Thanks for checking out our Privacy Policy – Last updated 9th April 2019
Here at Breathe Payments we always strive to do the right thing and we are committed to protecting your personal data. The purpose of this policy is to explain how we control, process, handle and protect your personal information and is intended for anyone visiting our websites, using our products and services or otherwise interacting with us.
Please take a moment to read our Privacy Policy and use it to help you make informed choices. By continuing to use our services and our website, you confirm that you have read and understood our policy.
Who are we?
The processing of your personal data is carried out by, or on behalf of, Breathe Payments (“we”, “our” or “us”), a registered company (11615875).
How can you get in touch?
Should you have any questions regarding this Privacy Policy and how it affects you, please do get in touch with us:
By email: info@breathepay.co.uk
By phone: 0300 303 4089
How might we change this policy?
We are constantly working to deliver the best products and services for our customers, which means that our Privacy and Cookie Policy may change. Please review this policy from time to time to stay updated on any changes. If the changes are significant, we will give responsible notice either via email, if you have given us permission to do so, or by placing a prominent notice on our website. Your continued use of the website and our services following any changes to our Privacy Policy means you accept those changes.
What about cookies?
By subscribing to our products and services or using website and social media pages (Facebook, Instagram, LinkedIn and Twitter etc), you agree that we can place cookies, on your device and use that data in accordance with this policy.
You may set your browser not to accept cookies, however we use them to help us distinguish you from other website users which in turn helps us to provide you with a better experience when you browse our website. For more detailed information about how we use cookies on our website, please see our Cookie Policy.
What is personal data and how is it processed?
Personal data relates to any kind of information which directly or indirectly identifies a person. This can include information such as names, addresses and phone numbers as well as log and encrypted data, and other types of electronic IDs such as your IP address.
Whenever an action is taken in relation to personal data, regardless of whether it is automated or not, the data is processed. This can include, but is not limited to, collection, storage, transfer deletion and organisation.
What does this Privacy Policy cover?
This policy relates to the processing of personal data where we act as a data controller. This occurs whenever we decide how, why and by what means personal data is collected, processed and stored.
The policy doesn’t relate to any processing of personal data where we act as a data processor. This would occur when we process data on your behalf and following your instructions but where you are the one collecting personal data and deciding by what means the personal data is collected, processed and stored.
To whom is Breathe Payments a data controller?
- Merchants: Breathe Payments is the data controller for personal data processed about you as a sole trader or as an individual. This applies when our customers purchase products from us and/or register an interest for, or use our services.
- Board members, executives, directors and authorised signatories of our customers: Breathe Payments is the data controller for personal data processed about you as a board member, executive, director or authorised signatory of any of our business customers. This applies when company representatives register interest and/or use our services or purchase products on behalf of a company.
- Company representatives: Breathe Payments is the data controller for personal data provided by representatives of customers and potential customers who use our website and/or submit personal data via the website, phone, email or any other form of communication.
- End-customers: Breathe Payments is the data controller for personal data processed about customers of our merchants i.e. those that are using our payment services. This applies when end customers pay by card, online, by invoice, via payment links or any other payment method provided by us.
- Website visitors and individuals seeking support: Breathe Payments is the data controller for individuals contacting our customers support teams. Personal data will be processed by us when someone telephones us, uses our website or applications or otherwise contacts us through one of the available channels. For existing customers visiting our website or using our applications, we will process a variety of information including behavioural and tracking details such as location data, personal preferences, IP number, cookie identifiers and unique identifier of your device.
Why do we process data and how do we use it?
Personal Data is processed when customers or potential customers:
- Register for an account with us;
- Request a quote or submit an enquiry;
- Log into their account via our applications or Billing Portal;
- Submit comments, questions or feedback via our website;
- Respond to our communications, including marketing communications, online, by phone or by email;
- Compete online forms via our website;
- Report a problem with our website or one of our applications.
The types of personal data we process are:
- Identification information: e.g. identification number, ID, passwords or equivalent
- Contact information: e.g. name, address, phone number, email or equivalent
- Financial information: e.g. bank details, card information, financial transactions or equivalent, credit history (including credit score), information related to invoices that we have issued.
