Effective 25 May 2018
This policy (together with our user terms and conditions and any other documents referred to in it) sets out the basis on which any personal data we collect from you, or that you provide to us, through our Website or App will be processed by us.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting our Website or using our App, you are accepting and consenting to the practices described in this policy. We are committed to the protection and privacy of any shared personal information by meeting the aims and objectives of the principles of the GDPR.
What is personal data?
We collect information about you in a range of forms, including personal data. As used in this Policy, “Personal Data” is as defined in the GDPR, this includes any information which, either alone or in combination with other information we hold about you, identifies you as an individual, including, for example, your name, postal address, email address and telephone number.
What we collect
You may give us information about you by filling in forms on our websites or by corresponding with us by phone, e-mail or otherwise. This includes (but is not limited to) information you provide when you register to use our Website or App, transfer money using our Website or App and when you report a problem with our Website or App.
The information you give us may include:
- Name, address, job title and email address
- Date of birth
- Phone number
- Financial and credit card information
- Payment reason
- Geographic location
- Copies of identification
- Proof of address
We may collect, store and use the following information about your computer, mobile device or other item of hardware through which you access the website:
- Your visits to and use of the Website (including without limitation your IP address, geographical location, browser/platform type and version)
- Internet Service Provider
- Operating system
- Referral source/exit pages
- Length of visit
- Page views
- Website navigation and search terms that you use
We will at all times minimise the collection and use of personal data to what is necessary to administer our business and deliver services to you. In order to process your requests and transactions we will use the information provided by you.
What we do with the information we gather
The main reason we use this information is to provide you with both an improved website experience and details about our products and services, but we (or third-party data processors, agents and sub-contractors acting on our behalf) may also use the following information:
- To help us perform our services;
- To assess the risk of performing our services;
- To enable us to enforce our rights under our terms and conditions if necessary;
- To administer our Website or App and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- To improve our products and services;
- As part of our efforts to keep our Website and App safe and secure;
- For promotional purposes including, without limitation, to share the personal data with businesses in our group and with selected third parties whom we believe have products or services that may be of interest to you;
- From time to time, we may also use your information to contact you for market research purposes; and
- from any of your activities in connection with your use of our Services.
We may combine the information we receive from other sources with information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above.
Links to other Websites
Our Website or App may, from time to time, contain links to and from the Websites of our partner networks and affiliates. If you follow a link to any of these Websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these Websites.
Disclosure of your information
We may share your personal information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in Section 1159 of the UK Companies Act 2006.
We may share your information with the following selected third parties including:
- Our banking partners;
- Our IT service providers;
- sub-contractors or sub-processors for the performance of any contract we enter into with them or you;
- Analytics and search engine providers that assist us in the improvement and optimisation of our Site;
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
- If Xendpay or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets; and
Do we process your personal data outside the EEA?
The data that we collect from you may also involve transfer of your personal data to any country, including countries outside the European Economic Area, but that in those cases, except where the relevant country has been determined to ensure an adequate level of data protection by the European Commission or we need to make the transfer in order to perform a contract concluded in your interests, we will ensure that the transferred personal data is protected by a data transfer agreement in the appropriate standard form approved for this purpose by the European Commission or by a binding legal agreement (and that further details of these transfers and copies of these agreements are available from us on request). It may also be processed by our staff operating outside the EEA who work for us. Such staff maybe engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing.
How do we make sure your personal data stays secure?
We use industry standard physical and procedural security measures to protect information from the point of collection to the point of destruction. This includes encryption, firewalls, access controls, policies and other procedures to protect information from unauthorised access.
Where data processing is carried out on our behalf by a third party, we take steps to ensure that appropriate security measures are in place to prevent unauthorised disclosure of personal data.
Despite these precautions, however, we cannot guarantee the security of information transmitted over the Internet or that unauthorised persons will not obtain access to personal data. In the event of a data breach, Xendpay have put in place procedures to deal with any suspected breach and will notify you and any applicable regulator of a breach where we are required to do so.
How long is your personal information retained?
We will only retain your personal data for as long as is necessary for providing our service to you and as long as we have a clear business purpose and lawful basis.
