Skip to main content

Privacy Policy

Last updated: 16 September 2024

Where the words “we”, “us” or “our” are used in this document, they are all references to Paydough Limited, a company incorporated in England and Wales (under company registration number 13146801) and whose registered office is at 3 Back Lane, Godden Green, Sevenoaks, United Kingdom TN15 0JH.

This document is not part of the agreement and is not binding on you, but it outlines the obligations regarding the handling of personal data, which are binding under applicable data protection laws such as the UK GDPR.

You can ask us to stop processing your information at any time by emailing us at [email protected] (although, as some types of information processing and sharing are essential to the provision of our services or certain aspects of those services, if you do ask us to stop processing your information we may not be able to provide some of the services or continue to provide the services in the same way). You can also stop us processing your information by closing your account or by emailing [email protected]. However, even if you do ask us to stop, we may have other lawful grounds for processing your information (for example, to comply with our statutory or regulatory duties or the orders of a court).

This Privacy Policy applies to all personal data we process as a controller in respect of our users, customers and other business partners. It does not apply to the extent we process personal data in the role of a processor or service provider on behalf of our customers or partners.

We encourage you to read the remainder of this Privacy Policy to understand more about how we process your data.

How Do We Collect Information About You?

We collect information about you when you use our website, register to open an account with us, use our services, make transactions and when you contact us.

We might also receive information about you from someone else (for instance, from your bank or social media accounts or from your employer where you represent one of our customers or business partners). We will let you know if this happens and we are not already processing information about you.

What Information Do We Collect?

We collect information about you in three ways: (i) when you provide it to us directly, (ii) when we gather information while you are using the Services, and (iii) when we collect information from other sources.

Below is a description of the types of information that we may receive directly from you.

  • “Identity Data” includes first name, last name, email address, address, telephone numbers and images, and includes government-issued IDs,
  • “Company Data” includes business name, contact information, company location data, address, category of services provided, type of business, VAT numbers, number Chamber of commerce, etc.
  • “Call Recording Data” includes information collected when recording telephone calls which you make to us or receive from us.
  • “Account information” includes information that you provide for us to fulfil our Services, this includes opening times, dashboard usernames, contact details, key words, pictures, etc.
  • “Other Information” you choose to provide. You may choose to provide other information, such as different types of content (e.g., photographs, articles, comments), content you make available through our live web chat function or through social media accounts or memberships with third parties, or any other information you want to share with us.

We also get data throughout the provision of our Services:

  • “Reviews Data” includes your interactions with reviews that we may process during the provision of the service
  • “Analytics Data” includes analytics around your business reviews (including but not limited to user data, reply rate, average rating of your location etc.) and also platform usage analytics, such as usage data, troubleshooting, interaction with  accounts.

We also get data from the devices you use when you interact with our systems, like your location or information about the device you’re using.

  • “Technical Data” includes information we obtain from your device or browser (such as IP address, your login data, version and device identifiers, time zone setting, language setting and location, browser plug-in types and versions and operating system) as well as how you use our website. We may automatically collect Technical and Usage Data about your equipment, browsing actions and patterns. We collect this personal data by using server logs and other similar technologies. We may also receive data about you if you visit other websites employing our cookies.

Where we process special categories of data for any of the data categories listed above, we have checked the processing of the is necessary for the purpose we have identified and are satisfied there is no other reasonable and less intrusive way to achieve that purpose.

What Do We Use Your Information For?

We will only use your personal data when we are allowed to and only where:

  • we need to perform the contract we are about to enter into or have entered into with you or the customer or business partner you represent;
  • we have a legitimate interest in processing your personal data and your interests and fundamental rights do not override that interest;
  • we need to comply with a legal or regulatory obligation; or
  • you have given your consent.

