EVO Payments UK Ltd, referred to herein as “EVO”, takes the protection of personal data and thus your privacy very seriously. At this point we would like to inform you how EVO protects your data and what it means for you when you use our services. In order to guarantee the greatest possible protection of your privacy we comply with the provisions of the EU General Data Protection Regulation (GDPR) and applicable laws.
- Name and address of the responsible company
EVO, which includes BOI UK Payment Acceptance, is your service provider and can be contacted as follows:
- By email at firstname.lastname@example.org or
- In writing to: BOI UK Payment Acceptance, Scottish Provident Building, Suite 330, 7 Donegall Square West, Belfast, Co Antrim, BT1 6JH, Unit Kingdom. FAO: GDPR.
- Name and address of the data protection officer
Our data protection officer is Bird & Bird DPO Services SRL, with registered office at Avenue Louise 235 b 1, 1050 Brussels, Belgium.
You can also contact our data protection officer at any time with any questions concerning data protection – email@example.com
- Scope of application
- Principles of data processing
Personal data is all information relating to an identified or identifiable natural person. This includes information such as your name, age, address, telephone number, date of birth, e-mail address, IP address or user behavior. Information that cannot be used to identify you (or only with disproportionate effort), e.g. by anonymizing the information, is not personal data. The processing of personal data (e.g. the collection, retrieval, use, storage or transmission) always requires a legal basis or your consent. Processed personal data will be erased as soon as the purpose of the processing has been achieved, unless we are required to continue holding your data for legal reasons.
If we process your personal data for the provision of certain offers, we will inform you subsequently about the specific processes, the scope and purpose of data processing, the legal basis for the processing and the corresponding storage period.
- Use of service providers for the processing of personal data / processing of data in countries outside the European Economic Area
The data and information provided in the context of the contractual relationship may be shared within the EVO Group, its affiliated companies, including third parties in connection with providing services to you under your payment acceptance agreement. Your personal data will remain protected by contractual restrictions between the EVO Group companies that restrict the processing of your data.
If your data is processed in countries with data protection laws less strict than the European Economic Area, such as the United States of America, we will ensure that your data will be adequately protected through contractual and other methods.
- Various processing operations
6.1 Provision and use of the Website
6.1.1 Nature and scope of data processing
When you access and use our website, we collect the personal data that your browser automatically transmits to our server. This information is stored temporarily in a log file. When you use our website, we collect the following data that is technically necessary for us to provide you with access to our website and to ensure its stability and security:
- IP address of the requesting computer,
- Date and time of access,
- Name and URL of the retrieved file,
- Website from which access is made (referrer URL),
- the browser used and, if applicable, the operating system of your computer as well as the name of your access providers
6.1.2 Period of storage
As soon as the data is no longer required it will be erased, unless we are required to continue holding your data for legal reasons. The collection of data for the provision of the website and the storage of data in log files is necessary for the performance of the website. Consequently, the user cannot object to processing in this respect.
6.1.3 Legal basis
The lawful basis for processing your data is legitimate interest as outlined in Article 6.1(f) of the GDPR. The processing of the data is necessary for the provision of a website and thus serves as a legitimate interest of our company.
6.2 Contact form
6.2.1 Nature and scope of data processing
If you would like to contact us online, we will ask for your name and email address. You can also enter your company’s name, your telephone number and send us a message containing your issues.
It is your free decision whether you provide us with this data or not. However, without this information we are not able to answer your contact request.
6.2.2 Period of storage
The period of storage of the above mentioned data depends on the circumstances under which you established contact with us. However, we will erase your personal data collected via the contact form as soon as your request has been processed and the relevant facts have been finally clarified. Further storage may take place in individual cases if applicable law requires this.
6.2.3 Legal basis
If you use the contact form prior to entering into a contract with EVO, processing your data is necessary, and the lawful basis for processing your data is performance of a contract, as outlined in Article 6.1(b) of the GDPR.
If you use the contact form for purposes other than entering into a contract the lawful basis for processing your data is legitimate interest, as outlined in Article 6.1(f) of the GDPR, in order to process your request.
