Privacy Policy
Table of Contents
1. Introduction
Swift Payments is the trading name of Swift Pay Group Ltd. At Swift Payments, we are dedicated to protecting your privacy.
Personal data refers to any information that relates to an individual. This Privacy Policy outlines the methods and reasons for processing personal data in connection with our payment services and this website. It does not apply to non-personal data, such as business information pertaining to companies.
In this Privacy Policy, whenever we use the term ‘we’, it refers to Swift Payments, the company providing you with a product or service. This company is identified as the data controller concerning the relevant personal data processing activities.
Swift Pay Group Ltd serves as the data controller for the activities described in this Privacy Policy if you receive or apply for our payment services within the UK. Swift Pay Group Ltd is registered with the Information Commissioner’s Office (ICO), the UK’s data protection authority, with registration number ZB695269.
In this Privacy Policy:
- Merchant refers to any customer using our payment services.
- Your information signifies any personal data processed in connection with our payment services or this website.
2. How to Contact Us?
If you have any questions regarding this Privacy Policy or how we manage your data and privacy, please reach out to us at [email protected] or by phone on 023 9338 2778 in the UK. You can also contact us to exercise your rights by emailing [email protected]. Our Data Protection Officer (DPO) can be reached via this email address.
You have the right to lodge a complaint with the ICO (www.ico.org.uk). However, we would appreciate the opportunity to address your concerns directly in the first instance, so please contact us at [email protected] or by phone on 023 9338 2778 in the UK.
3. Who does this Privacy Policy apply to?
This Privacy Policy is relevant to various groups of individuals whose personal data is processed in connection with our payment services and website:
- Sole Traders or Individuals in a Partnership: Any sole trader or individual in an unincorporated partnership who is a merchant or potential merchant.
- Merchant Representatives: Any person working for an incorporated company, social enterprise, charity, or other entity that is a merchant or prospect, as well as any directors of such companies.
- Consumers: Any cardholder or consumer whose information is processed by our merchants or through our payment services.
- Visitors: Any individuals visiting or using this website, any of our group companies’ websites, or any web or mobile applications.
In this Privacy Policy, ‘you’ refers to the applicable category of individuals as the context requires.
4. What information do we collect from you?
Direct Information
If you are a Sole Trader, Individual at a Partnership, or Merchant Representative, you may provide us with information directly through your interactions and transactions with us. This can include:
- General Information: Such as your name, gender, date of birth, and other identity details required for onboarding and verification, including passport details, photo identification, and relevant social security or national identifiers.
- Contact Information: Such as your physical address, email address, and phone number.
- Account Details: Including your merchant ID, username, and other login credentials for our website and application.
- Financial Information: Such as your bank details.
- KYC Information: Including proof of address, proof of bank, proof of business, government-issued ID, information on ultimate beneficial owners (if applicable), and other documents required to comply with AML/CTF regulations.
- Market Research Information: Such as your opinions on our products and services.
If you are a Consumer, to facilitate a transaction at a merchant, you may provide:
- Card Details: And related information held by your card issuer necessary for processing transactions.
- Additional Information: Such as your name, physical and email address, phone number, and other details required for legal and regulatory purposes.
Indirect Information
If you are a Sole Trader, Individual in a Partnership, or Merchant Representative, we may also collect information indirectly, including:
- Geolocation Information: Captured through your device when you use our products and services.
- Prospecting Information: Provided by a PC or referral partner (see section 6 for details on information sharing with these channels).
- Additional Sources of Information: Such as extra KYC, KYB, AML checks, background checks, creditworthiness information (excluding credit scores or histories), contact details from broking services, information from Companies House in the UK, Companies Registration Office and Irish Register of Beneficial Ownership in Ireland, and similar bodies in other regions, social media screenings (if applicable), information from other account holders, credit reference agencies, law enforcement, or fraud prevention agencies.
Technical and Behavioural Tracking Information for Visitors
If you are a Visitor, we may collect information about your interactions, including:
- IP Address and Location Data
- Pages Viewed on Our and Other Websites
- Email Interaction Data: Such as whether emails and embedded links are opened.
