Last updated: 12 September 2023
Bilderlings Pay Limited
Registered address: 66 Prescot street, London, E1 8NN, UK, United Kingdom
Registration No. 09908958
About personal data processing
This notice explains what you can expect from us and what we need from you in relation to your personal data. What information we collect, how we use it, and your rights if you want to change how we use your personal data. This notice is necessary for you to fully understand our Terms & Conditions.
Protecting your rights and processing your data in a safe and fair manner is very important for Bilderlings Pay Limited (“Bilderlings”, “we”, “us”, “our”). Our registered office is 66 Prescot Street, London, E1 8NN, United Kingdom GB. Registration No. 9908958.
Our registration number with the Information Commissioner’s Office UK (ICO) is ZA187012.
We are fully dedicated to ensuring that our personal data processing practices are in line with the requirements of UK GDPR*, Data Protection Act 2018, as well as GDPR.
Data we collect about you
We may collect and use the following data about you:
|Personal data source
|Information you give us
|We collect information you provide when you:register to use the Bilderlings appcorrespond with usfill in our formsopen an account or use any of our servicesspeak with a member of our social media or customer support teams (either on the phone or through the online chat)contact us for other reasonsWe will collect the following information:your name, address, and date of birthyour email address, phone number and details of the device you use (forexample, your phone, computer or tablet)your registration informationCurrent professional or work activitydetails of your bank account, including the account number, sort code andIBANdetails of your Bilderlings card including the card number, expiry date and CVCcopies of your identification documents (for example, your passport or ID) and any other information you provide to prove you are eligible to use our servicesyour country of residence, tax residency information, and tax identification numberrecords of our discussions, if you contact us or we contact you (including records of phone calls)your image in photo or video form (where required as part of our Know-Your-Customer (KYC) checks, to verify your identityinformation about other people (such as a joint account holder, your spouse or family) when we ask you to give us this information to enable us to comply with our obligations under KYC, anti-money laundering laws and to assist with fraud monitoring
If you give us personal data about other people (such as a joint account holder, your spouse or family), or you ask us to share their personal data with third parties, you confirm that you have brought this notice to their attention beforehand.
|Information collectedfrom your use of ourproducts and services
|Whenever you use our website or the Bilderlings app, we collect the followinginformation:technical information, including the internet protocol (IP) address used to connect your computer to the internet, your login information, the browser type and version, the time zone setting, the operating system and platform, the type of device you use, a unique device identifier your mobile operating system and the type of mobile browser you useinformation about your visit, including the links you’ve clicked on, through and from our website or app (including date and time), services you viewed or searched for, page response times, download errors, length of visits to certain pagesinformation on transactions and your use of Bilderlings products (for example, payments into and out of your account), including the date, time, amount, currencies, exchange rate, beneficiary details, details of the merchant, receiver’s name and registration information, messages sent or received, details of device used to arrange the payment and the payment method used
|Information from others
|We collect personal data from third parties such as financial or credit institutions, official registers and databases, commercial databases as well as joint account holders, fraud prevention agencies and partners who help us to provide our services.This includes your credit record, information about late payments, information to help us check your identity, and information relating to your transactions.
|Information frompublicly availablesources
|We may use publicly available information about you from selected social media websites, online registers, directories or apps to carry out enhanced due diligence checks. Publicly available information from social media websites or apps may also be provided to us when we conduct general searches on you (for example, to comply with our anti-money laundering or sanctions screening obligations and KYC purposes).
Legal basis and purpose of processing your data
- Keeping to our contracts and agreements with you
We need certain personal data to provide our services and cannot provide them without this
- Legal obligations
In some cases, we have a legal responsibility to collect and store your personal data (for example, under anti-money laundering laws we must hold certain information about our customers).
- Legitimate interests
To pursue our legitimate interests provided that these legitimate interests are not overridden by your interests or fundamental rights and freedoms.
