Privacy policy
Last updated: November 18, 2024.
1. Introduction
1.1. Payler LTD, registered under company number 12535817 and located at 25 Cabot Square, London, England, E14 4QA ("Payler"), is committed to protecting your privacy. This document outlines our practices for collecting, using, and safeguarding your personal data through the services Payler offers on our website https://payler.com/ ("Website") ("Services"), as defined in the accompanying Terms and Conditions which you can find on our Website (“Terms and Conditions”).
1.2. This Privacy Policy ("Privacy Policy") is designed to be read in conjunction with the Terms and Conditions. In the event of any conflict between this Privacy Policy and the Terms and Conditions, the provisions of this Privacy Policy will take precedence.
1.3. This Privacy Policy is governed by the laws of England and Wales. For data subjects from jurisdictions outside of England and Wales, Payler ensures compliance with applicable local data protection laws to the extent required by those jurisdictions, in addition to meeting the standards outlined in this policy. Payler ensures that your personal data is stored, processed, and transferred in compliance with applicable data protection laws, including the General Data Protection Regulation and the United Kingdom Data Protection Act 2018, where applicable.
2. Acceptance of this Privacy Policy
2.1. By using Payler's services, you acknowledge and agree that:
2.1.1. You possess all necessary rights to register and use the services;
2.1.2. The information you provide is accurate and necessary for service usage;
2.1.3. You have read, understood, and accepted this Privacy Policy.
2.2. We reserve the right to verify the information provided by you when necessary to meet our obligations under applicable laws and agreements.
3. Data collection and use
3.1. Your personal data is securely stored on servers located within the United Kingdom and the European Economic Area. Data processing occurs within these jurisdictions to comply with applicable data protection laws. To fulfil our agreement with you and enhance our services, we collect and process your data in compliance with applicable laws and based on the following legal grounds: for the performance of our contract with you, such as providing and managing our services; based on your consent, such as when you agree to cookies or provide additional information voluntarily; for compliance with legal obligations, such as tax and regulatory reporting; for our legitimate interests, such as improving service functionality and preventing fraud.
3.2. Below we detail the types of data we collect, the purpose and legal basis for processing this data, including:
3.2.1. Personal Identifiers (e.g., business name, address, phone number, email, IP address, device information, information collected from cookies or other tracking technologies, other information necessary to establish an account etc.);
3.2.2. Financial Records (e.g., bank account and routing numbers, credit and debit card information, amount you send or request);
3.2.3. Communications (e.g., your response to surveys, recorded conversations, chat conversations with us, email correspondence with Payler, account status, repayment history, voice identification, Information about others if you choose to share it with Payler);
3.2.4. Device and Internet Usage Data (e.g. language settings, browser ID, cookie preferences, time zone, operating system, platform, screen resolution and similar information about your device settings, data collected from cookies or other tracking technologies, interactions with our Services, information about response time for web pages, download errors, date and time when you used the service, location information, such as your IP address, statistics regarding how pages are loaded or viewed, the websites you visited before coming to the Website and other usage and browsing information collected through cookies).
3.3. Purposes for Data Collection:
3.3.1. To provide and manage our services;
3.3.2. To improve service functionality and develop new features;
3.3.3. To manage risk, prevent fraud, and ensure the security of our services;
3.3.4. To communicate with you regarding your use of our services.
3.4. We use cookies and similar technologies for service functionality, analytics, and security. You may disable cookies, though this may affect service functionality.
3.5. Your data may be processed as required by law or for legal claims defense.
3.6. Withdrawal of data processing consent may restrict your access to our services.
3.7. Any further processing of your data for purposes other than those specified will be communicated to you beforehand.
3.8. We apply data minimization principles and implement techniques such as pseudonymization, anonymization, and masking where appropriate. For example, payment card numbers are stored in a pseudonymized format, and masked versions are displayed in user interfaces; data used for analytical purposes is anonymized once it is no longer necessary to retain identifiers, access to sensitive data is restricted based on roles and requires multi-factor authentication.
4. Disclosure of data
4.1. We do not sell your data or share it for behavioural advertising.
4.2. Your data may be shared with third parties for service provision, fraud prevention, and legal compliance.
4.3. Third-party data recipients are bound by confidentiality agreements.
4.4. Your data may be transferred in the event of a business sale or merger.
4.5. We may disclose your data to tax authorities or as required by law.
4.6. We may share your data with the following categories of third parties: service providers (e.g., payment processors, IT service providers), fraud prevention agencies, regulatory authorities, if required by law.
5. International data transfers
5.1. Your data may be transferred outside the United Kingdom and the European Economic Area under adequate regulatory protection measures.
