Privacy policy

Owner DPA Officer
Type Policy
Audience Users of www.phhub.org and www.paymenthelp.org
Classification Public
Issue Date

1. Policy statement

  1. Payment Help Ltd and the wider Payment Help Ltd (together “we”/ “our”/ “us”) are committed to protecting the privacy of our website users and take our responsibility regarding the security of their information very seriously. We will be clear and transparent about the information we are collecting and what we will do with that information.
  2. This Privacy Policy tells you about the information we collect from you when you use our website. In collecting this information, we are acting as a Data Controller and, by law, we are required to provide you with information about us, about why and how we use your Personal Data, and about the rights you have over your Personal Data.
  3. This Policy sets out the following:
    • what Personal Data we collect and process about you in connection with your relationship with us as a user of our website;
    • where we obtain your Personal Data from;
    • what we do with your Personal Data;
    • how we store your Personal Data;
    • who we transfer/disclose your Personal Data to;
    • how we deal with your data protection rights; and
    • how we comply with the applicable data protection laws and regulations.
  4. The Processing of Personal Data within the United Kingdom is regulated by the Data Protection Act 2018, which incorporates fully, the European Union’s General Data Protection Regulation 2016/679 and is now recognised and referenced as the UK’s General Data Protection Regulations (UK GDPR). We process all Personal Data in accordance with the UK’s

2. Definitions

Data Controller
The organisation which determines the purpose(s) and means of Processing of Personal Data (e.g. Payment Help Ltd); think of a ‘data controller’ as a "data owner".
Data Processor
The organisation/individual that Processes Personal Data on behalf of the Data Controller (e.g. IT service providers).
Personal Data
A broadly defined term meaning any information relating to an individual who can be identified, directly or indirectly, from such data e.g. name, email address, IP address and mobile telephone number. Descriptions of individuals with sufficient specificity will also be considered ‘personal data’.
Processing/Processed
Any use of Personal Data e.g. storage in databases, input onto systems and applications, sharing with law enforcement agencies or creating customer accounts. The act of typing a customer’s name into a spreadsheet is an example of ‘processing’ Personal Data.

3. Contact details

  1. You can contact us by post at the undernoted address, by email at the undernoted email address or by telephone on +44 (0)333 344 0858.
    We are registered with the Information Commissioner as a Data Controller with Registration Number ZA770511.
  2. The contact details of the Company’s Data Protection Officer (“DPO”) are:

    Email Address: dataprotection@Paymenthelp.org or

    Postal Address:
    Data Protection Officer
    Payment Help Ltd.
    York House, 8-12 Salisbury Square,
    Old Hatfield,
    Hertfordshire,
    AL9 5AD

4. What Personal Data do we collect?

We collect Personal Data that you give us by filling in forms on our website or by corresponding with us by telephone, e-mail or otherwise. It includes information you provide if you register to use our website, use or subscribe to a service provided by us and also when you report a problem with our website. The information you give us may include your:

  • name;
  • address;
  • e-mail address;
  • telephone number;
  • technical information (such as IP address).
Your information When?
Your:
  • name (first name and surname); and
  • contact details (i.e. email address, telephone number and/or postal address)
When you:
  • create an account on our website;
  • request information;
  • take part in our competitions; or
  • choose a service that we make available on our website
Information about your transaction, including your payment card details When you use our service to query transactions or the status of queries.
Communications you exchange with us (e.g. your emails, letters, telephone calls, or your messages on our online chat service) When you contact us or you are contacted by us
Your posts and messages on social media directed to us When you interact with us on social media
Your feedback When you:
  • reply to our requests for feedback;
  • use the feedback tool on our website; or
  • participate in our customer surveys
Information about how you use our website or our mobile app When you:
  • navigate on our website; or
  • use our mobile app
Information that relates to your membership/account When you open an account

5. How do we use your Personal Data?

  1. Information you give to us:

    We may use this information to:

