PRIVACY POLICY

At Pixxles Ltd (company number: 11604773, registered office: Cannon Place, 78 Cannon Street, London, United Kingdom, EC4N 6AF) we are committed to protecting the privacy of our clients. This policy will inform you about how we process your personal information.

We provide end-to-end payment card processing and payment solutions for online and brick-and-mortar businesses. In doing so, we process personal data relating to merchants, cardholders and our business partners including suppliers and agents. Personal data means any information about an individual from which that person can be identified.

We collect and process the following information:

• If you are a merchant, we may collect, use, store and transfer the personal information that you give to us, including your contact details (such as your name, address, telephone number and email address), bank details, transaction details, tax details and government-issued identification details.
• If you are a cardholder, we may collect, use, store and transfer the personal information that you give to us (directly or via a merchant), including your contact details (such as your name, address, telephone number and email address), bank details, purchase history and transaction details.
• If you are a business partner, we may collect, use, store and transfer the personal information that you give to us, including your contact details (such as your name, address, telephone number and email address) and bank details.

• We will keep a record of any username and password you register on our website. We may also collect information from or through the device you use to connect to our website. This includes, for example, technical information such as your internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the website.

• You might be referred to us by an ISO or other referral business.
• We may also receive data from other third parties including card associations, credit reference agencies, fraud prevention agents or other agents working on our behalf.
• We may take information from public sources such as company registries and filings.

To provide a requested service or carry out a contract, for example:

• Clearing, settlement and reconciliation purposes
• Underwriting purposes
• Managing accounts/relationships with merchants and cardholders

Where we have a legitimate interest, for example:

• Assisting merchants and cardholders with inquiries and account maintenance (providing support via telephone and email)
• Managing accounts/relationships with merchants and cardholders
• Marketing and sales purposes, such as surveys to improve our service
• Research and development purposes
• Administering and protecting our business

Where we have a legal obligation, for example:

• Fraud monitoring and risk management purposes (including AML purposes and disclosure of information to, and the exchange thereof with, relevant third parties when required)
• Compliance with laws (for instance due diligence procedures, internal assessment, risk assessment and analysis)
• Administering and protecting our business
  

 Where we have your consent, for example:

• Marketing and sales purposes, such as newsletters.

We carry out a ‘balancing test’ to ensure that our processing is necessary and that your fundamental rights of privacy are not outweighed by our legitimate interests, before we go ahead with such processing. We keep a record of these balancing tests. You have a right to the information contained in these balancing tests on request, and can find out more by contacting us using the details below.

We only retain your information for as long as is necessary for us to use your information as described above, where it is in our legitimate interest, or to comply with our legal obligations. However, please be advised that we may retain some of your information after you cease to use our services, for instance if this is necessary to meet our legal obligations, such as retaining the information for tax and accounting purposes.

When determining the relevant retention periods, we will take into account factors including:

1. our contractual obligations and rights in relation to the information involved;
2. legal obligation(s) under applicable law to retain data for a certain period of time;
3. our legitimate interest where we have carried out a balancing test;
4. statute of limitations under applicable law(s);
5. (potential) disputes;
6. if you have made a request to have your information deleted; and
7. guidelines issued by relevant data protection authorities.

Otherwise, we securely erase your information once this is no longer needed.

We may share your personal information with our clients (merchants) and other third parties that we have retained to provide services that you or our clients have requested, or to perform functions on our behalf or provide services to us, such as:

• Banks
• Card associations
• Credit reference agencies
• Fraud monitoring and risk management agencies
• Identification and information verification agencies
• Professional advisors
• IT consultants or other third party suppliers engaged in relation to our IT systems
• Vendors that help us process payments

These third parties comply with similar and equally stringent undertakings of privacy and confidentiality.

We share your personal information with our other Group companies for internal reasons, primarily for business and operational purposes. As we continue to develop our business, we may sell or purchase assets. If another entity acquires us or merges with us your personal information will be disclosed to such entity. Also, if any bankruptcy or reorganisation proceeding is brought by or against us, all such information will be considered an asset of ours and as such it is possible they will be sold or transferred to third parties.

Where required we share your personal information with third parties to comply with a legal obligation; when we believe in good faith that an applicable law requires it; at the request of governmental authorities conducting an investigation; to detect and protect against fraud, or any technical or security vulnerabilities; to respond to an emergency; or otherwise to protect the rights, property, safety, or security of third parties, visitors to the our website, our business or the public.

If you do not provide the personal information necessary, or withdraw your consent for the processing of your personal information, where this information is necessary for us to provide services to you, we will not be able to provide these services to you.

Do we make automated decisions concerning you?

No, we do not carry out automated decision making.

Do we use cookies to collect personal data on you?

To provide better service to you on our websites, we use Cookies to collect your personal data when you browse. See our Cookie Policy here for more details.

Do we transfer your personal information outside the UK?

If we transfer your personal data to a third country, i.e. a country outside of the United Kingdom, for instance the European Economic Area (“EEA”), we will comply with all applicable laws in respect of such transfer, including making sure that your personal data is kept secure, and ensure that appropriate safeguards are in place to ensure there is adequate protection, such as by:

• ensuring data is transferred only to a country that has laws that protect your personal data in the same way as it would be in the UK;
• using a contract approved by the ICO;

You can contact us to obtain further details of the safeguards applicable to your personal data.

By law, you have a number of rights when it comes to your personal information. Please contact us using the contact details below to exercise any of your rights. Further information and advice about your rights can be obtained from the data protection regulator in your country.

THE RIGHT TO OBJECT TO PROCESSING

You have the right to object to certain types of processing, including processing for direct marketing (i.e. if you no longer want to be contacted with potential opportunities).

THE RIGHT TO BE INFORMED

You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this Privacy Policy.

THE RIGHT OF ACCESS

You have the right to obtain access to your information (if we’re processing it), and certain other information (similar to that provided in this Privacy Policy). This is so you’re aware and can check that we’re using your information in accordance with data protection law.

THE RIGHT TO RECTIFICATION

You are entitled to have your information corrected if it’s inaccurate or incomplete.

THE RIGHT TO ERASURE

This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there’s no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.

THE RIGHT TO RESTRICT PROCESSING

You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.

THE RIGHT TO DATA PORTABILITY

You have rights to obtain and reuse your personal information for your own purposes across different services. For example, if you decide to switch to a new provider, this enables you to move, copy or transfer your information easily between our IT systems and theirs safely and securely, without affecting its usability.

THE RIGHT TO LODGE A COMPLAINT

You have the right to lodge a complaint about the way we handle or process your personal information with your national data protection regulator.

THE RIGHT TO WITHDRAW CONSENT

If you have given your consent to anything we do with your personal information, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal information with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal information for marketing purposes.

We usually act on requests and provide information free of charge, but may charge a reasonable fee to cover our administrative costs of providing the information for:

• baseless or excessive/repeated requests, or
• further copies of the same information.

Alternatively, we may be entitled to refuse to act on the request.

Please consider your request responsibly before submitting it. We’ll respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we’ll come back to you and let you know.

Please contact us if you have any questions about this Privacy Policy or the information we hold about you.

If you wish to contact us, please send an email to [email protected], write to Cannon Place, 78 Cannon Street, London EC4N 6AF, United Kingdom or call +44 208 126 4154.

We may change this Privacy Policy from time to time, when we do so substantially or materially we will inform our customers and subscribers to our newsletter via e-mail.

This Privacy Policy was published on 4 October 2018 and last updated on 21 June 2021.