Updated January 2023.

 

1. Introduction

Welcome to the Lopay Terminal App. This policy explains how we handle and use your personal information in connection with your use of our mobile software application that we make available for download for retailers (“App”) and your rights in relation to it.  The App facilitates the receipt of payments by retailers by allowing them to register for payment processing services and generate quick response (QR) codes or place payments via a Lopay issued terminal. Under data protection law, Lopay Limited, the company that operates the App is the controller of that information. 

 

Lopay Limited (“we”, “our” or “us”) is committed to protecting and respecting the privacy of our users i.e. individuals who have a registered account on our App (“you” or “Users”).

 

This Privacy Policy explains why and how we will use the personal information that we have obtained from you, with whom we will share it and the rights you have in connection with the information we use. 

 

This policy applies to the App and is located at www.Lopay.com and from the menu within the App.

 

Lopay Limited is the controller in relation to the processing activities described below. This means that Lopay Limited decides why and how your personal information is processed in connection with those activities. Please see the section at the end of this policy for our contact and legal information.

 

The App is intended for use by individuals aged 18 and over. We do not knowingly collect personal information about children. If you are under the age of 18, please do not use the App.

‍

2. Information we collect about you

 

We receive personal information about you that you give to us when you  register with and use the App (e.g. your email address) (“Services”). We only collect personal information that we need and that is relevant for the purposes for which we intend to use it.

 

‍Personal Information you give us

 

‍This is information about you that you give to us when: (i) registering with a payment processor through the App or using the App; (ii) when placing an order (e.g. for a card reader); or (iii) corresponding with us by phone, email or other means and is provided by you entirely voluntarily. 

 

Information that we receive. The information you give to us and that we receive includes your contact details (such as your name, address and email address) and your country location, the name of your company or business (all of which is information we retain before sending it to the payment processing provider – see further below).   We also receive your customer support enquiries and other correspondence including in relation to your opinion of our Services.

 

If you do not provide this information to us we may not be able to provide the Services to you, contact you and/or resolve your queries effectively.

 

Information sent directly to Stripe. The App allows you to register with our third party payment processor, Stripe, by entering certain information into the App. The personal and other information you enter and send using the App when you register is transmitted directly to Stripe and not received by us except as described in the paragraph above. Stripe is separately responsible to you for the processing of this personal information and is a separate ‘controller’ for the purposes of data protection laws, as it decides why and how this information is used.

 

‍The following information is sent to Stripe:

 

Your legal name

Phone number

Date of birth

Home address

Your company’s or business’ website

The industry your company or business operates in

Bank account (pay out details) – sort code, account number, currency

Information contained in documents used to verify your identity (e.g. passport or driver’s licence)

Information contained in documents used to verify your home address (e.g. driver’s licence or utility bill)

For further information regarding how your personal information is used by Stripe, please see the Stripe Privacy Policy at www.stripe.com/privacy

 

If you do not provide this information you will be unable to register with Stripe and use the Services.

 

We collect information about the make and model of your device when you access the App.

 

We store tokenised credit/debit card details along with the last four digits and expiry month.

 

 

‍

3. Use of your personal information

We use your personal information for a variety of reasons. We rely on different legal grounds to process your personal information, depending on the purposes of our use and the risks to your privacy. We do not share your personal information with companies that would send their marketing to you.

 

‍We use your personal information in the following ways:

 

‍3.1 Where required to comply with our LEGAL OBLIGATIONS

We will use your personal information to comply with our legal obligations for example where we are required to use that information to comply with our obligations under consumer rights or data protection legislation.  

 

We will keep a record of the rights you exercise in connection with our processing of your personal information.

 

We may also use your contact details to notify you of updates to our terms and policies.

 

‍3.2 Where processing is necessary for us to pursue a LEGITIMATE INTEREST

We may use and process your personal information where it is necessary for us to pursue our legitimate interests as a business for the following purposes:

 

Processing necessary for us to support users with enquiries

 

– to correspond and communicate with you in connection with the App; and

– to identify ways of improving your experience of the App and Services.

