Payment Solutions Limited trading as SmartDebit (“We”) are committed to protecting and respecting your privacy.
We adhere strictly to the requirements of the UK Data Protection Act 1998 (the ‘’Act’’) and other data privacy and data retention regulations.
This policy (together with our Terms of Website Use and any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be used, processed and stored by us.
Payment Solutions Limited (Company Registration Number 03493808) of One Windlesham Court, 51 Guildford Road, Bagshot, Surrey, GU19 5NG is registered as a Data Controller with the Information Commissioner’s Office.
For the purpose of the General Data Protection Regulation (GDPR), if data is provided to Payment Solutions Limited under a payment processing service agreement, the customer is deemed as Data Controller and Payment Solutions Limited is a Data Processor.
If you engage us to provide services as a Data Processor, terms in our contract of engagement will supersede this policy.
1. Information we may collect from you
We may collect basic identification information about you:
– your name
– your position
– your date of birth
– any other information you provide about yourself and/or your business
If you contact our Customer Services team, we may keep a record of that communication, including copies of emails and your email address. We may also monitor and/or record telephone conversations you may have with our team.
2. What are your rights?
Under applicable data protection rules, as an individual you may have the following:
– the right of access
– the right to rectification
– the ‘right to erasure’ or ‘right to be forgotten’
– the right to restrict processing
– the right not to be subject to automated decision making and profiling
3. How do we use your information?
We use information held about you in the following ways:
To ensure that content on our website is presented in the most effective manner for you and for your computer.
To carry out our obligations arising from an agreement entered into between you and us.
To monitor your account to prevent financial crime including fraud and money laundering.
To assess and verify the financial position and identity of you and your business and any related parties such as directors, shareholders and persons of significant control.
To record and track details of you and your customers’ financial transactions whilst using our products/services.
To provide you with information about our products and services via marketing communications.
To help resolve any customer complaint.
To manage business risk for us and our customers.
To comply with applicable laws and industry standards.
4. Who may we share your personal data with
Under certain circumstances, we may be under a duty to disclose or share your personal data in order to comply with any legal and regulatory obligation, or in order to enforce or apply our Terms of Website Use and other agreements, or to protect the rights, property, or safety of Payment Solutions Ltd, our customers or others.
We also transfer personal data to third parties outside SmartDebit to complete the requirements described in Section 3, including third party service providers, such as our IT systems providers, our hosting providers, cloud service providers, database providers, consultants (including lawyers, tax accountants, labour consultants) and third parties who carry out pre-employment or pre-engagement checks on prospective employees and contractors, and other goods and services providers. Each of these service providers has signed contracts to protect your personal information.
Your personal data will be shared with a fraud prevention agency to help detect fraud and potential money laundering risks, and therefore we can only use your personal data to comply with the law.
5. Why is personal data being collected?
We are allowed to use personal data for legitimate interests, that is business or commercial reasons, in order for SmartDebit to carry out our business.
If you enter into a processing contract with us, we will utilise appropriate personal data to process payment transactions as required under Bacs guidelines.
6. Where do we store your personal data?
All information you provide to us is stored on our secure servers located in the United Kingdom. Any bank account information will be encrypted. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask that you do not share a password with anyone.
Staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services.
We use industry standard systems to secure our processing websites and any data you process through these will be secured in transit using modern SSL technology to the extent that your browser can support such security. Any other mechanism for passing data to us is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
7. Access to your personal data
Any subject access request may be made in writing to our Customer Services team by emailing us at firstname.lastname@example.org. Following receipt, we will handle your request, within a one month deadline, by providing you with details of the information we hold about you.
SmartDebit acts as a Data Processor for the purpose of Direct Debit and Cheque services. Any subject access requests made by an end payer of an organisation that uses SmartDebit’s services should be directed to the organisation itself as Data Controller rather than SmartDebit. If we receive such a request, we will pass this on to the organisation in question.
8. Correction of your personal data
We will correct any inaccurate personal information that we hold about you, so if you believe we hold incorrect data, please contact us at email@example.com and we will review the data and correct accordingly.
For end payers, this correction is the Data Controller’s responsibility.
9. Deleting your personal data
You have the right to object to us using your personal data and therefore can request that we delete it, which is known as the ‘right to erasure’ or the ‘right to be forgotten’.
However, there may be legal or regulatory reasons why we need to hold your data.
You may contact our Customer Services team at firstname.lastname@example.org
10. Restricting your personal data
You have the right for your personal data to be stored, but not further processed if: it is no longer relevant, but you would like us to keep it for potential legal claims; it is not accurate or it has been used in an unlawful manner, but you want us to store it.
Additionally, this decision may delay or prevent us from performing our service, resulting in the cancellation of our service with you.
11. Automated decision-making (including profiling)
We do not use any systems to make automated decisions, including profiling, from personal data.
12. How long do we keep your personal data
To this end, there are various obligations to keep hold of your data including to enable the processing of, transactions, chargebacks and refunds, and to identify fraud and money laundering.
Therefore, please note that whilst you are a customer of ours, we will keep hold of your data, and when you are no longer a customer, we will retain your data to meet our obligations.
With your consent or as a legitimate interest, we will contact all customers from time to time about our products and services. However, if you do not wish to be contacted, you may opt out of this direct marketing by making a request to us to stop marketing communications by contacting our Customer Services team at: email@example.com
For business reasons, we will contact customers who have opted in/out of our marketing with crucial system information and/or information about changes to our service.
For the purposes of SmartDebit’s Direct Debit and Cheque services, our customers’ payers are ring-fenced and will only ever be contacted for the express purpose of running Direct Debit or Cheque services. Payers’ data is collected and processed only for fulfilling contractual obligations.
14. Use of our service by a minor
Our products and services are not directed to minors under the age of thirteen (13) and therefore we request that they do not provide personal data to us.
15. Withdraw consent
You have the right to withdraw your consent at any point in time.
Please contact us at firstname.lastname@example.org and we will stop using and/or processing your personal data.
16. How to complain
If you are dissatisfied with how we use your personal information, you may contact our Customer Services team by emailing us at email@example.com
Additionally, you have the right to report a concern to the Information Commissioner’s Office at:
18. Contact us