At FMPay, we are committed to protecting and respecting your privacy and safeguarding any personal data that you give to us. We are transparent about the processing of your personal data and this notice sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. We are a controller under the UK GDPR and the Data Protection Act 2018. Our data protection officer is Kristy Gouldsmith and she can be contacted at [email protected].
We are:
FM Finance Ltd t/a FMPay
Suites 15-16 Pure Offices
Hatherley Lane,
Cheltenham Office Park
Cheltenham
United Kingdom
GL51 6SH
Tel: +44 1242 9072 60
Email: [email protected]
We will ask you to provide us with personal data of the owners, directors, partners and persons with significant control of the business when you apply to become our client. We may require you to provide us with additional personal data as you use our services. The following information will explain what personal data we collect and how we use it.
Information you provide to access and use our services;
If you are a client applying to use our services, we will collect, store and process personal data relating to the owners, directors, partners and persons with significant control of the business, such as:
Full name;
Email address;
Date of birth;
Home address;
Proof of address;
Proof of identity;
Other client due diligence information as required to on-board the company and meet our legal requirements, such as anti-money laundering and fraud prevention.
We need this data in order to provide you with our service. Without it, we are unable to provide our services to you. We will continue to process personal data to satisfy our client due diligence obligations throughout the time that you are our client.
We need to check that you are using our services legally. To do this, we will collect data about you from companies that help us verify identities, do credit checks, prevent fraud or assess risk, as follows:
Background check information: credit report information, identity verification information, background check information from public records and information about any person or corporation with whom you have had, currently have, or may have a financial relationship;
Credit, Compliance and Fraud: information about you from third parties for any credit investigation, credit eligibility, identity or account verification process, fraud detection process, or collection procedure. This includes information from any credit reporting agency or credit bureau and any person or corporation with whom you have had, currently have, or may have had a financial relationship, including places of employment and financial institutions.
We need to do these checks in order to verify the identities of the company owners, directors and persons with significant control to comply with our client due diligence obligations, anti-money laundering law and to protecting the security and integrity of our services. We are also required by law to ensure that we have effective fraud detection and prevention processes in place.
For all sole traders, limited companies or partners in unincorporated partnerships we will also collect:
Billing information, including bank account information and payment information.
Information we collect from your use of our services;
We get data about the devices (eg., computer, mobile phone or tablet) that you use when you interact with our systems. We use this information to protect the security of our systems and for analytical purposes.
Device Information, information about your device, including your hardware model, operating system and version, unique device identifier, country and language settings, mobile network information, and information about the device’s interaction with our services;
Use Information, such as internet or other electronic network activity information which includes information about how you use and interact with our services, including your access time, “log-in” and “log-out” information, browser type and language, your IP address, the domain name and location of your internet service provider, other attributes about your browser, any specific page you visit on our platform, content you view, features you use, the date and time of your use of the services, your search terms, and the website you visited before you visited or used the services.
We use this data to continue to improve our products and services.
Communicating with to obtain feedback and to provide information about our services
We would like to communicate with you in order to obtain your feedback about our products and services. This information is helpful for use to understand how people are using them. You can unsubscribe from these emails at any time.
We will also provide you with information about our other products and services. You can unsubscribe to these emails at any time.
To facilitate and enable our relationship with you as a prospective, new or existing client. To provide the services that you have requested.
Full name;
Email address;
Date of birth;
Home address;
Proof of address;
Proof of idientity;
Other client due diligence information as required to on-board the company and meet our legal requirements, such as anti-money laundering and fraud prevention.
To facilitate and enable our relationship with you as a prospective, new or existing client. To provide the services that you have requested.
Performance of a contract;
Necessary to comply with a legal obligation;
To process your account information, including:
Manage payments, fees and charges.
For all sole traders or partners in unincorporated partnerships.
Name, contact details and account details;
Performance of a contract with you;
To use data analytics to improve our website, products/services. To send feedback surveys.
Technical, device and usage details;
Name and email;
Consent;
To administer and protect website and systems (including troubleshooting, testing, system maintenance, support, reporting and hosting of data).
Technical and device details;
Necessary for our legitimate interests (IT services, network security).
We share your personal data with third parties who:
3.1 Help us provide our services (e.g., vendors who help us with fraud prevention, identity verification, and fee collection services) as well as financial institutions, website hosting, data analysis, IT and related infrastructure, communications and auditing;
3.2 Help us with our marketing;
3.3 Assist us with running our business, complying with our legal obligations and defending our rights and those of our customers (e.g. consultants, accountants and lawyers).
3.4 We will share your personal data with third parties who assist us with fraud prevention and identify verification. We will also respond to requests from courts, law enforcement agencies, regulatory agencies, and other government authorities.
3.5 We will share your personal data with third parties in the event of any reorganisation, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock.
3.6 When a third-party entity processes your personal data on our behalf, we have a data sharing agreement with them that sets out their obligations under data protection law.
We may use third-party service providers to, process and store your personal data in countries outside of the UK, such as those in the European Economic Area (EEA). We use the UK’s International Data Transfer Agreement which has been approved by the UK Government.
We retain your personal data in an identifiable format for the least amount of time necessary to fulfil our legal or regulatory obligations and for our business purposes. Data are retained for the following periods of time:
AML, identity and fraud check information. Contact details.
Providing our services. AML and identity checks of new merchants. On-going customer due diligence.
5 years after termination of the contract, or from the last contact, as applicable.
Technical, device and usage details.
Securing our website and systems.
Indefinite.
Analytical data.
Improving our website, products/services.
1 year.
Contact details for marketing purposes.
Marketing, customer relationships and experiences.
1 year after termination of the contract.
Bank details.
For sole traders and partners in unincorporated partnerships.
7 years after termination of the contract.
Our services are not directed at children under the age of 18. If we learn that any information that we have collected has been provided by a child under the age of 18, we will promptly delete that information.
To access to your personal data and information about our processing of it. You also have the right to request a copy of your personal data (but we will need to remove information about other people);
To rectify incorrect personal data that we are processing.
To request that we erase your personal data if:
We no longer need it;
If we are processing your personal data by consent and you withdraw that consent;
If we no longer have a legitimate ground to process your personal data;
We are processing your personal data unlawfully.
To object to our processing if it is by legitimate interest;
To restrict our processing if it was by legitimate interest;
To request that your personal data be transferred from us to another company if we were processing your data under a contract or with your consent and the processing is carried out by automated means.
If you want to exercise any of these rights, please contact us.
If you have a concern about the way we are collecting or using your personal data, please raise your concern with us in the first instance. You may also contact the Information Commissioner’s Office at https://ico.org.uk/concerns/
When a third-party entity processes your personal data on our behalf, we have a data sharing agreement with them that sets out their obligations under data protection law.
We may collect, use and disclose certain personal data about your customers when acting as your service provider. You are responsible for making sure that your customer’s privacy rights are respected, including ensuring appropriate disclosures about third party data collection and use. You must comply with the personal data protection laws of your country of origin and of those countries in which you offer products or services and, in particular when processing and sending personal data to us in the context of using our services and submitting transactions. To the extent that we are acting as your data processor, we will process personal data in accordance with the terms of our agreement with you and your lawful instructions.