 

Processing necessary for us to respond to changing market conditions and our users’ needs

 

– for insight and intelligence in order to improve our understanding of the way that users use the App and the Services that we deliver; and

– to analyse patterns of use, determine where we should focus our Services and efforts through processing anonymised and aggregated data, monitoring the features of the App that have been used most frequently. 

 

Processing necessary for us to operate the administrative and technical aspects of our business efficiently and effectively

 

– to resolve technical issues and provide the most-up to date version of the App, with improved features; to administer the App and for internal operations, including troubleshooting, testing and statistical reporting purposes;

– for the prevention and detection of fraud and other criminal activities and for the apprehension of offenders; to verify the accuracy of information we hold about you and create a better understanding of you as a User;

– for network and information security purposes in order for us to take steps to protect your information against loss or damage, theft or unauthorised access;

– to comply with a request from you in connection with the exercise of your rights (for example where you have asked us not to contact you for marketing purposes, we will keep a record of this on our suppression lists in order to be able to comply with your request);

– for the purposes of a corporate restructure or reorganisation or sale of our business or assets; for efficiency, accuracy or other improvements of our databases and systems e.g. by combining systems or consolidating records we hold about you;

– to enforce or protect our contractual or other legal rights or to bring or defend legal proceedings; and

 

– for general administration including managing your queries, complaints, or claims, to send service messages and to provide you with important information about our business.

‍3.3 Where necessary for us to carry out PRE-CONTRACT STEPS you have requested or for the performance of our CONTRACT

We will use your personal information where this is necessary for us to perform our contract with you or to carry out any pre-contract steps you’ve asked us to so that you can enter into that contract. In particular, we will use your personal information to deliver to you items that you order and use your country location to display the correct currency for your transactions.

 

4. Disclosure of your personal information by us

We only disclose your personal information outside our business in limited circumstances. If we do, we will put in place a contract that requires recipients to protect your personal information, unless we are legally required to share that information. Any suppliers or other recipients that work for us will be obliged to follow our instructions.

 

‍ We may disclose your information to our third party service providers, agents, subcontractors and other suppliers for the purposes of providing the App to you, including the operation and maintenance of the App. Please see the table below in this section for further details regarding the personal information we disclose and our reasons for doing so.

 

When we use suppliers, we only disclose to them any personal information that is necessary for them to provide their services and only where we have a contract in place that requires them to keep your information secure and not to use it other than in accordance with our specific instructions.

 

We disclose your personal information to the following third parties for the purposes listed below:

‍

Category of personal information

Recipient/industry 

Purpose of disclosure

Payment information (see the Information sent directly to Stripe section above)

 

Payment processor (Stripe)/financial services

 

To facilitate your receipt of payments made through the App

 

All personal information collected

 

Cloud storage hosting providers (including Amazon Web Services)/ITTo support and maintain the App, including the software and hardware infrastructure required for it to operate properly, and to keep a backup of your personal information. 

 

Device data. Data analytics service providers/data processing

To generate statistical information and provide us with basic analytical tools for optimisation of our App and Services.

 

All personal information collected

 

Our legal, accountancy and other professional advisers/professional services

To provide us with advice in relation to our business, including our legal, financial and other obligations and claims.

 

All personal information collected

 

Hosting providers/IT

 

To host the App, including your personal information.

 

All personal information collectedApp developers/IT

 

To maintain and improve the App.

 

The recipients listed in the table above are located in the United Kingdom, European Economic Area and the USA.

 

We may disclose your personal information to other third parties in order to comply with any legal or regulatory obligations or police, court or government request.

‍

5. Transfers of your personal information outside of Europe

We may transfer your personal information outside of the United Kingdom (UK) and European Economic Area (EEA). We take measures to protect your personal information when it is transferred to a country which does not have similar data protection laws to the UK.

