header grey circle
Skip to content

Privacy Policy

Pozitive Payments services
Last updated: August 2022

Pozitive Payments Ltd (“PPL”, “we”, “us”, “our”) provides acquiring and issuing services for Small and Medium-sized Enterprises (SMEs). We are committed to protecting your personal information and your right to privacy. If you have any questions or concerns about this privacy notice or our practices regarding your personal information, please contact us at compliance@pozitivepayments.com.

This Privacy Policy sets out how we collect, store and process your personal data and explains your rights in relation to your personal data. This privacy policy covers:

  1. Information collected from others?
  2. What Personal Data do we collect?
  3. How we obtain information
  4. Credit reference and fraud prevention considerations
  5. How Do We Use Your Personal Data?
  6. Schedule of Purposes of Processing
  7. Marketing information
  8. Transferring information overseas
  9. What Special Categories of Personal Data Do We Process?
  10. When Do We Share Client Personal Data?
  11. How Long Will My Personal Data Be Retained?
  12. What security measures are in place?
  13. What are your rights?
  14. How to contact us?
Legal Information:

For the purpose of the relevant European data protection regulations, including but not limited to the General Data Protection Regulation, the company in charge of your Personal Data (also known as the data controller) is Pozitive Payments Ltd (Companies house: 12300457), with oversight provided by the Information Commissioner’s Office (ICO reference: ZB229055). As a controller, we use (or process) the personal data we hold about you in accordance with this policy.

This Privacy Policy affects your legal rights and obligations so please read it carefully. If you do not agree to be bound by this Privacy Policy, please do not provide your personal data to us. We may update this Privacy Policy from time to time at our discretion and in particular to reflect any changes in applicable laws. If we do so, and the changes substantially affect your rights or obligations, we shall notify you via email. Otherwise, you are responsible for regularly reviewing this Privacy Policy so that you are aware of any changes to it.

If any provision of this Privacy Policy is held by a court of competent jurisdiction to be invalid or unenforceable, then such provision shall be construed, as nearly as possible, to reflect the intentions of the parties and all other provisions shall remain in full force and effect.

This Privacy Policy shall be governed by and construed in accordance with English law and you agree to submit to the exclusive jurisdiction of the English Courts.

If you have any questions about your personal data, the content of this policy or wish to exercise your rights in relation to your personal data please contact us at compliance@positivepayments.com

1. Information collected from others?

Where we have collected information directly from you it will usually be obvious what this is, as you will have given it to us. This might not be the case where we have used cookies to collect information from your computer or portable devices. Please see our Cookies Policy for more information.

2. What Personal Data do we collect?

We respect individuals’ rights to privacy and to the protection of personal information. The purpose of the Privacy Notice is to explain how we, the data controller, collect and use personal data in connection with our business.

“Personal Data” means information about a living individual who can be identified from that information (either by itself or when combined with other information). We will collect and process various categories of personal data at the start of and for the duration of, your relationship with us. We will limit the collection and processing of information to information necessary to achieve one or more legitimate purposes as identified in this notice. Personal data may include:

  • personal contact information (including your name, home address, personal telephone number(s) and personal e-mail address);
  • business contact information (including e-mail address and telephone number);
  • date of birth;
  • government identification and / or driving licence number;
  • gender;
  • copy of your passport, visa or driving licence;
  • company account details, tax residence and tax status information;
  • copies of company statements, utility bills and official correspondence to your residential address;
  • asset and liability statements;
  • documents gathered during the on-boarding process (including credit history, background vetting information);
  • information gathered through our monitoring of its IT systems, building access records and CCTV recording when you attend meetings in person at our offices;
  • passport, national identity card, driving licence, power of attorney and relevant contact information of your lawyers, accountants, advisers, agents, attorneys or other representatives (including their name, address, telephone number(s) and e-mail address(s));
  • due diligence materials (including reports, photographs, valuations and analysis) relating to your property, assets, finances or creditworthiness for the purposes of credit analysis, consideration and approval; transaction structuring, processing and administration/management; and
  • Personal Data which you otherwise voluntarily provide, for example when corresponding in writing (including via email or other electronic means), in meetings or during phone conversations or entered into any of our websites.

