Data Privacy Notice

Introduction

When you apply for products and services, carry out transactions, or contact us to make an enquiry or a complaint, Modus UK Ltd T/A OnePay collects personal data about you.

This Data Privacy Notice details the types of personal data we collect either from you or from others, who we share it with, how long we keep it and your rights.

When we refer to ‘we’, ‘our’, ‘us’ and ‘Modus UK Ltd T/A OnePay’ in this Data Privacy Notice we mean OnePay, for Data Protection purposes, is the Data Controller.

We’re committed to protecting and respecting your privacy. We are registered with the Information Commissioner’s Office under number Z995329X.

 

Personal data we collect about you

In general, we do not collect, use or share sensitive personal data about you but in some cases the personal data we do collect may reveal this. Sensitive personal data is defined by data protection regulations as ‘special category’, for example, your ethnic or racial origin, physical or mental health details, religious beliefs or other beliefs of a similar nature, sex life or sexual orientation, trade union membership and criminal convictions. We will only collect and use special category personal data when we must in order to meet a legal obligation, with your explicit consent or where we believe you or another person may be at risk.

Personal data we collect in general are:

Name, title, address, contact details, date of birth and/ or age, employment details, nationality and national identifiers, for example, national insurance, passport, national ID card and driving license numbers.

We use this to:

  • Identify you
  • Manage your business relationship with us
  • Support crime and fraud prevention

Telephone, voice recordings, IP address where known, your location.

We use this to:

  • Provide a record of the conversations you have with us
  • Understand your needs and assess the suitability of our products and services
  • Know where you buy something using your OnePay card or ATM usage
  • Protect you and provide security
  • Provide colleague training to help improve the quality of our service
  • Meet regulatory requirements
  • Support crime and fraud prevention

Financial details for example balance, transactions, how you operate your card and account.

We use this to:

  • Manage your relationship, products and services with us
  • Prevent crime and fraud

Due Diligence

We use this to:

Comply with our obligations in relation to illegal activities involving money (for example, fraud, money laundering and terrorist financing) or in compliance with international sanctions, which processing data such as the source of your funds, the purpose of our business relationship, account usage and your political exposed or sanctioned status (for example you are not a politically exposed person/ PEP)

Marketing

We use this to:

Depending on your marketing preferences, we will send you marketing communications from us and/ or third parties to promote our products and services.

Cookie information

  • Read our Cookie Policy for more information on what cookies are and how we use them.

Who we share data with and why?

There are times when we may need to share the personal information and special category (sensitive) personal data we process. We will only do this where necessary and where data protection law allows us to. We are required to comply with all aspects of the General Data Protection Regulation (GDPR) and the Data Protection Act (DPA) 2018 and ensure that appropriate security measures are taken in order to protect you and keep your data safe and secure.

Others who we share your data with in general are:

OnePay employees who are authorised to deal with your personal data, for example, Customer Services

  • This allows them to do their job in order to provide you with support and answer any of your queries

Your authorised representatives for example family, attorneys.

We can share your data with your authorised representatives subject to us receiving the appropriate authority documents, for example, Power of Attorney/ Grant of Probate.

We share this data with them in order to:

  • Deal with their enquiries and requests
  • Manage the ongoing administration of your account
  • In some circumstances process transactions

Financial organisations

We share this data with them in order to:

  • Support with crime and fraud prevention
  • Support with enquiries and investigations

Card bureau companies and mailing houses

We share this data with them in order to:

  • Produce a OnePay card for you
  • Provide you with communications about our products and services

Note – we will only send you marketing communications when you have given us your consent to do so.