- Information related to legal requirements: e.g. customer due diligence and anti-money laundering requirements and bookkeeping.
- Behavioural and tracking details: e.g. location data, behavioural patterns, personal preferences, IP-number, cookie identifiers, unique identifier of devices you use to access and use the services and our websites.
In addition to the above, for end-customers we may also process:
- Detailed financial information: e.g. credit and debit card information such as card number, expiry date and CVV code, card holder name, financial transactions or equivalent, details about what products and/or services you have purchased.
Why we process data | Legal basis | Applies to |
To provide our services and products, to fulfil relevant agreements with you and to otherwise administer our business relationship with you | Fulfil our contractual obligations towards you, to comply with applicable laws and to pursue the legitimate interests of Breathe Payments |
|
To confirm your identity and verify your personal and contact details | Fulfil our contractual obligations towards you and to comply with applicable laws |
|
To prove that transactions have been executed | Fulfil our contractual obligations towards you and to comply with applicable laws |
|
To establish, exercise or defend a legal claim or collection procedures | Fulfil our contractual obligations towards you, to comply with applicable laws and to pursue the legitimate interests of Breathe Payments |
|
To comply with internal procedures | Fulfil our contractual obligations towards you and to comply with applicable laws |
|
To administer your payment for products and/or services and the customer relationship i.e. to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us | Fulfil our contractual obligations towards you, to comply with applicable laws and to pursue the legitimate interests of Breathe Payments |
|
To assess which payment options and payment services to offer you, for example by carrying out internal and external credit assessments | Fulfil our contractual obligations towards you, to comply with applicable laws and to pursue the legitimate interests of Breathe Payments |
|
For customer analysis, to administer Breathe Payment´s services, and for internal operations | Fulfil our contractual obligations towards you and to pursue the legitimate interests of Breathe Payments |
|
To ensure that content is presented in the most effective way for you and your device | Fulfil our contractual obligations towards you and to pursue the legitimate interests of Breathe Payments |
|
To prevent misuse of Breathe Payment´s services to help keep our services safe and secure | Pursue the legitimate interests of Breathe Payments |
|
To carry out risk analysis, fraud prevention and risk management such as credit performance and quality, insurance risks and to comply with capital adequacy requirements | Pursue the legitimate interests of Breathe Payments |
|
To improve our services and for general business development purposes, such as developing new products, exploring new business opportunities and improving credit risk models | Pursue the legitimate interests of Breathe Payments |
|
Marketing, product and customer analysis. This processing forms the basis for marketing, process and system development, including testing. This is to improve our product range and to optimise our customer offering. | Pursue the legitimate interests of Breathe Payments |
|
To comply with applicable laws, such as anti-money laundering and book keeping laws and regulatory capital adequacy requirements and rules issued by our designated banks and relevant card networks. We also carry out sanction screening, report to tax authorities, police enforcement authorities, enforcement authorities, supervisory authorities | Comply with applicable laws and to pursue the legitimate interests of Breathe Payments |
|
To administer you order and/or purchase | Fulfil our contractual obligations towards you |
|
Risk management obligations such as credit performance and quality, insurance risks and compliance with capital adequacy requirements under applicable law | Comply with applicable laws and to pursue the legitimate interests of Breathe Payments |
|
To administer payments carried out by using our services from a Merchant | Comply with applicable laws and to pursue the legitimate interests of Breathe Payments |
|
To communicate with you in relation to our services, which may also include information, news and marketing | Fulfil our contractual obligations towards you and to pursue the legitimate interests of Breathe Payments |
|
If you are an End-customer we process personal data obtained if you choose to pay by card or by invoice or through the use of any other payment method that Breathe Payments provides, including payment solutions provided by third parties | Comply with applicable laws and to pursue the legitimate interest of Breathe Payments |
|
We only process your personal data if you have chosen to pay a. by card through the use of the Breathe Payments app on the Merchant´s smartphone, tablet or other compatible device connected to an Breathe Payment reader, b. by invoice and pay online using a card or any other online payment method made available by us, c. through a payment link provided by e-mail, text message or similar communication tool, d. by card online or any other online payment method made available by us, e. through the use of third party payment providers. We process personal data in order to process the payment transaction and carry out a secure transaction, including for the purpose of risk management and the prevention of fraud and other criminal acts. If you choose to pay by invoice, Breathe Payment may process the personal data that you have provided to the Merchant who uses Breathe Payment´s Invoicing Service and which the Merchant needs in order be able to issue, administer and handle the invoice, for risk management purposes, including for the prevention of fraud and other criminal acts | Comply with applicable laws and to pursue the legitimate interest of Breathe Payments |
