Data Privacy Notice


When you apply for and use our products and services, carry out transactions, or contact us e.g. to make an enquiry or a complaint, Modus UK Ltd T/A OnePay collects personal data about you.
This Data Privacy Notice details the types of personal data we collect either from you or from others, who we share it with, how long we keep it and your rights.
When we refer to ‘we’, ‘our’, ‘us’ and ‘Modus UK Ltd T/A OnePay’ in this Data Privacy Notice we mean OnePay. For Data Protection purposes, OnePay is the Data Controller.
We’re committed to protecting and respecting your privacy. We are registered with the Information Commissioner’s Office under number Z995329X.

Personal data we collect about you

In general, we do not collect, use or share sensitive personal data about you but in some cases the personal data we do collect may reveal this. Sensitive personal data is defined by data protection regulations as ‘special category’, for example, your ethnic or racial origin, physical or mental health details, religious beliefs or other beliefs of a similar nature, sex life or sexual orientation, trade union membership and criminal convictions. We will only collect and use special category personal data when we must in order to meet a legal obligation, with your explicit consent or where we believe you or another person may be at risk.

Personal data we collect in general are:

Name, title, address, contact details, date of birth and/ or age, employment details, your username/ password and other registration information, nationality and national identifiers, for example, national insurance, passport, national ID card and driving license numbers and any other information you provide to identify yourself/ prove you are eligible to use our service including your image (where required as part of our Know-Your-Customer or security checks).

We use this to:

Identify you
Manage your business relationship with us
Support crime and fraud prevention

Telephone, voice recordings

We use this to:

Provide a record of the conversations you have with us
Understand your needs and assess the suitability of our products and services
Protect you and provide security
Provide colleague training to help improve the quality of our service
Meet regulatory requirements
Support crime and fraud prevention

Technical Data where you use any of the OnePay online services e.g. the App, Portal or Website such as your IP address, your login data, your browser type and version, the operating system and platform, the type of device you use and its unique identifier, your location and your authentication data (e.g. any details we ask you for or collect to confirm your identity such as your telephone number, your device details, a passcode, password).

We use this to:

Help us provide our services to you 
Obtain information on your transaction 
Support crime and fraud prevention 
Meet regulatory requirements 

Financial details for example balance, transactions, how you operate your card and account.

We use this to:

Manage your relationship, products and services with us
Prevent crime and fraud

Due Diligence

We use this to:

Comply with our obligations in relation to illegal activities involving money (for example, fraud, money laundering and terrorist financing) or in compliance with international sanctions, which processing data such as the source of your funds, the purpose of our business relationship, account usage and your political exposed or sanctioned status (for example you are not a politically exposed person/ PEP)


We use this to:
Depending on your marketing preferences, we will send you marketing communications from us and/ or third parties to promote our products and services.

Cookie information

Read our Cookie Policy for more information on what cookies are and how we use them.

Who we share data with and why?

There are times when we may need to share the personal information and special category (sensitive) personal data we process. We will only do this where necessary and where data protection law allows us to. We are required to comply with all aspects of the General Data Protection Regulation (GDPR) and the Data Protection Act (DPA) 2018 and ensure that appropriate security measures are taken in order to protect you and keep your data safe and secure.

Others who we share your data with in general are:

OnePay employees who are authorised to deal with your personal data, for example, Customer Services

This allows them to do their job in order to provide you with support and answer any of your queries

Your authorised representatives for example family, attorneys.

We can share your data with your authorised representatives subject to us receiving the appropriate authority documents, for example, Power of Attorney/ Grant of Probate.

We share this data with them in order to:

Deal with their enquiries and requests
Manage the ongoing administration of your account
In some circumstances process transactions

Financial organisations

We share this data with them in order to:

Support with crime and fraud prevention
Support with enquiries and investigations

Card bureau companies and mailing houses

We share this data with them in order to:

Produce a OnePay card for you
Provide you with communications about our products and services
Note – we will only send you marketing communications when you have given us your consent to do so.

Suppliers who provide us with Information Technology, payment, processing, manufacturing and delivery services, and anyone whose name or logo appears on our card issued to you including our banking and financial services partners and payment networks.

