Privacy Policy
About us
Getting in touch with us
You have the right to make a complaint to the ICO (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance at [email protected] or by phone on (+44) 02034885224.
Information we hold about you
What information do we collect from you?
- applying for our products or services
- using our branches, telephone services, websites or mobile applications
- writing to us
- entering competitions or promotions
- downloading any of our mobile applications or using our websites or digital services, in which case we may gather information about how you access and use these services, such as your IP address and information about the devices or software you use (we may also make other requests or give you more details about how we use your information, for example, we may ask for your location to help find nearby services)
- using and managing your accounts, (we may take information such as the date, amount and currency of payments made to your account); and
- giving information to us at any other time, including through social media.
Checking your identity
How do we use your information?
- to provide our services to you
- to help us develop new and improved products and services to meet our customers’ needs
- to carry out checks for security purposes, to prevent fraud and money laundering, and to confirm your identity before we provide services to you
- for training
- to communicate with you
- to meet the obligations we have by law and under any regulations that apply
- where we have a legitimate interest in using your information, for example to protect our commercial interests or to prevent fraud; and
- to keep you informed about products and services you hold with us and to send you information about products or services (including those of other companies where you have consented for us to do so) which may be of interest to you.
What is the legal basis for using your information?
Legal obligations:
Legitimate interests:
Consent:
Information we collect from you and the legal bases for doing so
Merchants
For the purposes of data protection we consider a physical person (as opposed to a company) that is a sole trader or individual and who registers for/uses our services or buys products from us (such as a card reader) to be a merchant. The personal data we collect from merchants includes:
Category of personal data | Non-exhaustive examples of personal data from each category |
Account identification information | Merchant ID number, passwords and equivalent account security information |
Contact details | Name, address, phone numbers, email |
Financial information | Bank details, transaction history, credit history and credit score, information relevant to invoices issued by us to a merchant |
Information required to be obtained and kept by law | Information required for customer identification and verification (e.g. government issued IDs) |
Technical and behavioural tracking data | IP address, location data, pages viewed on our website or applications, whether email communications (including embedded links within them) are opened, cookie identifiers, the types of devices you are using to access or connect to our applications, unique device IDs, device attributes, network connection type and provider, network and device performance, browser type, operating system, and application version |
The purpose and legal basis for processing the personal data outlined above will be:
Purpose of processing the personal data | Legal basis for processing the personal data |
To administer any account or registration you may have with us
| ● To fulfil our contractual agreement with you ● To comply with applicable law ● To pursue our legitimate interests
|
To carry out our obligations arising from any contracts entered into between you and us
| ● To fulfil our contractual agreement with you ● To comply with applicable law ● To pursue our legitimate interests
|
To provide you with the products and services that you request from us
| ● To fulfil our contractual agreement with you ● To comply with applicable law ● To pursue our legitimate interests |
To administer your participation in any competitions or prize draws we may run from time to time
| ● To pursue our legitimate interests
|
To provide you with our newsletter, if you have subscribed to receive it, and any other information that you request from us from time to time | ● To pursue our legitimate interests
|
To communicate with you (via the use of surveys or by other means) about any comments, queries or feedback you might have about us, our website or our applications
| ● To fulfil our contractual agreement with you ● To pursue our legitimate interests
|
For publication on our website (for example, in connection with your listing or advertisement or for review or testimonial purposes), but only if you have either provided it to us for that purpose or if you have consented to this | ● To pursue our legitimate interests ● When you have provided consent
|
To enable you to participate in interactive features of our website or our applications, when you choose to do so
| ● To fulfil our contractual agreement with you ● To pursue our legitimate interests
|
To ensure that content on our website or in our applications is presented in the most effective manner for you and for your computer
| ● To fulfil our contractual agreement with you ● To pursue our legitimate interests
|
To provide you with information about products and services we offer that we feel may interest you by post, telephone, SMS, email or via in-application notifications
| ● To pursue our legitimate interests ● Where we are required by law to obtain your consent to provide this information, we will obtain your consent. If consent is not required we will provide you an option to opt-out of receiving this information each time that we send information to you |