- Cookie Identifiers
- Device Information: Including device types used to access our applications, unique device IDs, device attributes, network connection type and provider, network and device performance, browser type, operating system, and application versions.
We utilise cookies and similar technologies on this website, detailed here: Cookies Policy. You can opt into optional cookie categories through our cookie banner or the ‘cookie preferences’ link at the footer of this website.
We also use cookies and similar technologies to track interactions with our marketing emails, to tailor and enhance these communications for Sole Traders, Individuals in a Partnership, and Merchant Representatives. You can opt out of these communications at any time to stop this processing.
5. Why and on what basis do we use your information?
- Legitimate Interests: When it is necessary for our or a third party’s legitimate interests, provided these do not override your rights.
- Compliance with Law: When we must comply with legal or regulatory obligations.
- Contract Performance: When we need to process your information to fulfil our contractual obligations to you.
- Consent: When you have given your explicit consent.
Although we seldom rely on Consent to process your data, there are instances where we seek your Consent for related matters, such as setting non-essential cookies in compliance with ePrivacy laws.
Additionally, we may need to use or share your information when there is a significant public interest, such as protecting the integrity of the payments system or preventing and detecting fraud or other criminal activities. In such cases, we may not be required to notify you.
We only need one lawful basis to process your data, but here we outline all relevant bases.
Sole Traders, Individuals in a Partnership, Merchant Representatives, and Visitors
| Why We Use Your Information | Lawful Bases |
|---|---|
| To provide our products and services to you | Legitimate Interests, Compliance with Law, Contract Performance |
| To manage any account or registration you have with us | Legitimate Interests, Compliance with Law, Contract Performance |
| To fulfil our contractual obligations to you | Contract Performance |
| To ensure secure payment transactions at your location | Legitimate Interests, Compliance with Law |
| To manage your participation in competitions or prize draws | Legitimate Interests, Contract Performance |
| To send service communications related to our products and services | Legitimate Interests, Compliance with Law, Contract Performance |
| To conduct market research and communicate with you about feedback on our products, services, website, or applications | Legitimate Interests, Contract Performance |
| To optimise the presentation of our website or applications for your device | Legitimate Interests, Contract Performance |
| To inform you about products and services that may interest you via post, phone, SMS, email, or in-app notifications | Legitimate Interests, Consent (if required under ePrivacy law) |
| To manage our site and applications, including troubleshooting, data analysis, testing, research, and surveys | Legitimate Interests |
| To ensure the safety and security of our website or applications | Legitimate Interests, Contract Performance |
| To assess and enhance the effectiveness of our advertising | Legitimate Interests |
| To make suggestions and recommendations about products or services that may interest you | Legitimate Interests |
| To verify your identity and contact information | Legitimate Interests, Compliance with Law, Contract Performance |
| To document and verify payment transactions | Legitimate Interests, Compliance with Law, Contract Performance |
| To initiate, manage, and defend legal claims or collection procedures | Legitimate Interests, Compliance with Law, Contract Performance |
| To conduct compliance procedures | Legitimate Interests, Contract Performance |
| To prevent misuse of our products and services | Legitimate Interests, Compliance with Law |
| To manage risk and prevent fraud | Legitimate Interests, Compliance with Law |
| To comply with KYB/KYC, AML, bookkeeping, and capital adequacy laws, and to report to tax and other regulatory authorities | Legitimate Interests, Compliance with Law |
| To communicate with you about our products and services | Legitimate Interests |
| To maintain records and analyse customer issues and topics | Legitimate Interests |
| To gather insights and conduct analyses to improve our services | Legitimate Interests |
| To enhance our customer service and your experience | Legitimate Interests |
| To conduct internal investigations related to fraud and security | Legitimate Interests |
Consumers
| Why We Use Your Information | Lawful Bases |
|---|---|
| To process your payments via our products and services using your card or other payment methods | Legitimate Interests, Compliance with Law |
| To ensure secure payment transactions and mitigate fraud risk, including related investigations | Legitimate Interests, Compliance with Law |
| To help our merchants fulfil your orders and mitigate fraud risk. This includes handling complaints and disputes | Legitimate Interests, Compliance with Law |