The criteria we use for retaining different types of personal data, includes the following:
|General queries – when you make an enquiry or contact us by email or telephone, we will retain your information for as long as necessary to respond to your queries.||After this period, we will not hold your personal data for longer than 1 year if we have not had any active subsequent contact with you and there is not legitimate interest.|
|Direct marketing – where we hold your personal data on our database for direct marketing purposes||We will retain your information for no longer than 2 years if we have not had any active subsequent contact with you and there is not legitimate interest.|
|Legal and regulatory requirements||We may need to retain personal data for up 7 years after we cease providing services and products to you were necessary to comply with our legal obligations, resolve disputes or enforce our terms and conditions.|
What are Cookies?
Cookies are small text file stored on your computer or internet-enabled device when you visit a website. This enables the website to recognise you should you re-visit the site at a later date.
Our Site uses the following types of cookies for the purposes set out below:
Type of cookie | Purpose
Essential Cookies | These cookies are essential to provide you with services available through our Site and to enable you to use some of its features. For example, they allow you to log in to secure areas of our Site and help the content of the pages you request load quickly. Without these cookies, the services that you have asked for cannot be provided, and we only use these cookies to provide you with those services.
Functionality Cookies | These cookies allow our Site to remember choices you make when you use our Site, such as remembering your language preferences, remembering your login details and remembering the changes you make to other parts of our Site which you can customize. The purpose of these cookies is to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you visit our Site.
Analytics and Performance Cookies | These cookies are used to collect information about traffic to our Site and how users use our Site. The information gathered does not identify any individual visitor. The information is aggregated and anonymous. It includes the number of visitors to our Site, in limited circumstances, where we have a relationship with the referring site, the websites that referred them to our Site, the pages they visited on our Site, what time of day they visited our Site, whether they have visited our Site before, and other similar information. We use this information to help operate our Site more efficiently, to gather broad demographic information and to monitor the level of activity on our Site.
|Analytics||_fbp: Facebook analytics
_ga: Google Analytics cookie
_gat_UA-85995080-5: Google Analytics cookie
_adroll_fpc: analytical cookie used to optimise and analyse website performance and is a retargeting network that allows us to show ads to visitors who’ve landed on our site while browsing the web
_ar_v4: double click advertising Google cookie used to track conversion rates
|Trustpilot third party cookie||uk.trustpilot.com|
|Functional and Essential||Firstaccess: checks to see if this is the first time user has accessed portal
Firstlogin: checks to see if a user has logged in for the first time
PLG: this is a functional cookie that lets us keep the language of the user across the site.
Lastlogged: cookie that stores the amount of time since a user has last logged into the system
Affcode: cookie to store the affiliate code from the marketing sites affiliate landing pages
Campaign: cookie that stores CTA tracking information when a user clicks it.
sourceTrack: Similar to the campaign cookie except this is for Google search tracking
subcod: Additional affiliate tracking, e.g. if there is two landing pages, identifies which page they came from.
Drupal.visitor.fromCountry: checks which country you are accessing from and changes the language of the website to your local language
|Cookie preference||Cookieconsent_status: remembers your cookie preference|
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You have the right to turn off cookies before using our website or at any time while browsing our Site. You can typically remove or reject cookies via your browser settings. In order to do this, follow the instructions provided by your browser (usually located within the “settings,” “help” “tools” or “edit” facility). Many browsers are set to accept cookies until you change your settings. However, this may prevent you from taking full advantage of the website.
Which purpose and lawful basis do you use for processing of personal data?
The purpose for which we use and process your personal data (excluding sensitive personal data) and the legal basis on which we carry out each type of processing is explained below.
|To provide you with information and services that you request from us.||It is in our legitimate interests to respond to your queries and provide any information requested in order to generate and develop business. To ensure we offer a good and responsive service, we consider this use to be proportionate and will not be prejudicial or detrimental to you.|
|To send you alerts, newsletters, bulletins, announcements, and other communications concerning Xendpay, legal developments or notifications we believe may be of interest to you.||It is in our legitimate interests to market our services. We consider this use to be proportionate and will not be prejudicial or detrimental to you.
