Skip links

Privacy notice (old)

Feb 5, 2021

EU privacy notice for our merchants and other business related personal data

1. Who is responsible for processing your data and how to contact us

This notice (“Notice”) describes the steps Trust Payments Ltd (“we” or “us”) takes to protect the personal data that we process about merchants (our customers) and other business related personal data.

Trust Payments is committed to the protection of the personal data that we process about you in line with the data protection principles set out in the European Union’s (“EU”) General Data Protection Regulation 2016/679 (“GDPR”).

The controller in respect of your personal data is Trust Payments Ltd of European Operations Centre, Parc Menai, Bangor, Gwynedd, UK LL57 4BL.

You can contact us using the following email address: gdpr@trustpayments.com

2. What personal data we collect and why?

We may source, use and otherwise process your personal data in different ways. In all cases we are committed to protecting the personal data that we process.

In each of the sections listed below, we describe how we obtain your personal data and how we will treat it.

Section 2.1 Representatives of our Existing or Prospective Merchants and Vendors

Section 2.2 Visitors to our Premises

Section 2.3 Website Visitors

3. Who do we share our personal data with

We do not sell your personal data to third parties.

Affiliates
We may share your personal data with our affiliates, by which we mean a person or entity that directly or indirectly controls, is controlled by, or is under common control with, Trust Payments. “Control,” for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.

Our Service Providers
We may disclose information about you to organisations that provide a service to us, on the understanding that they will keep the information confidential and will comply with the GDPR and other relevant data protection laws.

We may share your information with the following types of service providers:

technical support providers who assist with our website and IT infrastructure;
third party software providers, including ‘software as a service’ solution providers, where the provider hosts the relevant personal data on our behalf;
professional advisers such as solicitors, accountants, tax advisors, auditors and insurance brokers;
providers that help us generate and collate reviews in relation to our products and services;
our advertising and promotional agencies and consultants and those organisations selected by us to carry out marketing campaigns on our behalf; and/or
providers that help us store, collate and organise information effectively and securely, both electronically and in hard copy format, and for marketing


Company Mergers and Takeovers
We may transfer your personal data to potential purchasers and their advisors, subject to appropriate confidentiality obligations, in the event we decide to dispose of all or parts of our business.

4. Transfers of personal data outside the EU/European Economic area

If and when transferring your personal data outside the EU or European Economic Area (“EEA”), we

will only do so using one of the following safeguards:

1. the transfer is to a non-EEA country that has been the subject of an adequacy decision by the EU Commission;
2. the transfer is covered by a contractual agreement, which covers the GDPR requirements relating to transfers to countries outside the EEA;
3. the transfer is to an organisation which has binding corporate rules approved by an EU data protection authority; or
4. the transfer is to an organisation in the US that is EU-US Privacy Shield

International transfers to our affiliates are governed by EU Commission-approved Standard Contractual Clauses for Controllers and, where relevant, for Processors.

We may also transfer your data to third-party vendors outside the EU, such as our customer relationship management system and due diligence providers. Where we do so, the Standard Contractual Clauses or other safeguards approved by the EU Commission are in place to safeguard that personal data.

Copies of these agreements may be obtained by contacting us using the following email address: gdpr@trustpayments.com

5. Your rights

The GDPR provides you with certain rights in relation to the processing of your personal data, including to:

Request access to personal data about you (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you, and to check that we are lawfully processing

Request rectification, correction, or updating to any of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.

Request personal data provided by you to be transferred in machine-readable format (“data portability”).

Request erasure of personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove personal data where you have exercised your right to object to processing (see below).

Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you (e.g. if you want us to establish its accuracy or the reason for processing it).

Object to the processing of your personal data in certain circumstances. This right may apply where the processing of your personal data is based on the legitimate interests of Trust Payments, as explained above, or where decisions about you are based solely on automated processing, including profiling.

Right to lodge a complaint. You also have the right to lodge a complaint with the data protection supervisory authority, if you are not happy with how we Process your Personal Data.

These rights are not absolute and are subject to various conditions under:

applicable data protection and privacy legislation; and
to comply with our legal and regulatory obligations.

If at any time you decide that you do not want to be contacted for any purpose or if you would like to exercise any of your rights as set out above, you can contact us by emailing the following email address: gdpr@trustpayments.com

6. Retention period

We will keep and process your personal data only for as long as is necessary for the purposes for which it was collected in connection with your relationship with us, unless we have a legal right or obligation to retain the data for a longer period, or the data is necessary for the establishment, exercise or defense of legal claims.

Security statement

Security is our top priority at Trust Payments and we strive to ensure that all data is kept secure at all times We keep all customer data safe with AES256 encryption, SSL Certificates, and a minimum of TLS1.2, between your website and our datacentres.

Our systems are scanned quarterly using the Qualys PCI Platform, an independent Qualified Security Assessor (QSA) and approved vendors – Omnicybersecurity (UK) & Forgenix (US) – to ensure compliance with the security requirements of the card schemes.

We follow a number of rigorous security procedures on a daily basis including, but not limited to, continuous monitoring of our perimeter, dark web monitoring, and internal checks to ensure that CIA triad is maintained at all times.