6.3 Data processing for the purpose of delivering payment services
6.3.1 Nature and scope of data processing
If you would like to apply for payment services online, we need some personal data in terms of processing your application. The following application data is therefore collected and processed within the scope of the online application:
- Name and title (including the names of anyone that holds more than 25% of shares or voting rights in a company, has the right to appoint or remove the majority of the board of directors or otherwise exercises significant influence or control over the business)
- Business Trading name
- Registered Business name
- Trading Address, Registered Business Address and including personal address(es)
- Place of birth
- % business ownership
- Telephone / mobile phone number
- Tax number (VAT ID or National Insurance Number as applicable)
- Description of business activities
- Bank details (bank name, account holder name, address, bank account number and sort code, SWIFT/BIC, IBAN)
- Data required by applicable law such as money laundering legislation.
- Contact details (name, phone number and email address) for installation of terminal at site (if applicable)
- Contact details (name phone number and email address) for technical support on eCommerce solutions e.g. your web developer (if applicable)
6.3.2 Period of storage
The data collected for the purpose of the application procedure will be stored for a duration of maximum 6 months after the end of the application procedure, unless we are required to continue holding your data for legal reasons.
6.3.3 Legal basis
The lawful basis for processing your data is performance of a contract as outlined in Article 6.1(b) of the GDPR. The processing of the data is necessary for the processing of your application and the provision of services.
If we obtain your consent for the processing of your data, you have the right to withdraw your consent for the processing of your personal data at any time without giving reasons by sending an e-mail to firstname.lastname@example.org or by post to BOI UK Payment Acceptance, Scottish Provident Building, Suite 330, 7 Donegall Sqaure West, Belfast, Co Antrim, BT1 6JH, Unit Kingdom. FAO: GDPR.
7.1 Nature and scope of data processing
7.2 Legal basis
7.2.1 Period of storage
As soon as the data transmitted to us via the cookies is no longer necessary for the purposes described in section 7.1, this information will be erased, unless we are required to continue holding your data for legal reasons
7.2.2 Configuration of browser settings
Most browsers are set to accept cookies by default. However, you can configure your browser so that it only accepts certain cookies or no cookies at all. However, we would like to point out that you may not be able to use all functions on our website if cookies are deactivated in your browser settings on our website. You can also delete cookies already stored in your browser via your browser settings. Furthermore, it is also possible to set your browser so that it informs you before cookies are saved. Since the different browsers can differ in their respective functions, we ask you to use the respective help menu of your browser for the configuration options.
If you would like a comprehensive overview of the access by third parties to your Internet browser, we recommend that you install specially developed plug-ins.
- Use of Google Analytics within this website
This website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses so called “cookies”, which are text files placed on your computer, to help you analyze how the website is used. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there.
This website automatically anonymizes your IP address; your Google IP address within the European Union or in signatory states to the Agreement on the European Economic Area will be reduced before it is stored. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with further services associated with website and internet use. The IP address transmitted by your browser in the context of Google Analytics is not merged with other data from Google.
We also use Google Analytics to evaluate data from double-click cookies and AdWords for statistical purposes. If you do not want this, you can disable it using the Ads Preferences Manager www.google.com/settings/ads.
- Google Remarketing
Our website uses the remarketing function of Google Inc. (“Google”). This function is generally used to present personalized advertisements that is part of Google’s advertising network to website users. To enable this, cookies are stored on your computer. When you visit our website and then visit a website that is part of the Google advertising network, you may be exposed to advertising from EVO Payments UK Ltd.
According to its own statements, Google does not collect any personal data in this process. However, if you do not wish to use Google’s remarketing feature, you can always deactivate it by making the appropriate settings at www.google.com/settings/ads.
- Google AdWords
The data controller has integrated Google AdWords on this website. Google AdWords is an internet advertising service that allows advertisers to place ads in both Google’s search engine results and the Google Advertising Network. Google AdWords allows an advertiser to define certain keywords in advance, which are used to display an ad in Google’s search engine results only if the user uses the search engine to retrieve a keyword-relevant search result. In the Google advertising network, the ads are spread to topic-relevant websites using an automatic algorithm and taking into account the previously defined keywords.
The operator of Google AdWords services is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The purpose of Google AdWords is to advertise our website by displaying personalized advertising on the websites of third parties and in the search engine results of the Google search engine and by displaying third-party advertising on our website.