We use your information to provide our services. This might include:

  • processing and managing an application for our services as well as how you access and use our services. We have a legitimate interest in this to understand how users interact with our app or services and to take steps to enter into a contract with you;
  • processing transactions using our services. We will do this to perform the contract we have with you;
  • communicating with you about our services, your account with us and to provide support or handle complaints where you contact us. We have a legitimate interest in this communication so we can provide you with adequate support;
  • facilitating the negotiation of any merger, sale of company assets, financing, acquisition or divestiture of all or a portion of our business. We have a legitimate interest in this in order to conclude any of these transactions;
  • providing electronic receipts. We will do this as part of performing our contract with you; and
  • communicating with you if you represent one of our customers or business partners. We will have a legitimate interest in this communication to establish our commercial relationship with the customer or business partner and as part of performing our contract with them.
  • to improve our services. This might include doing things like:
    • measuring the performance of our services. We have a legitimate interest in this to develop our product and services and to promote our company, products and services;
    • conducting statistical analysis about how you and other users of our services make use of those services. We have a legitimate interest to make improvements to our services or to develop new services;
    • providing software updates so that they deliver improved features and functionality or fixing bugs. We have a legitimate interest in this and may also do this to ensure that we can continue to perform our contract with you;
    • changing how we run our business, organise ourselves and deliver the services to you. We have a legitimate interest in this to develop and improve our product and services; and
    • personalising parts of the service to your tastes and preferences (for more information regarding profiling, please see below). We have a legitimate interest in this to develop our business and assess how users interact with our app or services;
    • to communicate with you about marketing or promotional campaigns or to send you our insights (but, unless you represent a customer or business partner, only where you have told us you want to receive these communications and you have not told us to stop sending you messages). Should you opt in to receive marketing or promotional campaigns or insights from a business partner via our apps or services, you acknowledge that the business partner shall similarly communicate with you in this respect (only where you have explicitly consented to receiving these communications and you have not opted out). This might include:
      • sending you Insights;
      • sending you messages about sales or promotions offered by us or our business partners;
      • personalising parts of the service to your tastes and preferences (please see below for more information on profiling); and
      • getting in touch if we need to tell you about something, like a change to our policies or issues with our services (service notices). In some cases, we will do this to perform the contract we have with you. Alternatively, we will have a legitimate interest in giving you these service notices;
    • for business, regulatory and legal obligations, like:
      • obtaining and maintaining insurance policies;
      • dealing with any requests you make or content you submit;
      • getting in touch if we need to tell you about something, like a change to our policies or issues with our apps or services;
      • managing risk (for instance, by assessing payment and funding risks, identifying, preventing, detecting or tackling fraud, money laundering and other crime and carrying out regulatory checks); and
      • complying with any court order or applicable law, regulation or governmental request (e.g. tax authorities) and to protect our rights or property, or the security or integrity of our business or services.

We may analyse the personal data we hold about you to recommend merchants and products that we think you might be interested in. We may also analyse the personal data in order to detect and prevent fraud and financial crime.

How Do We Protect Your Information?

We hold personal data about you at our own premises and with the assistance of third party service providers. We use third party service providers to perform a number of functions on our behalf including to host our platform, to send messaging on our behalf, to provide support services to you (including to provide translations to and from the English language) and to process transactions for the purchase of goods and services and to process invoicing for or by our customers or business partners.

Your personal data may be processed outside the European Economic Area (EEA) by our staff or the staff of our service providers. This might be in South Africa or the USA. Where we do this, we will ensure that one of the following safeguards are in place:

  • the European Commission has decided the relevant country ensures an adequate level of protection;
  • we have agreed the Standard Contractual Clauses (SCC) with the recipient of the personal data. These SCC are approved by the European Commission as providing adequate protection for your personal data; or
  • the recipient of the data has in place binding corporate rules approved by the European Commission as providing adequate protection for your personal data.

Whenever we share your personal data with third parties, we will take reasonable steps to ensure that your privacy rights continue to be protected under the applicable data protection legislation. By sharing your personal data with us and interacting with the services, you consent to the storing, processing and/or transfer described in this part of the Privacy Policy.

If data is transferred to a country where appropriate safeguards need to be put in place, we would be happy to provide information pertaining to such safeguards on request. You can contact us for this information by emailing [email protected]

We take reasonable measures, including administrative, technical and physical safeguards, to protect your personal data from loss, theft, misuse and unauthorised access, disclosure, alteration and destruction.

Who Do We Share Your Personal Data With And Why?

