Data Privacy Notice

Introduction

This notice explains how and why we use your personal information when you apply for an account or use our website or services managed by AuthPAY.

Who are we?

We're AuthPAY Limited ('we', 'our', 'us') and operate under the name AuthPAY. AuthPAY Limited is an Authorised Electronic Money Institution regulated by the Financial Conduct Authority (Firm Reference No. 931876). We're registered with the UK data protection authority (the Information Commissioner's Office or ICO) under registration number. We are registered in England. Registered No. 12738270. Our Registered Office Address is situated at 13 Maddox Street, London, England, W1S 2QG.

How to contact us ?

You can contact us:

Live Chat at https://authpay.co.uk
Email us at support@authpay.co.uk
Or send a letter to 13 Maddox Street, London, England, W1S 2QG.

Your Rights

You have a right to:

  • Access the personal data we hold about you, or to get a copy of it.
  • Ask for a copy of your personal data in a portable (machine-readable) format or make us send it to someone else.
  • Ask us to correct inaccurate data.
  • Ask us to delete your data, though for legal reasons, we might not always be able to do it.
  • Say no to us using your data for direct marketing and, in certain circumstances, 'legitimate interests', research, and statistical reasons.
  • Withdraw any consent you've given us at any time.
  • Ask us to review an automated decision.

To do any of these things, please get in touch using the details above

Where Do We Store or Send Your Data

  • We may store the data we collect from you outside the UK in a country or organization that the Information Commissioner (ICO) has deemed to provide an adequate level of protection for personal data.
  • We've agreed to specific contracts approved for use in the UK that give personal data the same protection it has in the UK.

the U or transfer it to organisations outside the UK. When we do this, we make sure that your data is protected and that:

How to Make a Complaint

If you have a complaint about how we use your personal information, please contact us through the app or send an email to help@authpay.co.uk, and we'll do our best to fix the problem. You can also reach our Data Protection Officer (DPO) at dpo@authpay.co.uk.

If you're still unhappy, you can refer your complaint to the ICO's Office, the UK regulator for data protection issues. For more details, visit their website.

Changes to this notice

We'll update the privacy notice on this page, and if there are significant changes, we'll let you know by email or in the app.

AuthPAY Customers (or applications for an AuthPAY account)

AuthPAY will collect data about you when you apply to be an AuthPAY customer and if you are successful. In certain circumstances, we may continue to process your information as outlined below when you leave AuthPAY as well.

The information we hold about you and how we use it

When you sign up for an AuthPAY account or use our services

  • Personal details like your name, date and place of birth;
  • Contact details like your home address (and previous addresses), email and phone number;
  • Information about your identity, such as a copy of your ID document, a short video of yourself;
  • Financial details, such as your employment status and the industry you work in, annual income, number of dependents, residential status and monthly housing costs;
  • Information you give us through in-app chat, emails and in-app forms;
  • Answers you give to surveys about AuthPAY and our services;
  • Details about payments to and from your AuthPAY account;
  • Details about services from us and our partners that you show interest in;
  • Details about how you use our app;
  • All the countries you're a tax resident in and your Tax Identification Number for each one.

We may sometimes ask for additional information about transactions through our app to protect you and to help detect and prevent fraud and other suspicious activities.

When you use our website or social media

  • Your social media handle;
  • Your interactions with our website or social media channel;
  • Direct messages you send to our social media pages.

When you get in touch

If you contact us outside of in-app chat, we collect the following information so we can help:

  • The phone number you're calling from and the information you give us during the call (we record all calls);
  • The email address you use and the contents of your email and any attachments;
  • Public details from your social media profile (like Facebook, Instagram, or Twitter) if you reach out to us via these platforms, and the contents of your messages or posts to us;
  • Details about why you are contacting us;
  • Details of the device that you are contacting us from.

