Privacy Policy
Last updated June 2024
Who we are
Prepay Technologies Ltd is a company registered in England and Wales with company number 04008083 and a registered office at Station Square 1 Gloucester Street, Swindon, Wiltshire, SN1 1GW, United Kingdom.
and
PPS EU SA (a subsidiary of Prepay Technologies Ltd), a company registered in Belgium with company number 0712.775.202 and a registered office at Boulevard du Souverain 165, Boîte 9, 1160 Brussels, Belgium.
Together referred to as “Prepay Technologies Ltd”, “Our” and “We” herein.
Cards and Accounts
This Privacy Policy is only applicable to Cards and/or Accounts (“Card”) issued by Prepay Technologies Ltd. The Terms and Conditions relating to your Cards and/or Accounts will clearly state whether your Cards and/or Accounts is regulated as E-Money or payment services. If you are not sure, please do ask for clarification by contacting PPT.DPO@edenred.com
Prepay Technologies Ltd is the Data Controller in relation to your Cards and/or Accounts and all necessary activities relating to the operation of the Cards and/or Accounts: allowing you to receive, activate and use your Card (activating, managing and using your online account where applicable, making and receiving payment transactions, meeting legal requirements, answering requests, providing information to you). You may be the Customer, or you may be a person that has been provided with Cards and/or Accounts by the Customer.
Programme Managers
If you provide any personal information to the Programme Manager relevant to your Card (this party is clearly identifiable by the branding on your card), the Programme Manager is a separate Data Controller, and you can view their Privacy Policy on their website. If you are not sure, please do ask for clarification by contacting PPT.DPO@edenred.com
Retail Gift cards and other Cards which are not regulated as E-Money
If you have a product such as a gift card where Prepay Technologies Ltd is acting as a Data Processor and the product is not regulated as E-Money, please go to the website of the party that has issued the relevant gift card and details of how your personal data will be processed will be set out in this party’s own privacy policy. If you are not sure, please do ask for clarification by contacting PPT.DPO@edenred.com
Contact details for the Prepay Technologies Ltd Data Protection Officer
Our Data Protection Officer can be contacted at PO Box 3883, Swindon SN3 9EA or at PPT.DPO@edenred.com
The purposes and legal basis for processing your personal information
Processing is necessary for the performance your contract with Prepay Technologies Ltd and for the issue and operation of Cards and/or Accounts and is necessary for compliance with legal obligations applicable to Prepay Technologies Ltd such as financial crime prevention. Prepay Technologies Ltd does not use your personal information for marketing purposes and will not share your information with third parties for marketing purposes.
Financial crime prevention
Prepay Technologies Ltd will use your personal information to help decide if your accounts may be being used for fraud or money-laundering. We may detect that an account is being used in ways that fraudsters work, or we may notice that an account is being used in a way that is unusual. If we think there is a risk of fraud, we may stop activity on the accounts or refuse access to them.
We might also check and share your information with law enforcement and fraud prevention agencies, judicial bodies, government entities, tax authorities or regulatory bodies. If fraud is identified or suspected, these agencies may keep a record of that information and we may refuse to provide any services.
Categories of personal information and collection
|
Type of personal information |
Description |
|
Personal Details |
Full name and birth |
|
Contact Details |
Where you live and how to contact you including phone numbers and e-mail addresses |
|
Transactional Data |
Details about your Card, use of your Card and payments to and from your accounts |
|
Contractual information |
Details about the products or services we provide to you |
|
Locational Data |
Data we get about where you are, such as may come from your mobile phone, the address where you connect a computer to the internet, or a shop where you buy something with your Card |
|
Behavioural Data |
Details about how you use our products and services |
|
Technical Data |
Details on the devices and technology you use |
|
Communications |
What we learn about you from letters, emails and conversations between us |
|
Documentary Data |
Details about you that are stored in documents in various formats, or copies of them. This could include things like your passport, drivers’ licence or birth certificate collected to fulfil customer due diligence requirements |
Personal information will only be collected directly and voluntarily from you as part of the application process or as a result of transactions relating from the use of your Cards and/or Accounts. Some personal information may be verified by Prepay Technologies Ltd with use of publicly accessible sources to fulfil customer due diligence.
For TUI and UBT customers, Transunion (a credit reference agency) is used to help identify and verify individuals - please refer to https://www.transunion.co.uk/legal-information/bureau-privacy-notice for further details on how this information is used.
Lloyds Cardnet is used is a Payment Gateway that allows account holders to deposit funds to their accounts – please refer to www.lloydsbank.com/business/privacy.html for further details on how this information is used.
Sending personal information outside of the EEA
Prepay Technologies Ltd will only send your personal information outside of the European Economic Area (EEA) to:
-
Follow your instructions
-
Comply with a legal duty
In relation to personal information processed by Mastercard certain processors are located outside of Europe. Personal information processed by Mastercard is subject to Mastercard Binding Corporate Rules which you have enforcement rights under as a third-party beneficiary.
Recipients (or categories of recipients) of personal information
Prepay Technologies Ltd is committed to ensuring that your information is secure with us and with third parties who act on our behalf. These third parties include MasterCard, card manufacturers, suppliers of identity validation services, IVR and call recording (telephone) suppliers and (if relevant) the Programme Manager (this party is identifiable by the branding on your card). We use many tools to make sure that your information remains confidential and accurate, and we may monitor or record calls, emails, text messages or other communications in order to protect you and us.
Retention of personal information
We don’t keep your information for longer than we need to, which is usually up to 6 years in the United Kingdom and up to 10 years in the EEA after the end of the relationship or upon termination of the contract, unless we are required to keep it longer (for example due to a court order or investigation by law enforcement agencies or regulators).
Your Rights
You have certain legal rights to control what we do with your information. These include:
|
Access |
You have a right to access the personal information we hold about you |
|
Rectification |
You have a right to rectification of inaccurate personal information and to update incomplete personal information |
|
Erasure |
You have a right to request that we delete your personal information |
|
Restriction on processing |
You have a right to request us to restrict a processing of your personal information |
|
Objection to processing |
You have a right to object to the processing of your personal information |
|
Portability |
You have a right to personal information portability |
|
Marketing |
You have a right to object to direct marketing |
To exercise any of your legal rights, you can register your request here or email Prepay Technologies Ltd at PPT.DPO@edenred.com or you can write to Prepay Technologies Ltd DPO at PO Box 3883, Swindon SN3 9EA.
Your right to lodge a complaint with the Information Commissioner’s Office
If you wish to raise a complaint on how we have handled your personal information, you can contact our Data Protection Officer. We hope that we can address any concerns you may have, but if we fail to address your complaint you can contact either the:
-
Information Commissioner’s Office (https://ico.org.uk/) if you are a United Kingdom resident; or
-
Data Protection Authority (https://www.privacycommission.be) if you are an EEA resident.
If you choose not to give personal information
If you choose not to give us your personal information, it may mean that we cannot perform services needed to run your Cards and/or Accounts. It could mean that we cancel your Card, Accounts or services you have with us.