QPAY Privacy Policy
This website is owned and run by QPay. We respect the privacy of every individual who visits our website/application. This statement describes the information that we may ask you for and the ways in which we may use that information. It also tells you how you can check that the information about you which we keep is accurate and how you can instruct us to erase this information from our files. We follow the set DPA 2018 principles when dealing with personal subject data.
In this policy “we”, “us”, “our” and “ours” means QPay is our trading name of Quantum Card Services Limited and “you” means the person using the website/application.
- Company Intentions and Responsibilities
Intentions and Objectives—In the course of our business it is necessary to record, store, process, transmit, and otherwise handle private information about individuals. We take these activities seriously and provide fair, secure, and fully-legal systems for the appropriate handling of this private information. All such activities are intended to be consistent with both generally accepted privacy ethics and standard business practices.
Our Responsibilities—we take reasonable efforts to ensure that all private information maintained is accurate, timely, relevant, and complete. We also make reasonable efforts to ensure that all private information is used only as intended and that precautions preventing misuse are both effective and appropriate. We are responsible for establishing appropriate controls to ensure that private information is disclosed only to those who have a legitimate business need for such access. We will establish and maintain sufficient controls to ensure that all information is free from a significant risk of undetected alteration.
- Purpose of Processing
Collect only necessary information—In general we may collect (via website registration), process, store, transmit, and disseminate only that private information that is necessary for the proper functioning of our business and providing the service to issue and manage prepaid financial products to you. The data is used to follow compliance with anti-money laundering legislation. We are required to establish the identity of our customers and where necessary share this information with third parties.
Your Rights Regarding Data Held.
- Access
You have the right to ask us to disclose to you information we hold about you. To request this, please contact customer service by email at contactus@qcs-uk.com or phone +44 (0)203 409 4432 (Calls will be charged at the standard geographic UK rate and are included in your fixed line inclusive call volume. For non-BT and mobile phone users, please check with your service provider). We will ask certain security questions to establish your identity as required for regulatory purposes. We will provide this information to you as quickly as possible, no later than one month.
- Right to rectification
If you believe the information we hold about you is incorrect, you can contact us to update it. To do this please contact customer service by email at contactus@qcs-uk.com or phone +44 (0)203 409 4432 (Calls will be charged at the standard geographic UK rate and are included in your fixed line inclusive call volume. For non-BT and mobile phone users, please check with your service provider). We will ask certain security questions to establish your identity as required for regulatory purposes, including evidence of new data provided for validation.
- Right to be forgotten
Due to our regulatory obligations we must maintain personal data as stated for statutory periods. We operate within the financial sector and are required by law to hold financial data for 7 years. In this instance any request to delete data is overridden by HMRC (UK) requirement to hold data for 7 years.
- Restrict
Due to our lawful obligation to maintain data, we cannot restrict data processing. We will update data if requested for inaccuracies.
- Portability
We will provide data under request but cannot transfer to another third party under request.
- Object to processing
You have the right to object to us holding your data but this may result in us being unable to provide you with a prepaid financial product. If you believe we should not hold your data please contact customer service by email at contactus@qcs-uk.com or phone +44 (0)203 409 4432 (Calls will be charged at the standard geographic UK rate and are included in your fixed line inclusive call volume. For non-BT and mobile phone users, please check with your service provider). We will ask certain security questions to establish your identity as required for regulatory purposes. We have the right to decline your objection if we believe we are required legally to retain data for statutory purposes.
- Data Retention
We will retain your data for as long as is required for statutory purposes. We operate within the financial sector and are required by law to hold financial data for 7 years. In this instance any request to delete data is overridden by HMRC (UK) requirement to hold data for 7 years.
We periodically review the data we hold and delete anything we don’t need. It will be destroyed by shredding or by other destruction methods approved by the Information Security department. If we cannot delete data this will be for either legal, regulatory or technical reasons.
- Private Information about Customers
Consent for Collection required —the collection of private information on prospects, customers, and others with whom we do business is customary and expected. However, we will not collect private information from prospects or customers without having obtained their knowledge and consent.
Consent for uses required –Before you place an order, activate a card or otherwise disclose private information, we will inform you about the ways that this private information will be used, and the third parties, if any, to whom the information will be disclosed.
Collection of unnecessary Information— We will never require the provision of prospect or customer private information that is unnecessary for the provision of information, for the completion of a transaction, or for the delivery of products or services.
Opting out from unsolicited Contacts—You can inform us that you do not wish to be contacted through unsolicited direct mail, email marketing, telemarketing and related promotions. We will observe and act on these requests. We will diligently observe the unconditional right of individuals to block data about them from being included in mailing lists or calling lists, block the sale of data about them to third parties, and to have data about them erased from direct marketing lists.
Sharing of Customer Information—We do not disclose specific information about customer accounts, transactions, or relationships to unaffiliated third parties for their independent use, except under certain circumstances. These circumstances for example will be during the registration stage where we will use a third party to search your record at credit reference and fraud prevention agencies. These searches are to check your identity and we do not carry out any credit reference checks or credit scoring for this purpose.
Disclosure for marketing purposes will always require prior consent from the customer to opt in.
Use of outsourcing Organisations— We may outsource some or all of our information handling activities, and it may be necessary to transfer prospect and customer information to third parties to perform work under an outsourcing agreement. In all such cases, the third parties involved must sign a confidentiality agreement prohibiting them from further dissemination of this information and prohibiting them from using this information for unauthorised purposes.
Processing your information, as described above, may involve sending it to other countries outside of the EEA including the United States of America. In such circumstances we are responsible as Data Controllers for making sure that your information continues to be protected under these regulation.
The Personal Data we collect:
Name, Address, Contact details – email and mobile telephone number, Date of Birth, and in some instances we also request Governmental Tax Identity, Passport, Driving License and National ID card details.
Our legal data for processing for the personal data:
We operate within the financial sector and are required by law to hold financial data for 7 years. In this instance any request to delete data is overridden by HMRC (UK) requirement to hold data for 7 years.
Consent
By consenting to this privacy notice you are giving us permission to process your personal data specifically for their purposes identified. Consent is required for our third parties to process personal data, but it must be explicitly given except where the third parties are required for us to fulfil our contractual obligations to provide agreed services.
Where we are asking you for sensitive personal data we will always tell you and how the information will be used. You may withdraw consent at any time but this may result in us being unable to provide you with a prepaid financial product.
Disclosure
We will not pass on your personal data to third parties (without first obtaining your consent) outside of fulfilling our contractual obligations to provide agreed services.
Any legitimate interests pursued by us or third parties we use are as follows:
The following contracted third party service providers will receive your personal data for the following purpose as part of the contractual processing activities
|
Third Party Services |
Safeguards in place to protect your personal data |
|
Out of hours customer service |
Yes |
|
Platform provider |
Yes |
|
Card manufacturer/fulfillment |
Yes |
|
Issuing Bank |
Yes |
|
Registered courier |
Yes |
|
Hosting providers |
Yes |
|
ID verification providers |
Yes |
|
Email and SMS platform |
Yes |
|
Merchant services |
Yes |
|
Scheme provider |
Yes |