5.2. Some of our third-party suppliers operate outside the United Kingdom and European Economic Area. When we transfer your personal data outside these regions, we ensure a similar level of protection by implementing one or more of the following safeguards:
5.2.1. We only transfer your personal data to countries deemed by the European Commission to provide an adequate level of data protection. For more details, you can refer to the European Commission’s information on the adequacy of data protection in non-EU countries here.
5.2.2. For transfers to countries that do not benefit from an adequacy decision, we use specific contractual clauses approved by the European Commission, ensuring that your personal data receives the same level of protection it has within the European Economic Area. You can find further details on Standard Contractual Clauses here.
You may contact us at info@payler.com if you require more information about the specific mechanisms we use to protect your data during transfers outside the United Kingdom and European Economic Area.
5.3.If you are located outside the European Economic Area and make payments or send messages, or if you are in the European Economic Area and make payments or send messages to recipients outside the European Economic Area, certain financial institutions and payment systems may process your data. These organizations may be subject to local regulations that differ from European Economic Area standards. While we work with trusted partners, the data protection standards adhered to in such jurisdictions may not always match the stringent requirements of the European Economic Area.
5.4. Please note that transmitting your personal data via the Internet is not entirely secure, and we cannot guarantee its full protection during transit. Any transmission of your data to us is at your own risk. However, once we receive your personal data, we apply strict procedures and implement robust security measures to prevent unauthorized access.
5.5. In some cases, fraud prevention agencies may transfer your personal data outside the United Kingdom. Transfers to countries that meet the United Kingdom Government’s adequacy standards will ensure that your data remains protected. For transfers to other countries, fraud prevention agencies will implement appropriate safeguards to ensure your data continues to be handled securely and in compliance with applicable laws.
6. Data Retention
6.1. Your data is retained as necessary for the purposes it was collected for and in compliance with legal obligations.
6.2. You have the option to delete your data or account.
6.3. We retain your personal data for the following periods:
7. Your rights
7.1. You have rights to access, rectify, restrict, erase, object to processing, and port your data, not to be subject to an automated decision, lodge a complaint with a supervisory authority, withdraw that consent at any time (for processing based upon your consent). You may have other rights under your legislation of your country of residence, including right to define the instructions relative to the outcome of your personal data after your death.
7.2. Changes to your data can be made directly in your account or by contacting us.
7.3. You may withdraw your consent to data processing at any time. To withdraw consent or exercise your rights to access, rectify, erase, or object to the processing of your data, please log into your account or contact us directly at info@payler.com. We will process your request within 30 days.
8. Security measures
8.1. We implement various measures to protect your data, including encryption where appropriate.
8.1.1. Encryption of personal data at rest and in transit using protocols.
8.1.2. Data pseudonymization to reduce the impact of a data breach.
8.1.3. Real-time monitoring and alerting for suspicious activities.
8.1.4. Regular security assessments and compliance audits to identify and mitigate risks.
8.1.5. Implementation of incident response and recovery procedures to ensure timely restoration of data access in case of disruptions.
8.2. You are responsible for maintaining the confidentiality of your login credentials.
8.3. To protect your personal data, Payler implements technical and organizational measures appropriate to the risks associated with processing. These measures include:
8.3.1. Pseudonymization and encryption: sensitive data is pseudonymized or encrypted during storage and transmission to minimize exposure and ensure security. For example, payment card numbers are pseudonymized, and only truncated or masked versions are displayed where necessary.
8.3.2. Access controls: role-based access controls and multi-factor authentication mechanisms restrict access to personal data.
8.3.3. System resilience: our systems are designed to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services. This includes implementing redundant systems and disaster recovery plans to restore access to personal data in a timely manner during physical or technical incidents.
8.3.4. Monitoring and logging: access to sensitive payment data is logged, monitored, and restricted as required under PSD2, General Data Protection Regulation and the United Kingdom Data Protection Act 2018. Logs are regularly reviewed to detect and prevent unauthorized access.
8.3.5. Regular testing and assessment: we conduct regular penetration testing, vulnerability assessments, and audits to evaluate and enhance the effectiveness of our security measures.
8.3.6. Staff Training: Employees and contractors undergo regular training on data protection principles and secure data handling practices.
9. Policy updates
9.1. We may update this Privacy Policy periodically. The latest version will always be available on our website.
10. Contact us
10.1. For any questions or concerns regarding this policy, please contact us at info@payler.com or through the provided postal address.
10.2. All communications are treated with confidentiality and will be addressed within 30 days of receipt. All correspondence received by us from you (written or electronic enquiries) is classified as restricted-access information and may not be disclosed without your written consent. The personal data and other information about you may not be used without your consent for any purpose other than for responding to the enquiry, except as expressly provided by law.
