Portal Log In
https://onepay.co.uk/wp-content/uploads/2024/04/banner-decoration.svg

Business Data Privacy Notice

Introduction  
  
Modus UK Limited (trading as “OnePay”) is a limited company incorporated in England and  
Wales and is a ‘data controller/processor’ under the General Data Protection Regulation (“GDPR”) and the Data Protection Act 2018 (“DPA 2018”), in respect of the data gathered and processed by us.  
 
When we refer to ‘we,’ ‘our,’ ‘us’ and ‘Modus UK Ltd T/A OnePay’ in this Data Privacy Notice we mean OnePay. For Data Protection purposes, OnePay is the Data Controller. 
 
When you apply for and use our products and services, Modus UK Ltd T/A OnePay collects personal data about you and your company. This Data Privacy Notice details the types of personal data we collect either from you or from others, who we share it with, how long we keep it and your rights. 
 
We are committed to protecting and respecting your privacy. We are registered with the Information Commissioner’s Office; registration number Z995329X. 
 
If you do not agree to our Terms of Business, then we will be unable to proceed. 
  
Whose data do we hold?  
  
We may hold data about the following:  
  
Affiliates 
Suppliers and service providers  
Advisers, consultants and other professional experts  
The owners, controllers and beneficiaries of all of the above  
Complainants and enquirers  
   
What data will we collect?  
  
We will only collect information from you that is relevant to the matter with which we are dealing.  
 
We may collect the following information from you which is defined as ‘personal data’:  
  
Personal information like your name, date of birth, address, contact details and ID  
Family, lifestyle and social circumstances  
Financial details 
Business activities and/or employment details of the person whose details we are processing  
Goods or services provided  
   
Special Category Data (Consent and Explicit Consent) 
  
We may also collect information that is referred to as being in a ‘special category,’ because it is sensitive to you (sensitive personal data). We will seek your permission if we need to record any special category data on our systems.  
 
This could include:  
  
Health information and data to support vulnerable customers 
Racial or ethnic origin  
Religious beliefs or other beliefs of a similar nature  
Criminal convictions and offences (to stop crime and comply with the law) 
Sexual orientation  
Trade Union membership  
 
What we may collect is not limited to the above. 
 
Marketing  
 
Depending on your marketing preferences, we will send you marketing communications from us and/or third parties to promote our products and services.  
  
Cookie information  
  
Read our Cookie Policy for more information on what cookies are and how we use them.  
 
Basis for processing  
 
The basis on which we process your personal data is one or more of the following:  
  
It is necessary for the performance of our contract with you or to take steps at your request prior to entering into a contract  
It is necessary for us to comply with a legal obligation  
It is in our legitimate interests to do so  
You have given us your consent (this can be withdrawn at any time by advising our Data Protection Officer (DPO) whose contact details are at the end of this Privacy Notice). 
The provision of personal data forms part of your statutory / contractual requirement with us.  If you do not enter into an agreement with us, we are unable to proceed with your application and provide any subsequent ongoing services to you. 
 
How will we use your data?  
  
We may use your information for the following purposes:  
  
To assess the suitability of a business relationship with you  
To set-up, administer and manage our relationship with you  
To provide you with our products and services  
To inform you about changes to our business and/or the features of our products and services or their operation and/or associated news and/or relevant regulatory changes  
To respond to enquiries  
To process and respond to complaints  
Promotion of our products and services  
Provision of education and training   
Maintaining accounts and records  
To verify your identity   
To undertake required checks and ongoing monitoring for the prevention and detection of crime, fraud and/or money laundering   
To develop and improve our services to you  
To carry out regulatory checks or other work to meet our obligations to any regulatory authority  
To communicate with you about our newsletters and event invitations which are relevant to your interests and in line with your preferences  
For research and statistical purposes  
  
Who will we share your information with?  
  
We sometimes need to share the personal information we process with the individuals themselves and also with other organisations.  
 
Where this is necessary, we are required to comply with all aspects of the GDPR and DPA 2018. What follows is a description of the types of organisations we may need to share some of the personal information we process with for one or more reasons.  
 
