Sign In

For the privacy notice for EVO Payments UK Ltd please click here.

EVO Payments UK Ltd trades under the following names: BOI UK Payments Acceptance, BOIPA UK, EVO Payments UK and EVO Payments International.

 

Preamble

EVO Payments UK Ltd, referred to herein as “EVO”, takes the protection of personal data and thus your privacy very seriously. At this point we would like to inform you how EVO protects your data and what it means for you when you use our services. In order to guarantee the greatest possible protection of your privacy we comply with the provisions of the EU General Data Protection Regulation (GDPR) and applicable laws.

1. Name and address of the responsible company EVO is your service provider and can be contacted as follows:

  1. By email at gdpr_uk@evopayments.com or
  2. In writing to: Adelphi Plaza, 2nd Floor, Georges Street Upper, Dún Laoghaire, Co Dublin, Ireland. FAO: GDPR.

2. Name and address of the data protection officer

Our data protection officer is Bird & Bird DPO Services SRL, with registered office at Avenue Louise 235 b 1, 1050 Brussels, Belgium.

You can also contact our data protection officer at any time with any questions concerning data protection – dpo_eu@evopayments.com

3. Scope of application

This privacy policy applies to the website of EVO.

4. Principles of data processing

Personal data is all information relating to an identified or identifiable natural person. This includes information such as your name, age, address, telephone number, date of birth, e-mail address, IP address or user behavior. Information that cannot be used to identify you (or only with disproportionate effort), e.g. by anonymizing the information, is not personal data. The processing of personal data (e.g. the collection, retrieval, use, storage or transmission) always requires a legal basis or your consent. Processed personal data will be erased as soon as the purpose of the processing has been achieved, unless we are required to continue holding your data for legal reasons. If we process your personal data for the provision of certain offers, we will inform you subsequently about the specific processes, the scope and purpose of data processing, the legal basis for the processing and the corresponding storage period.

5. Use of service providers for the processing of personal data / processing of data in countries outside the European Economic Area

The data and information provided in the context of the contractual relationship may be shared within the EVO Group, its affiliated companies, including third parties in connection with providing services to you under your payment acceptance agreement. Your personal data will remain protected by contractual restrictions between the EVO Group companies that restrict the processing of your data. If your data is processed in countries with data protection laws less strict than the European Economic Area, such as the United States of America, we will ensure that your data will be adequately protected through contractual and other methods.

6. Various processing operations

6.1 Provision and use of the Website

6.1.1 Nature and scope of data processing

When you access and use our website, we collect the personal data that your browser automatically transmits to our server. This information is stored temporarily in a log file. When you use our website, we collect the following data that is technically necessary for us to provide you with access to our website and to ensure its stability and security:

  • IP address of the requesting computer,
  • Date and time of access,
  • Name and URL of the retrieved file,
  • Website from which access is made (referrer URL),
  • the browser used and, if applicable, the operating system of your computer as well as the name of your access providers

6.1.2 Period of storage

As soon as the data is no longer required it will be erased, unless we are required to continue holding your data for legal reasons. The collection of data for the provision of the website and the storage of data in log files is necessary for the performance of the website. Consequently, the user cannot object to processing in this respect.

6.1.3 Legal basis

The lawful basis for processing your data is legitimate interest as outlined in Article 6.1(f) of the GDPR. The processing of the data is necessary for the provision of a website and thus serves as a legitimate interest of our company.

6.2 Contact form

6.2.1 Nature and scope of data processing

If you would like to contact us online, we will ask for your name and email address. You can also enter your company’s name, your telephone number and send us a message containing your issues. It is your free decision whether you provide us with this data or not. However, without this information we are not able to answer your contact request.

6.2.2 Period of storage

The period of storage of the above mentioned data depends on the circumstances under which you established contact with us. However, we will erase your personal data collected via the contact form as soon as your request has been processed and the relevant facts have been finally clarified. Further storage may take place in individual cases if applicable law requires this.

6.2.3 Legal basis

If you use the contact form prior to entering into a contract with EVO, processing your data is necessary, and the lawful basis for processing your data is performance of a contract, as outlined in Article 6.1(b) of the GDPR. If you use the contact form for purposes other than entering into a contract the lawful basis for processing your data is legitimate interest, as outlined in Article 6.1(f) of the GDPR, in order to process your request.

