilities that are located a different jurisdiction (including outside the EEA), in which case your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
An individual may opt to not have us collect their data and communicate with them at certain times. This may prevent us from offering them some or all of our services and may terminate their access to ShieldPay, or other services they access with or through us.
Opt In. Where relevant, the individual will have the right to choose to have information collected and/or receive information from us; or
Opt Out. Where relevant, the individual will have the right to choose to exclude himself or herself from some or all collection of information and/or receiving information from us. An individual may revoke their consent at any time, and the decision to opt out will be made through the same media by which the individual opted in.
If an individual believes that they have received information from us that they did not opt in or out to receive, they should contact us on the details below.
11 THE SAFETY & SECURITY OF DATA
We will take all reasonable precautions to protect an individual’s data from unauthorised access. This includes appropriately securing our physical facilities and electronic networks.
The security of online transactions and the security of communications sent by electronic means or by post cannot be guaranteed. Each individual that provides information to us via the internet or by post does so at their own risk. We cannot accept responsibility for misuse or loss of, or unauthorised access to, data where the security of information is not within our control.
We are not responsible for the privacy or security practices of any third party (including third parties that we are permitted to disclose an individual’s data to in accordance with this policy or any applicable laws). The collection and use of an individual’s information by such third parties may be subject to separate privacy and security policies.
If an individual suspects any misuse or loss of, or unauthorised access to, their data, they should let us know immediately.
We are not liable for any loss, damage or claim arising out of another person’s use of the data where we were authorised to provide that person with the data.
12 HOW TO ACCESS AND/OR UPDATE INFORMATION
The Act gives you the right to request from us the data that we have about you.
If an individual cannot update his or her own information, we will correct any errors in the data we hold about an individual promptly after receiving written notice from them about those errors.
It is an individual’s responsibility to provide us with accurate and truthful data. We cannot be liable for any information that is provided to us that is incorrect.
Where you update your personal information, we may need to obtain further information from you or a third party, including credit reference agencies, to verify and validate such information.
We may charge an individual a reasonable fee for our costs incurred in meeting any of their requests to disclose the data we hold about them. If a fee is charged, it will not exceed £10 per request.
Information will be provided 40 calendar days of receipt of the request.
13 COMPLAINTS AND DISPUTES
You have the right to object to us processing your information in relation to:
processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
direct marketing; and
processing for purposes of scientific/historical research and statistics.
If an individual has a complaint about our handling of their data, they should address their complaint in writing to the details below.
You have the right to lodge a complaint with a supervisory authority if you consider that the processing of your data infringes the Data Protection legislation.
If we have a dispute regarding an individual’s data, we both must first attempt to resolve the issue directly between us.
If we become aware of any unauthorised access to an individual’s data, which is likely to result in high risk for the rights and freedoms of the data subjects we will inform the individual with undue delay after becoming aware of it once we have established what was accessed and how it was accessed.
14 ADDITIONS TO THIS POLICY
We will change this policy from time to time to comply with our obligations and update our practices, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the Platform. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.
If we decide to change this policy, we will post the changes on our Platform at www.www.shieldpay.com/PrivacyPolicy. It is your responsibility to refer back to this policy to review any amendments. We may do things in addition to what is stated in this policy to comply with the Act and nothing in this policy shall deem us to have not complied with the Act.
15 CONTACTING US
All correspondence relating to privacy should be addressed to (by email where possible):
The Data Controller
41 Luke Street