 

‍All the personal information collected about you by us or on our behalf may be transferred to countries outside the UK and EEA. By way of example, this may happen if any of our servers or those of our third party service providers are from time to time located in a country outside of the UK and EEA. These countries may not have similar data protection laws to the UK and so they may not protect the use of your personal information to the same extent.

 

If we transfer your information outside of the UK and EEA in this way, we will take steps to ensure that appropriate measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this policy. These steps include selecting recipients located in countries that have been declared adequately protective of your personal information by the relevant authorities or ensuring that the recipients are subscribed to ‘international frameworks’ that aim to ensure adequate protection. Where they do not, we ensure that we impose contractual obligations on them that are broadly equivalent as required by UK data protection law. Please contact us using the details at the end of this policy for more information about the protections that we put in place and to obtain a copy of the relevant documents.

‍

6. Security and links to third parties

We take the security of your personal information seriously and use a variety of measures based on good industry practice to keep it secure. Nonetheless, transmissions to and from the App may not always be completely secure, so please exercise caution. When downloading third party software in order to access the App, their privacy policies, not ours, will apply to your personal information.

 

We employ security measures to protect the information you provide to us, to prevent access by unauthorised persons and unlawful processing, accidental loss, destruction and damage. When you have chosen a password to log into the App, you are responsible for safeguarding it and keeping it confidential and you promise not to allow it to be used by third parties.

 

The App may require you to download and activate certain third party software in order to use it, (for example updates to the operating system of your device). This policy does not apply to those third party services, so we encourage you to read their privacy policies. We are not responsible for the privacy policies and practices of other third party services (even if you access them using links that we provide) and we provide links to those third parties, solely for your information and convenience. We specifically disclaim responsibility for their content, privacy practices and terms of use, and we make no endorsements, representations or promises about their accuracy, content or thoroughness. Your disclosure of personal information to third parties is at your own risk.

‍

7. The periods for which we retain your personal information

We will not hold your personal information in an identifiable format for any longer than is necessary for the purposes for which we collected it. The periods for which we hold your personal information will depend on the type of personal information. These periods also apply where we share your information with suppliers who process your personal information on our behalf.

 

We retain your personal information for the purposes of establishing, bringing or defending legal claims for up to 6 years from the date we no longer require it for the purposes listed above.

 

The only exceptions to the period mentioned above are where:

 

– you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law (see further Your rights over your personal information);

 

– you exercise your right to require us to retain your personal information for a period longer than our stated retention period (see further Your rights over your personal information);

 

– we bring or defend a legal claim or other proceedings during the period we retain your personal information, in which case we will retain your personal information until those proceedings have concluded and no further appeals are possible;

 

– your account is subject to an investigation of criminal or fraudulent activity; or in limited cases, existing or future law or a court or regulator requires us to keep your personal information for a longer or shorter period.

 

We also retain an anonymised version of the submitted personal information for as long as we require it for reporting and other statistical and analytical purposes. Such anonymised information will not identify you and may be derived from personal information that was contained within accounts that have subsequently been deleted.

‍

8. Your rights over your personal information

You have a number of rights in relation to your personal information under data protection law. In relation to certain rights, we may ask you for information to verify your identity and, where applicable, to help us to search for your personal information. Except in rare cases, we will respond to you within one month after we have received this information or, where no such information is required, after we have received full details of your request.

 

‍You have the following rights, some of which may only apply in certain circumstances:

 

– to be informed about the processing of your personal information (this is what this policy sets out to do);

‍

– to have your personal information corrected if it is inaccurate and to have incomplete personal information completed;

‍

‍The accuracy of your information is important to us and we are working on ways to make it easier for you to review and correct the information that we hold about you. In the meantime, if you change your name or email address, or you discover that any of the other information we hold is inaccurate or out of date, please let us know by contacting us in any of the details described at the end of this policy.