The majority of the Personal Data provided by you is mandatory in order for us to administer the client relationship and perform our obligations under our contract(s) with you and/or comply with

statutory requirements relating to making or receiving payments, sanctions or taxation. Failure to provide mandatory Personal Data may affect our ability to accomplish the purposes stated in this privacy notice and potentially affect your ongoing client relationship with us.

Where permitted by law, we may process information about criminal convictions or offences and alleged offences for specific and limited activities and purposes, such as to perform checks to prevent and detect crime and to comply with laws relating to money laundering, fraud, terrorist financing, bribery and corruption, and international sanctions. It may involve investigating and gathering intelligence on suspected financial crimes, fraud and threats and sharing data between us and with law enforcement and regulatory bodies.

The list set out above is not exhaustive, and there may be other Personal Data which we may collect, store and use in the context of the client relationship.

3. How we obtain information

The majority of the Personal Data which we process will be collected directly from you. Your information is made up of all the financial and personal information we collect and hold about you/your business and the proprietors, officers and beneficial owners of that business and your transactions. It includes:

  • information you give us;
  • information that we receive from third parties – including third parties who we provide services to you and us, credit reference, fraud prevention or government agencies and financial institutions (where permitted by law);
  • information that we learn about you through our relationships with you and the way you operate your account/or services;
  • information that we gather from the technology which you use to access our services (for example an IP address or telephone number) and how you use it; and
  • information that we gather from publicly available sources, such as the press, the electoral register, company registers and online search engines.
4. Credit reference and fraud prevention considerations

4.1. General

Before we provide goods or services to you, we undertake checks for the purposes of preventing fraud and money laundering and to verify your identity. These checks require us to process personal data about you.

The personal data you have provided, we have collected from you, or we have received from third parties will be used to prevent fraud and money laundering, and to verify your identity.

Details of the personal information that will be processed include, for example: name, address, date of birth, contact details, financial information, employment details, device identifiers including IP address.

We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.

We process your personal data on the basis that we have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws and meet the regulatory requirements that apply to us. Such processing is also a contractual requirement of the goods and services we offer.

Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.

4.2. Automated Decisions

As part of the processing of your personal data, decisions may be made by automated means. This means we may automatically decide that you pose a fraud or money laundering risk if our processing reveals your behaviour to be consistent with money laundering or known fraudulent conduct, or is inconsistent with your previous submissions, or you appear to have deliberately hidden your true identity. You have rights in relation to automated decision-making, so if you want to know more please contact us on the details above.

4.3. Consequences of Processing

If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the goods or services you have requested or to employ you, or we may stop providing existing services to you.

A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us on the details above.

4.4. Data Transfers

Whenever fraud prevention agencies transfer your personal data outside of the European Economic Area, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the European Economic Area. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.

5. How Do We Use Your Personal Data?

We use your Personal Data for a variety of purposes to perform our obligations under the contracts between you and us to comply with our legal obligations, regulatory obligations or otherwise in pursuit of its legitimate business interests.

6. Schedule of Purposes of Processing

We will only use and share your information where it is necessary for us to carry out our lawful business activities. We want to ensure that you fully understand how your information may be used. We have described the purposes for which your information may be used in detail below:

6.1. Contractual necessity

We may process your information where it is necessary to enter into a contract with you for our goods or services or to perform our obligations under an existing contract. Please note that if you do not agree to provide us with the requested information, it may not be possible for us to continue to operate your account and/or provide goods and services to you. This may include processing to:

  • assess and process applications for goods or services;
  • provide and administer those goods and services throughout your relationship with the company, including opening, setting up or closing your accounts or goods; collecting and issuing all necessary documentation; executing your instructions; processing transactions, including transferring money between accounts; making payments to third parties; resolving any queries or discrepancies and administering any changes;
  • calls to our service centre and communications to our emails and online helplines may be recorded, retained and monitored for these purposes;
  • manage and maintain our relationships with you for ongoing customer service; and
  • communicate with you about your account(s) or the goods and services you receive from us.

