June 19, 2023
This notice outlines how we handle personal data for merchants, end users, and web visitors, and includes information about your data privacy rights. Please read it carefully to ensure you understand how your data is handled.
To view our previous privacy notice, click here.
Privacy notice at your fingertips:
Our privacy notice is designed to be user-friendly, with easy navigation to specific sections that may interest you. Our goal is to provide clear and concise information about how we handle personal data.
We provide information on our identity, the personal data we use to deliver services, and the legal protections available to you as an end user or merchant.
This section provides information on who we share data with and why, including purposes such as marketing, fraud detection and prevention, and other relevant uses.
This section outlines how to make complaints, withdraw consent, and request copies of your personal information, as well as how to exercise your rights under applicable data protection laws.
Jump to:
TRUST PAYMENTS GROUP means Trust Payments Ltd and all its Affiliates, members of Trust Payments corporate group of companies, including but not limited to TrustUK Payments Ltd, Trust Payments (UK) Ltd, Trust Payments (Malta) Limited.
Trust Payments Ltd is a payment financial institution regulated by the Maltese Financial Service Authority (MFSA) and the United Kingdom’s Financial Conduct Authority (FCA). We offer payment and financial services to our customers, including payment handling, payment account services, fraud detection services and other payment processing services.
Depending on the level and nature of interaction with our company, Trust Payments Ltd may act as either a data controller or a data processor in accordance with applicable data protection laws.
As a data controller, we determine how and why data is processed in various activities we provide, including but not limited to:
In other cases, Trust Payments acts as Data Processor when:
Our mission is to provide our clients with a safe and secure e-commerce platform, where the confidentiality and integrity of personal data is top priority. We commit to employing the latest and robust security methodologies to safeguard personal data and ensure its ethical use. Our goal is to empower our clients to achieve their business objectives while remaining confident that their personal data is in good hands.
The following table lists our different jurisdictions in which we operate:
Location of user | Purposes of processing | Name of Trust Payments entity | Location of Trust Payments entity |
United Kingdom | Provision of authorised payment and acquiring services in the UK. | Trust UK Payments Ltd. (regulated and licensed financial institution with the UK FCA) | United Kingdom |
United Kingdom | All other activities. | Trust Payments Ltd and its affiliates, including holding company incorporated and operating in UK | United Kingdom |
Malta | Provision of authorised payment and acquiring services in the EU. | Trust Payments (Malta) Limited (regulated and licensed financial institution with MFSA) | Malta |
Cyprus | All other activities | Trust Payments (Cyprus) Limited | Cyprus |
Ireland | All other activities | Trust Payments (IRE) Merchant Services DAC | Ireland |
United States | All other activities | Secure Trading Group Inc and its Affiliates | United States |
United Kingdom Office: Trust Payments Ltd, 1 Royal Exchange, London, EC3V 3DG
Malta Office: Trust Payments (Malta) Limited Ewropa Business Centre, Triq Dun Karm, Birkirkara, BKR 9034
Ireland Office: One Spencer Dock, North Wall Quay, Dublin 1, D01 X9R7, Ireland
Cyprus Office: Αγίου Αθανασίου, 58, EL GRECO BUILDING, Flat/Office 202, 4102, Λεμεσός, Κύπρος
US Office: 695 Mansell Rd; Suite 200 Roswell, GA 30076
If you have any query with regards to this privacy notice, contact our Group Data Protection Officer here.
You can call us on +44 333 240 6000.
If you are or become one of our customers or business partners, we will keep information relating to our business relationship for a minimum of 5 years, 7 years, or 10 years, depending on applicable legal jurisdictions, after the end of your contract with us or on rejection of your application. Data we have collected in relation to our legal obligation to verify our customers will be kept by us for as long as we are legally obligated to and to meet our fiscal, corporate, and other statutory obligations. The retention terms above can be longer if we are required to keep data longer because of applicable law and if we need to keep any information for our legitimate interest of protection of our legal rights, we will keep the necessary information for this purpose until the relevant claims have been settled.
We take the security of your personal data seriously and have implemented robust technical and organisational measures to protect all personal data in our possession. These measures include but are not limited to:
We use this information to set up our products and services for you, including providing support, onboarding, integrating with our platform, and helping you set up any of our technological offerings.
Furthermore, we use your information to fulfil our legitimate interests and legal obligations, such as internal administration, due diligence and KYC (Know Your Customer), AML/CFT (Anti-Money Laundering/Combating the Financing of Terrorism), and tax requirements.
We collect data on your use of our products and services, including login details, questions, queries, comments, and complaints, to perform our contract with you, provide support and optimise and improve our offerings.
We may use your company email address to provide updates on our products and services, tailor offers to your needs, or invite you to our events.
As a financial institution, we are obligated to comply with relevant applicable laws, regulations, card and payment Scheme rules, and prevent fraud, money laundering, financing terrorism. We are required to conduct thorough checks on potential customers, identify ultimate beneficial owners and transaction purposes, monitor transactions, and verify representatives’ competency. During or before our agreement with you, we may collect up to date information for these purposes.
To conduct these checks, we process information you provide to us and data from your use of our services, including your name, contact information, identification document, citizenship proof, address proof, legal representative or shareholder address, bank details, signatures, and company registration details. We also use third-party verification services, including but not limited to credit reporting agencies, to verify your identity and documents. Throughout our relationship with you, we exchange data with these third-party verification services as required for legal and legitimate interests. This data helps us identify, prevent, and counter illegal activities and comply with our legal KYC and AML obligations.