To administer our site and applications and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes
| ● To pursue our legitimate interests
|
To keep our website or our applications safe and secure
| ● To fulfil our contractual agreement with you ● To comply with applicable law ● To pursue our legitimate interests
|
To measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you | ● To pursue our legitimate interests
|
To make suggestions and recommendations to you and other users of our website and our applications about goods or services that may interest you or them
| ● To pursue our legitimate interests
|
To verify your identity as well as your personal and contact information
| ● To fulfil our contractual agreement with you ● To comply with applicable law ● To pursue our legitimate interests
|
To record and prove that transactions have been executed
| ● To fulfil our contractual agreement with you ● To comply with applicable law ● To pursue our legitimate interests
|
To initiate, exercise and defend any legal claim or collection procedure
| ● To fulfil our contractual agreement with you ● To comply with applicable law ● To pursue our legitimate interests |
To comply with internal compliance procedures
| ● To comply with applicable law ● To pursue our legitimate interests
|
To prevent misuse of our services
| ● To comply with applicable law ● To pursue our legitimate interests
|
To carry out risk management and fraud prevention processes
| ● To fulfil our contractual agreement with you ● To comply with applicable law ● To pursue our legitimate interests
|
To comply with applicable KYB/KYC and AML, book-keeping and capital adequacy laws and to report to tax authorities and other relevant law enforcement agencies
| ● To comply with applicable law ● To pursue our legitimate interests
|
To communicate with you in relation to our services | ● To fulfil our contractual agreement with you ● To pursue our legitimate interests |
End-customers
For end-customers who use services provided by our merchants, we will collect and process the following information:
Category of personal data | Non-exhaustive examples of personal data from each category |
Contact details
| Name, address, phone numbers, email
|
Financial information | Card details, Transaction history |
Information required to be obtained and kept by law | Book-keeping relevant information
|
Technical and behavioural tracking data
| IP address, location data, pages viewed on our website or applications, whether email communications (including embedded links within them) are opened, cookie identifiers, the types of devices you are using to access or connect to our applications, unique device IDs, device attributes, network connection type and provider, network and device performance, browser type, operating system, and application version |
The purpose and legal basis for processing the personal data outlined above will be:
Purpose of processing the personal data | Legal basis for processing the personal data |
To process a payment made by the end-customer via a card or through the use of any method that we offer from time to time
| ● To comply with applicable law ● To pursue our legitimate interests
|
To ensure that the payment transaction is carried out in a secure manner, mitigating the risk of fraud and other criminal activities
| ● To comply with applicable law ● To pursue our legitimate interests
|
To enable the merchant to fulfil the end-customer’s order and mitigate the risk of fraud and other criminal activities. The personal data will also be processed when handling potential complaints and disputes | ● To comply with applicable law ● To pursue our legitimate interests
|
To provide a receipt to an end-customer. We will only use the end-customer’s email address or mobile number to send receipts and will not use or share the contact details for any other purpose unless we obtain the end-customer’s consent in writing, or inform the end-customer prior to processing for a new purpose or for a purpose that is compatible with the purpose for which initially we collected the personal data | ● To comply with applicable law ● To pursue our legitimate interests
|
Individuals and customer representatives
For individuals and customer representatives contacting our customer support team or us generally, via email, telephone, online chat, SMS or any other communication channel, we will collect and process the following information:
Category of personal data | Non-exhaustive examples of personal data from each category |
Contact details | Name, address, phone numbers, email |
Technical and behavioural tracking data
| IP address, location data, pages viewed on our website, whether email communications (including embedded links within them) are opened, cookie identifiers, the types of devices you are using to access or connect to our applications, unique device IDs, device attributes, network connection type and provider, network and device performance, browser type, operating system, and application version |
The purpose and legal basis for processing the personal data outlined above will be:
Purpose of processing the personal data | Legal basis for processing the personal data |
To administer our site and applications and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes | ● To pursue our legitimate interests
|
To verify your identity as well as your personal and contact information
| ● To comply with applicable law ● To pursue our legitimate interests
|
To provide and market services and products to the individual | ● To pursue our legitimate interests ● When you have provided consent |