6.3 Data processing for the purpose of delivering payment services

6.3.1 Nature and scope of data processing

If you would like to apply for payment services online, we need some personal data in terms of processing your application. The following application data is therefore collected and processed within the scope of the online application:

  • Name and title (including the names of anyone that holds more than 25% of shares or voting rights in a company, has the right to appoint or remove the majority of the board of directors or otherwise exercises significant influence or control over the business)
  • Business Trading name
  • Registered Business name
  • Trading Address, Registered Business Address and including personal address(es)
  • DOB
  • Place of birth
  • Nationality
  • % business ownership
  • Telephone / mobile phone number
  • E-Mail
  • Tax number (VAT ID or National Insurance Number as applicable)
  • Description of business activities
  • Bank details (bank name, account holder name, address, bank account number and sort code, SWIFT/BIC, IBAN)
  • Data required by applicable law such as money laundering legislation.
  • Contact details (name, phone number and email address) for installation of terminal at site (if applicable)
  • Contact details (name phone number and email address) for technical support on eCommerce solutions e.g. your web developer (if applicable)

6.3.2 Period of storage

The data collected for the purpose of the application procedure will be stored for a duration of maximum 6 months after the end of the application procedure, unless we are required to continue holding your data for legal reasons.

6.3.3 Legal basis

The lawful basis for processing your data is performance of a contract as outlined in Article 6.1(b) of the GDPR. The processing of the data is necessary for the processing of your application and the provision of services.

If we obtain your consent for the processing of your data, you have the right to withdraw your consent for the processing of your personal data at any time without giving reasons by sending us an email to gdpr_uk@evopayments.com if you are in the UK mainland or to GDPR@boipa.co.uk if you are in Northern Ireland. You can also contact us via post by sending us a letter to our the registered office in the UK at Granite House Granite Way, Syston, Leicester, United Kingdom, LE7 1PL, FAO: GDPR or to our office in the Republic of Ireland at Adelphi Plaza, 2nd Floor, Georges Street Upper, Dún Laoghaire, Co Dublin, Ireland. FAO: GDPR.

7. Use of Cookies

7.1 Nature and scope of data processing

On our website we use cookies. Cookies are small files sent to your browser on your device during your visit to our websites and stored there. Some functions of our website cannot be offered without the use of technically necessary cookies. However, other cookies allow us to perform various analyses. For example, cookies are able to recognize the browser you are using the next time you visit our website and to transmit various information to us. With the help of cookies, we can make our website more user- friendly and effective for you, for example by tracking your use of our website and determining your preferred settings (e.g. country and language settings). If third parties process information via cookies, they collect this information directly via your browser. Cookies do not cause any damage to your device. They cannot run programs or contain viruses.

7.2 Legal basis

The lawful basis for processing your data is legitimate interest as outlined in Article 6.1(f) of the GDPR. If you have given us your consent for the use of cookies due to a notification (“Cookie banner”) provided by us on the website, the lawful basis is additionally regulated by Art. 6.1(a) of the GDPR.

7.2.1 Period of storage

As soon as the data transmitted to us via the cookies is no longer necessary for the purposes described in section 7.1, this information will be erased, unless we are required to continue holding your data for legal reasons

7.2.2 Configuration of browser settings

Most browsers are set to accept cookies by default. However, you can configure your browser so that it only accepts certain cookies or no cookies at all. However, we would like to point out that you may not be able to use all functions on our website if cookies are deactivated in your browser settings on our website. You can also delete cookies already stored in your browser via your browser settings. Furthermore, it is also possible to set your browser so that it informs you before cookies are saved. Since the different browsers can differ in their respective functions, we ask you to use the respective help menu of your browser for the configuration options.

If you would like a comprehensive overview of the access by third parties to your Internet browser, we recommend that you install specially developed plug-ins.

8. Use of Google Analytics within this website

This website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses so called “cookies”, which are text files placed on your computer, to help you analyze how the website is used. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there.

This website automatically anonymizes your IP address; your Google IP address within the European Union or in signatory states to the Agreement on the European Economic Area will be reduced before it is stored. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with further services associated with website and internet use. The IP address transmitted by your browser in the context of Google Analytics is not merged with other data from Google.

