1. Who we are
We are Compass Plus (Great Britain) Limited (company number 5591482) of 9 The Triangle, NG2 Business Park, Nottingham, NG2 1AE, United Kingdom (the Company).
2.What is this notice?
This notice sets out how we process the Personal Data of individuals who are users of our website, Partners, Affiliated Companies, Clients, Potential Clients, or Employees, or Customers thereof.
Please direct all questions, requests and complaints you might have about privacy and data protection to our Data Protection Officer.
By post – Data Protection Officer, Compass Plus (Great Britain) Limited, 9 The Triangle, NG2 Business Park, Nottingham, NG2 1AE
By email – firstname.lastname@example.org
4.Why we process your Personal Data
4.1.1.We are a provider of retail banking and electronic payments software and related services as well as a provider of processing services.
4.1.2.The types of processing we do are:
•Processing on behalf of our clients to enable various electronic payments, card issuance, merchant and ATM acquiring and related services;
•Processing to facilitate access to our website;
•Processing to facilitate client support and project delivery;
•Transfer of Personal Data into and out of the European Economic Area (“EEA”);
•Transfer of Personal Data to and from third parties who perform the processing listed above on our behalf.
4.2.Fulfilment of contractual obligations
4.2.1.Our products and services are:
•Licensed software products;
•Professional Services: inclusive of software development, testing, project implementation, management, support and consulting;
•The provision of our website for all visitors;
•Transaction processing and related services.
4.2.2.In order to provide our services to you under a contract between us (or for us to take steps at your request with a view to entering into a contract) we must process your Personal Data, which is a lawful basis under which to process your Personal Data Article 6(1)(b) of General Data Protection Regulation (“GDPR”)).
4.2.1.Furthermore, the Company is required by law to process your Data in order to meet our compliance and legal obligations, which is a lawful basis under which to process your Personal Data (Article 6 (1)(c) GDPR).
4.4.Direct marketing and consent
4.3.1.We may process your Personal Data for the purposes of marketing our services to you. In order to process your Personal Data for marketing purposes we will obtain your consent to do so in advance, which is a lawful basis under which to process your Personal Data Article 6(1)(a) GDPR. We will not process your Personal Data for the purposes of marketing the services of third parties.
4.4.Categories of Personal Data
4.4.1.The categories of Personal Data about you we will process are:
•Date of birth;
•Employer name and contact details;
•Payment card and account data;
•Next of kin details and/or dependants.
5.Sharing your data
5.1.In general, your Personal Data will be kept confidential. However, in order to fulfil our contractual obligations and provide you, your employer or your service provider with the products and/or services listed in Section 4 above, the Company may disclose your personal information to the following parties (whether within or outside your country of residence):
(b)Compass Plus (Great Britain) Limited’s affiliates, subsidiaries and strategic partners that are under a duty of confidentiality to Compass Plus (Great Britain) Limited and have undertaken to keep your personal information confidential;
(d)the police; security forces; any law enforcement agencies, competent governmental, intergovernmental or supranational bodies; competent agencies, departments, regulatory bodies, self-regulated authorities or schemes; or organisations or other authorities in the event:
(i)we are compelled to do so by a body referred to above, law or a court order;
(ii)we need to do so to comply with credit card association and/or payment scheme rules;
(iii)we are cooperating with a law enforcement investigation;
(iv)we believe in good faith that the disclosure of the information (including personal information) is necessary to prevent physical harm or financial loss, to report suspected illegal activity, or to enforce, act in compliance of, or investigate violations of, any standard Compass Plus contract, agreement and/or terms of business;
(v)businesses or entities that we plan to merge with or be acquired by (should such a merger occur, we will require that the new merged entity follow this Policy with respect to your personal information); and
(vi)other third parties with your express consent or direction to do so.
5.2.The data that we collect from you will be transferred to, and stored on, our servers in the United Kingdom and/or at a destination in the Russian Federation and may be transferred and/or stored to other places at third party sites outside the European Economic Area (EEA) including the US and/or Canada. It may also be processed by staff operating outside the EEA who work for us or for one of our affiliates, partners or suppliers. These staff may be engaged in the provision of various support services to you. By submitting your Personal Data, you agree to this transfer, storing or processing. We will take all reasonable steps necessary to ensure that your data is treated securely and in accordance with this Policy.
6.Storage of your data
6.1.We will not store your Personal Data any longer than we need to store it. We will store your Personal Data for the duration of your, your employer’s or your service provider’s contractual relationship with us and for a further period of time so long at it constitutes a legitimate reason for us to do so or we are required to do so by law or our regulators. We will retain the personal information so that we can provide you with the necessary information if you wish to make a legal claim against us regarding our services.
7.Your data rights
You have the right to:
(a)if at any point you wish to either confirm whether your Personal Data is being processed and/or access the data we hold on you, you have the right to request to see this information, usually free of charge, by writing to us at the address at the head of this document and we will respond to this request within one month;
(b)to have certain data you have provided to us with to be provided to you in a structured and commonly used electronic format (for example, a Microsoft Excel file), so that you can move, copy or transfer this data easily to another data controller, or request that we transmit this data directly to another organisation where it is practical for us to do so;
(c)to have your data corrected if it is inaccurate or incomplete;
(d)to have data deleted if it is no longer needed or there is no longer a legitimate reason for the processing, or if the data in question has otherwise unlawfully been processed. You may also request deletion of your Personal Data if it was only being processed as a result of your consent which has since been withdrawn;
(e)to object to the processing of your Personal Data based on our legitimate interests on grounds relating to your particular situation except where we can demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims;
(f)to restrict the processing of your Personal Data under certain circumstances, including if you have contested its accuracy and while this is being verified by us or, if you have previously objected to its processing, while we are considering whether we have legitimate grounds to continue to do so;
(g)be informed of our policies and practices in relation to personal information and to be informed of the kind of personal information held by us; to be informed of any automated means by which your personal information is processed; and
(h)to cancel the processing of your personal information for marketing purposes. You can exercise the right at any time by contacting us at the details shown in Section 3 above.
8.Complaining to the ICO
You have the right to contact the ICO to complain about our processing of Personal Data.
The ICO can be contacted by:
live chat (Monday to Friday, 9am to 5pm) – http://ico.org.uk/global/contact-us/live-chat
email – email@example.com
web form – http://ico.org.uk/global/contact-us/email/
phone – 0303 123 1113 (calls from within the UK) or +44 1625 545 700 (calls from outside the UK)
post – Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, UK.
9.Source of Personal Data
We will collect Personal Data from:
•Our Partners, Clients, Potential Clients, Employees or Customers thereof;
•Third party databases and/or agencies for the know your customer (“KYC”) and due diligence purposes.
We do not envisage that any decisions will be taken using automated means, however we will notify you in writing if this position changes.
11.Changes to this privacy notice
We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your Personal Data.