Transfers to other data controllers

  • Customers and other business partners : Where you have registered using a version of our services branded for one of our customers or business partners, we may share information about you, your account and how you use the services with that customer or business partner. We might also share your information with a business partner to investigate and resolve support issues you experience or where you notify us of a complaint.
  • Linking accounts : Where you have linked your Paydough account to another account you hold (like a bank account or social media account) we will share information with the operator of that account.

When we do share your information in this way, the recipient will become a new data controller of your information and will contact you to let you know about this and how they use and protect your information.

The information we share might include:

  • information that can be used to identify you (such as name, email address and phone number);
  • information about how you use our services;
  • detailed transaction data (including about payments you make, refunds and chargebacks);
  • your preferences (but only as they relate to that recipient); and
  • where you have raised a support issue or notified us of a complaint, the nature of the issue or complaint.

As a fraud prevention measure, we send your full name and postcode to payment service providers when you link a payment instrument to your account. We do this to ensure that your personal details match with the cardholder details and that you are the legitimate cardholder.

Where you make payments using our services, we share your data with a payment service provider (PSP) and they process your transactions. The PSP may share your information with third parties including regulators, your bank and the operators of the card schemes. Where the PSP shares your information with Mastercard, it will process your information under the Mastercard Binding Corporate Rules (as amended from time to time and currently available here: https://www.mastercard.co.uk/content/dam/mccom/global/documents/mastercard- bcrs-february-2017.pdf). You have the right to enforce these rules as a third party beneficiary.

Unique Identifier Number. When you register with us, we create an ID linked to your account and transaction history. This may be sent to third parties who provide payment.

Other uses. We may share your information with third parties, including law enforcement agencies for any of the following:

  • to fulfil our obligations under our contract with you (or the customer or business partner you represent), or as required by applicable law or payment scheme rules;
  • to assess financial and insurance risks, risk of fraud, sector risk and credit risk;
  • in relation to any breach of, or to enforce, our contact with you (or the customer or business partner you represent);
  • to recover debt or in relation to your insolvency;
  • to develop products, services and our systems;
  • to detect, investigate and prevent fraud or other crime;
  • to respond to requests from courts, law enforcement agencies and other governmental or regulatory authorities or agencies; and
  • to protect our rights, privacy and property, and that of our business partners.

We may also share your information with:

  • third parties we connect our APIs with to provide our Services, for example, Uberall and Stripe as processors and joint controllers.
  • third parties that help us create analytics on our platform such as Google analytics etc.
  • third parties to provide you with additional features and services, such as Uberall, AWS
  • our service providers. Service providers help us with things like payment processing, website hosting, database hosting, data analysis, information technology and related infrastructure, customer services, email delivery and anti-fraud services. These third parties are authorised to use your information only as necessary to provide their services to us and we take appropriate steps to ensure that third parties protect your information; and
  • third parties in the event of any reorganisation, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings). We shall endeavour to ensure such third parties are bound by confidentiality obligations in relation to such information.

How Long Do We Process Your Information For?

In most cases we will process your information only for as long as required to provide the services or until you close your account or ask us to stop processing your information.

You can ask us to stop processing your information or change the way in which we use it by:

  • changing the settings in our services (to effect changes to things like your location settings, language settings, notification settings); or otherwise, by:
  • emailing [email protected] ; or
  • writing to us at Customer Support (Data Protection), Paydough Limited, 3 Back Lane, Godden Green, Sevenoaks, United Kingdom TN15 0JH

There are some exceptions to this, however. We may have other lawful grounds for processing your information (for example, to comply with our statutory or regulatory duties or the orders of a court).

For example, we might be required to retain your personal data for a longer period (usually up to six years after you close your account or tell us to stop but this may vary depending on the territory in which you use the service) in order to comply with applicable law, tax obligations or regulatory requirements and for the establishment, exercise and defence of legal claims. If we do retain your information in this way, we will cease other forms of processing and we will continue to keep your information secure.

Your Rights

You can request a copy of the personal data we hold about you, its origin and any recipients of it as well as the purpose of any data processing carried out. For further information, please contact us by emailing [email protected] with the subject “Data subject access request”.