6.2. Legal obligation

When you apply for a good or service (and throughout your relationship with us), we are required by law to collect and process certain personal information about you. Please note that if you do not agree to provide us with the requested information, it may not be possible for us to continue to operate your account and/or provide goods and services to you. This may include processing to:

  • confirm your identity, including using biometric information and voice-recognition technology and others;
  • identification procedures, for example, fingerprint or facial verification;
  • perform checks and monitor transactions and location data for the purpose of preventing and detecting crime;
  • to comply with laws relating to money laundering, fraud, terrorist financing, bribery and corruption, and international sanctions. This may require us to process information about criminal convictions and offences;
  • to investigate and gather intelligence on suspected financial crimes, fraud and threats and to share data with law enforcement and regulatory bodies;
  • share data with other companies and third parties to help recover funds that have entered your account as a result of a misdirected payment by such a third party;
  • share data with police, law enforcement, tax authorities or other government and fraud prevention agencies where we have a legal obligation, including reporting suspicious activity and complying with goodion and court orders;
  • deliver mandatory communications to customers or communicate updates to good and service terms and conditions;
  • investigate and resolve complaints;
  • conduct investigations into breaches of conduct and corporate policies by our employees;
  • manage contentious regulatory matters, investigations and litigation;
  • perform assessments and analyse of customer data for the purposes of managing, improving and fixing data quality;
  • provide assurance that the company has effective processes to identify, manage, monitor and report the risks it is or might be exposed to;
  • investigate and report on incidents or emergencies on the company’s properties and premises; and
  • coordinate responses to business-disrupting incidents and ensure facilities, systems and people are available to continue providing services.

6.3. Legitimate interests

We may process your information where it is in our legitimate interest to do so as an organisation and without prejudicing your interests or fundamental rights and freedoms.

a) We may process your information in the day-to-day running of our business, to manage our business and financial affairs and to protect our customers, employees and property. It is in our interests to ensure that our processes and systems operate effectively and that we can continue operating as a business. This may include processing your information to:

  • monitor, maintain and improve internal business processes, information and data, technology and communications solutions and services;
  • ensure business continuity and disaster recovery and responding to information technology and business incidents and emergencies;
  • ensure network and information security, including monitoring authorised users’ access to our information technology for the purpose of preventing cyber-attacks, unauthorised use of our telecommunications systems and websites, prevention or detection of crime and protection of your personal data;
  • provide assurance on the company’s material risks and reporting to internal management and supervisory authorities on whether the company is managing them effectively;
  • perform general, financial and regulatory accounting and reporting;
  • protect our legal rights and interests;
  • manage and monitor our properties (for example through CCTV) for the purpose of crime prevention and prosecution of offenders, for identifying accidents and incidents and emergency situations and for internal training; and enable a sale, reorganisation, transfer or other transaction relating to our business.
  • send you relevant marketing information (including details of other goods or services provided by us or other group companies which we believe may be of interest to you). We may show or send you marketing material online (on our own and other websites including social media platforms), in our app, or by email, sms or post

b) It is in our interest as a business to ensure that we provide you with the most appropriate goods and services and that we continually develop and improve as an organisation. This may require processing your information to enable us to:

  • identify new business opportunities and to develop enquiries and leads into applications or proposals for new business and to develop our relationship with you;
  • send you relevant marketing. We may show or send you marketing material online (on our own and other websites including social media platforms), in our app, or by email, SMS or post;
  • understand our customers’ actions, behaviour, preferences, expectations, feedback and financial history in order to improve our goods and services, develop new goods and services, and to improve the relevance of offers of goods and services by the group companies;
  • monitor the performance and effectiveness of goods and services;
  • assess the quality of our customer services and to provide staff training. Calls to our service centres and communications to our mobile and online helplines may be recorded and monitored for these purposes;
  • perform analysis on customer complaints for the purposes of preventing errors and process failures and rectifying negative impacts on customers;
  • compensate customers for loss, inconvenience or distress as a result of services, process or regulatory failures;
  • identify our customers’ use of third-party goods and services in order to facilitate the uses of customer information detailed above; and
  • combine your information with third-party data, such as economic data in order to understand customers’ needs better and improve our services.

c) We may perform data analysis, data matching and profiling to support decision-making with regards to the activities mentioned above. It may also involve sharing information with third parties who provide a service to us.

d) It is in our interest as a business to manage our risk and to determine what goods and services we can offer and the terms of those goods and services. It is also in our interest to protect our business by preventing financial crime. This may include processing your information to:

  • carry out financial and credit risk assessments;
  • manage and take decisions about your accounts;
  • carry out checks (in addition to statutory requirements) on customers and potential customers, business partners and associated persons, including performing adverse media checks, screening against external databases and sanctions lists and establishing connections to politically exposed persons;
  • share data with credit reference, fraud prevention agencies and law enforcement agencies;
  • trace debtors and recover outstanding debt;
  • for risk reporting and risk management.

