For the purpose of the applicable data protection legislation (meaning, prior to 25 May 2018 the Data Protection Act 1998 and from 25 May 2018 the General Data Protection Regulation and any legislation which implements it) (the “Data Protection Legislation”), the data controller is Paystorm Limited (StormPay), with registered office at office is 18 King William Street, Monument, London, EC4N 7BP, United Kingdom.
Our registration number with the Information Commissioner’s Office UK (ICO) is ZA778064. References in this Policy and on our website to “we”, “our” or “us” are references to Paystorm Limited. References to “you” and “your” means each natural or legal person who interacts with us, uses our website or the products and services we provide.
What personal information do we collect?
When ordering or registering on our website www.stormpay.io, as appropriate, you may be asked to enter:
- your name, email address, mailing address, phone number, date of birth;
- credit card information;
- identification documents, user name (or similar identifier), job title and company information or other details to help you with your experience.
Whenever you use our website or app, the following information will be collected:
- technical information, including the internet protocol (IP) address used to connect your device to the Internet;
- information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our website (including date and time);
We collect personal data from third parties, including, but not limited to:
- credit-reference agencies;
- financial or credit institutions;
- official registers and databases;
- fraud-prevention agencies.
When do we collect information?
We collect information from you when you:
- register with our website (www.stormpay.io);
- download our mobile application;
- subscribe to our services, provide us with feedback;
- participate in surveys;
- enter personal information on registration page;
- by communicating with us by phone, email or otherwise.
How do we use your information?
We may use the information in the following ways:
- To carry out our obligations relating to your contract with us and provide you with the product, service or information;
- To pursue our legitimate interests in providing and marketing our products and services to you;
- To follow up after a correspondence (live chat, email or phone enquiries);
- To comply with any applicable legal and/or regulatory requirements;
- To improve our website, products, services and interactions with you and other users in order to better serve you.
How do we protect your information?
Our website is scanned on a regular basis for security breaches and known vulnerabilities in order to make your visit to our site as safe as possible.
We use regular Malware Scanning.
Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive personal or financial information you supply is encrypted via Secure Socket Layer (SSL) technology.
We implement a variety of security measures when users place an order, enter, submit, or access their information to maintain the safety of their personal information.
We do not store any of your debit or credit card information.
We do not sell, trade, or otherwise transfer your PII to outside parties unless we provide users with advance notice. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business or serving our users, so long as those parties agree to keep this information confidential. We may also release information when its release is appropriate to comply with the law, enforce our website policies or protect our or others' rights, property or safety.
However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising or other purposes.
StormPay retains the data for as long as necessary to fulfill the purposes to which this data is collected for, including for the purposes of satisfying any legal, accounting, regulatory or reporting requirements.
To determine the appropriate retention period for data, StormPay considers:
- the amount, nature, and sensitivity of the data;
- the potential risk of harm from unauthorised use or disclosure of the data;
- the purposes for which we process the data; and
- the applicable legal requirements.
With regards to applicable laws, you may have right to access information that we hold about you. You can ask us to correct you inaccurate or incomplete personal data. We may need to check the accuracy of the new data before we update your file. You can ask us to delete your personal data if:
- there is no reason for us to continue using it;
- you have withdrawn your consent to use your personal data;
- you have not given us consent to use your data;
- we have unlawfully used your personal data
- we are required by law to delete your personal data.
Your ability to exercise these rights will depend on a number of factors. We may not be able to fulfil your request, in order to comply with regulatory responsibilities.
To exercise you rights, you can contact us by sending email at firstname.lastname@example.org. We may ask you to provide your ID to verify your identity.
There are four main types of cookies:
- Strictly necessary cookies are essential for the running of a website. Without the use of these cookies, you may not be able to use some of the features of websites.
- Performance cookies monitor website performance and collect anonymous data on how visitors use a website. These cookies provide information to help improve how a website works.
- Functionality cookies are used to remember user preferences so that the website can be customised for them.
- Targeting or advertising cookies are used to target advertisements to the interests of users, based upon previous web browsing activity.
We only use strictly necessary cookies on our website, therefore there is no option to opt out.
We do not include or offer third-party products or services on our website.
Google's advertising requirements can be summed up by Google's Advertising Principles. https://support.google.com/adwordspolicy/answer/1316548?hl=en.
They are put in place to provide a positive experience for users.
We have not enabled Google AdSense on our site but we may do so in the future.
Data Protection Act
The Data Protection Act also sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to stop emails from being sent to them, and spells out tough penalties for violations. To be in compliance with the Act, we agree to the following:
- Not use false or misleading subjects or email addresses;
- Identify the message as an advertisement in some reasonable way;
- Include the physical address of our business or company headquarters;
- Monitor third-party email marketing services for compliance, if one is used;
- Allow users to unsubscribe by using the link at the bottom of each email;
- Honour opt-out/unsubscribe requests quickly.
If at any time you would like to unsubscribe from receiving future emails, you can email us at email@example.com or follow the instructions at the bottom of each email and we will promptly remove you from ALL correspondence.