|
Manage Online Store provided to our Merchants. We process billing and contact information in the Merchants Online Store for risk management purposes, including for the prevention of fraud and other criminal acts and to provide transaction receipts. We share your billing and contact information with the Merchant holding the relevant Online Store in order for the Merchant to be able to execute and administer your purchase, including for handling potential complaints and disputes | Comply with applicable laws and to pursue the legitimate interest of Breathe Payments |
|
Provide receipts. You can choose to have a receipt sent to you via e-mail or text message when you pay for the services and/or products provided by any of our Merchants who uses Breathe Payments. If you provide your e-mail address or mobile number to a Merchant who uses Breathe Payments, we will remember your details for the next time you buy something from a Merchant who uses Breathe Payments, if you use the same payment card. This is regardless of if you have previously bought something from this Merchant or not. This means that your e-mail address or mobile number will be pre-filled in the receipt view for your convenience the next time you buy something from a Merchant who uses Breathe Payments. We will only use your e-mail address or mobile number to send receipts to you and will not use your contact details for any other purpose, share them with anyone else without obtaining your written consent first or inform you prior to initiating any processing for new purposes, in accordance with applicable laws and regulations. Breathe Payments may also process your e-mail to provide a receipt to you for the services and/or products provided by a Merchant in its Online Store | Pursue the legitimate interests of Breathe Payments | End customer |
To confirm your identity and verify your personal and contact details | Comply with applicable laws and pursue the legitimate interest of Breathe Payments |
|
To provide and market our services and/or products to you | Pursue the legitimate interests of Breathe Payments |
|
To provide the support you seek from us | Pursue the legitimate interests of Breathe Payments |
|
How will we not use your personal data?
In accordance with applicable laws and regulations and unless written consent is given or you are informed of any new purpose for the collection your personal data, we will not use your personal data for any other purposes other than those listed in this Privacy Policy.
What about third party data collection and sharing?
We will not share your personal data with, or sell it to, third parties for them to use for their own marketing purposes without ensuring that there is a lawful ground to do so.
Data obtained from third parties
We process personal data that has been obtained from relevant third parties such as credit bureaus, fraud detection agencies, financial institutions and other information providers, and from publicly available sources such as population registers and registers held by tax authorities, company registration offices, enforcement authorities etc. We may also obtain personal data from social networks or linked accounts. We will also obtain information relating to payments we collect, such as from banks and payment service providers etc.
Links to and from third party websites
Our website and other services may contain links to and from third party websites. By following the link to any third party website, you agree to their own privacy policy, for which we have no control or accept any reasonability or liability for. Such operators might contact you or permit third parties to contact you for marketing purposes in accordance with their own privacy policies, unless you opt out of such communications. We strongly advise you to check the privacy policies of any website you visit, submit your personal information to, or transact with, before using their website or services.
Sharing data with third parties
In order to provide our customers with the best possible experience, we may need to share your personal data with the following third parties:
- Suppliers or subcontractors who provide support such as IT, customer service, marketing, website maintenance, hosting and support, acquiring or PCI compliance.
- Trusted business partners who may provide you with information about similar good and services.
- Advertisers that require anonymous aggregated data in order to serve relevant adverts to you and others.
- User experience, market research, analytics and search engine providers and any other relevant agencies that may help us to improve and optimise the products and services that we can offer, including via our website and other applications.
- Credit reference agencies to help assess your credit score as a requirement to entering into a contract with you.
- Any third party which requires access to your personal information in order to comply with any legal obligation. For example, for the purposes of enforcing or applying various terms, policies or agreements or to protect the rights, safety or property of Breathe Payments, our customers or our staff. This may include sharing information with third party organisations or companies for the purposes of fraud protection.
