Legal

Updated May 19, 2022

PRIVACY POLICY

1. Introduction

This Privacy Policy (“Policy”) is an overview of how we collect, use and process your data when you use our website www.stormpay.io (“website”) or when you register on our website, subscribe to our products and services, install and use our mobile app, or provide us with feedback, enter your data or other details on the registration page, participate in surveys or communicate with us by phone, email, or otherwise, Please read the Policy carefully as it becomes legally binding, and we expect you to understand StormPay’s views and practices regarding the data and how StormPay will treat it.

We respect your privacy and take the protection of your data very seriously and are committed to handling the data of those we engage with, whether customers, suppliers or colleagues responsibly and in a way that meets the legal requirements of the countries in which we operate.

2. Definitions

When used throughout the text of this Policy:

StormPay, us, we or our each means Paystorm Limited, a private limited company with registered address at Sierra Quebec Bravo, 77 Marsh Wall, London, England, E14 9SH, United Kingdom;

you or your means each natural or legal person who interacts with us, uses our website or the products and services we provide;

personal data is the information that can be used to uniquely identify an individual;

non-personal data is information that will not allow a specific individual to be identified;

data denotes personal data and/or non-personal data;

principal is Paystorm Limited, a private limited company with registered address at Sierra Quebec Bravo, 77 Marsh Wall, London, England, E14 9SH, United Kingdom.

3. About StormPay

For the purposes of this Policy and the Data Protection Act 2018 StormPay is the data controller. StormPay is registered with the United Kingdom Information Commissioner’s Office under reference number ZA 778064.

If you have any questions about how we protect or use your data, please email us at [email protected]

4. Data we collect about you

We currently collect and process the following data:

  • data which you give us (it may include your name, address, email address, phone number, date of birth, identity documents, username (or similar identifier), occupation and company information, recruitment data, social media, contact details, etc.);
  • data we collect about you when you communicate with us and when you use our products or services (it may include financial data, phone number used to call StormPay’s customer service number, etc.);
  • data on transactions (for example, payments into and out of your account), including the date, time, amount, currencies, exchange rate, beneficiary details, details of the merchant associated with the transaction, IP address of payer and payee, their name and registration information, messages sent or received with the payment, the payment method used;
  • data we collect about you if you use our website led to the automatically collection of the following information:
  • technical information, including the Internet protocol (IP) address used to connect the computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
  • details of the transactions you carry out when using our products or services, including geographic location from which the transaction originates;
  • login information (if relevant);
  • information about the visit, including the full Uniform Resource Locators (URL), clickstream to, through and from website (including date and time);
  • products and services which are viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page.
  • data from publicly available sources;
  • data from other sources:
  • the banks you use to transfer funds to us will provide us with your data;
  • business partners may provide us with your data;
  • advertising networks, analytics providers and search information providers may provide us with pseudonymised information about you, such as confirming how you found our website;
  • credit reference agencies do not provide us with any personal data about yourself, but we may use them to corroborate the information you have provided to us.
  • data from any individual (other than yourself) that receive payments from you during your use of our products and services, you promise that you have obtained consent from such individual to disclose his/her personal data to us, as well his/her consent to our collection, use and disclosure of such personal data, for the purposes set out in this Policy.

If you are a StormPay’s corporate customer, we will need to confirm your identity as part of our KYC process. We will ask you to provide documents, and will also collect information from third parties, such as commercial registers, for this purpose. Periodically, we may conduct a soft check of credit files which may leave small trace on them but will not affect the file itself.

StormPay also collects non-personal data or may anonymise personal data in order to make it non-personal data. StormPay may collect, store, use, transfer and disclose non-personal data for any purpose (for example, the use of aggregated transactional data for commercial purposes).

5. Risk assessment

We may make automated decisions by using technology that can evaluate your circumstances and other factors to predict and evaluate associated risks. We do this to comply with our regulatory obligations. Risk assessment also allows us to run our business efficiently and to ensure our decisions are informed and consistent. Where the automated assessment cannot be completed, we evaluate your data manually.

6. Cookies

We collect data about your use of our website from cookies and to distinguish you from other users, see how you use our site and products while providing you with the best experience. They also enable us to improve our products and services. For detailed information on cookies and other technologies we use and the purposes for which we use them, see our Cookie Policy.

7. Use of your data

We will use your data for the following purposes:

  • to enter into a contract with you or to carry out our contractual obligations we owe to you;
  • to pursue our legitimate interests in providing and marketing our products and services to you;
  • improving our website and interactions with you and other users of our products and services;
  • to comply with applicable legal and/or regulatory requirements;
  • to process your job application;
  • to send periodic emails regarding your StormPay account, our products and services and changes to them as well as the customer support services;
  • to improve our products and services, and to ensure that they are presented in the most effective manner;
  • to adhere to government regulations or guidance or to pursue any legitimate business interest;
  • to follow up with you after correspondence (live chat, email or phone enquiries);
  • to combine data we receive from other sources with the data you give to us. We may use such data or the combined data for the purposes set out above (depending on the types of data we receive).

If you wish to change how we use the data, please refer to section ‘Your rights’ below.

If you choose not to share your data with us, or refuse certain contact permissions, we might not be able to provide some services or products which are asked for.

8. Disclosure of data

We will not sell, trade, or otherwise transfer your data to third parties unless we provide you with an advance notice. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business or serving our customers, so long as those parties agree to keep this data confidential or under regulatory obligation to protect your data.

