By ‘We’, Our or ‘Us’, we refer to our firm, Social Money Limited which uses the trading name ‘Payl8r’. We are Registered in England and Wales at the Registered Address: St Johns House, Barrington Road, Altrincham WA14 1JY.
By “You” we mean you, the user of this website and the individual/customer that may seek to access, or has accessed, our services.
We are Authorised and Regulated by the Financial Conduct Authority. Our Firm Reference Number is 675283 and you can check our registration by going to the FCA’s register at https://register.fca.org.uk/s/.
For the purposes of the Data Protection Act (‘DPA’), we are the ‘Data Controller’ (i.e. the company who is responsible for, and controls the processing of, your personal data).
We are registered with the Information Commissioner’s Office, Registration Number: ZA026178.
You can contact us via our website, https://payl8r.com/ or using the information provided below:
– Telephone: +44 (0) 161 425 6363
We take the privacy of our website users seriously and we are committed to protecting your privacy in compliance with European Union (EU) and United Kingdom (UK) data protection laws and regulations, including from the 25th May 2018, the General Data Protection Regulation (EU 2016/679) ‘Data Protection laws’.
‘Personal Data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
We will process your data for the following purposes:
We rely on the following lawful bases for processing:
We will obtain personal data when you contact us for any reason or proceed with our services. In certain circumstances, we may hold special category data (also known as sensitive personal data) we will require this information to tailor our approach to how we can best assist you and your needs. For instance, you may have a medical condition which means that a third-party deal with your affairs or you may have an impairment which would mean we would be best to contact you via a different method.
Any special category data held will be treated with the strictest of confidence and will be held purely based on your explicit consent to aid us in providing the best service to you. If you do not provide your explicit consent relating to any impairment or vulnerability, the information will not be recorded and will also not be disclosed to any third parties.
You may provide us with your Identity, contact and financial data by completing online forms or by corresponding directly with us via post, phone, email or otherwise. This includes the personal data you provide when you:
We also collect personal data about you from third party sources. The data collected from third party sources are as follows (please note, this is a general accounting and does not necessarily indicate that the below data will be obtained from third party sources, only that it may be obtained and if available and relevant to the service provided):
|Data Collected||Examples of Data Collected||Gathered From||When|
|Personal Identity Information||Name, surname, date of birth, country, mobile number, employment status||Application form||Generated as a result of providing our services to you.|
|Personal Credit Rating||Your Credit Rating.||Equifax||Obtained as part of the lending application in order to assess your creditworthiness and affordability.|
|Financial information||Income, debt level, credit limit, account numbers, bank statements, adverse financial history including CCJs.||Perfect Data Solutions Limited||Obtained as part of the lending application in order to assess your creditworthiness and affordability.|
We will observe the rights granted to you under applicable Data Protection Laws, as set out below, and will ensure that queries relating to privacy issues are dealt with promptly and in a transparent manner.
We will only collect and process your personal data where we have lawful grounds to do so.
We will update our records if you inform us that your details have changed. Please tell us (see contact details above) as soon as possible about this. We will update our records promptly once we are satisfied that the new information (such as your new address or contact details) is accurate.
Throughout the provision of our service, we may need to disclose personal data to third parties. The categories of recipients of personal data are as follows:
Demographics and Interests Reporting — provides insight into the age, gender, and purchase interests of users, which you can use to better target your advertisements.
Google Display Network (GDN) Impression Reporting — measures the impact of unclicked GDN Display ad impressions on conversions and site behaviour.
We currently do not transfer data outside of the United Kingdom (UK) or European Economic Area (EEA). Personal Data shared with third-party operational providers, required for the provision and operation of our services (as described within Recipients of Personal Data), may transfer personal data outside of the UK and EEA. Should this be the case, the international transfer will be made in accordance with an adequacy decision or subject to appropriate and documented safeguards.
