1. INTRODUCTION
emerchantpay Group is a trusted and experienced provider of payment services and solutions across the globe. The group includes emerchantpay ltd. and its direct and indirect subsidiaries and other related undertakings.
emerchantpay ltd. is an electronic money institution regulated and supervised by the Financial Conduct Authority with principal place of business at 29, Howard Street, North Shields, Tyne and Wear, NE30 1AR, United Kingdom.
emerchantpay ltd. is registered as a Data Controller with the Information Commissioner’s Officer under the Data Protection Act 1998 and is subject to the provisions of the General Data Protection Regulation (GDPR). This Policy Statement is designed to help the group and its employees to comply with the new EU regulation.
emerchantpay Group regards the fair and lawful treatment of personal information as a critical factor in the success of its operations and as a key to the maintenance of the confidence that exists between those with whom we deal and ourselves. emerchantpay Group therefore acknowledges its legal obligations under the new EU regulations and endorses its requirements.
Hereafter in this document, emerchantpay Group will be referred to as emerchantpay.
2. PURPOSE
The purpose of this Policy Statement is to ensure that all employees of emerchantpay and all others given use of, or having access to, personal information are fully aware of and abide by their duties and responsibilities under the GDPR and compliant with data protection procedures.
3. POLICY SCOPE
This Policy Statement applies to any and all data that emerchantpay collects and processes relating to identifiable living individuals in order to operate efficiently and carry out its services and may include, but is not limited to: names of individuals, postal addresses, email addresses, mobile phone numbers, etc.
4. GUIDING PRINCIPLES
emerchantpay Group is committed to ensuring that in its businesses activities the organisation complies with the letter and the spirit of the law concerning the fundamental rights and freedoms of individuals whose personal information is being processed.
In particular, emerchantpay is committed to ensuring that:
- the GDPR requirements are properly implemented through the establishment of internal policies and procedures;
- Data Protection Officer (DPO) is appointed and the latter operates independently as a first point of contact for the supervisory authority and data subjects, but also internally within the organisation;
- staff are trained and made aware of the law and their obligations under it, including the obligation to report internally certain types of data breach to the designated Data Protection Officer;
- personal data is being collected and processed fairly and lawfully and only to the extent that it is needed to fulfil operational functions or to comply with any legal requirements;
- highest security standards are addressed and implemented;
- appropriate safeguards are provided and personal information is protected against accidental loss, alternation, unauthorised disclosure or access.
5. DATA PROTECTION COMPLIANCE FRAMEWORK
To facilitate compliance with the GDPR requirements, emerchantpay has developed and implemented a robust and transparent data protection compliance framework consisting of policies, procedures, internal controls and systems.
Data protection compliance framework includes provisions governing:
- promotion of enhanced compliance culture throughout the group;
- implementation of data protection policies and procedures;
- appointment of internal control functions (DPO, Compliance, Internal Audit);
- implementation of internal control mechanisms for conducting regular risk assessments to identify threats and vulnerabilities that can affect data assets;
- keeping up to date the electronic records of the processing activities and the security in operation at the time;
- implementation of internal control systems for keeping personal information secure and protected from unauthorised processing, loss or destruction;
- reporting of both confirmed and suspected incidents to the designated DPO;
- queries about handling personal data are promptly and courteously dealt with.
6. DATA PROTECTION OFFICER
emerchantpay has appointed Data Protection Officer (DPO) with specific responsibilities for data protection.
7. FURTHER INFORMATION
If you wish to access or correct or delete any of your personal information as held by us, or if you have any questions or require further information regarding this Policy Statement, please contact our DPO at dpo@emerchantpay.com.
The Legal and Compliance Department will review its procedures regularly to ensure continued compliance with this Policy Statement. For a copy of the full privacy policy please click here.