This Merchant Data Processing notice applies if you are entering into an agreement with takepayments Limited, a Global Payments company (“GP”) for the provision of card payment processing and other products and services made available by takepayments and GP.
When we refer to “you” or “Merchant” in this notice, we refer to the individuals who provide us with personal data in order to procure these services. In the case of sole traders, partnerships and other unincorporated customers, this will be the individuals who own the business, and for corporate customers, this will mean any directors, officers, shareholders or other parties responsible for the operation of the business whose data we collect. In all cases, this will include any joint applicants or guarantors whose personal data we process.
1. Who we are and how to contact us.
takepayments Limited, a Global Payments company, with a registered office address: 4th Floor Highbank House | Exchange Street | Stockport | SK3 0E, is a data controller of your personal data, which means information that is about you or from which we can identify you. This notice describes how we deal with your personal data.
We are the data controller of this personal data under relevant data protection laws because in the context of our business relationship with you, we decide how and why it is processed in the ways explained in this notice. When we use terms such as “we”, “us” and “our” in this notice, we mean takepayments Limited, a Global Payments company, or “GP” for short.
Our Data Protection Officer can be contacted at any time, including if you have queries about this notice or wish to exercise any of the rights mentioned in it, by emailing compliance@takepayments.com or by mail to 4th Floor Highbank House | Exchange Street | Stockport | SK3 0E.
2. Where do we get your personal data?
We will generally collect your personal data from the following sources:
Some of the personal data may also have originated from publicly accessible sources.
3. What kinds of personal data about you do we process?
We process the personal data that you provide to us during the Merchant application and onboarding process as well as during your ongoing relationship with us.
The personal data includes:
If you make a joint application or provide a guarantor, we will also collect the personal data mentioned above about that person. If you are a corporate entity, we will collect the personal data mentioned above about the directors, shareholders and other managers whose names are provided to us by you. You must show this notice to the other applicant and ensure they confirm that they know you will share it with us for the purposes described in it.
4. What are the legal grounds for our processing of your personal data?
Data protection laws require us to explain what legal grounds justify our processing of your personal data (including when sharing it with other organisations). For some services more than one legal ground may be relevant. Here are the legal grounds that are relevant to us:
5. Personal data processing as part of providing the takepayments and GP products and services
When you choose to use takepayments or GP products or services, unless otherwise stated, our legal basis for processing is performance of the contract between you and takepayments or GP in accordance with Art. 6 (1)(b) GDPR.
The services you are taking will be listed in our agreement with you. These services may include services provided by our affiliated companies, such as Pay and Shop Limited trading as Global Payments, providing e-commerce gateway services, and Way2Pay, providing pay by link services...
With your consent where required under applicable law, we may also share your information with Partners who offer services that may be of interest to you, such as flexible financing. Your information may be shared with the partners for the purposes of determining your eligibility for the financing offer.
6. How and when can you withdraw your consent?
Where processing of your personal data is based on your consent, you have the right to withdraw that consent for future processing at any time. You can do this by contacting us by email via compliance@takepayments.com or, for direct marketing communications, from the unsubscribe link in any marketing communication.
The consequence might be that we cannot send you some marketing communications, or that we cannot consider special categories of personal data or provide you with certain Services. Please note that if you opt out of receiving marketing-related communications from us, we may still send you administrative, transactional, or account information messages, from which you cannot opt out.
7. Is your personal data transferred outside the United Kingdom?
Usually your personal data will be stored in the United Kingdom (UK). However, as our affiliate companies are located around the globe, your personal information may be transferred to and stored in another country outside of the country in which you reside, including in the United States, which may be subject to different standards of data protection than your country of residence. Additionally, some of our external third-party service providers are based outside the UK, so your personal data may be transferred to a destination outside of the UK.
Subject to your consent if required by applicable law, we may appoint an affiliate company to process personal data in a service provider role. We will remain responsible for that company’s processing of your personal data pursuant to applicable data privacy laws.