We collect some data from your device

We collect this information to keep your data safe and to improve features for you. This includes your:

  • Mobile network and operating system so we can analyse how our app works and fix any problems;
  • IP address and device ID (we'll link your mobile number with your device);
  • Mobile advertising ID, so we can share it with companies that help us with advertising online (you can reset this ID or limit tracking in your phone 'Settings');
  • Location if you've authorised tracking so we can help protect you against fraud;
  • We may also collect information about you from public sources for AML reasons or market research.
  • official public records, like the Electoral Register or Companies House; and
  • information published by the press or on social media.

Special category data

We may need to process sensitive information about customers that data protection laws call 'special category' data. This is information that can reveal a person's:

  • Racial or ethnic origin;
  • Political opinions;
  • Religious or philosophical beliefs;
  • Trade union membership;
  • Genetic or biometric data (if used for identification purposes);
  • Information concerning a person's health, sex life or sexual orientation.

Data protection laws say we need a second lawful basis to use special category data. This can be explicit consent, exercising legal rights in connection with an employment relationship, protecting vital interests, establishing, defending or exercising legal claims or reasons of substantial public interest. In the following section, we explain which lawful basis we rely on to use your special category data in a certain way.

Our reasons for using your information

Data protection laws say we need to have a lawful basis for using your personal data. At least one of the following must apply:

  • Contractual duty;
  • Legal obligation;
  • Legitimate interest;
  • Public interest;
  • Vital interest;
  • Consent.

In this section, we explain which one we rely on to use your data in a certain way.

We need to use your data for a contract we have with you, or to enter into a contract with you

We use details about you to:

  • Consider your application
  • Give you services we agreed to in line with our, and our partners, terms and conditions
  • Send you messages about your account and other services you use if you get in touch, or we need to tell you about something
  • Exercise our right under the contract we’ve entered into with you, like managing, collecting, and recovering money you owe us
  • Investigate and fix complaints and other problems
  • Support you if you contact our customer support team, or to help investigate complaints

Legal Obligation

We:

  • Confirm your identity when you sign up or get in touch
  • Check your record at immigration and fraud prevention agencies
  • Prevent illegal activities like money laundering, tax evasion, and fraud
  • Check your credit history and ask about your reasons for applying and your financial circumstances
  • Keep records of information we hold about you in line with our legal and regulatory requirements
  • Adhere to laws and regulations (these mean we sometimes need to share information with regulators, tax authorities, law enforcement, or other third parties)
  • Compare the information we hold about you with tax residency information to make sure we don’t have a reason to doubt it

Legitimate interest

We need to use your data for our legitimate interest or those of a third party. This means using data in a way that you might expect us to, for a reason which is in your and/or our (or a third party’s) interest and which doesn’t involve overriding your privacy rights.

Product development and marketing

We:

  • Tell you about products and services through our app or other channels, like social media companies, based on how you use our products and services and other information we hold about you.
  • May exclude ads on this basis to ensure our marketing is useful, including instructing platforms to show or not show AuthPAY adverts to existing customers.
  • Share limited information about you with social media companies, other communication platforms, and analytics and search engine providers.
  • Improve our products and services based on how you respond to ads we show you.
  • May ask for feedback if you’ve shown interest in a service to enhance our products and understand how to market them.
  • Use the information you share with us, along with data AuthPAY has about you, to suggest features and products you’d find useful.
  • Use data AuthPAY has about you to check your eligibility for products that we show you.
  • Share insights with the public about trends.
  • May use the personal information you provide us to test third-party services.

Give you special features

We:

  • Show you where you bought something with Google Maps.
  • Send you travel reports when you are abroad (we do this using transaction data, not by tracking your phone).
  • Give you reports on how you’ve spent and/or saved money using AuthPAY.
  • Personalise your visual experience in the AuthPAY app, such as choosing a picture for your virtual card based on what you’ve told us you’ll use it for.
  • Show your profile pictures and name to AuthPAY contacts in their app if you have not turned off your profile privacy settings (if you pay someone, they’ll see your name regardless; it’s our legal duty to show this).