To respond to the individual and provide any support that is required | ● To pursue our legitimate interests |
To communicate with you in relation to our services | ● To pursue our legitimate interests ● When you have provided consent |
Individuals within corporates
In the case of an executive, director, beneficial owner or authorised signatory of a corporate customer that communicates with us we will collect and process the following information:
Category of personal data | Non-exhaustive examples of personal data from each category |
Account identification information | Merchant ID number, passwords and equivalent account security information |
Contact details | Name, address, phone numbers, email |
Information required to be obtained and kept by law | Information required for customer identification and verification (e.g. government issued IDs) |
Technical and behavioural tracking data | IP address, location data, pages viewed on our website, whether email communications (including embedded links within them) are opened, cookie identifiers, the types of devices you are using to access or connect to our applications, unique device IDs, device attributes, network connection type and provider, network and device performance, browser type, operating system, and application version |
The purpose and legal basis for processing the personal data outlined above will be:
Purpose of processing the personal data | Legal basis for processing the personal data |
To administer our site and applications and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes | ● To pursue our legitimate interests
|
To provide you with our newsletter, if you have subscribed to receive it, and any other information that you request from us from time to time | ● To pursue our legitimate interests
|
To communicate with you (via the use of surveys or by other means) about any comments, queries or feedback you might have about us, our website or our applications | ● To pursue our legitimate interests
|
To keep our website and our applications safe and secure
| ● To comply with applicable law ● To pursue our legitimate interests
|
To verify your identity as well as your personal and contact information
| ● To comply with applicable law ● To pursue our legitimate interests
|
To initiate, exercise and defend any legal claim or collection procedure
| ● To comply with applicable law ● To pursue our legitimate interests
|
To provide you with information about products and services we offer that we feel may interest you by post, telephone, SMS, email or via in-application notifications
| ● To pursue our legitimate interests ● Where we are required by law to obtain your consent to provide this information, we will obtain your consent. If consent is not required we will provide you an option to opt-out of receiving this information each time that we send information to you.
|
To make suggestions and recommendations to you and other users of our website and our applications about goods or services that may interest you or them | ● To pursue our legitimate interests
|
To comply with internal compliance procedures | ● To comply with applicable law ● To pursue our legitimate interests
|
To prevent misuse of our services
| ● To comply with applicable law ● To pursue our legitimate interests
|
To carry out risk management and fraud prevention processes
| ● To comply with applicable law ● To pursue our legitimate interests
|
To comply with applicable KYB/KYC, AML, book-keeping and capital adequacy laws and to report to tax authorities and other relevant law enforcement agencies | ● To comply with applicable law ● To pursue our legitimate interests
|
To communicate with you in relation to our services | ● To pursue our legitimate interests ● When you have provided consent |
Collecting information from third-parties
To ensure that the services we provide are secure and efficient we process personal data from selected third-parties. These third-party sources (and the categories of information) include:
Category of third-party | Category of personal data |
Credit rating agencies | ● Financial information ● Information required to be obtained and kept by law |
Fraud detection agencies
| ● Information required to be obtained and kept by law
|
Financial institutions such as banks and card networks
| ● Financial information ● Information required to be obtained and kept by law
|
Tax authorities
| ● Information required to be obtained and kept by law
|
Publicly available registries maintained by or on behalf of national authorities
| ● Contact details ● Information required to be obtained and kept by law
|
Companies in the same corporate group as us | ● Contact details |
Sharing information with named third-parties
We currently share personal data with the following named third-parties for the following purposes:
Third-party name | Why we share personal data with them |
Truevo | Dispatch terminal to our customers |
Paynetics | Dispatch terminal to our customers |
|
|
|
|
Sharing your information with others
Sharing your information with credit reference and fraud prevention agencies
When processing your application, we will carry out credit and identity checks on you with one or more credit reference agencies. To do this, we will give the credit reference agencies your personal data and they will give us information about you. This may make it difficult for you to get credit in the future. We will also continue to exchange information about you with credit reference agencies while you have a relationship with us, for example, if we have asked you to pay an amount you owe us and we do not receive a satisfactory reply from you within our stated time limit, or if you give us false or inaccurate information. The credit reference agencies may share your personal data with other organisations.