We take appropriate steps to ensure that transfers of personal data are in accordance with applicable law, are carefully managed to protect your privacy rights and interests and limited to countries which are recognized as providing an adequate level of legal protection or where alternative adequate arrangements are in place to protect your privacy rights.
For more information about suitable safeguards and (where relevant) how to obtain a copy of them or to find out where they have been made available, you can contact our Data Protection Officer using the email details above.
8. With whom do we share your personal data?
9. How we share your personal data with Credit Reference Agencies
In order to process your application, we will perform credit and identity checks on you with one or more Credit Reference Agencies (“CRAs”). To do this, we will supply your personal data to CRAs and they will give us information about you. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information.
We will use this information to:
We will continue to exchange personal data about you with CRAs while you have a relationship with us.
When CRAs receive a search from us, they will place a search footprint on your credit file that can be seen by other people who carry out searches.
This information about CRAs is condensed. GP will identify the CRA used in relation to your personal data on request, by emailing our Data Protection Officer as detailed above.
Please note that the processing of your personal data within these agencies is governed by the policies adopted by the relevant agencies. You can contact the CRAs directly by visiting their websites to obtain a copy of your information from them.
10. How we share your personal data with Fraud Prevention Agencies
If you provide false or inaccurate information or fraud is suspected or identified, your details will be passed to Fraud Prevention Agencies. If we terminate or suspend service under our agreement with you, we may pass details of the reason it is terminating or suspending service under the agreement together with details of your business, including without limitation the names and addresses of the principal proprietors or directors, to fraud prevention databases operated by Card Schemes. The types of reason that may be notified to Card Schemes include, but are not limited to, circumstances such as insolvency, breach of our agreement or excessive levels of fraudulent transactions or Disputes.
We, and Fraud Prevention Agencies, will use this information to prevent fraud and money laundering, and to verify your identity. We and Fraud Prevention Agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.
Fraud Prevention Agencies can hold your personal data for different periods of time, depending on how that data is being used. You can contact them directly for more information. If you are considered to pose a fraud or money laundering risk, your data can be held by Fraud Prevention Agencies for up to six years from its receipt.
A record of any fraud or money laundering risk will be retained by the Fraud Prevention Agencies and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, you can contact the appropriate Fraud Prevention Agency.
This information about Fraud Prevention Agencies is condensed. GP will identify the Fraud Prevention Agencies it uses on request by emailing our Data Protection Officer as detailed above. You can contact the Fraud Prevention Agencies directly to obtain a copy of your information from them. Information held may differ so you may wish to contact them all.
11. How long do we retain your personal data?
We retain the personal data we collect for different periods of time depending on what it is and how we use it. In some contexts, we will provide additional information about retention as you use the services. When we collect personal data, we will retain it only for as long as is necessary to complete the legitimate business or legal purposes for which we collected it. The criteria used to determine our retention periods include:
Details of the periods for which we retain different aspects of your personal data can be found in our Data Retention Policy at: https://www.takepayments.com/data-retention-policy.
12. What are your rights under data protection laws?
You have certain rights in relation to the processing of your personal data, some of which may not apply in all circumstances. To learn more or to exercise your rights, you can submit a request by completing this. You may also contact our DPO via compliance@takepayments.com.
You have the right to complain to the Information Commissioner’s Office if you believe that our processing does not comply with applicable data protection laws.
If you wish to exercise any of these rights against the Credit Reference Agencies, the Fraud Prevention Agencies, or a broker or other intermediary who is a data controller in its own right, you should contact them separately.
13. Data Anonymisation and Use of Aggregated Information
Your personal data may be converted into statistical or aggregated data, which cannot be used to re-identify you. It may then be used to produce statistical research and reports. This aggregated data may be shared and used in all the ways described in this notice.
14. General
This document was last issued in April 2025 and may be amended from time to time. Updated versions will be posted on our website as detailed above.