Data protection policy

1. Introduction

This is the privacy policy or ‘privacy notice’ of takepayments Limited ("takepayments", "us" or "we"), which applies to all personal data we process, relating only to our employees and prospective employees (including temporary workers) and certain contractors or consultants. This privacy policy does not apply to personal data we may obtain relating to any such person which is obtained other
than in connection with their employment or engagement by takepayments, such as personal data obtained through their use of our website (which are covered by a separate privacy policy).

This privacy policy also does not apply to personal data relating to others, such as the public and merchants (which are covered by a separate privacy policy).

When we refer to ‘personal data’ in this privacy policy, this means any information about an individual (either in isolation or in combination with other information held by us) from which that person can be identified. This may include information such as name, title, date of birth, gender, postal address, email address, computer IP address, telephone number, bank account details or identification documents.

This privacy policy governs the collection and use of personal data by takepayments. This includes any personal data you may provide to us (including as part of any contract you enter into with us, or through any use of takepayments’ website or IT systems/services) and which we may obtain from other sources.

We are committed to protecting and respecting your privacy. This privacy policy explains the types of personal data we collect, how we use that personal data, who we share it with, how we protect that personal data, and your legal rights in relation to your personal data.

It is important that you read this privacy policy together with any other privacy notice (or ‘fair processing’ notice) we may provide on specific occasions when we are collecting or processing personal data about you, so that you are fully aware of how and why we are using your personal data. This privacy policy supplements any such other notices and is not intended to override them.

This version of the privacy policy is effective as of 6th May 2021.


2. Who we are

For the purpose of applicable data protection laws, the data controller is takepayments Limited whose registered office is 4th Floor, Highbank House, Exchange Street, Stockport SK3 0ET.

We have appointed a Data Protection Officer who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact the Data Protection Officer using the contact details set out at the bottom of this privacy policy.

3. Keeping your personal data up to date

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes at any time, either by contacting our Human Resources Department, or by contacting the Data Protection Officer using the contact details set out at the bottom of this privacy policy.

4. Changes to this privacy policy

We reserve the right to amend this privacy policy at our sole discretion, without prior notice to you. We will notify you of any such changes (including when they will take effect) but this does not affect your rights set out in section 12 below.

5. What is covered by this privacy policy

This privacy policy covers all personal data collected and used by takepayments. The different types of personal data we may collect are referred to below. We use these terms elsewhere in this privacy policy to cover the relevant personal data referred to:

 

  • Identity Data – which may include first name, surname, any applicable maiden name, title and date of birth, identification documents (such as a driving licence or passport), your National Insurance number, any photographic or other images of you and biometric or genetic means of identification.
  • Relationship Data – which may include details of your marital status, details of your spouse or partner, details of next of kin and details of your children or other dependants.
  • Contact Data – which may include your home address, email address(es) and telephone number(s).
  • Contractual Data – which may include details about your contract of employment or engagement with us and/or any offer of employment or engagement with us (including details of your job, your position or job title, working hours, leave entitlement, records of leave taken, professional memberships, training records, performance information including appraisals and performance improvement plans, details of any disciplinary and grievance proceedings and information about your use of our information and communications systems).
  • Financial Data – which may include bank account details and details of your salary or other remuneration, pension and benefits information, payroll records and tax status information.
  • Recruitment Data – which may include copies of ‘right to work’ documentation, references and other information included in a CV or similar.
  • Sensitive Data – which may include details about your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, information about your health or medical history (including any medical condition or disability and health and sickness records related to your employment or engagement with us) and information about any applicable criminal convictions and offences.
  • Marketing Data - which may include your preferences in receiving information relating to competitions or surveys we promote and your communication preferences.

 

6. Collection of personal data

We may collect personal data about you from different sources detailed below.

Information you give us:

You will provide us with your personal data in connection with any contract of employment or engagement with us and/or any offer of employment or engagement that we make to you (including before or during any interview relating to any prospective contract or offer). You may also provide us
with personal data throughout the duration of your employment or engagement with takepayments. The information you give us may include your name, postal address, email address, landline and/or mobile telephone number, bank account information, identification documents, as well as other personal data (including any personal data you may provide on your CV and any personal data referred to below).

In connection with any contract of employment or engagement with us or any offer of employment or engagement that we make, you will have a contractual obligation to provide certain personal data to us. For example, in some cases, it may be a term of your contract of employment or engagement (or a condition of any offer of employment or engagement) that you must provide us with information for the purposes of us conducting certain checks, including:

    • checks to verify your identity and/or address (which may require you to provide your passport, driving licence or other identification documents, or we may checks with agencies such as Experian);
    • employment history checks (including references from previous employers);
    • Disclosure & Barring Services checks;
    • credit checks with licensed credit reference agencies and/or other relevant organisations (such as Experian); and/or
    • verification of your previous salary and tax information (which may require you to produce previous wage slips, P45s and/or P60s).

