This policy sets out the privacy, data protection and security guidelines and processes of Paywizard Group Ltd (“Paywizard”), setting out what Paywizard will do with the personal information/data you provide to us and/or we gather about you through your transactions whilst using our service(s).
Account Creation Data
To ensure you can fully utilise the Paywizard facilities, Paywizard requires that you agree to provide certain personal data to be held by Paywizard. Such personal data may include, but not be limited to:
- birth date;
- e-mail address;
- contact telephone number(s);
- bank account information or credit card information;
- preferred currency;
- personal identification number (PIN); and
- security question and response.
Such personal data shall be used by Paywizard to administer your Paywizard Account (Paywizard Merchant Account or MyPaywizard Account, as applicable) and to allow the processing of your authorised transactions using the Paywizard services.
To allow Paywizard to fully support you, such personal data (entered on the Paywizard system at the point of account creation, and as amended by you from time to time) may be passed to the following third parties in the following circumstances:
- Merchant(s): in the instance that you have a complaint about a service provider (e.g. Merchant), we may pass your data to the specific Merchant to allow them to manage and respond to your complaint, as appropriate;
- Merchant(s): in the instance that requested/authorised transactions fail to be processed, for whatever reason;
- Merchant(s): in the instance that you have requested a subscription/service with such Merchant or where a condition of your subscription with such Merchant requires that such personal data is shared with them by Paywizard;
- Merchant: in the instance that the use of the Merchant’s mobile services, offers, and products requires Paywizard to share such personal data with them as part of the conditions of you using such Merchant’s services;
- Authorities and/or Regulatory Bodies: in the instance that Paywizard is legally obliged and/or entitled to do so (e.g. if required by a Court or for the purpose of prevention of fraud and/or any other crime);
- A third party: in the instance of the re-organisation and/or sale of the assets of Paywizard, such sharing of personal data shall only be processed when the organisations involved have ensured that appropriate steps have been taken to not compromise your privacy rights and to ensure your personal data continues to be adequately protected; and
- Paywizard Group Companies: in the instance that Paywizard has suitable arrangements in place with its Group Companies to process certain functions on its behalf, and at all times your privacy rights and your personal data is appropriate managed.
- Credit Reference and/or Credit Control Agencies: in the instance of Paywizard requiring to conduct credit reference checks and/ or to recover debt incurred on your account.
Paywizard shall not pass/share your personal data with any other third parties.
Paywizard is registered with the United Kingdom Information Commissioners Office, and confirms that all personal data is collected, processed, stored and used in accordance with the provisions of the Data Protection Act 1998.
Information We Collect
1. Required Information – To create a Paywizard Account you must provide the detail set out above. To allow the processing of certain transactions via Paywizard you must provide credit card, debit card, and/or bank account information. We also ask you to choose a security question to answer (e.g. your mother’s maiden name, your first pet’s name, favourite place, first school, best friend’s name). This personal detail is necessary to allow Paywizard to process your transactions, issue a new password (if you forget/lose your password), protect you against credit card and current account fraud, and to contact you should the need arise.
Paywizard may also require other identification information from time to time (e.g. if you request to send/receive certain high-value transactions or high overall payment volumes via Paywizard or as is otherwise necessary to allow Paywizard to comply with specific regulations (e.g. HM Revenue & Customs money laundering requirements, etc.)).
2. Transaction Information – When you use Paywizard to process a transaction (e.g. make a payment, top up your Paywizard Account, withdraw from your Paywizard Account), we may require additional information from you relating specifically to that transaction (e.g. the amount/value, the transaction type, etc.). Paywizard may add this data to your Paywizard Account history and may be used to speed up future transaction requests. Paywizard may collect additional information (e.g. IP address of the device you use to process the transaction) to help us to detect possible instances of unauthorised transactions.
3. Information About Your From Third Parties – Paywizard may verify the information you provide with bank processes to assist in protecting our customers against potential fraud. Paywizard may receive additional identification data about you whilst conducting such verification (e.g. if you register a credit/debit card with Paywizard, we may use card authorisation and fraud screening services to verify that the credit/debit card information and address match the information that you supplied to Paywizard, and that the credit/debit card has not been reported as lost/stolen).
In the event that you send/receive high overall payment transaction volumes via Paywizard, we reserve the right to conduct a background check about you (and your business, where appropriate) from a credit reference agency or a business information service. Paywizard reserves the right to close any Paywizard Account based on information received during such background checking.
Paywizard, at its sole discretion, also reserves the right to periodically conduct a business and/or consumer credit check from a credit reference agency or a business information service, as appropriate. Paywizard reserves the right to close any Paywizard Account based on information received during such credit checking.
4. Additional Verification – In the event that Paywizard cannot verify the information (provided by you during Paywizard Account creation or as amended by you from time to time), or if you request a withdrawal by cheque to an address other than your verified Paywizard Account address, we may ask you to send us additional information by fax (e.g. your driving licence, credit card statement, or other information linking you to the applicable address), or to answer additional questions online to help verify your information before Paywizard processes your request.
5. Web-site Traffic Information – As a result of standard world wide web communications and our standard processes, we gather additional information when you access the Paywizard website, including, but not limited to:
- the web-site address of the site that you came from;
- the web-site address of the site that you are going to;
- information on which pages of our website you visit whilst on the Paywizard site;
- internet protocol (IP) addresses;
- the type of browser you use; and
- the times you access the Paywizard website.
