FMPay | Privacy Policy

Privacy notice for our clients

Effective date: 23rd of August 2021

At FMPay, we are committed to protecting and respecting your privacy and safeguarding any personal data that you give to us. We are transparent about the processing of your personal data and this notice sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.

We are a controller under the UK GDPR and the Data Protection Act 2018. Our data protection officer is Kristy Gouldsmith and she can be contacted at [email protected]

We are:

FM Finance Ltd t/a FMPay

Suite 44 Pure Offices

Hatherley Lane,

Cheltenham Office Park


United Kingdom 

GL51 6SH

Tel: +44 1242 9072 60 

Email:  [email protected]

    Personal data processed

    We will ask you to provide us with personal data of the owners, directors, partners and persons with significant control of the business when you apply to become our client. We may require you to provide us with additional personal data as you use our services. The following information will explain what personal data we collect and how we use it.

  1. Information you provide to access and use our services
  2. If you are a client applying to use our services, we will collect, store and process personal data relating to the owners, directors, partners and persons with significant control of the business, such as:

    • full name;
    • email address;
    • date of birth;
    • home address;
    • proof of address;
    • proof of idientity; and
    • other client due diligence information as required to on-board the company and meet our legal requirements, such as anti-money laundering and fraud prevention.

    We need this data in order to provide you with our service. Without it, we are unable to provide our services to you. We will continue to process personal data to satisfy our client due diligence obligations throughout the time that you are our client.

    We need to check that you are using our services legally. To do this, we will collect data about you from companies that help us verify identities, do credit checks, prevent fraud or assess risk, as follows:

    • Background check information: credit report information, identity verification information, background check information from public records and information about any person or corporation with whom you have had, currently have, or may have a financial relationship;
    • Credit, Compliance and Fraud: information about you from third parties for any credit investigation, credit eligibility, identity or account verification process, fraud detection process, or collection procedure. This includes information from any credit reporting agency or credit bureau and any person or corporation with whom you have had, currently have, or may have had a financial relationship, including places of employment and financial institutions.

    We need to do these checks in order to verify the identities of the company owners, directors and persons with significant control to comply with our client due diligence obligations, anti-money laundering law and to protecting the security and integrity of our services. We are also required by law to ensure that we have effective fraud detection and prevention processes in place.

    For all sole traders, limited companies or partners in unincorporated partnerships we will also collect:

    • Billing information, including bank account information and payment information.
  3. Information we collect from your use of our services

  4. We get data about the devices (eg., computer, mobile phone or tablet) that you use when you interact with our systems. We use this information to protect the security of our systems and for analytical purposes.

    • Device Information, information about your device, including your hardware model, operating system and version, unique device identifier, country and language settings, mobile network information, and information about the device’s interaction with our services;
    • Use Information, such as internet or other electronic network activity information which includes information about how you use and interact with our services, including your access time, “log-in” and “log-out” information, browser type and language, your IP address, the domain name and location of your internet service provider, other attributes about your browser, any specific page you visit on our platform, content you view, features you use, the date and time of your use of the services, your search terms, and the website you visited before you visited or used the services.

    We use this data to continue to improve our products and services.

  5. Communicating with to obtain feedback and to provide information about our services

  6. We would like to communicate with you in order to obtain your feedback about our products and services. This information is helpful for use to understand how people are using them. You can unsubscribe from these emails at any time.

    We will also provide you with information about our other products and services. You can unsubscribe to these emails at any time.

    Legal bases we use to process your information

    PurposeType of dataLegal basis for processing

    To facilitate and enable our relationship with you as a prospective, new or existing client

    To provide the services that you have requested

    • full name;
    • email address;
    • date of birth;
    • home address;
    • proof of address;
    • proof of idientity; and
    • other client due diligence information as required to on-board the company and meet our legal requirements, such as anti-money laundering and fraud prevention.

    Required for all owners, directors and persons with significant control of the company

    • Performance of a contract
    • Necessary to comply with a legal obligation

    To process your account information, including:

    • Manage payments, fees and charges

    For all sole traders or partners in unincorporated partnerships

    • Name, contact details and account details
    • Performance of a contract with you

    To use data analytics to improve our website, products/services

    To send feedback surveys

    • Technical, device and usage details
    • Name and email
    • Consent

    To administer and protect website and systems (including troubleshooting, testing, system maintenance, support, reporting and hosting of data)

    • Technical and device details
    • Necessary for our legitimate interests (IT services, network security)

    When and with whom we share your information

    We share your personal data with third parties who:
    • help us provide our services (e.g., vendors who help us with fraud prevention, identity verification, and fee collection services) as well as financial institutions, website hosting, data analysis, IT and related infrastructure, communications and auditing;
    • help us with our marketing;
    • assist us with running our business, complying with our legal obligations and defending our rights and those of our customers (e.g. consultants, accountants and lawyers).
    • We will share your personal data with third parties who assist us with fraud prevention and identify verification. We will also respond to requests from courts, law enforcement agencies, regulatory agencies, and other government authorities.

      We will share your personal data with third parties in the event of any reorganisation, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock.

      When a third-party entity processes your personal data on our behalf, we have a data sharing agreement with them that sets out their obligations under data protection law.

    International data transfers

    We may use third-party service providers to, process and store your personal data in countries outside of the UK, such as those in the European Economic Area (EEA). We use standard contractual clauses which have been approved by the European Commission.

    Retention of your information

    We retain your personal data in an identifiable format for the least amount of time necessary to fulfil our legal or regulatory obligations and for our business purposes. Data are retained for the following periods of time:

    Type of dataPurposeRetention period

    AML, identity and fraud check information

    Contact details

    Providing our services

    AML and identity checks of new merchants

    On-going customer due diligence

    5 years after termination of the contract, or from the last contact, as applicable
    Technical, device and usage detailsSecuring our website and systemsIndefinite
    Analytical dataImproving our website, products/services,1 year
    Contact details for marketing purposesMarketing, customer relationships and experiences1 year after termination of the contract
    Bank detailsFor sole traders and partners in unincorporated partnerships7 years after termination of the contract

    Children’s personal information

    Our services are not directed at children under the age of 18. If we learn that any information that we have collected has been provided by a child under the age of 18, we will promptly delete that information.

    Your rights

    • To access to your personal data and information about our processing of it. You also have the right to request a copy of your personal data (but we will need to remove information about other people).
    • To rectify incorrect personal data that we are processing.
    • To request that we erase your personal data if:
      • we no longer need it;
      • if we are processing your personal data by consent and you withdraw that consent;
      • if we no longer have a legitimate ground to process your personal data; or
      • we are processing your personal data unlawfully
    • To object to our processing if it is by legitimate interest.
    • To restrict our processing if it was by legitimate interest.
    • To request that your personal data be transferred from us to another company if we were processing your data under a contract or with your consent and the processing is carried out by automated means.

    If you want to exercise any of these rights, please contact us.

    If you have a concern about the way we are collecting or using your personal data, please raise your concern with us in the first instance. You may also contact the Information Commissioner’s Office at

    Notice to our merchants

    We may collect, use and disclose certain personal data about your customers when acting as your service provider. You are responsible for making sure that your customer’s privacy rights are respected, including ensuring appropriate disclosures about third party data collection and use. You must comply with the personal data protection laws of your country of origin and of those countries in which you offer products or services and, in particular when processing and sending personal data to us in the context of using our services and submitting transactions. To the extent that we are acting as your data processor, we will process personal data in accordance with the terms of our agreement with you and your lawful instructions.