We may further disclose your data to third parties:

  • affiliates, business partners, suppliers (suppliers who provide us with IT, payment and delivery services, our banking and financial services partners and payments networks, etc) and subcontractors for the performance and execution of any contract we enter into with them or you;
  • if we are under a duty to disclose or share your data in order to comply with any legal or regulatory obligation;
  • to assist us in conducting or co-operating in investigations of fraud or other illegal activity where we believe it is reasonable and appropriate to do so to check your identity, protect against fraud, keep to anti-money laundering regulations and confirm that you are eligible to use our products and services;
  • to prevent and detect fraud or other illegal activity;
  • where you ask us to share your data.

9. Retention period of data

The periods for which we retain your data are determined based on the nature and type of data, potential risk of harm from unauthorised use or disclosure of data, the purposes for which StormPay processes the data as well as any applicable legal or regulatory framework.

In general, once no longer needed for a legitimate business purpose or reason, your data will be deleted, or we may anonymise or aggregate it with other data to make it non-personal.

We will generally keep your data for at least 5 years after our business relationship with you ends or such period as may be required by applicable regulations.

10. Storing and transfer of data

We store your data on Amazon Web Services secure servers.

As we provide an international service, we may need to transfer your data outside the United Kingdom or European Economic Area (EEA) in order for us to provide our products and services.

For example, if you ask to make an international payment, we will send funds to banks outside of the United Kingdom or EEA. We might also send your data outside of the United Kingdom or EEA to keep to global legal and regulatory requirements, and to provide ongoing customer support services.

We may share your data with credit-reference agencies and fraud-prevention agencies that are based outside of the United Kingdom or EEA.

We will take all reasonable steps to make sure that your data is handled securely and in line with this Policy and applicable data protection regulations.

Please note that the transmission of data via the internet is not completely secure and we will do our best to protect your data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk.

Once we have received your data, we will use strict procedures and security features to try to prevent unauthorised access, loss or damage.

11. How do we protect your data

Our website is scanned on a regular basis for security breaches and known vulnerabilities in order to make your visit to StormPay’s website as safe as possible.

We use regular malware scanning for security breaches and known vulnerabilities in order to make your visit to our website as safe as possible.

The data is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the data confidential.

Communication over the internet between you and us is encrypted using strong asymmetric encryption. All data you supply is encrypted via Secure Socket Layer (SSL) technology.

We implement a variety of security measures when users place an order, enter, submit, or access their data to maintain the safety of their data. Our servers are updated in a timely manner.

We periodically conduct training on the significance of confidentiality and privacy of customer’s data.

12. Your rights

You have certain rights under the data protection legislation, including:

  • request copies of your data that we hold;
  • provide you with further details on the use we make of your data;
  • request that we correct data if it is inaccurate or that we complete data if it is incomplete;
  • object to our processing of your data in certain circumstances;
  • request to delete data in certain circumstances; and
  • request to provide your data to someone else.

Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege). For example: we may not be able to agree to your request to delete data.

As a regulated financial services provider’s distributor, we must keep certain customer’s data even where you ask us to delete it. If you've closed your StormPay account, we may not be able to delete your entire file because these regulatory responsibilities take priority. We will let you know if we can't delete your data.

For security reasons, we can't deal with your request if we are not sure of your identity, so we may ask you for proof of your ID.

13. How will we keep you updated on how we use your data?

If we wish to change the way we process data or contemplate using data for a different purpose, we will update this Policy accordingly. If we wish to change the way we process your data that we already hold or contemplate using such data for a purpose which you have not agreed to, we will seek your separate consent.

14. Third-party links

Our website may, from time to time, contain links to and from the websites of the principal, our partner networks, advertisers and affiliates. If we indicate a link to any of these websites, please note that (1) these websites have their own privacy policies and we do not accept any responsibility or liability for these policies and (2) third-party products or services are not included for the purposes to offer them on our website.

15. Changes to our Privacy Policy

Any changes to the Policy will be posted on our website. Please check our website regularly to see any updates or changes to the Policy. If we change the way we use your data, we will update this Policy and, if appropriate, let you know through our website or other means.

16. Complaints

If you feel that we have not addressed your questions or concerns adequately, or you believe that your data protection or privacy rights have been infringed, you can contact us in the first instance through submission of your complaint to us in the first instance by contacting us through the following address, or email: Citypoint, 1 Ropemaker Street, London, EC2Y 9HT, United Kingdom. Email: [email protected]

We verify the identity in order to process the request and may ask to provide valid identification documents.

You can also complain to the Information Commissioner’s Office (www.ico.org.uk) if you are unhappy with how we have used your data:

Address: Wycliffe House, Water Ln, Wilmslow SK9 5AF, United Kingdom

Helpline number: 0303 123 1113

COOKIE NOTICE

Can we use cookies to improve your experience?

We’re not talking about the crunchy, tasty kind. These cookies help us keep our website safe, give you a better experience and show more relevant ads. We won’t turn on unless you accept. Want to know more or adjust your preferences?

Strictly necessary cookies

These essential cookies do things like remember your progress through a form or deliver you information securely - helping to keep you (and us) safe. They cannot be disabled.

Analytics and advertising cookies

These cookies allow us to collect anonymous information on how you make use of our website or services. These cookies help us deliver you the most relevant advertisements and help improve the effectiveness of our advertisement campaigns. We may make use of these cookies for our own advertisement campaigns and or contract with any third parties in order to collect information and provide advertisements on the basis of these cookies.