    1. provide you with status updates on transactions that you have queried or any other service that we offer.
    2. contact you, respond to any correspondence, email or telephone call you have made to us or to provide the information you have requested from us;
    3. notify you about changes to our service; and
    4. ensure that content from our website is presented in the most effective manner for you and for your computer.
  2. Information we collect about you:

    We may use this information:

    1. to administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
    2. to improve our website to ensure that content is presented in the most effective manner for you and for your computer;
    3. to allow you to participate in interactive features of our service, when you choose to do so;
    4. as part of our efforts to keep our website safe and secure;
    5. to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you; and
    6. to make suggestions and recommendations to you and other users of our website about goods or services that may interest you or them.
    7. In support of any regulatory or law enforcement requests or to comply with any other legal obligation on the Company
  3. Information we receive from other sources:

    We may combine information we receive from other sources with information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).

  4. We will only Process your Personal Data where we have a legal basis to do so.
  5. We may also Process your Personal Data for one or more of the following reasons:
    1. to comply with a legal obligation;
    2. where you have consented to us using your Personal Data (e.g. for marketing-related uses);
    3. to protect your vital interests or those of another person; or
    4. where it is in our legitimate interests in operating as a business (e.g. for administrative purposes).

6. Sensitive personal information

We ask that you do not send or disclose any sensitive personal information to us either through our website, by post, by email, by text message, through live chat or via telephone call or any other method. For clarity, “sensitive personal information” means information relating to racial or ethnic origin, political opinions, religious or other beliefs, health, criminal background or trade union membership.

7. How long do we keep your Personal Data?

  1. We will not retain your Personal Data for longer than is necessary to fulfil the purpose it is being Processed for and to comply with all legal obligations. To determine the appropriate retention period, we consider the amount, nature and sensitivity of the Personal Data, the purposes for which we Process it and whether we can achieve those purposes through other means.
  2. We must also consider periods for which we might need to retain Personal Data to meet our legal obligations or to deal with complaints and queries.
  3. When we no longer need your Personal Data, we will securely delete or destroy it. We will also consider if and how we can minimise over time the Personal Data that we use, and if we can anonymise your Personal Data so that it can no longer be associated with you or identify you, in which case we may use that information without further notice to you.

8. Where we store your Personal Data

  1. The Personal Data that we collect from you will be Processed in the UK. It may also be Processed by individuals operating outside the UK who work for us or on our behalf. Such staff may be engaged in, amongst other things, the Processing of your payment details and the provision of support services. By submitting your Personal Data, you agree to this Processing. We will take all steps reasonably necessary to ensure that your Personal Data is treated securely and in accordance with the appropriate provision(s) of the GDPR.
  2. Where we have given you (or where you have chosen) a password that enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
  3. We use physical, technological and administrative safeguards to protect your Personal Data against loss, misuse or alteration. All your Personal Data is stored securely and may only be accessed by Company employees with a legitimate business need to access the Personal Data.

9. Security of your Personal Data

  1. We follow strict security procedures in the storage and disclosure of your Personal Data and in protecting it against accidental loss, destruction or damage.
  2. We may disclose your Personal Data to trusted third parties for the purposes set out in this Privacy Policy. We require all such third parties to have appropriate technical and operational security measures in place to protect your Personal Data, in line with the GDPR.

10. Sharing of your Personal Data

In addition to the information that we share in order to comply with our legal obligations, we may also share or disclose your Personal Data to:

  1. third parties that process Personal Data on our behalf; or
  2. any other party with your prior consent.

11. Data Processor

Where we are a Data Processor for your Personal Data, we will:

  1. only act on the written instructions of the Data Controller;
  2. not use a sub-processor without the prior written authorisation of the Data Controller;
  3. co-operate with the relevant supervisory authority (such as the Information Commissioner’s Office in the UK);
  4. ensure the security of its Processing;
  5. keep records of our Processing activities; and
  6. notify any Personal Data breaches to the Data Controller.