| To provide you with a receipt | Legitimate Interests, Compliance with Law |
6. Which third parties may we share your information with?
We may share your information with the following third parties:
Companies within Our Corporate Group Swift Payments is part of a group of companies, so your information may be shared within our group as part of regular business operations. If you receive services in Ireland or another EEA country, Swift Pay Group Ltd (your data controller and service provider) may outsource certain operations to other entities within our group, requiring the sharing of your information.
Suppliers and Subcontractors We work with various suppliers and subcontractors (including contingent workers) to deliver our products and services, which means we may share your information with them. These categories include:
- Technology Service Providers: These support our service delivery, including conducting analysis of customer issues to improve customer experience and service responses.
- AML and KYC Service Providers: These help us meet our legal and regulatory obligations related to customer verification and financial sector integrity.
- Logistics Providers: These assist with the provision and return of hardware.
- Customer Support Providers: These support our merchants with our products and services.
- Professional Advisors: These include strategic advisors, rating agencies, auditors, accountants, lawyers, and other professionals who help us understand our business, achieve our goals, and meet our obligations.
We also work with additional suppliers in areas such as communication, marketing, acquiring, PCI compliance, and collections.
Financial Service, Card Scheme, and Payments Partners We collaborate with various financial service providers, card schemes, and payment partners to ensure the secure and proper provision of our services. This includes necessary sharing within the corporate groups of card schemes such as Visa, Mastercard, American Express, and Discover Financial Services.
Product Partners We partner with third parties to offer complementary products and services under our brand, like the merchant cash advance product provided by YouLend.
Credit Reference Agencies and Identity Checking Partners When processing applications, we conduct credit and identity checks with one or more credit reference agencies or identity checking partners. For Sole Traders, Individuals in a Partnership, or Merchant Representatives, this may involve sharing your information. If an application is declined, this information might affect your ability to obtain credit in the future. We continue to exchange information with credit reference agencies throughout our business relationship.
Fraud Prevention Agencies During the application process for our payment services, we perform checks to prevent fraud and money laundering and verify identities, which may involve sharing information with fraud prevention agencies. These agencies may also allow law enforcement to access your information to detect and prevent crime. Fraud prevention agencies can retain your information for different periods, and if you are flagged as a fraud or money laundering risk, this information can be held for up to six years.
Analytics Partners We work with analytics service providers to enhance and optimise our websites, applications, and other technologies.
Advertising Partners We collaborate with advertising providers to deliver relevant ads about our products and services. These partners collect information about your activities through cookies (with your consent) to tailor advertisements.
User Experience, Service Design, and Market Research Agencies These partners help us improve and optimise our products and services through various projects.
Payment Consultants (PCs) Our self-employed field sales force, PCs, refer sales leads to us and help manage your account or offer additional services.
Referral Partners We partner with referral partners who refer potential customers to us. If you become a customer, we may share limited information about you with the referral partner.
Other Disclosures We may also disclose your information in the following circumstances:
- If we sell or buy any business or assets, we may share your information with the prospective seller or buyer and their advisors.
- If we or substantially all of our assets are acquired by a third party, your personal data will be transferred to the new owner as necessary.
- If we need to comply with a legal obligation or protect the rights, property, or safety of our company, customers, or others, we may share your information with relevant authorities for AML, fraud prevention, and credit risk purposes.
7. How long will we keep your information?
We retain information only as long as necessary for the purposes for which it was collected. The appropriate retention period for your information is determined on a case-by-case basis.
There are instances where we are legally or regulatorily obligated to retain your information for a specific period. For example, customer records are maintained for the duration of the customer relationship and for a specified time afterward, as mandated by the laws of the relevant jurisdiction in which we operate.