Information Technology, processing companies and anyone whose name or logo appears on our card issued to you

We share data with them in order to:

  • Provide you with a facility to receive payments into your account
  • Provide you with your account services including processing your transactions
  • Provide third party systems, storage and application support, including the OnePay portal and mobile app.
  • Undertake Know Your Customer (KYC) ID verification

 

Law enforcement agencies including police forces and security organisations

We share data with them in order to:

  • Support crime and fraud prevention
  • Assist with any ongoing investigations relating to the security and/ or safety of individuals

 

Fraud prevention agencies

We share data with them in order to:

  • Carry out checks in order to prevent fraud and money laundering

External auditors

We share data with them in order to:

  • To support business decisions
  • Assist in meeting our legal and regulatory obligations
  • Assess OnePay’s performance

Professional bodies and Trade associations such as the Financial Ombudsmen and regulatory authorities such as the Financial Conduct Authority (FCA)

We share data with them in order to:

  • Assist with complaints and investigations
  • Provide regulatory authorities data about our business

Central and local government

We share data with them in order to:

  • Assist with enquiries and investigations
  • Confirm payments and benefits received into your account

Debt collection and tracing agencies

We share data with them in order to:

  • Assist in recovering monies owed, for example, in situations where you have accrued a negative balance on your card or account and you do not rectify it with us directly
  • Locate you when we have been unable to locate you using our normal communication methods

 

Others we may use, collect and hold personal data about

This could be your authorised representatives such as, family, attorneys, executors and beneficiaries.

We will collect this personal data about them to:

  • Manage your account in line with your authorisation

 

Our basis for processing

Comply with a legal obligation

PSI Pay Ltd is the e-money issuer and card scheme provider for your OnePay product. As they are authorised and regulated by the Financial Conduct Authority under the Electronic Money Regulations 2011, Modus UK Ltd are the programme manager and must ensure that we comply with the laws and regulations set by government bodies and the regulators. Therefore, where we are required to do so by law to collect, use, share or keep personal data we will do so.

 

Contract

Where you choose to enter into a contract with us or make an enquiry with the intention of entering into a contract, including the terms and conditions for the ongoing management of your account and product once opened.

If you do not enter into an agreement with us, we are unable to proceed with your application and provide the ongoing management of your account and product.

 

Legitimate interests

This is where we have a valid interest in the data we collect, use, share and keep if it is warranted and does not cause you any detriment, damage or distress. You have the right to challenge our legitimate interest if you believe we do not have a valid reason to collect, use, share or hold your data.

 

Consent and explicit consent

Where we ask for your consent to carry out certain activities such as marketing, you can withdraw your consent at any time. Where we collect, use, share or keep special category (sensitive) personal data, we will ask for your explicit consent before we do this.

Note – To withdraw your consent at any time you will need to contact our Data Protection Officer (DPO) via email [email protected]

 

How we will use your personal data

Application and ongoing account management

We will collect, use, share and keep personal data needed to deal with your enquiry, assess the suitability of a business relationship with you, process your application and manage the ongoing administration of your account, product and services. This includes keeping your account records up to date and contacting you when needed.

 

Communicating with you

We will use the contact details you have provided us with to communicate with you about the product and services you hold with us, contact you as requested, marketing purposes to promote our products and services and to send you information we are required to by law, for example, account statements. We will also communicate with you about any changes to our business and/ or the features of our product and services or their operation and/ or associated news and/ or relevant regulatory changes.

We may use your personal data for research and statistical purposes so we can understand your customer needs, and circumstances are, what you like about OnePay and any improvements you think could be made.

We will use your personal data to process and respond to any complaints you raise in line with regulatory requirements.

 

Verifying your identity

We process your personal data on the basis that we have a legitimate interest in preventing fraud and money laundering and to verify your identity, in order to protect our business and to comply with laws that apply to us.

In order to identify you, we are required by law to collect, as a minimum, your full name, date of birth and residential address in the UK. We may also be required to verify your identity.

 

Fraud prevention

We will use and share your data with fraud prevention agencies to carry out checks for the prevention of fraud and money laundering.

 

Customers who require additional support

Our responsibility to customers is taken very seriously, in particular those customers who may be vulnerable.

For customers who need extra help

We want to ensure that you get the best experience from OnePay. Therefore, with your consent, we will add notes to your customer record about any adjustments we need to make when we communicate with you to ensure ease when you interact with us.

Customers dealing with a bereavement

If you are named as an executor or the administrator of the deceased persons estate and can show us proof of this, we can communicate with you regarding the OnePay account.