12. Your data protection rights

  1. In certain circumstances you have the legal right to:
    • Request information about whether we hold Personal Data about you and, if so, what that information is and why we are holding/using it.
    • Request access to your Personal Data (commonly known as a "data subject access request"). This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully Processing it.
    • Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
    • Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to Process it. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to object to Processing (see below).
    • Object to Processing of your Personal Data where we are relying on a legitimate interest (or that of a third party) and there is something about your particular situation which makes you want to object to Processing on this ground. You also have the right to object where we are Processing your Personal Data for direct marketing purposes.
    • Object to automated decision-making including profiling i.e. not to be subject of any automated decision-making by us using your Personal Data or profiling of you.
    • Request the restriction of Processing of your Personal Data. This enables you to ask us to suspend the Processing of your Personal Data e.g. if you want us to establish its accuracy or the reason for Processing it.
    • Request transfer of your Personal Data in an electronic and structured form to you or to another party (commonly known as a right to “data portability”). This enables you to take your Personal Data from us in an electronically useable format and transfer it to another party.
    • Withdraw consent. In the limited circumstances where you may have provided your consent to the Processing of your Personal Data for a specific purpose, you have the right to withdraw your consent for that specific Processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer Process your Personal Data for the purpose(s) you originally agreed to, unless we have another legitimate basis for doing so in law.

    If you want to exercise any of these rights, then please contact our DPO at dataprotection@paymenthelp.org / Payment Help Ltd, York House, 8-12 Salisbury Square, Old Hatfield, Hertfordshire, United Kingdom, AL9 5AD.

  2. You will not have to pay a fee to access your Personal Data (or to exercise any of the other above rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
  3. We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it.

13. Direct marketing communications

  1. We may use your Personal Data to enable us to send you post and emails with information about our services that we believe may be of interest to you. We may permit trusted partners to use your Personal Data in order to provide you with information about their goods and services. We will do this when we believe it is in our mutual legitimate interest to do so.
  2. By trusted partners we mean companies operating in the following categories:
    • Payment Service Providers; and
    • Banks
  3. You have the right to withdraw from or amend the receipt of direct marketing communications. If you would like to do this, then simply click on the Unsubscribe button on the email or let us know. If you do decide to do this, then you will miss out on news that we would like to make you aware of.

14. Opt-out

You can also choose to opt-out at any time from receiving marketing communications by clicking on the relevant Unsubscribe link at the bottom of any marketing related email you may receive from us.

15. Force Majeure

In no event shall PaymentHelp Ltd. be responsible or liable for any failure or delay in the performance of its obligations hereunder arising out of or caused by, directly or indirectly, forces beyond its control, including, without limitation, strikes, work stoppages, accidents, acts of war or terrorism, pandemics or epidemics, civil or military disturbances, nuclear or natural catastrophes or acts of God, and interruptions, loss or malfunctions of utilities, communications or computer (software and hardware) services; it being understood that PaymentHelp Ltd. shall use reasonable efforts which are consistent with accepted practices to resume performance as soon as practicable under the circumstances.

16. Cookies

  1. A cookie is a small file of letters and numbers that we may store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer's hard drive.
  2. Cookies make it easier for you to log onto and use websites. Any aggregate information collected permits us to analyse traffic patterns on our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our website. By continuing to browse our website, you consent to any use by us of cookies in accordance with this cookies policy.

17. What cookies do we use?

We may use the following cookies:

  1. Strictly necessary cookies: these are required for the operation of our website e.g. cookies that enable you to log into secure areas of our website.
  2. Analytical/performance cookies: they allow us to recognise and count the number of visitors and see how visitors move around our website when they are using it. This helps us improve the way our website works by ensuring that users are finding what they are looking for easily.
  3. Functionality cookies: these are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences e.g. your choice of language or region.
  4. Targeting cookies: these record your visit to our website, the pages you have visited and the links you have followed. We may use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.

18. Changes to this Privacy Policy

This Privacy Policy may change from time to time and any changes to it will be communicated to you by way of an e-mail or a notice on our website.