Trust Payments processes your personal information for the following purposes:
Trust Payments is a payment service provider, and as such, provides acquiring services to its customers. Being an acquirer means that Trust Payments accepts payment on behalf of the relevant merchant and then transfers the funds paid by the cardholder to the merchant.
Trust Payments’ role is to request the relevant card and payment Scheme, such as Mastercard or Visa, to authorise the transaction and send this to the cardholder bank (issuing bank) for approval. If this bank gives approval, Trust Payments is notified of this by the relevant payment scheme and makes the payment to the merchant’s bank.
When we provide such acquiring service to our customer, we process your personal data as a data controller. It is important to us that your personal data is treated with care and that you are well-informed about the way we process your personal data.
We process the end-user data we need for our legitimate interest in providing acquiring services to our merchants – typically web shops and brick-and-mortar stores selling goods and services. This means that we receive a payment on behalf of the merchant and handle related matters around these financial transactions.
When a merchant wishes to charge a card for a recurring payment, and it has expired, Trust Payments may request the relevant payment scheme or look up your up-to-date card information on the Trust Payments platform, to facilitate your payment.
For these purposes, we may collect merchant’s customer (cardholder) card number (which we encrypt in accordance with PCI DSS standards), the expiry date (month and year) of payment card, bank account details (excluding your name), including IBAN and SWIFT/BIC, the amount of the transaction and the currency in which the transaction is done, the date, time, and location of the transaction, and the category and ID of the merchant with whom the cardholder is shopping.
If necessary, we can also process any of your information above for our legitimate interest in protecting our legal rights, for example, in connection with legal claims, and when we have a legal obligation to process your information.
Our product and services where these information sets are processed includes, but are not limited to:
For more information on our product catalogue, see here.
When you browse our website, we collect and process certain information such as IP (Internet Protocol) addresses, internet browser and device type, location data, and your use of our website, including which pages you visited and the length of your visit. We collect this data to improve your browsing experience and to ensure that our website functions properly.
We do not sell personal data to third parties, and we take necessary steps to protect your data from unauthorised access, disclosure, or destruction.
For more details on how we collect data from website visitors, refer to our cookie notice.
We may share some of your information, including personal data, with competent authorities and/or regulators in case this is required to comply with our obligations as a financial institution, including, but not limited to. for the purpose of preventing money laundering and terrorist financing. We may share personal data you have disclosed or transferred to us with any member of Trust Payments Group, card and payment Schemes, its employees, and its third-party subcontractors and their employees, and such other entities to which it may be reasonably necessary to disclose and transfer personal data including, but not limited to, credit reference agencies, law enforcement agencies, anti-terrorism or organised crime agencies, fraud monitoring agencies and central banks.
We may share some of your information, including personal data, with competent authorities and/or regulators in case this is required to comply with our obligations as a financial institution, including, but not limited to. for the purpose of preventing money laundering and terrorist financing. We may share personal data you have disclosed or transferred to us with any member of Trust Payments Group, card and payment Schemes, its employees, and its third-party subcontractors and their employees, and such other entities to which it may be reasonably necessary to disclose and transfer personal data including, but not limited to, credit reference agencies, law enforcement agencies, anti-terrorism or organised crime agencies, fraud monitoring agencies and central banks.
We use plugins on our website for social media networks and embedded video players. We also use cookies to improve our website and marketing strategy. Some cookies track your use of our website and visits to other websites to show you targeted advertisements. See our cookie notice.
We may share your information with our service providers and advisers to offer our products and services. If our business is sold or integrated with another business, your details will be disclosed to advisers and new owners of the business. We may transfer information to other member of Trust Payments Group outside the EU or UK, using appropriate safeguards.
If you sign up for our newsletter or events, we use your name and email address to send you information. If you are one of our merchants, we may contact you about relevant products or services. You can unsubscribe from these emails at any time. We use your data to improve our products and services and offer tailored products to our customers.
As per applicable data protection legislation, you have the right to object to us processing your personal data, ask for an overview or copy of your information, correct, or delete certain data, restrict processing of your data, or transfer some of this information to other organisations. You can also withdraw your consent at any time. Please note that we maintain a record of withdrawals of consent. If you wish to exercise any of these rights, please contact us. If you have any questions or complaints about our privacy notice or the way we process your data, you can contact our DPO or the data protection authority of the country you live or work in.
This section provides details on how to contact us to make a complaint about data privacy. It also shows you where you can contact the government regulator. If you are unhappy with how we have used your personal data, please let us know. Contact our Data Protection Officer here.
You also have the right to complain to the regulator and to lodge an appeal if you are not happy with the outcome of a complaint you’ve made to us. In the United Kingdom, this is the Information Commissioner’s Office, and they can be contacted here. For Malta, contact the Information and Data Protection Commissioner here. For Cyprus, contact the Office of the Commissioner for Personal Data Protection. For Ireland contact the Data Protection Commission.
You can contact us via our website, phone, or email. We collect the information you provide, including your name, company, and contact details, to answer your questions or assess your application. We use this data to establish or perform our contract with you, and for our legitimate interests in conducting business with you and managing our internal administration.
Security is our top priority at Trust Payments and we strive to ensure that all data is kept secure at all times We keep all customer data safe with AES256 encryption, SSL Certificates, and a minimum of TLS1.2, between your website and our datacentres.
Our systems are scanned quarterly using the Qualys PCI Platform, an independent Qualified Security Assessor (QSA) and approved vendors – Omnicybersecurity (UK) & Forgenix (US) – to ensure compliance with the security requirements of the card schemes.
We follow a number of rigorous security procedures on a daily basis including, but not limited to, continuous monitoring of our perimeter, dark web monitoring, and internal checks to ensure that CIA triad is maintained at all times.