Application decisions may be taken based on solely automated checks of information from credit reference agencies and internal records. For more information on how we access and use information from credit reference and fraud prevention agencies see the section on Credit reference and fraud prevention considerations above.
As mentioned above, these lists are not exhaustive, and we may undertake additional processing of Personal Data in line with the purposes set out above.
We will update this privacy notice from time to time to reflect any notable changes in the purposes for which it processes your Personal Data.
We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your Personal Data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

7. Marketing information

Unless you have told us that you do not want to hear from us, we will send you relevant marketing information (including details of other goods or services provided by us, or other Pozitive Group companies which we believe may be of interest to you), by mail, phone, email, text and other forms of electronic communication. If you change your mind about how you would like us to contact you or you no longer wish to receive this information, you can tell us at any time by contacting us in writing at compliance@pazitivepayments.com.

8. Transferring information overseas

We will share client Personal Data with third parties located outside of the EEA from time to time for the purposes set out in this Privacy Notice. We may transfer your information to organisations in other countries on the basis that anyone to whom we pass it protects it in the same way we would and in accordance with applicable UK laws.

In the event that we transfer information to countries outside of the European Economic Area (which includes countries in the European Union as well as Iceland, Liechtenstein and Norway), we will only do so where:

  • the European Commission has decided that the country or the organisation we are sharing your information with will protect your information adequately;
  • the transfer has been authorised by the relevant data protection authority; and/or
  • we have entered into a contract with the organisation with which we are sharing your information (on terms approved by the European Commission) to ensure your information is adequately protected.
9. Marketing information

Certain categories of data are considered “special categories” of Personal Data” and are subject to additional safeguards. We do not need your consent if we use special categories of your Personal Data in accordance with our written policy to carry out our legal/regulatory obligations or exercise specific legal rights.

In limited circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent.

10. When Do We Share Client Personal Data?

We will share client Personal Data with other parties only in limited circumstances and where this is necessary for the performance of the contract or to comply with a legal obligation, or otherwise in pursuit of its legitimate business interests as follows:

  • where we have your permission;
  • where required for your good or service; manage and maintain our relationships with you and for ongoing customer service. This may involve sharing your information with other group companies to improve the availability of our good and services;
  • where we are required by law and by law enforcement agencies, judicial bodies, government entities, tax authorities or regulatory bodies around the world;
  • with companys, financial institutions and payment services companies when making payment to or receiving payment from you;
  • with background vetting specialists as part of the client on-boarding process and periodically thereafter to ensure Personal Data held is up to date;
  • accountants, lawyers, notaries and other professional advisers when considering, structuring, documenting, concluding, terminating, varying, amending or renewing a particular transaction already in place with you;
  • financiers, insurers, participants and sub-participants in order to consider and/or obtain funding, risk mitigation, insurance or other financial or risk support in relation to an agreement between you and us;
  • IT service providers as part of routine testing, maintenance, development and improvement to the safety, security or functioning of our IT systems;
  • with debt collection agencies;
  • with credit reference and fraud prevention agencies;
  • with third-party guarantors or other companies that provide you with benefits or services (such as insurance cover) associated with your good or service;
  • where required for a proposed sale, reorganisation, transfer, financial arrangement, asset disposal or other transaction relating to our business and/or assets held by our business;
  • send you relevant marketing information, however we will not share your information with third parties for marketing purposes without your permission;
  • in anonymised form as part of statistics or other aggregated data shared with third parties; or
  • where permitted by law, it is necessary for our legitimate interests or those of a third party, and it is not inconsistent with the purposes listed above.

In all cases, the client Personal Data is shared under the terms of a written agreement between us and the third party which includes appropriate security measures to protect the Personal Data in line with this privacy notice and our obligations. The third parties are permitted to use the Personal Data only for the purposes which we have identified, and not for their own purposes, and they are not permitted to further share the data without our express permission.