You may refuse the use of cookies by selecting the appropriate settings in your browser; however, please note that if you do so you may not be able to use all functionality on our website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link –

https://tools.google.com/dlpage/gaoptout?hl=en.

We also use Google Analytics to evaluate data from double-click cookies and AdWords for statistical purposes. If you do not want this, you can disable it using the Ads Preferences Manager www.google.com/settings/ads.

9. Google Remarketing

Our website uses the remarketing function of Google Inc. (“Google”). This function is generally used to present personalized advertisements that is part of Google’s advertising network to website users. To enable this, cookies are stored on your computer. When you visit our website and then visit a website that is part of the Google advertising network, you may be exposed to advertising from EVO Payments UK Ltd.

According to its own statements, Google does not collect any personal data in this process. However, if you do not wish to use Google’s remarketing feature, you can always deactivate it by making the appropriate settings at www.google.com/settings/ads.

As an alternative, you can disable the use of cookies for personalized advertising through the Advertising Network Initiative by following the instructions at www.networkadvertising.org/managing/opt_out.asp. For more information about Google Remarketing and Google’s privacy policy, please visit: www.google.com/privacy/ads/.

10. Google AdWords

The data controller has integrated Google AdWords on this website. Google AdWords is an internet advertising service that allows advertisers to place ads in both Google’s search engine results and the Google Advertising Network. Google AdWords allows an advertiser to define certain keywords in advance, which are used to display an ad in Google’s search engine results only if the user uses the search engine to retrieve a keyword-relevant search result. In the Google advertising network, the ads are spread to topic-relevant websites using an automatic algorithm and taking into account the previously defined keywords.

The operator of Google AdWords services is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The purpose of Google AdWords is to advertise our website by displaying personalized advertising on the websites of third parties and in the search engine results of the Google search engine and by displaying third-party advertising on our website.

If a person concerned enters our website via a Google ad, a so-called Conversion-Cookie is stored on the information technology system of the person concerned by Google. The subject of cookies has already been explained above. A Conversion-Cookie loses its validity after thirty days and is not used to identify the person concerned. If the cookie has not expired yet, the Conversion-Cookie is used to determine whether certain sub-pages, such as the shopping basket of an online shop system, have been accessed on our website. The Conversion-Cookie enables both us and Google to track whether a person who has accessed our website via an AdWords Ad has generated revenue, i.e. has completed or cancelled a purchase of goods.

The data and information collected through the use of the Conversion-Cookie is used by Google to generate user statistics for our website. These statistics are used by us to determine the total number of users who have been referred to us via AdWords-Ads, i.e. to determine the success or failure of the respective AdWords-Ad and to optimize our AdWords-Ads for the future. Neither EVO nor other Google AdWords advertisers receive information from Google that could identify the person concerned.

The Conversion-Cookie is used to store personal information, such as the websites visited by the person concerned. Personal data, including the IP address of the internet connection used by the person concerned, is therefore transferred to Google in the United States of America each time they visit our website. The personal data is stored by Google in the United States of America. Google may transfer the personal data collected via the technical process to third parties.

The person concerned can block the setting of cookies through our website at any time, as already described above, by means of an appropriate setting of the Internet browser used and thus permanently block the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a Conversion-Cookie on the information technology system of the person concerned. In addition, a cookie already set by Google AdWords can be erased at any time via the Internet browser or other software programs.

Furthermore, the person concerned has the possibility to object to personalised advertising by Google. To do this, the person concerned must access the www.google.com/settings/ads link from each of the Internet browsers they use and change the required settings there.

Further information and Google’s current privacy policy can be found at – https://www.google.de/intl/de/policies/privacy/.

11. Rights of data subjects

The GDPR provides the following rights for you as a data subject with regard to the processing of personal data:

11.1 Right of access

According to Article 15 of the GDPR you can request information about your personal data processed by EVO. In particular, you may request information about the purposes of processing, the categories of personal data concerned, the categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations, the envisaged period for which the personal data will be stored, the existence of a right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing, the right to lodge a complaint with a supervisory Authority, where the personal data are not collected from the data subject, any available information as to their source, the existence of automated decision-making, including profiling and, where applicable, meaningful information on their details.

11.2 Right to rectification

According to Article 16 of the GDPR you can immediately demand without undue delay the rectification of inaccurate personal data stored by EVO.