You can correct, restrict, object to our use of or ask us to delete your personal data at any time by emailing [email protected] with the subject “Data subject change request”. If the processing is based on the legal grounds of consent or fulfilment of contract, you have the right to portability. This means that you can receive the personal data that you have provided to us in a structured, commonly used and machine-readable format, and have the right to transfer this data to another data controller.

You have an absolute right to object to the processing of your personal data for direct marketing. You also have the right to recall your prior given consent. The withdrawal of your consent does not affect the lawfulness of the processing based on the consent before its withdrawal and we may continue processing your personal data based on other legal grounds.

If you have any questions about this document or in relation to how we use your personal data, please contact us by:

  1. emailing [email protected]; or
  2. writing to us at Customer Support (Data Protection), Paydough Limited, 3 Back Lane, Godden Green, Sevenoaks, United Kingdom TN15 0JH

Complaints

If you wish to make a complaint about how we process your information, please contact us by:

  1. emailing [email protected]; or
  2. writing to us at Customer Support (Data Protection), Paydough Limited, 3 Back Lane, Godden Green, Sevenoaks, United Kingdom TN15 0JH

Paydough will respond to your complaint within 30 business days.

The Information Commissioner’s Office regulates data protection and privacy matters in the UK and you have the right to make a complaint to the Information Commissioner’s Office at any time about the way that we use your information. You can find more details at ico.org.uk however we should appreciate the chance to deal with your concerns before you approach the Information Commissioner’s Office.

Updating Our Privacy Notice

We may update this Privacy Notice from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. When we make updates, we will post the revised version on our website and may also notify you through email or other communication channels.

If the changes are significant, we will provide a summary of the key updates. By continuing to use our services after the revised Privacy Notice has been posted and, where applicable, after you have been notified, you are acknowledging and agreeing to the updated terms of the Privacy Notice. If you do not agree with the changes, you should discontinue using our services.

Our Data Retention Policy

Please note that upon closure of your account we are required to cease processing your data other than where data retention is required by law. Following the retention periods outlined below, your data will be deleted permanently and irrevocably.

This policy sets the required retention periods for specified categories of personal data described in the Privacy Policy.

How Long Do We Retain Your Personal Information?

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including the purpose of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the relevant laws, amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes.

Why Do We Retain Your Personal Information?

In line with Article 6 of the GDPR, we will retain this data for following reasons:

  • Fraud prevention under Article 6(1)(c) of the GDPR. As set out in Paydough’s privacy notice, Paydough will retain your data to comply with statutory and regulatory obligations; this includes Anti-Money Laundering and fraud prevention legislation and regulations.

Right To Erasure

GDPR Article 17(1) provides grounds on which a company would delete data.

Under Article 17(3) of the GDPR, each of the lawful purposes listed above overrides the right to erasure under Article 17(1) of the GDPR.

In addition to this, Paydough has an ongoing legitimate interest in retaining your data for the following purposes based on the reasonable expectations established through our privacy notice:

  • Improvements to Paydough’s products and services: In this respect we process personal data only on a pseudo-anonymised basis. Information that could be used to identify you (such as name and mobile phone number) are not processed but statistical level data (such as download information and user numbers) will be processed.
  • Risk management and obtaining insurance: In this respect we process personal data only on a pseudo-anonymised basis. Information that could be used to identify you (such as name and mobile phone number) are not processed but statistical level data (such as download information and user numbers) will be processed.
  • Retention of information gained over the course of the contract to allow Paydough to establish, exercise and defend legal claims. On account registration, you entered into a contract with Paydough under Paydough’s general terms and, whilst there is no suggestion that either of us has a claim against the other, the possibility remains. Paydough has a legitimate interest in retaining your personal data in the event we need to establish, exercise or defend claims.

The right to erasure is not absolute. Should you wish to discuss any matter pertaining to our Privacy Policy or Data Retention Policy please feel free to send an email to [email protected]

If you wish to contact the ICO to discuss matters further, you can do so on this page.

Grow & manage your business, simply.

Get Started

Legal Documents

Privacy Policy
Terms
Close Menu