11. How Long Will My Personal Data Be Retained?

By providing you with goods or services, we create records that contain your information. Records can be held on a variety of media (physical or electronic) and formats.

We manage our records to help us to serve our customers well (for example for operational reasons, such as dealing with any queries relating to your account) and to comply with legal and regulatory requirements. Records help us demonstrate that we are meeting our responsibilities and to keep as evidence of our business activities.

Retention periods for records are determined based on the type of record, the nature of the activity, good or service, the country in which the relevant company is located and the applicable local legal or regulatory requirements.

We may, on exception, retain your information for longer periods, particularly where we need to withhold destruction or disposal based on an order from the courts or an investigation by law enforcement agencies or our regulators. This is intended to make sure that we will be able to produce records as evidence, if they are needed.

Under some circumstances, we may anonymise your Personal Data so that it can no longer be associated with you. We reserve the right to retain and use such anonymous data for any legitimate business purpose without further notice to you.

Data type Retention period
General Correspondence 6 years
Contractual Documents 6 years
Forms of identification 6 years
Financial and credit-related info. 6 years
Personal data (in electronic form) 6 years
Transactional history 6 years
Tax and accounting records 7 years
CCTV foortage 7 days

During the course of your client relationship with us we will review the Personal Data we hold in relation to you approximately every 12 months and any Personal Data which is no longer needed will be deleted. Following the termination of your client relationship with us we will typically retain data for the periods set in the following table.

Retention periods may be changed from time to time based on business or legal and regulatory requirements.

13. What are your rights?

You have several rights under applicable data protection legislation. Some of these rights are complex, and not all of the details have been included below. Further information can be found at the ICO’s website (here).

  • Right of access: You have the right to obtain from us a copy of the personal data that we hold for you.
  • Right to rectification: You can require us to correct errors in the personal data that we hold on your and/or process for you if it is inaccurate, incomplete or out of date.
  • Right to Erasure (“right to be forgotten”): You have a right to request that we delete your personal information if you believe that:
    • we no longer need to process your information for the purposes for which it was provided;
    • we have requested your permission to process your personal information and you wish to withdraw your consent; or
    • we are not using your information in a lawful manner.
    However, whilst we respect your right to be forgotten, we may still retain your personal data in accordance with applicable laws and regulatory requirements. Also, please note that if you request us to delete your information, we may have to suspend the operation of your account and/or the products and services we provide to you.
  • Right to portability: You can request that we transfer your personal data to another service provider. Where we have requested your permission to process your personal information or you have provided us with information for the purposes of entering into a contract with us, you have a right to receive the personal information you provided to us in a portable format.

    You may also request us to provide it directly to a third party, if technically feasible. We’re not responsible for any such third party’s use of your account information, which will be governed by their agreement with you and any privacy statement they provide to you.

    If you would like to request the personal information you provided to us in a portable format, please write to us at compliance@pozitivepayments.com before initiating any such data transfer.
  • Right to restriction of processing: In certain circumstances, you have the right to require that we restrict the processing of your personal information, especially if you think it has been used unlawfully.

    Data collection is optional, however, if you decide not to share required personal data with us, it may delay or stop us from meeting our legal and regulatory obligations. This will also mean that we may have to stop or discontinue our service for you as we are required to collect certain personal information by law, and/or under the terms of a contract we have with you. (See Terms & Conditions of our goods)
  • Right to stop receiving marketing information: You have a right to object at any time to the processing of your personal information for direct marketing purposes.
  • Right to stop receiving marketing information: You have a right to object at any time to the processing of your personal information for direct marketing purposes.
  • Right to withdraw your consent: You have a right to withdraw your consent at any time where we rely on your permission to process your personal information. We will always make it clear where we need your permission to undertake specific processing activities.

    Please note that if you withdraw your consent, we may have to suspend the operation of your account and/or the goods and services we provide to you.

You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

14. How to contact us?

If you have any questions about your rights to your personal data or wish to exercise your rights in relation to your personal data please email us at compliance@pozitivepayments.com.

You also have the right to raise any concerns about how your Personal Data is being processed with the Information Commissioner’s Office (ICO) by going to the ICO’s website: https://ico.org.uk/concerns/ or contacting the ICO on 0303 123 1113 or casework@ico.org.uk.

Download acrobat reader