- Tax authorities, police authorities, enforcement authorities and supervisory authorities in relevant countries, if there is a statutory obligation to do so.
Some of the third parties that we share personal data with are data processors and therefore will process personal data on our instructions and on our behalf. Data is only share in accordance with the purposes for which they were collected. We have written agreements in place with all data processors to ensure adequate guarantees and security and confidentially of personal data.
Some of the third parties that we share personal data with are independent data controllers. Where this is the case, we do not have any control over how the data that we provide is processed. Examples may include financial institutions, credit bureaus, acquirers or other authorities. When personal data is shared with such data controllers, their data policies and personal data processing principles apply.
Merchants
We may share the personal data of end customers with the merchant from which they made their purchase to enable them to administer the end customers order and to support the handling of any complaints or disputes, should they arise. Personal data shared with merchants is subject to their own privacy policies and personal data handing procedures.
We may also be required to share data with merchants in order to mitigate the risk of fraud or any other criminal acts.
Third party service providers
In order to provide our products and service, it may be necessary to disclose relevant personal data to companies that we operate with in order to identify you and arrange agreements to fulfil our services. These services include, but are not limited to, secure identification solutions and credit bureaus and between parties in the financial system such as banks. Our designated banks and relevant card networks may also come to process your personal data for their own fraud prevention and risk management. Selected service providers, such as certain credit bureaus, may also come to process your personal data to enhance and develop their own services.
How do we store your personal data and ensure its security?
Security of your personal data is very important to us and we have taken, and will continue to take, the appropriate steps to ensure that your data is not use for non-legitimate purposes and is protected from misuse, loss, alternation or destruction. This includes, but is not limited to the following measures:
- Your personal data and information is stored on our secure servers.
- Although we will do our very best to protect your information, the transmission of information via the internet is never completely secure and we therefore cannot guarantee its security. Information shared is therefore done so at your own risk. Should we become aware of any security breaches relating to your personal data, will notify you by email or as otherwise required by law.
- Where you have been provided with or chosen a password which enables you to access certain parts of the website or applications, you are responsible for keeping this password confidential and you must not share it with anyone. If you think your password or any other aspect of your account has been compromised, you must inform us straight away.
Data Storage
We will retain Personal Data for 7 years after which time it will be deleted or anonymised unless there is a valid reason and legal basis for retaining it as set out in this Privacy Policy. This may include for the protection, detection and investigation of money laundering or fraud or for book keeping purposes to provide details on performance (up to ten years after end of customer relationship) to defend against possible claims.
What are your rights?
You have the right for your data to be used in a way that is acceptable to you and in accordance with data protection law. We respect these rights and will always strive to do the right thing by you.
However please note that Breathe Payments does require a certain amount of personal data in order to provide customers with our products and services. Therefore, in the event that you request the deletion of your data, we may not be able to continue to provide you with certain products or services under any applicable contract.
In accordance with data protection law you have the right to:
- Request a copy of any personal data or information we hold about you. You can do this by emailing us at support@breathepay.co.uk. Please be aware that we might require additional information in order to safely identify you and manage your request;
- Update or amend the data we process about you if its incorrect or incomplete
- Be informed about certain details relating to the processing of your personal data and about how we intend to process your data, as outlined in this policy or as otherwise requested by you;
- Object to our processing of your personal data, which may include for marketing or research purposes, unless there are legal reasons which may prevent us from doing so. Where the lawful basis for processing your data is our legitimate interests, you have the right to object to the processing of your data if you can show that your interests, rights and freedoms regarding the personal data outweigh our interest to process your personal data.
- Opt out of marketing by contacting us at info@breathepay.co.uk or by using the opt out information provided in the marketing material;
- Withdraw any consent which you have been provided in relation to our use of your data;
- Request the deletion of your information “right to be forgotten”, or restrict its use in certain circumstances such as where the information is no longer necessary for the purpose for which it was collected (unless there are legal reasons which may prevent us from doing so) and where there was no lawful basis for its collection and processing;
- Lodge a complaint or seek further information from the Information Commission. Please visit www.ico.org.uk;
- To ask us questions to ensure you understand the policy and your rights by emailing us at info@breathepay.co.uk.