We share data with them in order to:

To help us provide our services to you
Provide you with a facility to receive payments into your account
Provide you with your account services including processing your transactions
Provide third party systems, storage and application support, including the OnePay portal and mobile app.
Undertake Know Your Customer (KYC) ID verification

Law enforcement agencies including police forces and security organisations

We share data with them in order to:

Support crime and fraud prevention
Assist with any ongoing investigations relating to the security and/ or safety of individuals

Fraud prevention agencies

We share data with them in order to:

Carry out checks in order to prevent fraud and money laundering

External auditors

We share data with them in order to:

To support business decisions
Assist in meeting our legal and regulatory obligations
Assess OnePay’s performance

Professional bodies and Trade associations such as the Financial Ombudsmen and regulatory authorities such as the Financial Conduct Authority (FCA)

We share data with them in order to:

Assist with complaints and investigations
Provide regulatory authorities data about our business

Central and local government

We share data with them in order to:
Assist with enquiries and investigations
Confirm payments and benefits received into your account

Debt collection and tracing agencies

We share data with them in order to:

Assist in recovering monies owed, for example, in situations where you have accrued a negative balance on your card or account and you do not rectify it with us directly
Locate you when we have been unable to locate you using our normal communication methods

Others we may use, collect and hold personal data about

This could be your authorised representatives such as, family, attorneys, executors and beneficiaries.
We will collect this personal data about them to:
Manage your account in line with your authorisation

Our basis for processing
Comply with a legal obligation

PSI Pay Ltd is the e-money issuer and card scheme provider for your OnePay product. As they are authorised and regulated by the Financial Conduct Authority under the Electronic Money Regulations 2011, Modus UK Ltd are the programme manager and must ensure that we comply with the laws and regulations set by government bodies and the regulators. Therefore, where we are required to do so by law to collect, use, share or keep personal data we will do so.


Where you choose to enter into a contract with us or make an enquiry with the intention of entering into a contract, including the terms and conditions for the ongoing management of your account and product once opened.
If you do not enter into an agreement with us, we are unable to proceed with your application and provide the ongoing management of your account and product.

Legitimate interests

This is where we have a valid interest in the data we collect, use, share and keep if it is warranted and does not cause you any detriment, damage or distress. You have the right to challenge our legitimate interest if you believe we do not have a valid reason to collect, use, share or hold your data.

Consent and explicit consent

Where we ask for your consent to carry out certain activities such as marketing, you can withdraw your consent at any time. Where we collect, use, share or keep special category (sensitive) personal data, we will ask for your explicit consent before we do this.

Note – To withdraw your consent at any time you will need to contact our Data Protection Officer (DPO) via email [email protected]

How we will use your personal data
Application and ongoing account management

We will collect, use, share and keep personal data needed to deal with your enquiry, assess the suitability of a business relationship with you, process your application and manage the ongoing administration of your account, product and services. This includes keeping your account records up to date and contacting you when needed.

Communicating with you

We will use the contact details you have provided us with to communicate with you about the product and services you hold with us, contact you as requested, marketing purposes to promote our products and services and to send you information we are required to by law, for example, account statements. We will also communicate with you about any changes to our business and/ or the features of our product and services or their operation and/ or associated news and/ or relevant regulatory changes.
We may use your personal data for research and statistical purposes so we can understand your customer needs, and circumstances are, what you like about OnePay and any improvements you think could be made.

We will use your personal data to process and respond to any complaints you raise in line with regulatory requirements.

Verifying your identity

We process your personal data on the basis that we have a legitimate interest in preventing fraud and money laundering and to verify your identity, in order to protect our business and to comply with laws that apply to us.

In order to identify you, we are required by law to collect, as a minimum, your full name, date of birth and residential address in the UK. We may also be required to verify your identity.

Fraud prevention

We will use and share your data with fraud prevention agencies to carry out checks for the prevention of fraud and money laundering.

Customers who require additional support

Our responsibility to customers is taken very seriously, in particular those customers who may be vulnerable.

For customers who need extra help

We want to ensure that you get the best experience from OnePay. Therefore, with your consent, we will add notes to your customer record about any adjustments we need to make when we communicate with you to ensure ease when you interact with us.