|Your right to access||The right of access, commonly referred to as subject access, gives individuals the right to obtain a copy of their personal data as well as other supplementary information. It helps you to understand how and why we are using your data, and to check we are using it lawfully.|
|Your right to rectification||You have the right to have inaccurate personal data rectified. You may also be able to have incomplete personal data completed – although this will depend on the purposes for the processing. This may involve providing a supplementary statement to the incomplete data.|
|Your right to erasure||Under certain circumstances, you have the right to have personal data erased. Also known as ‘The right to be forgotten’. The right is not absolute.|
|Your right to restrict processing||Under certain circumstances, you have the right to request the restriction or suppression of your personal data, and as like the right to erasure, it is not absolute. Restriction of processing means we are permitted to store your personal data; we are unable to use it.|
|Your right to data portability||You have the right to obtain and reuse your personal data for your own purposes across different services. This eases the copying or transferring of personal data easily from one IT environment to another, safely and securely, without affecting the usability of the data.|
|Your right to object||Under certain circumstances you have the right to object to the processing of your personal data, however, you do have the absolute right to object to direct marketing.|
|Your right to be informed||You have the right to be informed about the collection and use of your personal data. Your right to be informed forms part of this policy, and provides the purposes for processing your data, our retention periods and who it will be shared with.|
To withdraw consent please see the contact information detailed within this Policy. Should consent be withdrawn for a particular purpose that we are relying on that consent to perform, we may be unable to provide you with our services or may be unable to tailor our services to your needs which may subsequently impact the service we provide.
Should you wish to unsubscribe from any marketing methods, you may do so by selecting the ‘unsubscribe’ link or by contacting us using the contact information described within this Policy.
We will only retain your personal data for as long as is necessary to fulfil our obligations under the provision of our service as well as any purposes necessary to satisfy any legal, accounting or reporting requirements.
We will take seps with a view to permanently deleting, destroying or anonymising your personal data (which means that we are no longer able to identify you from it) when it is no longer necessary for its purpose.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk, harm of unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, including applicable legal requirements.
Details of retention periods for different aspects of your personal data are available upon request. By law, we have to keep certain information about our customers and this data will be held solely and securely for those legal purposes.
You have the right to access your personal information, also known as a Subject Access Request (SAR). This means you are entitled to obtain the following information about yourself:
A third party may make a request on your behalf. We will require evidence from the third party to this entitlement. This may take the form of a written authority or be a more general power of attorney.
We must act on your subject access request without undue delay and at the latest within one month of receipt. This is calculated as beginning from the day following receipt of the request until the corresponding calendar data the following month. We may request your identity to satisfy the SAR, however, this will be proportionate to the request itself and if we have doubts of the authenticity of identification.
As you have the right to be informed, we will always ensure you are notified within one month of receiving the request. Please note, we may extend the time to respond by a further two months if the request is complex or you have made multiple requests and we will provide you with an explanation for this.
If you make a request electronically (via electronic means), we will provide the information in a commonly used electronic format unless you have specified otherwise.
For the vast majority of requests, we cannot charge you a fee. Where the request is manifestly unfounded or excessive, we may charge a reasonable fee to cover the administrative costs of complying with the request. This also applies in the event that you request further additional copies of data following your initial request. This will again be charged as an administrative cost.
We are committed to ensuring the security of your personal data.
In accordance with our obligations under Data Protection Laws, to prevent unauthorised access to our disclosure of your personal data (including card payments), maintain data accuracy, and ensure the appropriate use of your personal data, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the personal data we collect online.
However, you acknowledge that, unfortunately, the transmission of information via the internet, including the online enquiry forms you submit to us and/or any information provided on Webchat, is not completely secure. We cannot guarantee the security of your data transmitted to the website, so any transmission (i.e. your sending of the personal data to us) is at your own risk. Once we have received your personal data, we will use the steps detailed above to protect it.
If you are not happy with the way in which your personal data is held or processed by us, or if you are not satisfied with our handling of any requests by you in relation to your rights to any automated profiling that we carry out, our Data Protection Officer would be happy to help. You can contact our Data Protection Officer at Payl8r, St Johns House, Barrington Road, Altrincham WA14 1JY.
Alternatively, you have the right to lodge a complaint to the supervisory authority, the Information Commissioner’s Office (ICO) by calling 0303 123 1113. The ICO is the UK’s independent body set up to uphold information rights. You can find out more about the ICO on its website (www.ico.org.uk/). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance. If you would like to make a complaint, see our Complaint Policy here.