If a person concerned enters our website via a Google ad, a so-called Conversion-Cookie is stored on the information technology system of the person concerned by Google. The subject of cookies has already been explained above. A Conversion-Cookie loses its validity after thirty days and is not used to identify the person concerned. If the cookie has not expired yet, the Conversion-Cookie is used to determine whether certain sub-pages, such as the shopping basket of an online shop system, have been accessed on our website. The Conversion-Cookie enables both us and Google to track whether a person who has accessed our website via an AdWords Ad has generated revenue, i.e. has completed or cancelled a purchase of goods.
The data and information collected through the use of the Conversion-Cookie is used by Google to generate user statistics for our website. These statistics are used by us to determine the total number of users who have been referred to us via AdWords-Ads, i.e. to determine the success or failure of the respective AdWords-Ad and to optimize our AdWords-Ads for the future. Neither EVO nor other Google AdWords advertisers receive information from Google that could identify the person concerned.
The Conversion-Cookie is used to store personal information, such as the websites visited by the person concerned. Personal data, including the IP address of the internet connection used by the person concerned, is therefore transferred to Google in the United States of America each time they visit our website. The personal data is stored by Google in the United States of America. Google may transfer the personal data collected via the technical process to third parties.
The person concerned can block the setting of cookies through our website at any time, as already described above, by means of an appropriate setting of the Internet browser used and thus permanently block the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a Conversion-Cookie on the information technology system of the person concerned. In addition, a cookie already set by Google AdWords can be erased at any time via the Internet browser or other software programs.
Furthermore, the person concerned has the possibility to object to personalised advertising by Google. To do this, the person concerned must access the www.google.de/settings/ads link from each of the Internet browsers they use and change the required settings there.
- Rights of data subjects
The GDPR provides the following rights for you as a data subject with regard to the processing of personal data:
11.1 Right of access
According to Article 15 of the GDPR you can request information about your personal data processed by EVO. In particular, you may request information about the purposes of processing, the categories of personal data concerned, the categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations, the envisaged period for which the personal data will be stored, the existence of a right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing, the right to lodge a complaint with a supervisory Authority, where the personal data are not collected from the data subject, any available information as to their source, the existence of automated decision-making, including profiling and, where applicable, meaningful information on their details.
11.2 Right to rectification
According to Article 16 of the GDPR you can immediately demand without undue delay the rectification of inaccurate personal data stored by EVO.
11.3 Right to erasure
According to Article 17 of the GDPR you have the right to obtain the erasure of your personal data stored with us, as far as processing is not necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for the performance of a task carried out in the public Interest or for the establishment, exercise or defence of legal claims.
11.4 Right to object
In accordance with Article 18 of the GDPR, you have the right to obtain from the controller restriction of processing if you dispute the accuracy of the personal data being processed, the processing is unlawful, we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims. You also have the right according to Article 18 of the GDPR if you have filed an objection against the processing in accordance with Article 21 of the GDPR.
11.5 Right to data portability
According to Article 20 of the GDPR, you have the right to receive the personal data provided by you to EVO in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.
11.6 Right to withdraw
According to Article 7 para. 3 of the GDPR you have the right to withdraw your consent to us at any time. As a result, we may no longer continue the processing of data based on this consent in the future.
11.7 Right to lodge a complaint with a supervisory authority
According to Article 77 of the GDPR, you have the right to lodge a complaint with a supervisory authority. The applicable competent supervisory authority is the Information Commissioners Office, and can be contacted on 0303 123 1113.
Our website contains so-called hyperlinks to websites of other providers. If these hyperlinks are activated, you will be redirected from our website directly to the website of the other provider. You can recognize this, among other things, by the change of the URL. We cannot take responsibility for the confidential handling of your data on these third party websites, as we have no influence on whether these companies comply with the data protection regulations. Please inform yourself about the handling of your personal data by these companies directly on their websites.
- Data security and safety regulations
We commit ourselves to protect your privacy and to treat your personal data confidentially. In order to avoid manipulation, loss or misuse of your data stored with EVO, we take extensive technical and organisational security precautions, which are regularly checked and adapted to technological progress. This includes the use of established encryption methods (SSL or TLS). However, we would like to point out that due to the structure of the internet, it is possible that the regulations of data protection and the above-mentioned security measures may not be complied with by other persons or institutions for which we are not responsible. In particular, unencrypted data – e.g. if transferred by e-mail – can be read by third parties. We have no technical influence on this. It is the responsibility of the user to protect the data provided by him against misuse by encryption or in any other way.