The credit reference agencies, and the ways in which they use and share personal data, are explained in more detail at www.experian.co.uk/crain/ and www.equifax.co.uk/crain/.
Records we share with credit reference agencies will stay on your file for six years after your file is closed, whether you’ve settled the debt or failed to pay it off.
If you’d like to know about the information credit reference agencies hold about you, you should contact them directly (please note, they will charge you a fee for this service). Not every agency will hold the same information, so you should consider contacting them all.
Their contact details are as follows:
TransUnion: www.transunion.co.uk/contact-us
Equifax PLC: www.equifax.co.uk/support/en_gb/
Experian: www.experian.co.uk/contact-us/
We will share your information with fraud prevention agencies who will use it to prevent fraud and money laundering, and to confirm your identity. We and fraud prevention agencies may also allow law enforcement agencies to access and use your personal data to detect, investigate and prevent crime. If fraud is detected, you could be refused certain services or finance.
Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to present a fraud or money-laundering risk, they can hold your information for up to six years.
Sharing your information with third-parties
We may also share your information with the following third-parties:
- companies that are in the same corporate group as us;
- suppliers and subcontractors who provide, for example, IT support, logistics, communication, customer support, marketing, acquiring and PCI compliance services and our business partners who we may share personal data with in order for them to provide you with information about similar goods and services (with your consent);
- advertisers and advertising networks that require anonymised data to select and serve relevant adverts to you and others. We shall provide them with aggregate information about our users (for example, we may inform them that 150 men aged 35-45 have clicked on their advertisement on any given day). We shall also use such aggregate information to help advertisers reach the kind of audience they want to target (for example, men in a particular location). We shall make use of the information we have collected from you to enable us to comply with our advertisers’ wishes by displaying their advertisement to that target audience;
- user experience, service design and market research agencies that assist us in the improvement and optimisation of the products and services that we offer to customers as well as with other market research projects;
- analytics and search engine providers that assist us in the improvement and optimisation of our website and our applications;
- credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you (please see earlier in this Privacy Policy for detail on this);
- sharing your information with a party we assign our rights to, under applicable contractual arrangements; and
- sharing information with our funding partners in circumstances concerning our financial affairs.
An example of when we may share your personal data with our partners:
If you apply for a merchant instant settlement product, we or our lending partner (the provider of this product) will carry out a credit check to better understand your financial circumstances and repayment history.
An example of how we use your personal data for marketing:
If you are an Arivpay customer, we may contact you about optional extras, loyalty bonuses or promotional offers where you have consented to this. We may use information we gather about you through your use of our services to tailor these offers to you.
We may also disclose your personal data to third-parties:
- in the event that we sell or buy any business or assets, to the prospective seller or buyer of such business or assets and their advisors;
- if we or substantially all of the company’s assets are acquired by a third-party, in which case personal data held by the company about our customers will be one of the transferred assets;
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our various terms, policies and other agreements; or to protect the rights, property, or safety of us, our customers, or others. This includes exchanging information with other companies and organisations for AML and fraud prevention, and credit risk purposes
We shall share an end-customer’s personal data with a merchant when it is to enable the merchant to fulfil the end-customer’s order and mitigate the risk of fraud and other criminal activities. The personal data will also be processed when handling potential complaints and disputes. Personal data shared with a merchant will be subject to the merchant’s data protection policy and not this Privacy Policy.
