This Privacy Policy (“Policy”) has been compiled to better serve those who are concerned with how their 'Personally Identifiable Information' (“PII”) is being used online. PII, as used in UK Data Protection Act 2018 and information security, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Please read this Policy carefully to get a clear understanding of how we collect, use, protect or otherwise handle your PII in accordance with our website.

For the purpose of the applicable data protection legislation (meaning, prior to 25 May 2018 the Data Protection Act 1998 and from 25 May 2018 the General Data Protection Regulation and any legislation which implements it) (the “Data Protection Legislation”), the data controller is Paystorm Limited (StormPay), with registered office at office is 18 King William Street, Monument, London, EC4N 7BP, United Kingdom.

Our registration number with the Information Commissioner’s Office UK (ICO) is ZA778064. References in this Policy and on our website to “we”, “our” or “us” are references to Paystorm Limited. References to “you” and “your” means each natural or legal person who interacts with us, uses our website or the products and services we provide.

What personal information do we collect?

When ordering or registering on our website, as appropriate, you may be asked to enter:

  • your name, email address, mailing address, phone number, date of birth;
  • credit card information;
  • identification documents, user name (or similar identifier), job title and company information or other details to help you with your experience.

Whenever you use our website or app, the following information will be collected:

  • technical information, including the internet protocol (IP) address used to connect your device to the Internet;
  • information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our website (including date and time);

We collect personal data from third parties, including, but not limited to:

  • credit-reference agencies;
  • financial or credit institutions;
  • official registers and databases;
  • fraud-prevention agencies.

When do we collect information?

We collect information from you when you:

  • register with our website (;
  • download our mobile application;
  • subscribe to our services, provide us with feedback;
  • participate in surveys;
  • enter personal information on registration page;
  • by communicating with us by phone, email or otherwise.

How do we use your information?

We may use the information in the following ways:

  • To carry out our obligations relating to your contract with us and provide you with the  product, service or information;
  • To pursue our legitimate interests in providing and marketing our products and services to you;
  • To follow up after a correspondence (live chat, email or phone enquiries);
  • To comply with any applicable legal and/or regulatory requirements;
  • To improve our website, products, services and interactions with you and other users in order to better serve you.

How do we protect your information?

Our website is scanned on a regular basis for security breaches and known vulnerabilities in order to make your visit to our site as safe as possible.

We use regular Malware Scanning.

Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive personal or financial information you supply is encrypted via Secure Socket Layer (SSL) technology.

We implement a variety of security measures when users place an order, enter, submit, or access their information to maintain the safety of their personal information.

We do not store any of your debit or credit card information.

We do not sell, trade, or otherwise transfer your PII to outside parties unless we provide users with advance notice. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business or serving our users, so long as those parties agree to keep this information confidential. We may also release information when its release is appropriate to comply with the law, enforce our website policies or protect our or others' rights, property or safety.

However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising or other purposes.

Retention period

StormPay retains the data for as long as necessary to fulfill the purposes to which this data is collected for, including for the purposes of satisfying any legal, accounting, regulatory or reporting requirements.

To determine the appropriate retention period for data, StormPay considers:

  • the amount, nature, and sensitivity of the data;
  • the potential risk of harm from unauthorised use or disclosure of the data;
  • the purposes for which we process the data; and
  • the applicable legal requirements.

Customer’s rights

With regards to applicable laws, you may have right to access information that we hold about you. You can ask us to correct you inaccurate or incomplete personal data. We may need to check the accuracy of the new data before we update your file. You can ask us to delete your personal data if:

  • there is no reason for us to continue using it;
  • you have withdrawn your consent to use your personal data;
  • you have not given us consent to use your data;
  • we have unlawfully used your personal data
  • we are required by law to delete your personal data.

Your ability to exercise these rights will depend on a number of factors. We may not be able to fulfil your request, in order to comply with regulatory responsibilities.

To exercise you rights, you can contact us by sending email at We may ask you to provide your ID to verify your identity.


Cookies are text files that are placed on websites on the internet. Cookies track how long a visitor spends and what they do on our website. Cookies collect such information and share it with the owner of the website. We use cookies on our website to help us understand who uses our website and how we can improve it.

There are four main types of cookies:

  • Strictly necessary cookies are essential for the running of a website. Without the use of these cookies, you may not be able to use some of the features of websites.
  • Performance cookies monitor website performance and collect anonymous data on how visitors use a website. These cookies provide information to help improve how a website works.
  • Functionality cookies are used to remember user preferences so that the website can be customised for them.
  • Targeting or advertising cookies are used to target advertisements to the interests of users, based upon previous web browsing activity.

We only use strictly necessary cookies on our website, therefore there is no option to opt out.

Third-party links

We do not include or offer third-party products or services on our website.


Google's advertising requirements can be summed up by Google's Advertising Principles.

They are put in place to provide a positive experience for users.

We have not enabled Google AdSense on our site but we may do so in the future.

Data Protection Act

The Data Protection Act also sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to stop emails from being sent to them, and spells out tough penalties for violations. To be in compliance with the Act, we agree to the following:

  • Not use false or misleading subjects or email addresses;
  • Identify the message as an advertisement in some reasonable way;
  • Include the physical address of our business or company headquarters;
  • Monitor third-party email marketing services for compliance, if one is used;
  • Allow users to unsubscribe by using the link at the bottom of each email;
  • Honour opt-out/unsubscribe requests quickly.

If at any time you would like to unsubscribe from receiving future emails, you can email us at or follow the instructions at the bottom of each email and we will promptly remove you from ALL correspondence.

Contact us

If you have any questions, comments and requests regarding this Privacy Policy, you email us on You can also write to us at 18 King William Street, Monument, London, EC4N 7BP.