Our legitimate interests include:
- keeping our services safe and secure
- constantly improving our services and to ensure that they are presented in the most effective manner
- measuring or understanding the effectiveness of advertising we serve and delivering relevant advertising to you
- providing you with information about other similar goods and services we offer
- providing you, or permitting selected third parties to provide you, with information about goods or services we feel may interest you
- to perform a task carried out in the public interest (such as the prevention of money laundering and terrorism financing, preventing of fraud, detection, investigation and informing of such activity)
- Update clients data in order to ensure its accuracy
Where you have given us your consent to process your data
How do we protect your personal data
Bilderlings takes the security of your data seriously. We have internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties. Where Bilderlings engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and Company measures to ensure the security of data. We continuously educate and train our employees about the importance of confidentiality and privacy of customer information. We maintain physical, electronic and procedural safeguards that comply with the relevant laws and regulations to protect your personal information from unauthorised access.
Personal data sharing
We may disclose your personal data to third parties:
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation
- to protect the rights, property, or safety of Bilderlings, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction
- to assist us in conducting or co-operating in investigations of fraud or other illegal activity where we believe it is reasonable and appropriate to do so
- to develop customer relationships, services and systems
- to our suppliers:
- to card manufacturing, personalisation and delivery companies, to create and deliver your personalised payment card
- to our banking and financial services partners and payments networks, such as Mastercard. To help us provide our services to you
- to analytics providers and search information providers. To help us improve our website or app
- to communications services providers. To distribute commercial offers and marketing materials and providing multi-factor authorisation and signature.
- to professional advisors and European based certified partners providing AML KYC and risk management systems, for maintaining compliance with the law and the regulatory requirements
- to suppliers who provide us with IT, outsource and other services, to help us provide our services to you
In general, personal data is processed within the United Kingdom, European Union/European Economic Area (UK/EU/EEA). However, there may be certain cases where personal data is transmitted and processed outside the UK/EU/EEA.
Personal data may be transferred and processed outside the UK/EU/EEA in situations where it is necessary for the conclusion or execution of a contract. For example, this may occur when a payment is carried out to a third party or through a third-party partner (correspondent). Additionally, if a client engages in commerce activities using an online platform as a registered user, the payment service providers of registered users may be subject to specific customer information requirements that necessitate the transfer of personal data. Moreover, data transfers may occur when the client has given their consent.
In all of these cases, we strive to ensure that appropriate technical and organizational measures are in place, as outlined in the Joint Controller Agreement. These measures are implemented to safeguard the security and confidentiality of personal data, regardless of its location.
Please note that when personal data is transferred outside the UK/EU/EEA, we adhere to relevant data protection laws and regulations, and we take steps to ensure an adequate level of protection for the data being transferred.
Automated decision-making, profiling
Bilderlings conducts profiling activities that involve the automated processing of personal data. This profiling is carried out to comply with legislation related to risk management and to ensure the continuous and periodic monitoring of transactions in order to prevent fraud. The ongoing profiling is based on Bilderlings’ legal obligations.
We don’t use special category data in our automated decision-making systems unless we have a lawful basis to do so.
We will retain your personal data only for as long as is necessary to fulfill the purposes for which we collected it. We’ll generally keep your personal data for five years after our business relationship with you ends, or such period as may be required by applicable UK laws. We will always delete data that is no longer required by a UK law.
- You have the right to request access to the personal data we hold about you.
- If you ask, we’ll provide the information about the personal data we hold about you. We can’t give you any personal data about other people, personal data which is linked to an ongoing criminal or fraud investigation, or personal data which is linked to settlement negotiations with you. We also won’t provide you with any communication we’ve had with our legal advisers.
- You have the right to request that we correct any inaccurate personal data we hold about you.
- You have the right to request that we delete your personal data, subject to certain exceptions.
- You have the right to request that we restrict the processing of your personal data, subject to certain exceptions.
- You have the right to object to the processing of your personal data on grounds relating to your particular situation.
- You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to have it transferred to another controller, where technically feasible. We will assess the technical feasibility of such a transfer on a case-by-case basis, taking into account factors such as the format of the personal data, the cost and complexity of the transfer, and the availability of relevant technology. If we determine that a transfer is not technically feasible, we will explain the reasons for this to you in writing. In some cases, we may also be required to deny your request to transfer personal data under applicable law or professional obligations.
- You have the right to lodge a complaint with the Commissioner https://ico.org.uk/make-a-complaint/data-protection-complaints/data-protection-complaints/).
The ICO’s address:
Information Commissioner’s Office
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
All requests can be made through your personal account, by contacting your manager or emailing [email protected].
* Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (United Kingdom General Data Protection Regulation) (Text with EEA relevance)