You can always opt-out of receiving direct marketing-related email communications by following the unsubscribe link.
|As a client send you special offers, new product information we believe may be of interest to you.||It is in our legitimate interests to market our services. We consider this use to be proportionate and will not be prejudicial or detrimental to you.
You can always opt-out of receiving direct marketing-related email communications by following the unsubscribe link.
|To enforce the terms and conditions and any contracts entered into with you.||It is in our legitimate interests to enforce our terms and conditions of service. We consider this use to be necessary for our legitimate interests and proportionate.|
|To send you information regarding changes to our policies, other terms and conditions and other administrative information.||It is in our legitimate interests to ensure that any changes to our policies and other terms are communicated to you. We consider this use to be necessary for our legitimate interests and will not be prejudicial or detrimental to you.|
|To administer our website including troubleshooting, data analysis, testing, research, statistical and survey purposes;
To improve our website to ensure that consent is presented in the most effective manner for you and your computer, mobile device or other item of hardware through which you access our website; and
To keep our website safe and secure.
|For all these categories, it is in our legitimate interests to continually monitor and improve our services and your experience of our website and to ensure network security. We consider this use to be necessary for our legitimate interests and will not be prejudicial or detrimental to you.|
Where we rely on legitimate interests as a lawful basis, we will carry out a balancing test to ensure that your interests, rights and freedoms do not override our legitimate interests. If you want further information on the balancing test we have carried out, you can request this from our compliance team.
If you do not wish to provide us with your personal data and processing such information is necessary for the performance of a contract with you, we may not be able to perform our obligations under the contract between us.
Xendpay will only use your personal data for the purposes for which we collected it. If we need to use your personal data for an unrelated purpose, we will notify you in a timely manner and we will explain the legal basis which allows us to do so.
For email marketing to an individual subscriber with whom we have not previously engaged as a client, we need your consent to send you unsolicited email marketing.
Where you provide consent, you can withdraw your consent at any time, but without affecting the lawfulness of processing based on consent before its withdrawal.
You have the right to opt out of receiving email marketing communications from us at any time by:
- contacting our compliance team using the contact details set out below; or
- using the “unsubscribe” link in emails.
Your rights under the General Data Protection Regulation (GDPR)
You shall have the right, in accordance with the GDPR, to obtain from us the following:
- Right of confirmation
Confirmation as to whether or not personal data concerning you are being processed.
- Right of access
Free information about the personal data we store about you at any time and to receive a copy of it.
- Right to rectification
Rectification without undue delay of inaccurate personal data about you.
- Right to erasure (Right to be forgotten)
The erasure of personal data concerning you without undue delay, subject to Our legal rights and obligations to retain the same.
- Right of restriction of processing
Restriction of processing where:
- you contest the accuracy of the personal data, for a period while we verify its accuracy;
- the processing is unlawful, and you oppose the erasure of your personal data and request that it be restricted instead;
- we no longer need your personal data for the purposes of the processing, but do require them for the establishment, exercise or defence of legal claims; and
- you do not agree with our assessment that the processing is permitted for Our “legitimate interests”, for a period while verification is carried out as to whether those interests override your own interests.
- Right to data portability
You shall have the right to have the personal data concerning you, which was provided to us, in a structured, commonly used and machine-readable format and to have it transmitted to another entity (to the extent that such data was processed by us on the basis of consent or because it such processing was necessary for the performance of a contract).
Additionally, you will have the following rights:
- Right to object
- to object on grounds relating to your particular situation, at any time, to processing of personal data concerning you, which is based on our legitimate interests. This also applies to profiling based on these provisions;
- to object to our processing of personal data for direct marketing purposes. This applies to profiling to the extent that it is related to such direct marketing;
- Automated individual decision-making, including profiling
Not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you, or similarly significantly affects you.
If you wish to ask a question about your rights, please contact us on firstname.lastname@example.org
Our Service does not address anyone under the age of 18 (“Children”).
We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Children has provided us with Personal Data, please contact us. If we become aware that we have collected personal data from children without verification of parental consent, we take steps to remove that information from our servers.
Updates to our Policy
Any changes we may make to the above this policy will be updated on our Website and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to this policy.
How to contact us
If you have any questions about this Policy or we process your personal data, please contact us in writing to;
Legal & Compliance,
Level 32, One Canada Square,