We use this web-site traffic information to help us to:
- understand the preferences of our customers;
- to manage the load on our servers; and
- information on which pages of our website you visit whilst on the Paywizard site;
- to improve our service and your experience with Paywizard.
6. Our Use of “Cookies” – Cookies are small files of data that reside on your computer and which allow service providers (e.g. Paywizard) to recognise you as a customer when you return to that specific service provider’s web-site using the same computer and web browser. Paywizard will send a “session cookie” to your computer when you log in to your Paywizard Account by entering your unique username and password. Cookies allow us to recognise you, if you visit multiple pages within our site, during the same session, without you having to re-enter your password multiple times. Once you log out/close your browser the session cookies expire and no longer have any effect (e.g. you will need to log into your Paywizard Account the next time you wish to access the Paywizard services).
We may use longer-lasting cookies for other purposes (e.g. to display your e-mail address on our log-in page so that you don’t need to re-type this each time you wish to log in to your Paywizard Account). Our cookies are encoded, so that only Paywizard can interpret the information stored. You do not need to accept our cookies and you may decline these, if your browser permits, however, if you do, you may need to re-enter data as it will not be automatically stored and therefore unavailable to pre-populate data fields, where appropriate.
Paywizard also reserves the right to collect information about your computer, or other access device, to reduce any risk and also for fraud prevention purposes.
7. Customer Service – You may send correspondence (written, e-mail, and faxes) to Paywizard, and if you do, Paywizard reserves the right to keep copies of such correspondence and to add relevant notes to your Paywizard account. We may also keep copies of correspondence that we issue to you, including the adding of relevant notes to your account. Paywizard maintains such correspondence records, where appropriate, to:
record the details of our relationship/interactions;
allow us to measure and improve our customer service, where appropriate;
allow us to investigate any complaints received from you regarding the service; and
allow us to investigate potential fraud and violations of the Paywizard T&C.
Paywizard may delete such records from time to time, where permitted by law.
8. Customer Satisfaction and Profile Data – Paywizard may offer optional questionnaires and surveys to our customers for the purpose of gathering customer satisfaction and/or as collecting additional data (e.g. demographic information, assessing our customers’ interests, etc.).
In the event that Paywizard collects such information in this manner, the use of the information being collected will be fully explained in detail in the survey. In the event that Paywizard collects any personally identifiable data from our customers within any such surveys, customers will be given notice of how the data will be used prior to them agreeing to participate in the survey.
Such surveys shall be optional for our customers, however, it is anticipated that such data will be invaluable to Paywizard to:
allow us to measure and improve our customer service, where appropriate; and
allow us to tailor and improve our service offering.
Paywizard Security Measures
Paywizard takes security seriously, and as such has the following in place:
- Encryption of personal sensitive data;
- Restricted access to personal data;
- Restricted physical access to specific areas (e.g. data centre, etc.);
- Registered with the Information Commissioners Office (“ICO”);
- Adhere to the principles of the Data Protection Act 1998 (“DPA”);
- BACS Bureau accredited;
- Paywizard is authorised by the UK Financial Conduct Authority (“FCA“) under the Electronic Money Regulations 2011 (“EMR”) for the issuing of electronic money;
- We are compliant with the Payment Card Industry Data Security Standards (“PCI DSS”); and
- We have a well-developed business continuity plan (“BCP”) and disaster recovery (“DR”) procedures in place.
Relevant transactional information processed by Paywizard is encrypted (you will see the padlock symbol on relevant screens, as appropriate, when entering/submitting your data).
We will never send you an e-mail or other communication:
requesting you to provide your Paywizard Account details, personal identification number (PIN) or password; or
containing a hyper-link to your Paywizard Account (other than in response to a request from you to reset your password or PIN or change other security/login details).
If you receive such an e-mail or communication (other than for the aforementioned reasons), you should delete it without clicking on any links or opening any attachments provided with it. If you are unsure whether a communication has been sent by us, please contact Customer Services to help us to reduce fraud.
Data & Systems Security
Personal sensitive data, where required to be stored/saved by Paywizard, is encrypted.
Paywizard is compliant with PCI DSS.
Paywizard employs the services of the third party provider to conduct quarterly penetration/vulnerability scans and annual system audits.
Paywizard enforces restricted access to specific areas, including but not limited to:
Paywizard billing processing area; and
Paywizard management suite.
Access is controlled by either swipe card access and/or door key-pad entry, as appropriate.
Unless you specifically request us not to (e.g. by selecting online via your Paywizard Account not to receive correspondence), Paywizard may provide you with periodic information and news e-mails and/or written correspondence, about Paywizard or our preferred partners, as appropriate. Such Paywizard information is intended to keep you up-to-date regarding our services, including any available offers.
At any point, if you wish to know which, if any of your personal data is being stored by Paywizard, you may request such information directly from Paywizard.
In the event that you cancel your Paywizard Account, we may still retain some of your personal data, where required by law or until such time as your Paywizard Account is settled (e.g. clear balance).
Paywizard is authorised by the UK Financial Conduct Authority (“FCA”) under the Electronic Money Regulations 2011 for the issuing of electronic money.
Last Updated: 16th April 2013