How we use your information
Satispay Limited (“Satispay”) is committed to complying with the Data Protection Act 1998 (“DPA”).
As a financial technology company operating from the United Kingdom but with services in a number of European Economic Area (EEA) countries, Satispay will only process (i.e. collect, store and use) personal data in a manner that is compatible with the DPA, as implemented in each European Country. This means that we will always strive to ensure that we handle personal data fairly and lawfully with justification.
Our aim is not to be intrusive by invading your privacy or to undertake any task that is irrelevant. Instead our aim is to ensure we collect information that is of the highest quality in terms of accuracy, relevance, adequacy and non-excessiveness and which by all accounts, is “fit for purpose”.
To ensure that we process your personal data fairly and lawfully we are required to inform you:
why we need your data;
how it will be used and;
who it will be shared with.
Satispay is authorised as an Electronic Money Institution (“EMI”) by the Financial Conduct Authority (the details of which can be checked at http://www.fsa.gov.uk/register/home.do) and we are required to counter the risk that we might be used to further financial crime. To do this we may use the information you give us, and the information we hold about you, to detect and prevent crime or fraud.
For the purposes of the DPA, Satispay is a Data Controller (the holder, user and processor) of the information. We will keep all information safe and secure.
How do we collect personal about you?
The information we collect about you comes from:
information you have given us as part of the sign-up application process to allow to give you access to the Satispay services;
information that you have given us over the telephone, via email or social media; and
details of any checks we have made to ensure the accuracy of the information we hold.
What is personal data?
Personal data is defined as any data, which relates to a living individual who can be identified:
from the information held, or
from the information combined with any other information which is already in the possession of, or
likely to come into the possession of, the person or organisation holding the information
Personal data also includes any expression of opinion about an individual, and any indication of the intentions of the data controller or any other person in respect of the individual.
Examples of personal data include:
names and home address details;
national insurance number;
bank account details;
dates of birth;
What is sensitive information?
Certain types of data are categorised as “sensitive personal data”, for example:
racial or ethnic origin;
physical or mental health/condition;
criminal offences (including alleged offences);
religious or other similar beliefs of a similar nature.
What types of personal data do we handle?
We do not handle sensitive personal data. In order to carry out our duties we hold data in relation to personal details such as names, dates of birth, addresses, telephone numbers, email addresses, bank account details.
What is the purpose of holding data?
Satispay has notified the Information Commissioner that personal data will be held and used for the following purposes:
to provide a e-money transfer service;
to prevent and detect financial crime;
maintain our accounts and records;
promote our services; and
to support and manage our staff.
Whose personal data do we handle?
In order to carry out our duties as an EMI we handle personal data from a range of individuals. This includes:
relatives, guardians and associates of the individual concerned;
staff including volunteers, agents, temporary casual workers, members, self-employed and other persons contracted to work on our behalf;
complainants, correspondents and enquirers;
former and potential members of staff, pensioners and beneficiaries;
business or/other contacts.
Whom may we share the information with?
We obtain and share personal data with a variety of sources, which include but are not limited to:
relatives, guardians or associated people with the individual – i.e. where there is a legal duty to;
ombudsman and other regulatory authorities;
financial institutions e.g. Banks;
law enforcement agencies including the Police, the National Crime Agency;
Third Party Data processors that work on behalf of Satispay.
It may be necessary to transfer personal information overseas. When this is needed information is only shared within the EEA. Any transfers made will be in full compliance with all aspects of the Data Protection Act.
Why do we share information?
There are a number of reasons why we share information. This can be due to:
current legislation and regulations which imply that we must;
we may have to comply with a Court Order;
for the purposes of keeping your personal data safe and secure;
you have consented to disclosure.
Any disclosures of personal data are always made on case-by-case basis, using the personal data appropriate to the specific purpose and circumstances and with the necessary security controls in place.
We only use the data we hold to fulfil these functions efficiently and effectively. Information held is only shared with those agencies and bodies who have a “need to know basis”.
Your personal data is not used for any sales or marketing purposes outside of Satispay or Satispay Group of Companies and we will not pass your information onto third parties unless we have your consent to do so or we are required by law to do so e.g. for fraud or crime purposes.
At any time, you are able to tell us to stop using your personal data for our own marketing purposes.
How do we ensure the security of personal data?
Satispay takes the security of the personal data held very serious. We have data security procedures and an Information Security Policy to ensure we protect all data from accidental loss or misuse. We only permit access to information with there is a legitimate reason to do so.
What if the data we hold about you is incorrect?
It is important to us that the data we hold about you is accurate and up to date. If you are moving house or changing your name please contact us (firstname.lastname@example.org or via social media) immediately so we can update our records.
How long is my data held?
In some instances, the law sets the length of time information has to be kept, but in most cases we use our discretion to ensure that we do not keep records outside of our normal business requirements – i.e. providing a service to you.
Your information is only held for as long as necessary and will be disposed of in a secure manner when it is no longer needed.
Can I find out what information is held on me?
You can submit a data subject access request to see what information is held about you. All we ask is that you write to us and clearly specify the information you require.
All subject access requests require proof of ID and a £10 fee by cheque (which is the maximum we are allowed to charge).
Your cheque must be made payable to Satispay Limited. Upon receipt of your eligible request, a response will be sent to you within the statutory limit of 30 calendar days.
You have the right to amend, integrate or ask for the deletion of the collected information.
Am I entitled to all the information that is held about me?
Data subject access requests are subjected to the exemptions of the DPA.
In some limited cases we may have to redact names or withhold information where it relates to:
a third party or where the information has been provided in confidence;
the prevention and detection of fraud;
the catching or prosecution of offenders;
the assessment and collection of taxes and duties;
the ways benefit fraud is detected or prevented;
the health and safety of staff;
where the disclosure of medical opinions may cause distress or serious harm to a person.
Of course we will try to provide you with as much information as possible.
Links to external websites
We may provide links to other content such as websites, web apps and downloadable apps. Unless expressly stated, this content is not under Our control. We neither assume nor accept responsibility or liability for such third party content. The provision of a link by Us is for reference only and does not imply any endorsement of the linked content or of those in control of it.