At FMPay, we are committed to protecting and respecting your privacy and safeguarding any personal data that you give to us. We are transparent about the processing of your personal data and this notice sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.
We are a controller under the UK GDPR and the Data Protection Act 2018. Our data protection officer is Kristy Gouldsmith and she can be contacted at [email protected]
FM Finance Ltd t/a FMPay
Suite 44 Pure Offices
Cheltenham Office Park
Tel: +44 1242 9072 60
Email: [email protected]
We will ask you to provide us with personal data of the owners, directors, partners and persons with significant control of the business when you apply to become our client. We may require you to provide us with additional personal data as you use our services. The following information will explain what personal data we collect and how we use it.
If you are a client applying to use our services, we will collect, store and process personal data relating to the owners, directors, partners and persons with significant control of the business, such as:
We need this data in order to provide you with our service. Without it, we are unable to provide our services to you. We will continue to process personal data to satisfy our client due diligence obligations throughout the time that you are our client.
We need to check that you are using our services legally. To do this, we will collect data about you from companies that help us verify identities, do credit checks, prevent fraud or assess risk, as follows:
We need to do these checks in order to verify the identities of the company owners, directors and persons with significant control to comply with our client due diligence obligations, anti-money laundering law and to protecting the security and integrity of our services. We are also required by law to ensure that we have effective fraud detection and prevention processes in place.
For all sole traders, limited companies or partners in unincorporated partnerships we will also collect:
We get data about the devices (eg., computer, mobile phone or tablet) that you use when you interact with our systems. We use this information to protect the security of our systems and for analytical purposes.
We use this data to continue to improve our products and services.
Communicating with to obtain feedback and to provide information about our services
We would like to communicate with you in order to obtain your feedback about our products and services. This information is helpful for use to understand how people are using them. You can unsubscribe from these emails at any time.
We will also provide you with information about our other products and services. You can unsubscribe to these emails at any time.
|Purpose||Type of data||Legal basis for processing|
To facilitate and enable our relationship with you as a prospective, new or existing client
To provide the services that you have requested
Required for all owners, directors and persons with significant control of the company
To process your account information, including:
For all sole traders or partners in unincorporated partnerships
To use data analytics to improve our website, products/services
To send feedback surveys
To administer and protect website and systems (including troubleshooting, testing, system maintenance, support, reporting and hosting of data)
We will share your personal data with third parties who assist us with fraud prevention and identify verification. We will also respond to requests from courts, law enforcement agencies, regulatory agencies, and other government authorities.
We will share your personal data with third parties in the event of any reorganisation, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock.
When a third-party entity processes your personal data on our behalf, we have a data sharing agreement with them that sets out their obligations under data protection law.
We may use third-party service providers to, process and store your personal data in countries outside of the UK, such as those in the European Economic Area (EEA). We use standard contractual clauses which have been approved by the European Commission.
We retain your personal data in an identifiable format for the least amount of time necessary to fulfil our legal or regulatory obligations and for our business purposes. Data are retained for the following periods of time:
|Type of data||Purpose||Retention period|
AML, identity and fraud check information
Providing our services
AML and identity checks of new merchants
On-going customer due diligence
|5 years after termination of the contract, or from the last contact, as applicable|
|Technical, device and usage details||Securing our website and systems||Indefinite|
|Analytical data||Improving our website, products/services,||1 year|
|Contact details for marketing purposes||Marketing, customer relationships and experiences||1 year after termination of the contract|
|Bank details||For sole traders and partners in unincorporated partnerships||7 years after termination of the contract|
Our services are not directed at children under the age of 18. If we learn that any information that we have collected has been provided by a child under the age of 18, we will promptly delete that information.
If you want to exercise any of these rights, please contact us.
If you have a concern about the way we are collecting or using your personal data, please raise your concern with us in the first instance. You may also contact the Information Commissioner’s Office at https://ico.org.uk/concerns/.
We may collect, use and disclose certain personal data about your customers when acting as your service provider. You are responsible for making sure that your customer’s privacy rights are respected, including ensuring appropriate disclosures about third party data collection and use. You must comply with the personal data protection laws of your country of origin and of those countries in which you offer products or services and, in particular when processing and sending personal data to us in the context of using our services and submitting transactions. To the extent that we are acting as your data processor, we will process personal data in accordance with the terms of our agreement with you and your lawful instructions.