Updated May 19, 2022
We respect your privacy and take protection of your data very seriously and are committed to handling the data of those we engage with, whether customers, suppliers or colleagues responsibly and in a way that meets the legal requirements of the countries in which we operate.
When used throughout the text of this Policy:
StormPay, us, we or our each means Paystorm Limited, a private limited company with registered address at Citypoint, 1 Ropemaker Street, London, EC2Y 9HT, United Kingdom;
you or your means each natural or legal person who interacts with us, uses our website or the products and services we provide;
personal data is the information that can be used to uniquely identify an individual;
non-personal data is information that will not allow a specific individual to be identified;
data denotes personal data and/or non-personal data;
distributor is StormPay, who distributes or redeems electronic money on behalf of principal;
principal is Safenetpay Service Company Ltd, a private limited company with registered address at Citypoint, 1 Ropemaker Street, London, EC2Y 9HT, United Kingdom, trading as Safenetpay.
We are performing our activities as a distributor of the principal, an authorised e-money institution regulated by the United Kingdom Financial Conduct Authority (“FCA”) under the Electronic Money Regulations 2011 and Payment Service Regulations 2017 for the issuing of electronic money and providing payment services. Safenetpay’s FCA reference number is 927601.
For the purposes of this Policy and the Data Protection Act 2018 StormPay is the data controller. StormPay is registered with the United Kingdom Information Commissioner’s Office under reference number ZA 778064.
If you have any questions about how we protect or use your data, please email us at [email protected]
We currently collect and process the following data:
If you are a StormPay’s corporate customer, we will need to confirm your identity as part of our KYC process. We will ask you to provide documents, and will also collect information from third parties, such as commercial registers, for this purpose. Periodically, we may conduct a soft check of credit files which may leave small trace on them but will not affect the file itself.
StormPay also collects non-personal data or may anonymise personal data in order to make it non-personal data. StormPay may collect, store, use, transfer and disclose non-personal data for any purpose (for example, the use of aggregated transactional data for commercial purposes).
We may make automated decisions by using technology that can evaluate your circumstances and other factors to predict and evaluate associated risks. We do this to comply with our regulatory obligations. Risk assessment also allows us to run our business efficiently and to ensure our decisions are informed and consistent. Where the automated assessment cannot be completed, we evaluate your data manually.
We will use your data for the following purposes:
If you wish to change how we use the data, please refer to section ‘Your rights’ below.
If you choose not to share your data with us, or refuse certain contact permissions, we might not be able to provide some services or products which are asked for.
We will share your data with the principal in order to provide you with the best products and services. The principal, in its turn, may use your data for the purposes envisaged in section ‘Use of your data’ above or disclose such data further pursuant to this section ‘Disclosure of data’.
We will not sell, trade, or otherwise transfer your data to third parties unless we provide you with an advance notice. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business or serving our customers, so long as those parties agree to keep this data confidential or under regulatory obligation to protect your data.
We may further disclose your data to third parties:
The periods for which we retain your data are determined based on the nature and type of data, potential risk of harm from unauthorised use or disclosure of data, the purposes for which StormPay processes the data as well as any applicable legal or regulatory framework.
In general, once no longer needed for a legitimate business purpose or reason, your data will be deleted, or we may anonymise or aggregate it with other data to make it non-personal.
We will generally keep your data for at least 5 years after our business relationship with you ends or such period as may be required by applicable regulations.
We store your data on Amazon Web Services secure servers.
As we provide an international service, we may need to transfer your data outside the United Kingdom or European Economic Area (EEA) in order for us to provide our products and services.
For example, if you ask to make an international payment, we will send funds to banks outside of the United Kingdom or EEA. We might also send your data outside of the United Kingdom or EEA to keep to global legal and regulatory requirements, and to provide ongoing customer support services.
We may share your data with credit-reference agencies and fraud-prevention agencies that are based outside of the United Kingdom or EEA.
We will take all reasonable steps to make sure that your data is handled securely and in line with this Policy and applicable data protection regulations.
Please note that the transmission of data via the internet is not completely secure and we will do our best to protect your data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk.
Once we have received your data, we will use strict procedures and security features to try to prevent unauthorised access, loss or damage.
Our website is scanned on a regular basis for security breaches and known vulnerabilities in order to make your visit to StormPay’s website as safe as possible.
We use regular malware scanning for security breaches and known vulnerabilities in order to make your visit to our website as safe as possible.
The data is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the data confidential.
Communication over the internet between you and us is encrypted using strong asymmetric encryption. All data you supply is encrypted via Secure Socket Layer (SSL) technology.
We implement a variety of security measures when users place an order, enter, submit, or access their data to maintain the safety of their data. Our servers are updated in a timely manner.
We periodically conduct training on the significance of confidentiality and privacy of customer’s data.
You have certain rights under the data protection legislation, including:
Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege). For example: we may not be able to agree to your request to delete data.
As a regulated financial services provider’s distributor, we must keep certain customer’s data even where you ask us to delete it. If you've closed your StormPay account, we may not be able to delete your entire file because these regulatory responsibilities take priority. We will let you know if we can't delete your data.
For security reasons, we can't deal with your request if we are not sure of your identity, so we may ask you for proof of your ID.
If we wish to change the way we process data or contemplate using data for a different purpose, we will update this Policy accordingly. If we wish to change the way we process your data that we already hold or contemplate using such data for a purpose which you have not agreed to, we will seek your separate consent.
Our website may, from time to time, contain links to and from the websites of the principal, our partner networks, advertisers and affiliates. If we indicate a link to any of these websites, please note that (1) these websites have their own privacy policies and we do not accept any responsibility or liability for these policies and (2) third-party products or services are not included for the purposes to offer them on our website.
Any changes to the Policy will be posted on our website. Please check our website regularly to see any updates or changes to the Policy. If we change the way we use your data, we will update this Policy and, if appropriate, let you know through our website or other means.
If you feel that we have not addressed your questions or concerns adequately, or you believe that your data protection or privacy rights have been infringed, you can contact us in the first instance through submission of your complaint to us in the first instance by contacting us through the following address, or email: Citypoint, 1 Ropemaker Street, London, EC2Y 9HT, United Kingdom. Email: [email protected]
We verify the identity in order to process the request and may ask to provide valid identification documents to allow Safenetpay to do so.
You can also complain to the Information Commissioner’s Office (www.ico.org.uk) if you are unhappy with how we have used your data:
Address: Wycliffe House, Water Ln, Wilmslow SK9 5AF, United Kingdom
Helpline number: 0303 123 1113
We’re not talking about the crunchy, tasty kind. These cookies help us keep our website safe, give you a better experience and show more relevant ads. We won’t turn on unless you accept. Want to know more or adjust your preferences?
These essential cookies do things like remember your progress through a form or deliver you information securely - helping to keep you (and us) safe. They cannot be disabled.
These cookies allow us to collect anonymous information on how you make use of our website or services. These cookies help us deliver you the most relevant advertisements and help improve the effectiveness of our advertisement campaigns. We may make use of these cookies for our own advertisement campaigns and or contract with any third parties in order to collect information and provide advertisements on the basis of these cookies.