At the request of the executor(s) we will share the data with solicitors, HMRC and the customer beneficiaries where requested to do so.

 

How long do we keep your information for?

We have a Data Retention Policy which is available upon request from the Data Protection officer (DPO) by emailing [email protected]

We will normally keep your information throughout the period that we do work for you and afterwards for a period of five years as we are required to do by law and by the regulations that apply to us.

 

Our approach to sending information overseas

It may sometimes be necessary to transfer personal information overseas. When this is needed, information is only shared within the European Economic Area (EEA). Any transfers made will be in full compliance with all aspects of the GDPR and DPA 2018.

 

Keeping your information safe

We shall ensure that all the information that you provide to us is kept secure using appropriate technical and organisational measures.

In the event of a personal data breach we have in place procedures to ensure that the effects of such a beach are minimised and shall liaise with the ICO and with you as appropriate.

 

Your rights

You have a right to be:

Informed

This is what this Data Privacy Notice highlights to you. We do this by providing you with the notice on our website, and mobile app when we collect new or additional data from you.

Access your personal data

We will grant you access to and provide you with the details of the personal details we hold about you.

To access this, you will need to provide a request in writing to our Data Protection Officer (DPO), together with your proof of identity.

We will deal with your request within 30 days and are free of charge. However, we reserve the right to charge a reasonable administration fee and to extend the period of time by a further two months if the request is manifestly unfounded or vexatious and/ or is very complex.

Have inaccurate or incomplete data corrected

We will correct and/ or update your personal data if you inform us or we identify that it is inaccurate or incomplete.

Right to erasure

You have the right to ask us to delete your personal data in certain cases such as:

  • The personal data is no longer needed in relation to the purposes for which they were collected or processed
  • You withdraw your consent you’ve previously given us
  • You object and we do not have a valid business interest
  • Your personal data has been unlawfully processed
  • We are required to do so by law
  • The personal data is processed in relation to the offer of information society services to a child

We will deal with your request free of charge and within 30 days. We do reserve the right to refuse to erase information that we are required to retain by law or regulation, or that is required to exercise or defend legal claims. To exercise your right to delete your personal data please contact the Data Protection Officer (DPO).

Restrict the processing of your personal data

We will put on hold the processing of your personal data when:

  • The accuracy needs to be verified
  • If it has been collected unlawfully and you object to the deletion but want it restricted
  • We no longer need your data, but you request it to establish, exercise or defend a legal claim
  • You object and we need to consider if our legitimate business interest overrides your request

Data portability

You can request that your data is transmitted to you and/ or another service provider where it is technically feasible.

Right to object

You can object to the processing of your personal data where you feel our legitimate interest will cause you distress or detriment. You can also object when you do not agree to direct marketing.

Automated decision-making and profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling. We will give you the opportunity to discuss with us and review the accuracy of any decisions made based on automated processing.

 

Complaints

If you have concerns about how we collect, use, share or keep your personal data, or you think there has been a breach, you can contact us to make a complaint or to find out about complaints procedure by calling us on 0113 320 1900.

If you do make a complaint, we will follow our internal complaints procedure to resolve your complain quickly and fairly. If we are unable to meet your expectations and resolve your complaint, you may contact The Financial Ombudsman Service (FOS). Their details are:

The Financial Ombudsman Service (FOS)
Exchange Tower
London
E14 9SR

Telephone: 08000 234 567

Email: [email protected]

Web: www.financial-ombudsman.org.uk

You also have the right to make a complaint to the Information Commissioner’s Office if you have concerns about how we collect, use, share or keep your personal data. Their details are:

Information Commissioner’s Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Web: www.ico.org.uk
Telephone: 0303 123 1113

 

Contact us

If you have any questions, comments or require further details on how we collect, use, share and store your personal data, or about your rights and how to exercise them, please contact us:

Data Protection Officer
Modus UK Ltd T/A OnePay
First Floor
Mayfield House
Lower Railway Road
Ilkley
LS29 8FL

Email: [email protected]

 

Changes to this policy

We will post any changes to our Data Privacy Notice on this page. However, for any significant changes we will contact you to let you know of the changes made.