Privacy notice | Moorepay

Privacy notice

Privacy notice

Information about our use of your personal data

Moorepay (together, “Moorepay, we, us, our“) takes the privacy of your personal data very seriously, and we do so in accordance with the UK General Data Protection Regulation and EU General Data Protection Regulation (together, “GDPR“), the Data Protection Act 2018 and Privacy and Electronic Privacy Regulations (“PECR“) and any other applicable legislation (together, the “Data Protection Laws“).

This privacy notice (“privacy notice“) applies to personal data we obtain through (i) our websites (https://www.moorepay.co.uk) any other websites operated by the Moorepay companies below (the “websites“) and (ii) certain products, services (e.g. marketing) and/or web-based applications (collectively, the “services“). A separate privacy notice may apply when you use the services of a partner or a third party, linked to the Services of Moorepay. This privacy notice also describes the rights you may have and how you can contact us about our privacy practices.

The below companies are the controllers (as defined in the GDPR) for the personal data we process about our customers and suppliers (current and prospective); our visitors; enquirers and those who engage with our websites and directly with us. We are registered with the Information Commissioner’s Office (“ICO“) under the following details:

Moorepay Limited

Company number: 891686 ICO Registration: Z9176805

Contact Details: 740 Waterside Drive, Aztec West, Almondsbury, Bristol BS32 4UF

Moorepay Compliance Limited

Company number: 3056267 ICO Registration: ZA731897

Contact Details: 740 Waterside Drive, Aztec West, Almondsbury, Bristol BS32 4UF

Moorepay Ireland Limited

Company number: 731485

Contact details: 26 Pembroke Street Upper, Dublin 2 D02 X361, Ireland

Personal data we collect as a processor

We also provide services to many customers where we process personal data on behalf of those customers and under their instruction (e.g. for HR and payroll services).

When we provide those services, we act as a processor. Please note that if you are an employee of an organisation that uses these Moorepay services, then the Controller for your information will be that organisation (e.g. your employer) and you should refer to their privacy information and notices. In such case, we may use your data as a Controller for limited purposes such as for internal analysis purposes (as set out in the lawful basis table below), if permitted under the contract with your employer.

This notice should be read in conjunction with our website’s Terms and Conditions.

What kinds of personal data do we collect?

The following are examples of types of personal data that we may collect if you visit our Websites, we set you up as a customer or you otherwise engage with us (for example, as a job applicant or supplier). The specific kind of information collected by us will depend on the Services provided:

Contact Data:

  • First name, last name, email address, phone number, address, company, job title

Profile Data:

  • Number of employees
  • Demographic information
  • Biometric data such as voicemail messages
  • Your location
  • Your interests and preferences

Job Applicant Data:

  • Curriculum Vitae information

Technical Data:

  • Details about your computer, devices, applications and networks (including IP address, browser characteristics, device ID, operating system, or language preferences)

Usage Data:

  • Activities on our websites (including referring URLs or dates and times of website visits). Please see further information in our Cookie Policy.

How is the data collected?

Moorepay may collect personal data about you in a variety of ways:

Customer contacts / Marketing contacts:

  • When you register on the website
  • When you download materials from the website
  • When you speak to our customer service personnel (over the phone or at events (e.g. fairs, exhibitions)
  • Via explicit data capture measures, for example by entering competitions and completing surveys
  • Via implicit data capture measures such as studying which pages you read the most
  • You purchase a product or service from

Marketing contacts may be shared between Zellis Group companies – including Zellis (www.zellis.com), Moorepay (www.moorepay.co.uk) and Benefex (www.hellobenefex.com).

Visitors / Others:

  • When you report bad practices as a whistle-blower
  • When you visit our premises or websites
  • You are a supplier or prospective supplier
  • You use our Websites to apply for a job

The lawful bases we rely on

We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the lawful bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific lawful basis we are relying on to process your personal data where more than one basis has been set out in the table below.

PURPOSE/ACTIVITY TYPE OF DATA LAWFUL BASIS FOR PROCESSING INCLUDING BASIS OF LEGITIMATE INTEREST
Communicate with you in relation to information you have provided by filling in forms on any of our websites; this includes posting material, any inquiry through the “Contact” section of our websites, or requesting further services (a)                               Contact Legitimate interests, to respond to your queries and provide information
To process and communicate with you in relation to your job application (a)Contact

(b) Job Applicant

Necessary for our legitimate interests to consider employing you and (if successful) taking steps to enter into a contract with you
To establish and manage Moorepay accounts (a)Contact Necessary as part of our performance of a contract, or for our legitimate interests to provide our services under a contract
Communicate changes to our Services (a) Contact As part of fulfilling any contract obligations or legitimate interest, in updating you
To register you as a new customer/user (a) Contact Necessary as part of our performance of a contract, or for our legitimate interests to provide our services under a contract
Ensure that the content of our websites is presented in the most effective manner for you and your computer (a)Contact (b)Profile Necessary for our legitimate interests, in running our business in the most effective way
To  manage our relationship with you which will include: (a) Notifying you about changes to our terms or this Privacy Notice (b) providing support, which may include recording calls for training and marketing purposes (a)Contact (b)Profile