Where merchants process card transaction data and cardholder data, they must process this in line with our Terms and Conditions. Please refer to these Terms and Conditions for further information.
If a third-party processes personal data on our instruction they are likely to be a data processor. An example of this will be in relation to our suppliers of IT and marketing services. In such cases, we only share personal data for purposes that are compatible with the reasons contained in this Privacy Policy. All data processors are subject to written agreements that ensure the security of personal data and limit the transfer of personal data to third countries.
If a third-party is considered to be a data controller, we are not able to dictate how that third-party will process the data that has been provided. Examples of common third-party data controllers would be credit rating agencies or financial institutions. In such cases, the data protection policies of the third-party data controller will apply.
Links to third-party websites
Our website features third-party advertising which provides links to and from third-party websites. If you follow a link to any of these third-party websites, you should be aware that these websites have their own privacy policies and the operators of those websites will handle your information in accordance with such policies and not with this Privacy Policy. We have no control over such third-parties or their websites or privacy policies. These third-parties may contact you or permit third-parties to contact you for marketing purposes in accordance with their own privacy policies, unless you opt out of such communications.
We do not accept any responsibility or liability for third-party websites or their privacy policies. We strongly advise you to check such policies and the reputation of the website before you submit your information to, or carry out any transaction on, any third-party website.
We welcome any feedback you may have about third-party websites linked to from our website. Please email us at [email protected] or by phone on (+44) 02034885224.
How we secure your information
We have in place a level of security appropriate to the nature of the information stored and the harm that might result from a breach of security. Your information is stored on our secure servers. The transmission of any payment transactions will be encrypted using TLS technology.
All environments that are used in the transmission of payment transactions are hosted in an environment that has passed PCI DSS Level 1 service provider accreditation, and are therefore required to adhere to all the requirements stated by the PCI Security Standards Council.
To get more information about the different requirements of the PCI Security Standards Council please read more here.
Please note that the transmission of information via the internet is not completely secure and, although we will do our best to protect your information, we cannot guarantee the security of any of your information transmitted via our website or our applications. Any transmission is at your own risk. If we become aware that the security of your information has been compromised, we will notify you by email or as otherwise required by law.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website or our applications, you are responsible for keeping this password confidential and you must not share it with anyone.
If you think your password or any other aspect of your account has become compromised, you must inform us immediately at [email protected] or by phone on (+44) 02034885224.
How long will we will keep your information
We will keep your information for as long as is needed for the purposes set out above or as required by any laws that apply.
If you close your account, if we refuse your application for an account or product, or you decide not to go ahead with your application for an account or product, we’ll still keep your information. We may also continue to collect information from credit reference agencies to use after your account is closed. We’ll do this for as long as we’re allowed to for legitimate business purposes, to help prevent fraud and other financial crime, and for other legal and regulatory reasons.
Sharing your information outside the European Economic Area (EEA)
When we or fraud prevention agencies transfer your information outside the EEA, we or the fraud prevention agencies will:
- make sure that the organisations we transfer your information to apply an equivalent level of protection;
- include conditions in the contract with the organisations receiving your personal data to protect it to the standard required in the EEA; and
- possibly ask the organisations receiving your information to subscribe to international frameworks intended to allow information to be shared securely.
If we are transferring your information, we may also transfer it to either a country considered by the European Commission to provide adequate protection of your information, or to a different country if you agree to this. If we transfer your information outside the EEA in other circumstances (for example, because we have to reveal the information to help prevent or detect a crime), we’ll make sure we share that information lawfully.
What happens regarding Brexit?
As the UK has left the European Union (EU), it has ceased to be an EU member state. We may still be required (for the purposes described in this Privacy Policy) to:
- transfer personal data from the UK to the EU, the EEA or elsewhere; and
- receive personal data from outside the UK (including from the EU/EEA) into the UK.