Where necessary or required we share information with:  
 
Employees  
Customers  
Family, associates and representatives of the person whose personal data we are processing  
Business associates and other advisors  
With people who provide a service to us or are acting as our agents on the understanding that they will keep the information confidential  
With anyone whose name or logo appears on our card issued to cardholders  
Traders in personal data  
Police forces and security organisations  
Credit reference agencies  
Fraud Prevention agencies  
External and internal auditors  
Trade associations and professional bodies  
Central and local government  
CIFAs, ombudsmen and regulatory authorities  
Debt collection and tracing agencies  
Financial organisations  
 
How long will we keep your information for?  
 
We will normally keep your information throughout the period of time that we do work for you and afterwards for a period of six years as we are required to do by law and also by the regulations that apply to us.  
 
Once the six-year retention period has lapsed, we will delete/remove your data securely. 
 
More information is set out in our data retention policy which is available on request from the Data Protection Officer whose contact details are at the end of this Privacy Notice. 
  
Transfers to third countries  
  
It may sometimes be necessary to transfer personal information overseas. When this is needed, information is only shared within the European Economic Area (EEA).  We take all reasonable steps to ensure your personal data is handled securely and in line with data protection laws.  
 
Security Arrangements  
  
We shall ensure that all the information that you provide to us is kept secure using appropriate technical and organisational measures. 
In the event of a personal data breach, we have procedures in place to ensure that the effects of such breach are minimised and we shall liaise with the ICO and you, as appropriate.  
  
More information is available from the Data Protection Officer whose contact details are at the end of this Privacy Notice. 
 
What rights do you have?  
  
You have the following rights under the GDPR:  
  
Right to be informed  
 
This is what this Data Privacy Notice highlights to you. We do this by providing you with this notice on our website, and mobile app when we collect new or additional data from you. 
 
Right of access 
  
You have a right to see the information we hold about you  
To access this, you need to provide a request in writing to our Data Protection Officer, together with proof of identity  
We will usually process your request free of charge and within 30 days. However, we reserve the right to charge a reasonable administration fee and to extend the period of time by a further two months if the request is manifestly unfounded or vexatious and/or is overly complex  
If we correct or any data we have shared with others, we will contact them and tell them about the change, unless this is not possible or the effort involved would be disproportionate 
 
Right to rectification  
 
We will correct and/ or update your personal data if you inform us or we identify that it is inaccurate or incomplete. 
 
Right to erasure  
  
You have a right to ask us to erase your personal data in certain cases (details may be found in Article 17 of the GDPR)  
We will deal with your request free of charge and within 30 days but reserve the right to refuse to erase information that we are required to retain by law or regulation, or that is required to exercise or defend legal claims  
 
Right to restriction of processing  
 
We will put on hold the processing of your personal data when: 
 
The accuracy needs to be verified 
If it has been collected unlawfully and you object to the deletion but want it restricted 
We no longer need your data, but you request it to establish, exercise or defend a legal claim 
You object and we need to consider if our legitimate business interest overrides your request 
 
Right to data portability  
 
You can request that your data is transmitted to you and/or another service provider where it is technically feasible. 
 
Right to object  
 
You can object to the processing of your personal data where you feel our legitimate interest will cause you distress or detriment. You can also object when you do not agree to direct marketing. 
 
Rights concerning automated decision making and profiling 
 
You have the right not to be subject to a decision based solely on automated processing, including profiling. We will give you the opportunity to discuss with us and review the accuracy of any decisions made based on automated processing. 
 
To exercise any of your rights, please contact our Data Protection Officer, whose contact details are at the end of this Privacy Notice.  
 
Communicating with you 
 
We will stay in touch by post, email, or telephone.   
 
You can update your contact details at any time on the phone, in the Client Portal or reach out to [email protected]
 
You can also stay up to date by checking our social media at: 
 
https://www.youtube.com/@onepaycard 
https://uk.linkedin.com/company/onepay 
https://onepay.co.uk/personal/ 
 
Changes to this Data Privacy Notice 
 
We will post any changes to our Data Privacy Notice on this page. However, for any significant changes we will contact you to let you know of the changes made. 
 
General  
  
If you have any questions or comments regarding this Privacy Notice, please contact our Data Protection Officer at [email protected].  
Alternatively, you can write to our Data Protection Officer at Modus UK Limited, 1st  
Floor, Mayfield House, Lower Railway Road, Ilkley, LS29 8FL  
If you are unhappy about how we are using your information or how we have responded to your request, then initially you should contact our Data Protection Officer  
If your complaint remains unresolved then you can contact the Information Commissioner’s Office, details are available at www.ico.org.uk