You may also be contractually required to provide us with certain sensitive personal data (which the law refers to as ‘Special Categories of Personal Data’), particularly regarding information about your health and medical history. We may also contractually require you to provide us with information about any criminal convictions or offences.

You may also be required, in connection with statutory obligations (and as a term of any contract with us, or as a condition of an offer we make), to provide personal data to us to verify your right to work in the United Kingdom. This may include requiring you to provide your passport, driving licence, birth certificate or other identification documents, your National Insurance number (if you live in the UK) or your Visa (if you live outside the UK).

Where the terms of our contract (or the conditions of any offer we make) require you to provide certain personal data, there may be consequences for you if you do not provide it. Where there is no contract already in place and you do not give us such personal data then we may not be able to conclude a contract with you. If you do not give us such personal data where a contract is already in place then you may be in breach of contract (which may result in you incurring financial liability to us) and we may be entitled to terminate your contract. There may also be other legal consequences for you if you do not give us any information which you are required by law to provide.

Some information you provide to us may constitute sensitive personal data (which the law refers to as ‘Special Categories of Personal Data’). This may include details about your race or ethnicity, religious or philosophical beliefs, sexual orientation, trade union membership and information about your health or medical history.

You may provide us with information in certain circumstances, including when you:

  • ask us for details of third-party services that we may promote from time to time;
  • subscribe to our publications; or
  • enter a competition, promotion or survey.

Information we collect about you:

We may collect various personal data about you throughout the duration of your employment or engagement with takepayments (and occasionally afterwards). This may include:

  • details of any changes to your contract of employment or engagement;
  • salary and other financial information;
  • performance data relating to your employment or engagement, including details of appraisals and feedback to or from your managers;
  • details of any grievances you may raise;
  • details of any disciplinary action and/or complaints made against you.

Information we receive and collect from other sources:

We may receive information about you from third parties such as your previous employers, credit reference agencies (such as Experian) and doctors. Information from doctors may include information about your health and medical history.

The different kinds of personal data about you which we may collect and process from third parties are: Identity Data, Contact Data, Financial Data and Sensitive Data.

We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Such aggregated data may be derived from your personal data but is not considered personal data in law (as this data does not directly or indirectly reveal your identity). However, if we combine or connect any such aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

7. How we use your personal data

We will only use your personal data when the law allows us to. Each basis on which we are lawfully permitted to process your personal data is known as the ‘legal basis’ for processing.

The purposes for which we may use your personal data and the types of legal basis that we will rely on to process your personal data are set out in the table below. Note that we may process your personal data for more than one legal basis depending on the specific purpose for which we are using your personal data (as shown in the table). Where more than one is shown, please contact us if you would like details about the specific legal basis we are relying on to process your personal data.

Purpose/Activity  Type of personal
data
Legal basis for processing
To arrange an interview for prospective employment.
  • Identity Data
  • Contact Data
  • Recruitment Data
  • Processing undertaken with your
    consent.
  • Necessary to take steps before
    entering into a contract.
  • Necessary for our legitimate interests (to assess whether we wish to interview you and to make recruitment decisions).
To process and enter into any contract of employment or engagement.
  • Identity Data
  • Relationship Data
  • Contact Data
  • Contractual Data
  • Financial Data
  • Recruitment Data
  • Sensitive Data
  • Processing undertaken with your consent.
  • Necessary to take steps before entering into a contract.

 