11.3 Right to erasure

According to Article 17 of the GDPR you have the right to obtain the erasure of your personal data stored with us, as far as processing is not necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for the performance of a task carried out in the public Interest or for the establishment, exercise or defence of legal claims.

11.4 Right to object

In accordance with Article 18 of the GDPR, you have the right to obtain from the controller restriction of processing if you dispute the accuracy of the personal data being processed, the processing is unlawful, we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims. You also have the right according to Article 18 of the GDPR if you have filed an objection against the processing in accordance with Article 21 of the GDPR.

11.5 Right to data portability

According to Article 20 of the GDPR, you have the right to receive the personal data provided by you to EVO in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.

11.6 Right to withdraw

According to Article 7 para. 3 of the GDPR you have the right to withdraw your consent to us at any time. As a result, we may no longer continue the processing of data based on this consent in the future.

11.7 Right to lodge a complaint with a supervisory authority

According to Article 77 of the GDPR, you have the right to lodge a complaint with a supervisory authority. The applicable competent supervisory authority is the Information Commissioners Office, and can be contacted on 0303 123 1113.

12. Hyperlinks

Our website contains so-called hyperlinks to websites of other providers. If these hyperlinks are activated, you will be redirected from our website directly to the website of the other provider. You can recognize this, among other things, by the change of the URL. We cannot take responsibility for the confidential handling of your data on these third party websites, as we have no influence on whether these companies comply with the data protection regulations. Please inform yourself about the handling of your personal data by these companies directly on their websites.

13. Data security and safety regulations

We commit ourselves to protect your privacy and to treat your personal data confidentially. In order to avoid manipulation, loss or misuse of your data stored with EVO, we take extensive technical and organisational security precautions, which are regularly checked and adapted to technological progress. This includes the use of established encryption methods (SSL or TLS). However, we would like to point out that due to the structure of the internet, it is possible that the regulations of data protection and the above-mentioned security measures may not be complied with by other persons or institutions for which we are not responsible. In particular, unencrypted data – e.g. if transferred by e-mail – can be read by third parties. We have no technical influence on this. It is the responsibility of the user to protect the data provided by him against misuse by encryption or in any other way.

GDPR Statement

The General Data Protection Regulation (“GDPR”) is effective as of 25 May 2018.The GDPR aims to strengthen the protection of personally identifiable information* in the EU.

EVO Payments UK Ltd, referred to herein as “EVO”, welcomes the arrival of the GDPR. We consider the security of our employees’, customers’ and third parties’ personally identifiable information very important.

We consider it our duty to comply with national and international data protection regulations globally. We strive to operate with industry leading standards for transparency, predictability and consistency.

Certifications

As a member of the Payment Card Industry, we have adopted multiple technical and organisational measures to be compliant with the high standards imposed by the Payment Card Industry Data Security Standards.

Physical Security

As a member of the Payment Card Industry, we are also involved in the physical security of our employees’, customers’ and third parties’ personally identifiable information.

Data Protection & Security

EVO has implemented and maintains data protection systems and security at all of its facilities and in respect of all its IT platforms and functions.

GDPR Implementation

Although we have already implemented a consistent level of data protection and security in our data centres, our aim is to be fully compliant with the GDPR and all other applicable data protection laws. This includes keeping internal records of all our data processing activities and having a process to accommodate the rights of our data subjects.

Contact Person

If your personal data are processed by EVO and you are a data subject within the meaning of the GDPR, you have the right to demand access, rectification, erasure, restriction of processing, data portability and to object to the data processing according to Articles 15 to 22 of the GDPR.

If you wish to exercise these rights or have related questions,  you can contact us via post by sending us a letter to our the registered office in the UK at Granite House Granite Way, Syston, Leicester, United Kingdom, LE7 1PL, FAO: GDPR or to our office in the Republic of Ireland at Adelphi Plaza, 2nd Floor, Georges Street Upper, Dún Laoghaire, Co Dublin, Ireland. FAO: GDPR. You can also email us to the following e-mail address: gdpr_uk@evopayments.com, if you are in the UK mainland, and if you are in Northern Ireland, you can email us to GDPR@boipa.co.uk, including any support documentation as may be needed.

*personally identifiable data (PII) is any data which could be used to identify a specific individual such as name, telephone number, email address, bank account details.