(c) Usage

Necessary as part of fulfilling any contract obligations or legitimate interest, in updating you and providing you with a good service
Provide                              customer support,                                    trouble-shooting,                manage subscriptions and respond to requests, questions and comments (as part of fulfilling any contract obligations or legitimate interest) (a)Contact

(b) Technical

Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and providing a good service
To enable posting on our blog and other communication channels (such as social media) (a)Contact (b)Profile (c)Usage

(d) Technical

Necessary for our legitimate interests (to study and promote how customers use our products)
To analyse users’ behaviour when using our Services to customise preferences, and develop new products, services and advertising (a)Technical

(b) Usage

Necessary for our legitimate interests (to define types of customers for our products and services, personalise the marketing content we provide you and to keep our websites updated and relevant)
To send you marketing communications about our legislative updates, webinar programme, and our products and services (a)Contact

(b) Technical

Necessary for our legitimate interests to ensure customers are aware of our range of products and services
To let you know about other products or services that may be of interest to you (a)Contact

(b) Technical

Necessary for our legitimate interests to ensure customers are aware of our range of products and services
To comply with and enforce applicable legal requirements, agreements and policies (a)Technical

(b) Usage

Performance of a contract with you

 

Necessary to comply with a legal obligation

 

Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)

To manage the supplier relationship (a)Contact Necessary as part of our performance of a contract, or for our legitimate interests to manage our supplier contracts

If you wish to object to our reliance on legitimate interests for any other purpose please contact us on complianceteam@zellis.com.

Specific examples of why and how we process your personal data: Service Delivery

Moorepay processes the data we collect to provide you the services we offer, which includes using the data to improve and personalise your experience. If you are our customer, we may also use that information to communicate with you, for service provision or product updates.

Marketing

We may contact you to provide you information about our Services and offerings, or updates to them, with the information that you have provided to us, or that we have collected through third parties (e.g. external marketing  companies).

The data we collect is used for internal review and to contact you for marketing purposes and is not shared with organisations outside the Zellis group for marketing purposes, without your consent.

You can always object to our marketing messages by opting out, either by contacting us (see “Contact”) or by clicking the subscription preferences link in the footer of every email we send.

If you would not wish us to contact you (via phone, email, SMS or any other way), please do not hesitate to contact us at the following email address: info@moorepay.co.uk.

Recruitment

Moorepay will collect the data you provide to us when you either register for job alerts or to apply for a role. We will use the information we collect about you to assess your qualifications for the role, carry out background and reference checks (where applicable), communicate with you about the recruitment process, comply with our legal and regulatory requirements and to keep records related to the hiring process.

International Data transfers

Moorepay and its parent Zellis are headquartered in the United Kingdom, with affiliates and subsidiaries throughout the world. The data that we collect may be processed, transferred to, and stored at our various service and data centre locations around the world, and may be located outside of the country where the data is originally collected (including outside of the UK and European Economic Area (“EEA“)). This means that data protection standards may be different from the place where the data is collected and the relevant country or recipient may not have been deemed to provide an adequate level of protection for your personal information by relevant authorities.

Data may be also stored with a cloud service provider (e.g. Microsoft, Hubspot, Amazon) and therefore located across those provider’s cloud European environments. Moorepay, and Zellis, deploy and enforce a standard global operational, IT and Security control framework across their global service, data centre and third-party locations.

Data may also be processed by colleagues, operating outside any other countries where the data is collected, who work for us as an employee or contractor or for one of our third-party suppliers (i.e. agents, service vendors, business partner and other). Such colleagues may be engaged in, among other things, the fulfilment of your request and the provision of any kind of support services. We execute the appropriate legal and contractual protections to effectuate these transfers such as data processing and data transfer agreements.

Whilst we will largely process your personal data within the UK and/or EEA, by submitting your personal data to us, you acknowledge that we may transfer, store or process at any location in the world. We execute the appropriate legal and contractual documentation to facilitate these transfers, such as data processing and data transfer agreements, including:

  • Moorepay will take reasonable steps necessary to ensure that your data is treated securely, with appropriate technical and organizational measures, and in accordance with this Privacy Our Information Security Management System is designed to maintain an appropriate level of confidentiality, integrity and availability.
  • We provide adequate protection for the transfer of personal data to countries outside the UK and EEA through a series of data transfer agreements based on the EU Standard Contractual Clauses, authorized by the European Commission, together with the UK Addendum (if applicable).

