CarbonPay Limited (referred to and trading as “SecOre“, or “we” or “our” or “us” in this policy) is committed to respecting the privacy of individuals, including its clients. SecOre is a company registered in England under company number 12934414, and whose registered office is at Unit 3 Park Court, Pyrford Road, West Byfleet, Surrey, KT14 6SD
SecOre is a service providing businesses with prepaid cards.
SecOre owns and operates this site: https://secorepay.com. SecOre collects your personal data as explained below, when you access our site and you create your user account for becoming a user and then using the SecOre card.
This Privacy Policy (“Policy“), together with our website terms and conditions and any other documents referred to in it, sets out the basis on which SecOre processes such personal data. Please read the following carefully to understand our views and practices regarding how we handle personal data.
For the purposes of applicable data protection law (in particular, the retained EU law version of the General Data Protection Regulation ((EU) 2016/679) (“UK GDPR”) and the Data Protection Act 2018), SecOre is the “data controller” of your personal data when you are an individual and you contract with us directly.
When we contract with a corporate client (e.g. your employer) and they share your personal data with us as part of the provisions of services to this corporate client, we act as “data processors” on behalf of and under the instructions of our corporate clients, which are the “data controllers” of your personal data. Please refer to their respective privacy policies for more information regarding the processing of your personal data in this context.
Personal Data We Collect
We may collect and process the following personal data:
Information you or our corporate client gives us
In order to set up your account with us and for us to perform our contract with you or our corporate client, we may process the following personal data which you or our corporate client provides to us:
- Identity data – including first name, last name, role in organisation (in case of corporate applications) and date of birth.
- Contact data – including address, e-mail address and phone number.
- Profile data – including your account password, preferences, feedback and survey responses.
Information we collect about you
With regard to each of your visits to our site we may collect the following information:
Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and
Information about your visit; products, services or issues you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the site. This information is collected by using cookies and similar technologies. Please see our cookie policy below for further details.
Information we receive from other sources
We may also receive information about you when our payment service provider settles a payment on your behalf and /or from your bank in the event there is a failed payment.
Information about other people
If you provide information to us about any person other than yourself, such as your relatives, next of kin, your advisers or your suppliers, you must ensure that they understand how their information will be used, and that they have given their permission for you to disclose it to us and for you to allow us, and our outsourced service providers, to use it.
We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Policy.
We do not currently collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
General Use and Legal Basis
We use your personal data:
- To measure the adequate performance of our contract with you or our corporate client, for:
- Managing such contractual relationship between you and us;
- Enabling you to access and use our site, and
- Enabling you to use the SecOre card.
- Where this is necessary for purposes which are in our legitimate interests (or those of a third party). These interests are:
- Facilitating the creation, securing, and maintaining, of your account on our network; and
- Improving the quality of experience when you interact with our services.
- For purposes which are required by law, including:
- Responding to requests by government or law enforcement authorities conducting an investigation.
Automated Decision-Making and Profiling
We do not use solely automated decision making or profiling.
Disclosure of Your Personal Data
We may share your personal data with our subsidiaries and/or affiliates and also with trusted third parties including:
- Paysafe Financial Services Limited Limited and its affiliates, for the purposes of authenticating you as a representative of our corporate clients, performing the contract we enter into with our corporate client and issuing the SecOre card. Paysafe Financial Services Limited might also use your personal data to mitigate fraud, financial loss, or other harm, and to analyse, develop and improve their products, systems and tools.
- Platform.sh, for the purpose of provision of cloud data hosting services.
- Third party card processing and merchant acquiring companies that will process your debit card payments for us, including Adyen.
- Mastercard Partnerships, for the purpose of facilitating partnerships of SecOre with certain brands in order to monitor spending and to provide subsequent offers to customers.
- Analytics and search engine providers that assist us in the improvement and optimisation of our site.
We do not provide your information for marketing purposes or to marketing companies.
Moreover, we may disclose your personal data to third parties:
- If we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
- If SecOre, its business, or its assets are acquired by a third party, in which case personal data held by it about its users, suppliers, or customers will be one of the transferred assets; and
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms and conditions and other agreements; or if we reasonably consider this necessary; or to protect the rights, property, or safety of SecOre, our users, our customers, or others.
Where We Store Your Personal Data and How We Protect it
We take reasonable steps to protect your personal data from loss or destruction. Where you have a username or password (or other identification information) which enables you to access certain services or parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our site; any transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.
Your Rights
You have various rights with respect to our use of your personal data:
- Access: You have the right to request a copy of the personal data that we hold about you. Please note that there are exceptions to this right, so that access may be denied if, for example, making the information available to you would reveal personal data about another person, or if we are legally prevented from disclosing such information. You are entitled to see the personal data held about you. If you wish to do this, please contact us using the contact details provided below.
- Accuracy: We aim to keep your personal data accurate, current, and complete. We encourage you to contact us using the contact details provided below to let us know if any of your personal data is not accurate or changes during your relationship with us, so that we can keep your personal data up-to-date. You can also review and correct/ update some of your personal data by logging-in to your account on our site.
- Objecting: In certain circumstances, you also have the right to object to processing of your personal data and to ask us to block, erase and restrict your personal data. If you would like us to stop using your personal data, please contact us using the contact details provided below.
- Porting: You have the right to request that some of your personal data is provided to you, or to another data controller, in a commonly used, machine-readable format.
- Erasure: You have the right to erase your personal data when the personal data are no longer necessary for the purposes for which they were collected, or when, among other cases, your personal data have been unlawfully processed.
- Review of Automated Decision-Making: You have the right to request a manual review of any decision made based solely on automated processing of your personal data (i.e. where no human has yet reviewed the criteria or outcome for the decision) in circumstances where the decision has a legal or similarly significant effect on you.
- Complaints: If you believe that your data protection rights may have been breached, you have the right to lodge a complaint with the applicable supervisory authority or to seek a remedy through the courts. The relevant supervisory authority in the United Kingdom is the Information Commissioner’s Office (ICO).
The ICO’s address:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
You are not required to pay any charge for exercising your rights. You can exercise any of the above mentioned rights by emailing us at: [email protected].
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
International Transfers of Personal Data
We do not transfer your personal data outside of the European Economic Area or the United Kingdom.
How Long we Keep Your Personal Data
We will retain your personal data, whether or not your account is active, for as long as we believe it necessary or desirable to fulfil our business purposes or to comply with applicable law, audit requirements, regulatory requests or orders from competent courts.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Changes to our Privacy Policy
Any changes we make to our Policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our Policy.