Where we make or receive such transfers, we will ensure that those transfers are lawful and (where necessary) we shall put in place appropriate measures, such as contractual commitments or other valid data transfer mechanisms, to ensure that personal data is sent and received in accordance with applicable law.
What are my rights?
Your right to: | What this means |
Ask us to send you (or someone you nominate) a copy of the information we hold about you | We provide this privacy notice to explain how we use your personal data |
Access your personal data with us
| If you make a ‘data subject access request’ to us, we will provide a copy of the personal data we hold about you. We can’t give you any information about other people, information which is linked to an ongoing criminal or fraud investigation, or information which is linked to settlement negotiations with you. We also won’t provide you with any communication we’ve had with our legal advisers |
Ask us to correct or delete any incorrect or incomplete information we hold about you (we will correct any information we believe is incorrect or incomplete)
| You can have incomplete or inaccurate information corrected. Before we update your records with us, we may need to check the accuracy of the new information you have provided
|
Ask us to stop using your information
| We will stop using your information if there is no legal reason for us to continue to hold or use it
|
Object to any automated decision-making
| In the event that you request the deletion of personal data or for the use of personal data to be restricted, we reserve the right to no longer provide services and products to you under any applicable contract |
Ask us to transfer certain personal data to you or to another organisation, including service providers, in a format they can use where this is technically possible (known as the ‘right to data portability’) | We will transmit personal data in structured, commonly used and machine readable formats
|
Ask us to transfer a copy of some of your information to you or to another organisation, including service providers, where this is technically possible
| We will transmit personal data in structured, commonly used and machine readable formats
|
Withdraw any permission you have previously given to allow us to use your information
| If you have given us any consent we need to use your personal data, you can withdraw your consent at any time by contacting us at: [email protected] or by phone on (+44) 02034885224 |
Ask us to stop or start sending you marketing messages at any time | Please get in touch with us on [email protected] or by phone on (+44) 02034885224 to do this |
How we use cookies
Our website uses cookies to distinguish you from other website users. Cookies help to provide a more personalised experience when you browse our website and also allows us to improve our website. Please take a look at our Cookie Policy for detailed information on the cookies we use and the purposes for which we use them.
Other legal information
Children
We do not knowingly collect information from individuals who are under the age of 16. If you are under the age of 16, please do not register an account with our website or provide any information about yourself on our website. If you have already done so, please contact us.
Changes to our Privacy Policy
By submitting your information to us, you consent to the use of the information as set out in this Privacy Policy.
If we change our Privacy Policy, we will post the changes on this page and may place notices elsewhere on our website (such as the home page) for a reasonable period of time.
Your continued use of our website and our services following any changes to this Privacy Policy will mean you accept those changes.
Glossary and interpretation
What words and phrases in bold mean
AML means anti-money laundering.
Customer portal means the portal you use to access information regarding your use of the services through the Arivpay website.
Data controller has the meaning given in the GDPR.
Data processor has the meaning given in the GDPR.
Data protection laws means the GDPR and other laws or regulations that apply to the processing of personal data.
Data subject has the meaning given in the GDPR.
GDPR means the General Data Protection Regulation (EU 2016/679) or substantially equivalent laws enacted later in the UK.
KYB means Know Your Business.
KYC means Know Your Customer.
MOTO means mail order telephone order.
PCI DSS means the Payment Card Industry Data Security Standard.
Contact Us
Careers
Self-employed careers
Website Use Policy
Terms & Conditions
Privacy Policy
Our Footprint
UK: City View House, 1 Dorset Place, Stratford, London, E15 1BZ
USA: 42020 Village Centre, PLZ STE 120, Stone Ridge, VA 20105, Virginia
Uganda: Plot 24 Kanjokya Street, PO Box 10426, Kololo, Kampala