To make checks about to verify your identity, address and your right to work in the UK.
  • Identity Data
  • Relationship Data
  • Contact Data
  • Processing undertaken with your consent.
  • Necessary for our legitimate nterests (to ensure we can be satisfied of your identity and address and your right to work in the UK).
  • Necessary to comply with a legal obligation.
To make financial checks about you (including checking your credit history and making searches with licensed credit reference agencies) and seeking employment references and checking
salary information.
  • Identity Data
  • Relationship Data
  • Contact Data
  • Financial Data
  • Recruitment Data
  • Sensitive Data
  • Processing undertaken with your
    consent.
  • Necessary for our legitimate interests (to ensure that you do not have any financial problems that might affect your duties, that you are a suitable person to employ or engage and that information about your salary or tax status is accurate).
  • Necessary to comply with a legal obligation.
To use your medical history and any relevant health information or next of kin
details in the event of an emergency or where your life could be in danger.
  • Identity Data
  • Contact Data
  • Relationship Data
  • Sensitive Data
  • Processing undertaken with your consent.
  • Necessary for our legitimate interests (including to ensure your health and safety is protected).
  • Processing is necessary in order to protect the vital interests of you or another person.
To manage our relationship with you, which will include administration of your contract, paying wages or other sums due to you, administering pension arrangements, dealing with absences, dealing with grievances, monitoring and measuring your performance, providing you with security identification/office access passes and notifying you about changes to your contract or this policy.
  • Identity Data
  • Relationship Data
  • Contact Data
  • Contractual Data
  • Financial Data
  • Recruitment Data
  • Sensitive Data
  • Necessary for the performance of a contract to which you are a party, or to take steps at your request before entering into such a contract.
  • Necessary to comply with a legal obligation.
  • Necessary for our legitimate interests (including to manage and monitor your performance, to manage our premises and security and to keep our records updated).
To manage and plan our business and make business decisions (including with
regard to promotions, reorganisations, staff deployment and any reasonable adjustments).
  • Identity Data
  • Contractual Data
  • Recruitment Data
  • Sensitive Data
  • Necessary for the performance of a contract to which you are a party, or to take steps at your request before entering into such a contract.
  • Necessary to comply with a legal obligation.
  • Necessary for our legitimate interests (including to manage and monitor your performance, to manage our premises and security and to keep our records
    updated).
To enable you to partake in a prize draw, competition or complete a survey.
  • Identity Data
  • Contact Data
  • Contractual Data
  • Marketing Data
  • Processing undertaken with your consent.
  • Necessary for our legitimate interests (to manage our business, gather staff feedback and support our workforce).
To make suggestions and recommendations to you about goods or services that
may be of interest to you.
  • Identity Data
  • Contact Data
  • Contractual Data
  • Marketing Data
  • Processing undertaken with your consent.
  • Necessary for our legitimate interests (to manage our business and support our workforce).
To advertise and promote our business, including by way of company brochure,
newsletters and website postings.
  • Identity Data
  • Processing undertaken with your consent.
  • Processing undertaken for our legitimate interests.
To comply with legal requirements (including where you exercise any of your rights
referred to in this privacy policy), to exercise our legal rights and to bring or defend
legal claims.
  • Identity Data
  • Relationship Data
  • Contact Data
  • Contractual Data
  • Financial Data
  • Recruitment Data
  • Sensitive Data
  • Marketing Data
  • Necessary to comply with a legal obligation.
  • Necessary for our legitimate interests to exercise our legal rights and to bring or defend legal claims.

We will only use your personal data for the purposes shown above. If we need to use your personal data for a different purpose, we will update this privacy policy and notify you of the change before starting any such new processing.

Please note that in some circumstances we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

8. Transfers of personal data

We may have to share your personal data with the parties set out below for the purposes shown:

  • any member of the takepayments group of companies, including subsidiaries and holding companies, in order to enable you to access the products and services we provided, provide you with customer support and conduct the other activities described in this privacy policy;
  • licensed credit reference agencies and/or other relevant organisations (such as Experian), to make checks to verify your identity and to make financial checks about you (including checking your credit history);
  • your previous employers, for the purposes of seeking employment references relating to you;
  • third parties such as:
    • service providers (acting as our data processors) who provide us with services relating to IT, hosting and other infrastructure and IT system administration, training, payroll and payment processing;
    • professional advisers (acting as our data processors) including lawyers, bankers, accountants, auditors and insurers based who provide legal, banking, accounting, auditing and insurance services to takepayments;
    • HM Revenue & Customs, the Financial Conduct Authority, other regulators and government authorities, for purposes required by law; and
    • the police and fraud prevention agencies, for the purposes of crime detection and prevention; and
  • third parties which undertake or administer surveys, competitions or prize draws.

We may also disclose your personal data to third parties:

  • in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
  • if any member of the takepayments group or substantially all of its assets are acquired by a third party, in which case your personal data may be one of the transferred assets and disclosed to them accordingly; and
  • if we are under a duty to disclose or share your personal data in order to comply with any legal obligation or in order to enforce our terms and conditions or other agreements, or to protect the rights, property or safety of the takepayments group.

We may share your personal data with credit reference agencies and this information may be linked to records relating to other people living at the same address with whom you may be financially linked. Other credit grantors may use this information to make credit decisions about you and the people with whom you are financially associated.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. Our third-party service providers (to the extent they are acting as our data processors) are contractually bound to use personal data only to perform the services that we have engaged them to provide and they are only permitted to process your personal data in accordance with our instructions.

Please note that some of our external third-party service provides are based outside the United Kingdom (UK), so their processing of your personal data will involve a transfer of personal data outside the UK. Please see section 9 about personal data being processed outside of the UK.

9. Where we store your personal data

Usually your personal data will be stored in the United Kingdom (UK). However, some of our external third-party service provides are based outside the UK, so your personal data may be transferred to a destination outside of the UK. This means it may also be stored and processed at a destination outside of the UK, including by staff operating outside the UK who work for one of our service providers.

Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it than applies within the UK, by ensuring that certain minimum legal safeguards are met or implemented. We take all steps that are mandatory or reasonably necessary to ensure that your personal data is treated securely and in accordance with applicable data protection laws.

Please contact us if you want further information about the circumstances in which we transfer your personal data out of the UK or the safeguards we use.

10. How long we store your personal data for

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Details of the periods for which we retain different aspects of your personal data can be found in our Data Retention Policy at https://www.takepayments.com/data-retention-policy/.

In some circumstances, you can ask us to delete your personal data. Please see section 12 regarding ‘Your Rights’ for further information.

11. Security of your personal data

We use administrative, technical, and physical measures to safeguard personal data against loss, theft and unauthorised uses, access or modifications. Our staff and our third-party service providers are under a duty to process your personal data only in accordance with our instructions and they are subject to a duty of confidentiality regarding your personal data.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

12. Your rights

You have the rights set out below with respect to the personal data that we hold about you. To exercise any of these rights, you should contact us by using the contact details set out at the bottom of this privacy policy.

You will not normally have to pay a fee to exercise any of these rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity when you seek to exercise any of your rights. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to help clarify the scope of your request.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Your right to access the personal data we hold about you

You have the right to ask us whether or not we process your personal data and to request information
on the purposes of the data processing as well as confirmation on whether we use your personal data for these purposes only.

In some circumstances, we may not be able to give you access to the personal data we hold about you (for example, we may not be able to give you access if it would unreasonably affect someone else's privacy or if giving you access poses a serious threat to someone's life, health or safety).

You also have the right to be informed of the third parties to which we transfer your personal data within the scope of this privacy policy.

Your right to have your personal data corrected

You can contact us to have any incomplete or inaccurate personal data we hold about you corrected, although we may need to verify the accuracy of the new personal data you provide to us.

Your right to erasure of your personal data

You can ask us to delete or remove your personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your personal data unlawfully or where we are required to erase your personal data to comply with local law.

Please note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, after you make your request.

Your right to request restriction of the processing of your personal data

You may ask us to suspend the processing of your personal data:

  • if you want us to establish the accuracy of the personal data;
  • where our use of the personal data is unlawful but you do not want us to erase it;
  • where you need us to hold the personal data even if we no longer require it, as you need it to establish, exercise or defend legal claims; or
  • you have objected to our use of your personal data but we need to verify whether we have overriding legitimate grounds to use it.

We will inform you when you decide to lift any such restriction on processing.

Your right to object to us processing your personal data

You have the right to ask us to stop processing your personal data where the processing is based on legitimate interests and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. We will comply with your right to object in these circumstances, unless:

  • we can demonstrate that we have compelling legitimate grounds to process your personal data which override your rights and freedoms; or
  • the processing is for the establishment, exercise or defence of legal claims.

Where we are relying on your consent to process your personal data, you may withdraw consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.

Your right to object to automated decision making

You have the right not to be subject to a decision which is based exclusively on automated processing and produces a legal effect or a similarly significant effect on you. In these circumstances, you are entitled to obtain human intervention, express your point of view and obtain an explanation of the decision and challenge it. However, this right does not apply if the automated decision is necessary for entering into or performance of a contract between you and us, is authorised by law or is based on your explicit consent.

Please note that when we undertake credit checks in connection with the entry into a contract with you, we may use an automated decision-making service provided by third parties (such as Experian). Whilst this is an automated service, if the results of any such check reveal any adverse information, then we use human intervention to assess those results and to make any decision which may affect your status under that contract.

Your right to have your personal data transmitted to another organisation

Where we process personal data about you which:

  • has been provided by you directly to us; and
  • is processed by automated means; and
  • is processed with your consent or for the performance of a contract with you,

you have the right to ask us to provide you with the personal data we hold about you in a structured, commonly used and machine-readable format or, where technically feasible, to transmit that personal data to another organisation.

Making a complaint

You have the right to lodge a complaint to the Information Commissioner's Office, the UK supervisory authority for data protection issues (www.ico.org.uk), if you believe that we have not complied with applicable data protection laws. You also have a right to claim damages if processing of your personal data violates applicable data protection law. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

13. Contacting us

If you have any questions about this privacy policy, or if you wish to exercise your rights as referred to in this privacy policy, please contact us by:

  • writing to us at:
    The Data Protection Officer
    takepayments Limited
    4th Floor,
    Highbank House,
    Exchange Street,
    Stockport,
    Cheshire
    SK3 0ET
    or
  • emailing our Data Protection Officer by sending an email to: compliance@takepayments.com.
takepayments
Chat with us!
Hi, is there anything we can help you with today?