Customers dealing with a bereavement

If you are named as an executor or the administrator of the deceased persons estate and can show us proof of this, we can communicate with you regarding the OnePay account.
At the request of the executor(s) we will share the data with solicitors, HMRC and the customer beneficiaries where requested to do so.

How long do we keep your information for?

We have a Data Retention Policy which is available upon request from the Data Protection officer (DPO) by emailing [email protected]
We will normally keep your information throughout the period that we do work for you and afterwards for a period of five years as we are required to do by law and by the regulations that apply to us.

Our approach to sending information overseas

It may sometimes be necessary to transfer personal information overseas. When this is needed, we take all reasonable steps to ensure your personal data is handled securely and in line with data protection laws. 

Keeping your information safe

We shall ensure that all the information that you provide to us is kept secure using appropriate technical and organisational measures.
In the event of a personal data breach we have in place procedures to ensure that the effects of such a beach are minimised and shall liaise with the ICO and with you as appropriate.

Your rights

You have a right to be:


This is what this Data Privacy Notice highlights to you. We do this by providing you with the notice on our website, and mobile app when we collect new or additional data from you.

Access your personal data

We will grant you access to and provide you with the details of the personal details we hold about you.
To access this, you will need to provide a request in writing to our Data Protection Officer (DPO), together with your proof of identity.
We will deal with your request within 30 days and are free of charge. However, we reserve the right to charge a reasonable administration fee and to extend the period of time by a further two months if the request is manifestly unfounded or vexatious and/ or is very complex.

Have inaccurate or incomplete data corrected

We will correct and/ or update your personal data if you inform us or we identify that it is inaccurate or incomplete.

Right to erasure

You have the right to ask us to delete your personal data in certain cases such as:

The personal data is no longer needed in relation to the purposes for which they were collected or processed
You withdraw your consent you’ve previously given us
You object and we do not have a valid business interest
Your personal data has been unlawfully processed
We are required to do so by law
The personal data is processed in relation to the offer of information society services to a child

We will deal with your request free of charge and within 30 days. We do reserve the right to refuse to erase information that we are required to retain by law or regulation, or that is required to exercise or defend legal claims. To exercise your right to delete your personal data please contact the Data Protection Officer (DPO).

Restrict the processing of your personal data

We will put on hold the processing of your personal data when:

The accuracy needs to be verified
If it has been collected unlawfully and you object to the deletion but want it restricted
We no longer need your data, but you request it to establish, exercise or defend a legal claim
You object and we need to consider if our legitimate business interest overrides your request

Data portability

You can request that your data is transmitted to you and/ or another service provider where it is technically feasible.

Right to object

You can object to the processing of your personal data where you feel our legitimate interest will cause you distress or detriment. You can also object when you do not agree to direct marketing.

Automated decision-making and profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling. We will give you the opportunity to discuss with us and review the accuracy of any decisions made based on automated processing.


If you have concerns about how we collect, use, share or keep your personal data, or you think there has been a breach, you can contact us to make a complaint or to find out about complaints procedure by calling us on 0113 320 1900.

If you do make a complaint, we will follow our internal complaints procedure to resolve your complain quickly and fairly. If we are unable to meet your expectations and resolve your complaint, you may contact The Financial Ombudsman Service (FOS). Their details are:

The Financial Ombudsman Service (FOS)
Exchange Tower
E14 9SR

Telephone: 08000 234 567

Email: [email protected]


You also have the right to make a complaint to the Information Commissioner’s Office if you have concerns about how we collect, use, share or keep your personal data.

Their details are:

Information Commissioner’s Office (ICO)
Wycliffe House
Water Lane


Telephone: 0303 123 1113

Contact us

If you have any questions, comments or require further details on how we collect, use, share and store your personal data, or about your rights and how to exercise them, please contact us:

Data Protection Officer
Modus UK Ltd T/A OnePay
First Floor
Mayfield House
Lower Railway Road
LS29 8FL

Email: [email protected]

Changes to this policy

We will post any changes to our Data Privacy Notice on this page. However, for any significant changes we will contact you to let you know of the changes made.

Copilot Studio Embedded in Webpage