If you would like further information about the measures in place in relation to international transfers, please contact us using the contact details below.

Your rights and choices

 As an individual, you may have the following rights in regards to the protection of your personal data, which you may exercise. If you wish to request to exercise any of these rights, please contact us using the contact details below.

  1. Your right of access

You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process.

  1. Your right to rectification

You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.

  1. Your right to erasure

You have the right to ask us to erase your personal information in certain circumstances.

  1. Your right to restriction of processing

You have the right to ask us to restrict the processing of your information in certain circumstances.

  1. Your right to object to processing

You have the right to object to processing if we are able to process your information because the process is in our legitimate interests.

  1. Your right to data portability

This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.

  1. Your right to be informed

You have the right to be informed of how we process your personal data (as set out in this Privacy Notice).

  1. e) Your right to withdraw consent

You have the right to withdraw consent if you have given us your consent to use your personal data.

You are not usually required to pay any charge for exercising your rights. Please contact us at complianceteam@zellis.com if you wish to make a request. Some of these rights only apply in certain circumstances, so we may not be able to fulfil every request and we reserve all of our rights available to us at law in this regard.

Your right to complain

We work to high standards when it comes to processing your personal information. If you have queries or concerns, please contact us at complianceteam@zellis.com and we’ll respond.

If you remain dissatisfied, you can make a complaint about the way we process your personal information to the ICO as the UK supervisory authority. Please follow this link to see how to do that https://ico.org.uk/make-a-complaint/ or you can find your contact details for the EU data protection authorities here.

Sharing of your personal data

As a global business operating company, we may disclose your personal data based on our legitimate interests to any member of the Zellis group of companies, which means our subsidiaries and affiliates, our ultimate holding company and its subsidiaries located in any place in the world.

We may disclose your personal data to third parties, in our legitimate interests or where required by law, including in the following cases:

  • In the event that we sell, buy, merge, consolidate, transfer, change in control any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
  • In the event of reorganisation or liquidation of our company whereby in some countries such a transaction may involve, in accordance with applicable laws, the disclosure of personal data to prospective or actual purchasers, or the receipt of it from sellers;
  • If we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or any other governmental request;
  • If we may be required to provide personal data in response to a court order, subpoena, warrant, government investigation, any procedure issued by authority, or as otherwise required by law. We also may choose to establish or exercise our legal rights or defence against legal claims;
  • If we believe that there is a threat to the information stored in our websites, or in order to protect or defend our rights or the well-being of our In general, we may release certain personal data in cases where we believe that the release of the information is reasonably necessary to protect the rights, property, and safety of others and ourselves;
  • We may contract with any third-party supplier to provide any services for operating our Websites, for any requests or for the purpose of supporting our services or business activities, including IT suppliers, hosting providers and marketing service providers. Any third party providing services to us may be allowed, on our behalf, to access your personal data provided by you for their proper use in connection with the specific services provided; and
  • In cases where you provide us with your consent to do so. In those cases we will ask you for confirmation of your consent.

How we secure your personal data

In accordance with our internal policies, the group is committed to protecting any personal data divulged to us. We have implemented appropriate security measures, technologies and procedures in order to protect your personal data from loss, misuse, alteration or destruction. Our management team, colleagues and partners are required to keep personal data confidential.

Unfortunately, the transmission of information via the internet (by way of an email or other) is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use internal procedures and security features trying to prevent unauthorised access.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website and/or services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Data retention information

Moorepay will retain your personal data for legitimate business or for legal purposes. We will not hold information for a period longer than is reasonably necessary to fulfil the purposes for which it was collected. If you would like further information about our retention periods, please contact us using the contact details below.

When deciding how long to retain your personal information, we take into account our legal and regulatory obligations, the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information described above and whether we can achieve those purposes through other means. We may also retain your personal information to investigate or defend against potential legal claims in accordance with the limitation periods of countries where legal action may be brought.

Children’s privacy

Moorepay’s Services are generally not aimed at children and we do not knowingly process personal data of children for any purpose other than to deliver certain types of services to our clients. If you believe that we have collected information from your child in error or have any other questions or concern, please notify us and we will promptly respond.

Contact

Questions, comments and requests regarding this Privacy Notice are welcomed and should be addressed to our Data Protection Officer at DPO@zellis.com. In addition, please do not hesitate to contact us if you suspect any privacy or security breaches.

You have the right to complain to the Information Commissioner’s Office regarding how we have processed your personal data – further details at https://ico.org.uk/your-data-matters.

Changes to this Privacy Notice

Moorepay may update this privacy notice, or other privacy policies, at any time as we deem appropriate. It is important that you check this Privacy Notice from time to time to ensure that you have reviewed the most current version of this notice.