United Merchant Services Limited and its associated companies and partners (“the Group”, “we”, “us” or “our”) are committed to protecting and respecting your privacy. This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
This website is not intended for children and we do not knowingly collect data relating to children.
It is important that you read this policy together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This policy supplements the other notices and is not intended to override them.
Controller and our contact details
We are the controller and responsible for your personal data. Our nominated representative is the Head of Legal and our address is Station House, Stamford New Road, Altrincham, WA14 1EP. Our representative can be contacted at [firstname.lastname@example.org].
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Collection of your personal data
Personal data that may be collected by us includes the following:
- information that you provide by visiting our website, including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise, and the resources that you access;
- information provided at the time of registering with us, including, but not limited to, your name, contact number, email address, date of birth, gender, passport or other identification details and financial information (including details of card transactions);
- information that you provide when providing feedback or when you report a problem with our website; and
- information that you provide when you contact us. We may keep a record of that correspondence and information you disclose to us.
- We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your website usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
- We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our products or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
Purpose and legal bases for processing
We may collect and use your personal data in the following ways:
- to process your application with us;
- to ensure that content from our website is presented in the most effective manner for you and for your computer;
- to provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes;
- to allow you to participate in interactive features of our service, when you choose to do so; and/or
- to notify you about changes to our service.
If you are an existing customer, we may contact you by telephone, SMS, e-mail or by written material with information about goods and services similar to those which were the subject of a previous sale to you.
If you are a new customer, and where we permit selected third parties to use your data, we (or they) may contact you by electronic means or letter if you have consented to this.
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- to carry out our obligations arising from any contract entered into between you and us;
- to comply with our legal obligations, or to exercise or defend our legal or contractual rights; or
- where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Generally, we do not rely on consent as a legal basis for processing your personal data, although we will get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us at email@example.com.
Legitimate Interest Processing
The contacting of customers and relevant parties will be exercised on the following basis:
- where the data subject has given express consent to the processing of the personal data for one or more specific purposes to either the Group or its affiliates; or
- where it is a party who we believe has a legitimate interest in the communication. This will in all cases be because a party has previously utilised the services of the Group or indicated an interest in the financial products provided by the Group or may have a professional interest in the Group and the services it provides.
This includes (but is not limited to) the customer abandoning an application online before submission, direct marketing, the previous provision of working capital, or where the customer has requested to be added to the communications and/or newsletter campaign emails. This would have been either by opting in to receive offers from the Group or by opting in to receive such via third party collaborative competitions.
The channels for which a legitimate interest assessment (“LIA”) has been conducted are as follows:
- Direct Marketing
- PPC Retargeting
- Email and SMS
- Social Media
- Customer Services
- Affiliate companies
We may use your personal data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decided which of our services may be relevant for you. You will receive marketing communications from us if you have requested information from us or engaged our services previously, and you have not opted out of receiving such marketing. We will get your express opt-in consent before we share your personal information with any third party for marketing purposes.
You can ask us or a third party to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at firstname.lastname@example.org at any time. We opt you out of receiving these marketing messages, but this does not mean we will stop processing your personal data provided to us as a result of any services we provide to you.
Change of Purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at email@example.com. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data, without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
To whom may the personal data be disclosed?
We may permit selected third parties to use your data to provide you with information about products and services which may be of interest to you and they may contact you about these by post or telephone.
We will also share your data with third party processors that are required in order for our business to function. These data processors include but are not limited to:
- Consumer Review Partners – including Trustpilot;
- Reward Partners;
- Paid Search Platforms – including Google AdWords’ and Analytics;
- Email service providers;
- Marketing Automations;
- Social Media platforms; and
- Customer Relationship Management Systems.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We may disclose your personal information (as well as any other information about your payment records under any agreement with us) to:
- other legal authorities if required by law;
- any member of our group, which means subsidiaries, or the holding company both as defined in section 1159 of the Companies Act 2006 (as may be amended or re-enacted from time to time);
- third parties in the event that we sell (or otherwise dispose of, including by way of security) or buy any business or assets, in which case we may disclose your personal data to the prospective seller, disposee or buyer of such business or assets;
- if we or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets;
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation and other agreements; or
- to protect the rights, property, or safety of the Group, subsidiaries, customers, or others.
- any debt collecting agents and any proposed charge of any agreement with us or our interest in any such agreement, or their advisers.
Third Country Transfers
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. By submitting your personal data, you agree to this transfer, storing or processing.
- the transfer of personal data is to a country that has been deemed to provide an adequate level of protection for personal data by the European Commission (the “EC”);
- where we use certain service providers, we may use the standard contractual clauses approved by the EC which give personal data the same protection it has in Europe; or
- where we use service providers based in the United States (the “US”), we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to your personal data shared between Europe and the US.
Please contact us at firstname.lastname@example.org if you would like further information on the specific mechanism used by us when transferring your personal data outside of the EEA.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk.
We will only retain your personal data for as long as reasonably necessary to fulfil
the purposes we collected it for, including the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
In the absence of the Group having any overriding lawful or contractual requirement to the contrary, personal data will be kept for a period of 6 years from the date of last contact.
Personal data rights
We want you to have in control over your information and under certain circumstances, you have the right to do the following:
- to request access to the personal data we hold on you;
- to request any rectification and /or erasure of your personal data or processing concerning the data subject;
- to object to processing of your personal data or to request restriction of processing your personal data;
- to exercise your right to data portability;
- to exercise your right to be forgotten if you no longer wish for us to store any of your personal details. Unless we have an overriding legal or contractual right, all applicable data will be deleted from our systems;
- to exercise your right to withdraw consent to processing at any time, without affecting the lawfulness of processing based on consent before its withdrawal. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent. You should note that notwithstanding the withdrawal of consent, we may be legally required to retain some or all of your personal data; and
- to exercise your right to lodge a complaint with a supervisory authority. We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority so please contact us in the first instance.
If you wish to exercise any of your rights set out above, simply contact us at email@example.com detailing your request. We will aim to respond to all legitimate requests relating to your rights above within one month of receipt of your request. Occasionally it may take us longer than one month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up your response.
Third party links
Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. Clicking on those links may allow such third parties to collect or share data about you. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Personal data requirement and the consequences of failing to provide it
If the personal data we require is not disclosed to us, and we require such personal data by law or under the terms of a contract, we may be unable to progress your application or perform the contract we have or are trying to enter into with you. In this case, we may have to cancel a service you have with us but we will notify you if this is the case at the time.
No automated processing
We do not use automated processing for decision-making. All applications are reviewed and assessed by our team on their own respective merits.
IP addresses and cookies
We may collect information about your computer, including, where available, your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual. For the same reason, we may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve our site and to deliver a better and more personalised service. They enable us:
- to estimate our audience size and usage pattern;
- to store information about your preferences, and so allow us to customise our site according to your individual interests;
- to speed up your searches; and
- to recognise you when you return to our site.