1.1. Payler LTD, registered under company number 12535817 and located at 25 Cabot Square, London, England, E14 4QA ("Payler"), is committed to protecting your privacy. This document outlines our practices for collecting, using, and safeguarding your personal data through the services Payler offers on our website https://payler.com/ ("Website") ("Services"), as defined in the accompanying Terms and Conditions which you can find on our Website (“Terms and Conditions”).
1.2. This Privacy Policy ("Privacy Policy") is designed to be read in conjunction with the Terms and Conditions. In the event of any conflict between this Privacy Policy and the Terms and Conditions, the provisions of this Privacy Policy will take precedence.
1.3. This Privacy Policy is governed by the laws of England and Wales. For data subjects from jurisdictions outside of England and Wales, Payler ensures compliance with applicable local data protection laws to the extent required by those jurisdictions, in addition to meeting the standards outlined in this policy. Payler ensures that your personal data is stored, processed, and transferred in compliance with applicable data protection laws, including the General Data Protection Regulation and the United Kingdom Data Protection Act 2018, where applicable.
2. Acceptance of this Privacy Policy
2.1. By using Payler's services, you acknowledge and agree that:
2.1.1. You possess all necessary rights to register and use the services;
2.1.2. The information you provide is accurate and necessary for service usage;
2.1.3. You have read, understood, and accepted this Privacy Policy.
2.2. We reserve the right to verify the information provided by you when necessary to meet our obligations under applicable laws and agreements.
3. Data collection and use
3.1. Your personal data is securely stored on servers located within the United Kingdom and the European Economic Area. Data processing occurs within these jurisdictions to comply with applicable data protection laws. To fulfil our agreement with you and enhance our services, we collect and process your data in compliance with applicable laws and based on the following legal grounds: for the performance of our contract with you, such as providing and managing our services; based on your consent, such as when you agree to cookies or provide additional information voluntarily; for compliance with legal obligations, such as tax and regulatory reporting; for our legitimate interests, such as improving service functionality and preventing fraud.
3.2. Below we detail the types of data we collect, the purpose and legal basis for processing this data, including:
3.2.1. Personal Identifiers (e.g., business name, address, phone number, email, IP address, device information, information collected from cookies or other tracking technologies, other information necessary to establish an account etc.);
3.2.2. Financial Records (e.g., bank account and routing numbers, credit and debit card information, amount you send or request);
3.2.3. Communications (e.g., your response to surveys, recorded conversations, chat conversations with us, email correspondence with Payler, account status, repayment history, voice identification, Information about others if you choose to share it with Payler);
3.2.4. Device and Internet Usage Data (e.g. language settings, browser ID, cookie preferences, time zone, operating system, platform, screen resolution and similar information about your device settings, data collected from cookies or other tracking technologies, interactions with our Services, information about response time for web pages, download errors, date and time when you used the service, location information, such as your IP address, statistics regarding how pages are loaded or viewed, the websites you visited before coming to the Website and other usage and browsing information collected through cookies).
3.3. Purposes for Data Collection:
3.3.1. To provide and manage our services;
3.3.2. To improve service functionality and develop new features;
3.3.3. To manage risk, prevent fraud, and ensure the security of our services;
3.3.4. To communicate with you regarding your use of our services.
3.4. We use cookies and similar technologies for service functionality, analytics, and security. You may disable cookies, though this may affect service functionality.
3.5. Your data may be processed as required by law or for legal claims defense.
3.6. Withdrawal of data processing consent may restrict your access to our services.
3.7. Any further processing of your data for purposes other than those specified will be communicated to you beforehand.
3.8. We apply data minimization principles and implement techniques such as pseudonymization, anonymization, and masking where appropriate. For example, payment card numbers are stored in a pseudonymized format, and masked versions are displayed in user interfaces; data used for analytical purposes is anonymized once it is no longer necessary to retain identifiers, access to sensitive data is restricted based on roles and requires multi-factor authentication.
4. Disclosure of data
4.1. We do not sell your data or share it for behavioural advertising.
4.2. Your data may be shared with third parties for service provision, fraud prevention, and legal compliance.
4.3. Third-party data recipients are bound by confidentiality agreements.
4.4. Your data may be transferred in the event of a business sale or merger.
4.5. We may disclose your data to tax authorities or as required by law.
4.6. We may share your data with the following categories of third parties: service providers (e.g., payment processors, IT service providers), fraud prevention agencies, regulatory authorities, if required by law.
5. International data transfers
5.1. Your data may be transferred outside the United Kingdom and the European Economic Area under adequate regulatory protection measures.
5.2. Some of our third-party suppliers operate outside the United Kingdom and European Economic Area. When we transfer your personal data outside these regions, we ensure a similar level of protection by implementing one or more of the following safeguards:
5.2.1. We only transfer your personal data to countries deemed by the European Commission to provide an adequate level of data protection. For more details, you can refer to the European Commission’s information on the adequacy of data protection in non-EU countries here.