In cases of rejected applications, we retain information related to the application. We may also gather information from credit reference agencies and fraud prevention agencies regarding rejected applications. This is done for legitimate business purposes, including fraud prevention, financial crime deterrence, and to fulfill other legal and regulatory obligations.
8. What are my rights?
Under data protection laws, you have various rights regarding your personal information. Some of these rights may have exceptions. You can exercise these rights using the contact details provided above.
Right to be Informed
You have the right to know how and why we process your information. This Privacy Policy and other information we provide serve this purpose.
Right to Access
You have the right to access the information we hold about you. This right does not include accessing information about other individuals or businesses.
Right to Deletion
You have the right to request the deletion or erasure of your personal information, unless an exception applies. In certain cases, we are required by law or regulation to retain information. This is also known as the ‘right to be forgotten.’
Right to Restrict Processing
You have the right to restrict our use of your information under certain circumstances, such as if you believe it is inaccurate.
Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format, or to have it transferred to another data controller if we process your information based on your Consent or to fulfill a contract.
Right to Object
You have the right to object to the processing of your information based on our Legitimate Interests, except where we have compelling grounds that override your interests. An example is when we consider processing necessary for the security of the financial services sector.
Right to Withdraw Consent
If we rely on your Consent as our legal basis for processing, you have the right to withdraw that Consent at any time. Upon withdrawal, we will cease processing the relevant information on that basis but may continue to process it under another legal basis.
Right to Avoid Automated Decision-Making
You have the right not to be subject to decisions made solely by automated means, without human intervention, that have legal or similarly significant effects on you, such as the denial of a financial service.
9. Security
We implement security measures that are suitable for the type of information we process and the potential risks associated with a security breach. Your information is stored on our secure servers. Payment transaction transmissions are encrypted using TLS technology.
If you suspect that your password or any other aspect of your account has been compromised, please notify us immediately at [email protected] or by calling 023 9338 2778 in the UK.
10. Controllers and processors
When a third party handles your information following our instructions, they are typically a data processor. For instance, this applies to our IT and marketing service providers. In these situations, we only share your information for purposes that align with the reasons stated in this Privacy Policy. All data processors are bound by written agreements that ensure we maintain control over how your information is used.
However, if a third party is a data controller, we cannot dictate how they will process the data we provide. Common examples of third party data controllers include credit rating agencies and financial institutions. In these cases, the third party’s data protection policies will apply.
11. Third party websites
Our website, along with other related sites, may include third-party advertisements that link to external websites. If you choose to follow any of these links, please be aware that these websites operate under their own privacy policies. The operators of these third-party sites will manage your information according to their privacy policies. We have no control over these third-party entities, their websites, or their privacy practices.
12. International data transfers
Our primary data and information processing occur in the UK or an EEA member state. However, like many businesses, we work with suppliers and partners located outside the UK or EEA. This may require transferring your data to a country outside of these regions. When this happens, we ensure that such transfers comply with applicable laws. The main methods we use include:
- The UK Government or European Commission (as applicable) has recognised the destination country as having an ‘adequate’ level of data protection.
- The supplier or partner agrees to specific contractual terms (known as ‘standard contractual clauses’) that protect your information.
13. Children
We do not intentionally gather information from individuals under the age of 16 in the UK and under 18 in the EEA. If you are in this age group, we kindly request that you refrain from applying for any of our payment and related services. If you have already done so, please contact us.
14. Glossary
AML: Anti-money laundering measures.
CTF: Counter-terrorism financing practices.
Data controller: Individual or entity responsible for determining how and why personal data is processed.
Data processor: Individual or entity processing personal data on behalf of a data controller.
EEA: European Economic Area, consisting of EU member states and certain other countries.
ePrivacy law: Legislation concerning electronic communications, encompassing the use of cookies, email marketing, and similar technologies.
KYB: Know-your-business procedures.
KYC: Know-your-customer procedures.
PC: Payment consultant affiliated with Swift Payments, aiding in the sale of payment services.
Personal data: Information that pertains to an identified or identifiable individual.
UK: United Kingdom.