 

– to object to processing of your personal information;

 

Where we rely on our legitimate interests as the legal basis for processing your personal information for particular purposes, you may object to us using your personal information for these purposes by emailing or writing to us at the address at the end of this policy. Except for the purposes for which we are sure we can continue to process your personal information, we will temporarily stop processing your personal information in line with your objection until we have investigated the matter. If we agree that your objection is justified in accordance with your rights under data protection laws, we will permanently stop using your data for those purposes. Otherwise we will provide you with our justification as to why we need to continue using your data. You may object to us using your personal information for direct marketing purposes and we will automatically comply with your request. If you would like to do so, please click on the unsubscribe message on our emails.

 

– to withdraw your consent to processing your personal information;

 

Where we rely on your consent as the legal basis for processing your personal information, you may withdraw your consent at any time by contacting us, using the details at the end of this policy. If you would like to withdraw your consent to receiving any direct marketing to which you previously opted-in, you can also do so using our unsubscribe tool. If you withdraw your consent, our use of your personal information before you withdraw is still lawful.

 

– to restrict processing of your personal information;

 

‍ You may ask us to restrict the processing of your personal information in the following situations:where you believe it is unlawful for us to do so, you have objected to its use and our investigation is pending or you require us to keep it in connection with legal proceedings. In these situations, we may only process your personal information whilst its processing is restricted if we have your consent or are legally permitted to do so, for example for storage purposes, to protect the rights of another individual or company or in connection with legal proceedings.

 

– to have your personal information erased;

 

‍In certain circumstances, you may ask for your personal information to be removed from our systems by emailing or writing to us at the address at the end of this policy. Unless there is a reason that the law allows us to use your personal information for longer, we will make reasonable efforts to comply with your request.

 

– to request access to your personal information and information about how we process it;

 

‍You have the right to ask for a copy of the information that we hold about you by emailing or writing to us at the address at the end of this policy. We may not provide you with a copy of your personal information, if this concerns other individuals or we have another lawful reason to withhold that information.

 

– to electronically move, copy or transfer your personal information in a standard form (data portability); and

 

Where we rely on your consent as the legal basis for processing your personal information, you may ask us to provide you with a copy of that information in a structured data file. We will provide this to you electronically in a structured, commonly used and machine readable form, such as a CSV file.

 

You can ask us to send your personal information directly to another service provider, and we will do so if this is technically possible. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.

 

– rights relating to automated decision making, including profiling.

 

We do not envisage that any significant decisions will be taken about you using purely automated means, however we will update this policy if this position changes.

 

To exercise these rights, please contact us using the details at the end of this policy.

 

You have the right to lodge a complaint with a data protection regulator, in particular in a country you work or live or where your legal rights have been infringed.  However, we encourage you to contact us before making any complaint and we will seek to resolve any issues or concerns you may have. The data protection regulator in the UK is the Information Commissioner’s Office (ICO).

‍

9. Changes to our Privacy Policy

Please check this page regularly for changes to this policy. We may also notify you of changes via your account and/or by email (if we hold a valid email address for you).

 

We may review this policy from time to time and any changes will be notified to you by posting an updated version on our website https://www.Lopay.com (which can be accessed through the App), and/or by contacting you by email or via your account. Any changes will take effect 7 days after we post the modified terms online, or after the date we notify you by email or via your account. We recommend you regularly check for changes and review this policy when you use the App. If you do not agree with any aspect of the updated policy, you must promptly notify us and cease using the App.

‍

10.Contact and legal information 

You can contact us with your queries in relation to this policy or for any other reason at any time.

 

‍To contact us for any reason, including to exercise any of your rights in relation to your personal information, please write to the Data Protection Manager at the correspondence address below or email us at [email protected]

 

Lopay Limited is a company incorporated in England and Wales under company registration 13384279, and registered office address 20-22 Wenlock Road, London, N1 7GU, United Kingdom.

 

If you would like to write to us, please use our correspondence address at Lopay, Challenge House, Sherwood Drive, Bletchley, Milton Keynes. MK3 6DP.