We take our Privacy Policy very seriously and kindly ask you to review this Privacy Policy carefully as it contains important information on who we are, how and why we collect, use and share personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint.

My EU Pay Ltd is a company registered in England and Wales, with a registered address at 24 King William Street, London EC4R 9AT. The company provides virtual payment services for individuals and corporates; “EUID”* for KYC video verification; transaction monitoring software*; and “White Label” our App.

We are regulated by the UK Financial Conduct Authority and possess a money transfer licence from UK HMRC. We have appointed a “Data Protection Officer” who you can contact by writing to “Data Protection Officer” at our registered address, or by email to support@myeupay.com.

This website is operated by My EU Pay.

We collect, use and are responsible for certain personal information about you. When we do so, we are regulated under the Data Protection Regulations being the Data Protection Act 2018 (DPA 2018), the UK General Data Protection Regulation, but also to the EU General Data Protection Regulation in relation to services and products we offer to individuals in the European Economic Area (EEA). Under the Data Protection Regulations we are responsible as ‘controller’ of that personal information for the purposes of those laws.

We may collect and use the following personal data about you:

• your name and contact information, including email address and telephone number;
• your company details;
• information to check and verify your identity (e.g. your date of birth);
• your gender;
• your location data;
• your billing information, transaction and payment card information;
• information from accounts linked to us;
• financial information;
• information about how you use our website, IT, communication and other systems;
• communications exchanged between us being by phone or by emails;

We also use cookies to track your usage of our website, for more information please see the dedicated page https://myeupay.com/cookie.html.

We collect most of this personal data directly from you via website and app by telephone or email. However we may also collect information:

• from public accessible sources, eg Companies House, HM Land Registry; and other open websites;
• directly from third parties:
  
  
  • sanction screening providers;
  • credit reference agencies;
  • customer due diligence providers;
  
  
• from a third party with your content (e.g. your bank);
• from cookies on our website.

Under Data Protection Regulations, we can only use your personal data if we have a proper reason, such as:

• where you have given consent;
• to comply with our legal and regulatory obligations;
• for the performance of a contract with you or to take steps at your request before entering into a contract; or
• for our legitimate interests or those of a third party.

A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. We will carry out assessment when relying on legitimate interests, to balance our interests against your own.

We collect and use your personal data for different purposes and reasons explained below, to:

• where you have given consent;
• to comply with our legal and regulatory obligations;
• for the performance of a contract with you or to take steps at your request before entering into a contract; or
• for our legitimate interests or those of a third party.

A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. We will carry out assessment when relying on legitimate interests, to balance our interests against your own.

We collect and use your personal data for different purposes and reasons explained below, to:

• provide products and services to you - reason being to perform our contract with you;
• prevent and detect fraud against you and us, improve efficiency of our systems, to market our services - reason being for our legitimate interests or those of a third party, (i.e. to minimise fraud that could be damaging for you and us);
• conduct checks to identify you and verify your identity, screen for financial and other sanctions or embargoes, gather and provide information required by or relating to investigations by regulatory bodies; to fulfil statutory returns obligations - reason being to comply with our legal and regulatory obligations;

The legal basis of us processing your personal data are our legitimate interest as a business, compliance with our legal and regulatory obligations, combined with your consent.

We do not share your information with other organisations for their benefit, but do engage appropriately vetted sub-processors as our suppliers, or providers of data processing services to us in order to facilitate the delivery of our services and/or products to you. We only transfer data to sub-processors who are in the EEA, or in a jurisdiction for which the European Commission has adopted an adequacy decision, or which we deemed to offer an adequate level of data protection. We only allow our service providers to handle your personal data if we are satisfied that they take appropriate measures to protect your personal data. Additionally, we impose contractual obligations on service providers to ensure that they can only use your personal data to provide services to us and you.

Our carefully selected partners and service providers may process personal information about you on our behalf as described below:

7.1 Digital Marketing Service Providers

We periodically appoint digital marketing agents to conduct marketing activity on our behalf, such activity may result in the compliant processing of personal information. Our appointed data processors include:

(i)Prospect Global Ltd (trading as Sopro) Reg. UK Co. 09648733. You can contact Sopro and view their privacy policy here: http://sopro.io. Sopro are registered with the ICO Reg: ZA346877 their Data Protection Officer can be emailed at: dpo@sopro.io.

We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. We make sure that those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

Moreover, we have procedures in place to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected data security break where we are legally required to do so.

We only retain personal data about you for as long as we need it, or are required to do so by applicable regulations. If we are processing your personal data due to a contract, we will retain this information only for as long as the contract and any terms or conditions of it that rely on the personal data are in force. We will retain your contact details for communicating with you for other purposes.

We employ appropriately robust policies, controls, and procedures to safeguard personal data that we hold, and we fully comply with all applicable data protection requirements.

Your rights under GDPR are summarised below.

You can contact us to exercise any of these rights, apart from the right to complain to a “Supervisory Authority”, by writing to the Data Protection Officer at our registered address, or by email to support@myeupay.com. You will need to provide evidence of your identity.

We will respond to your request in a timely manner and within one month.Occasionnally it may take us longer than a month to provide an answer if you have made a number or requests or if your request is particularly complex. In such instances, we will notify you and keep you updated. We may charge a fee or refuse to act on your request if it is manifestly unfounded, excessive, or repetitive.

9.1 To be informed

This Privacy Policy informs you of who we are, the purpose, and legal basis of processing what personal data we process and where we might transfer it to. You can request more information from us if you do not understand this Privacy Policy.

9.2 Access

You can contact us, using our contact details mentioned above, at any time to request confirmation that we have or are processing personal data about you; to get access to this data; and to receive a copy of this Privacy Policy at any time. We will share this information with you in paper or electronic format, as appropriate. When providing a written copy of the data requested, this will be limited to one copy. We will charge a reasonable fee for additional copies.

We will not share with you data about other Data Subjects (as defined in the Data Protection Regulations) without their written consent, and this may affect completeness of information that we are able to provide you.

9.3 Rectification

We will correct personal data about you if it is incorrect, or complete any missing information that we should hold.

9.4 Erasure

We will remove personal data about you from our records, provided that either:

• it is no longer necessary;
• you no longer consent in writing to our holding or processing the data; and
• we have no legal or regulatory reason,

or that:

• other overriding legitimate reason to continue;
• we have processed the data unlawfully; or
• the data must be retained for legal reasons.

9.5 Restriction

You can ask us to stop holding or processing personal data about you:

• until we have corrected any inaccuracies;
• the processing is unlawful but you do not wish us to erase the data;
• we no longer require the data but you require it for legal reasons; or
• we are taking necessary and reasonable time in considering whether there is any other reason for us to continue to hold or process the data.

9.6 Objecting

If we are using personal data about you for direct marketing purposes, we will stop this within seven days of a request in writing to our Data Protection Officer for this to be discontinued.

We hope that our Data Protection Officer can resolve any queries or concerns you may have about our use of your personal data.

The Data Protection Regulations gives you the right to complain with a supervisory authority, in particular in a European Economic Area state or in the United Kingdom if you work, normally live or if any infringement of data protection laws occured in such relevant state. The supervisory authority in the United Kingdom is the Information Commissioner who may be contacted at https://ico.org.uk/make-a-complaint/ or telephone +44 303 123 1113.

We may change this Privacy Policy from time to time and will always publish the latest one on our website. This version was last updated on 9th May 2022.