5.2.2. For transfers to countries that do not benefit from an adequacy decision, we use specific contractual clauses approved by the European Commission, ensuring that your personal data receives the same level of protection it has within the European Economic Area. You can find further details on Standard Contractual Clauses here.
You may contact us at info@payler.com if you require more information about the specific mechanisms we use to protect your data during transfers outside the United Kingdom and European Economic Area.
5.3.If you are located outside the European Economic Area and make payments or send messages, or if you are in the European Economic Area and make payments or send messages to recipients outside the European Economic Area, certain financial institutions and payment systems may process your data. These organizations may be subject to local regulations that differ from European Economic Area standards. While we work with trusted partners, the data protection standards adhered to in such jurisdictions may not always match the stringent requirements of the European Economic Area.
5.4. Please note that transmitting your personal data via the Internet is not entirely secure, and we cannot guarantee its full protection during transit. Any transmission of your data to us is at your own risk. However, once we receive your personal data, we apply strict procedures and implement robust security measures to prevent unauthorized access.
5.5. In some cases, fraud prevention agencies may transfer your personal data outside the United Kingdom. Transfers to countries that meet the United Kingdom Government’s adequacy standards will ensure that your data remains protected. For transfers to other countries, fraud prevention agencies will implement appropriate safeguards to ensure your data continues to be handled securely and in compliance with applicable laws.
6. Data Retention
6.1. Your data is retained as necessary for the purposes it was collected for and in compliance with legal obligations.
6.2. You have the option to delete your data or account.
6.3. We retain your personal data for the following periods:
- Account information: retained for as long as your account remains active and for a minimum of 7 years after account closure, as required by financial regulations.
- Transaction data: retained for 7 years in line with legal obligations for financial reporting.
- Communications data: retained for 2 years from the date of last contact, unless a longer retention period is required by law.
7. Your rights
7.1. You have rights to access, rectify, restrict, erase, object to processing, and port your data, not to be subject to an automated decision, lodge a complaint with a supervisory authority, withdraw that consent at any time (for processing based upon your consent). You may have other rights under your legislation of your country of residence, including right to define the instructions relative to the outcome of your personal data after your death.
7.2. Changes to your data can be made directly in your account or by contacting us.
7.3. You may withdraw your consent to data processing at any time. To withdraw consent or exercise your rights to access, rectify, erase, or object to the processing of your data, please log into your account or contact us directly at info@payler.com. We will process your request within 30 days.
8. Security measures
8.1. We implement various measures to protect your data, including encryption where appropriate.
8.1.1. Encryption of personal data at rest and in transit using protocols.
8.1.2. Data pseudonymization to reduce the impact of a data breach.
8.1.3. Real-time monitoring and alerting for suspicious activities.
8.1.4. Regular security assessments and compliance audits to identify and mitigate risks.
8.1.5. Implementation of incident response and recovery procedures to ensure timely restoration of data access in case of disruptions.
8.2. You are responsible for maintaining the confidentiality of your login credentials.
8.3. To protect your personal data, Payler implements technical and organizational measures appropriate to the risks associated with processing. These measures include:
8.3.1. Pseudonymization and encryption: sensitive data is pseudonymized or encrypted during storage and transmission to minimize exposure and ensure security. For example, payment card numbers are pseudonymized, and only truncated or masked versions are displayed where necessary.
8.3.2. Access controls: role-based access controls and multi-factor authentication mechanisms restrict access to personal data.
8.3.3. System resilience: our systems are designed to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services. This includes implementing redundant systems and disaster recovery plans to restore access to personal data in a timely manner during physical or technical incidents.
8.3.4. Monitoring and logging: access to sensitive payment data is logged, monitored, and restricted as required under PSD2, General Data Protection Regulation and the United Kingdom Data Protection Act 2018. Logs are regularly reviewed to detect and prevent unauthorized access.
8.3.5. Regular testing and assessment: we conduct regular penetration testing, vulnerability assessments, and audits to evaluate and enhance the effectiveness of our security measures.
8.3.6. Staff Training: Employees and contractors undergo regular training on data protection principles and secure data handling practices.
9. Policy updates
9.1. We may update this Privacy Policy periodically. The latest version will always be available on our website.
10. Contact us
10.1. For any questions or concerns regarding this policy, please contact us at info@payler.com or through the provided postal address.
10.2. All communications are treated with confidentiality and will be addressed within 30 days of receipt. All correspondence received by us from you (written or electronic enquiries) is classified as restricted-access information and may not be disclosed without your written consent. The personal data and other information about you may not be used without your consent for any purpose other than for responding to the enquiry, except as expressly provided by law.