Security and business management

We:

  • Protect the rights, property, or safety of us, our customers, and others.
  • Carry out security and maintenance checks to make sure everything runs smoothly.
  • Manage AuthPAY's business risk and finances.
  • Share information with credit bureaus and crime prevention agencies to benefit from up-to-date information when making decisions about our products and services.
  • Help us make responsible lending and investing decisions and fight financial crime.
  • Store backup copies in case we face a legal claim about the information.
  • Share information with companies to help us provide our services.

Public interest

We:

  • Use facial recognition technology to identify people who use our services in the AuthPAY app to prevent or detect unlawful acts.
  • Record information about your health if it’s necessary to protect your economic well-being, especially if you are at risk, and seeking consent would be unreasonable or negatively impact our ability to help you.

Vital interest

We may share information about you externally (generally with law enforcement in an emergency), if it's necessary to protect your or another person's life and you cannot consent.

Consent

We’ll ask for your consent to:

  • Tell you about our, or our partners, products and services by email or push notification if we think they’re of interest to you. You can unsubscribe from these by email or in the app (if you don't want to see lending promotions in the app, you can opt out in ‘Settings’).
  • Help protect you against fraud by tracking the location of your phone if you've authorized it (iOS).
  • Tell people that you have a paid account.
  • Share information about you with companies we work with when we need your permission (see ‘Who we share your data with’).
  • Access details about other bank accounts you hold when you use our connected banks feature or connect using open banking.
  • Fetch your full credit file.
  • Conduct an eligibility check for your borrowing products.

You can withdraw your consent to processing at any time either through the app, or contacting customer services.

Automated decisions & Artificial Intelligence

We sometimes make decisions without a human. We do this to decide if:

  • we can give you a AuthPAY account based on your age, residency, nationality, financial position and other circumstances, like the results of anti-money laundering and
  • sanctions checks;
  • we need to take action, like freezing a transaction or account because we suspect fraud or money-laundering. We decide this based on patterns in our data, like an account or
  • policy being used in a way that fraudsters work;
  • we complete initial assessments for disputed transactions you raise through the app; and
  • our services and products, or those of companies we work with, are suitable for you so that we can tailor our marketing.

We'll tell you in the app once we've made these decisions. You can ask us to review a decision through in-app chat.

Who we share your data with

Here we mean companies that help us provide services you use, and need to process details about you for this reason. We share as little information as we can and encrypt and/or make it impossible for the recipient to identify you where possible (for example, by using a User ID rather than your name). These are:

  • analytical, Know Your Customer (KYC) and cyber security service providers that help us with identity verification or fraud checks;
  • cloud computing power, storage and software providers;
  • our business intelligence and analytics platform provider;
  • companies that help us with functional analytics (to help us solve technical problems with the app, for example);
  • companies that help us with marketing (we won't share identifiable personal data with third parties for their own direct marketing unless you give us permission, and you can
  • opt out any time);
  • software companies that we use to email you, or for processing and storing emails with you;
  • companies that help us with customer support;
  • companies that help us with fraud prevention;
  • companies that manage our CCTV and security if you visit our offices.

Fraud prevention agencies (FPAs)

When you apply for an account, we check your record with FPAs. During the application process and after you become a customer, we may share information about you with them to help prevent fraud and money laundering when it's in our 'legitimate interest'. If we detect fraud, we may stop activity on your account or block access. Other organisations may use information we share with FPAs about fraud to refuse their services, finance or employment. For more information about the details we collect from and share with FPAs, and how they'll use your data.

Anyone you give us permission to share it with

We tell you in the app when we need your consent to share your data with:

  • Companies that introduce their own services via the AuthPAY app, like energy switching, insurance, or remortgaging;
  • Other customers you want to set up joint accounts with;
  • Other apps;
  • Other banks if you use account switching or aggregation services;
  • People you've asked to represent you, like solicitors and debt management companies.

Law enforcement and other external parties

We may share information about you with:

  • Authorities that spot and stop financial crime, money laundering, terrorism, and tax evasion if the law says we have to, or if it's necessary for other reasons;
  • The police, courts, or dispute resolution bodies if we have to;
  • Local health authorities, such as Adult Social Services, to safeguard your wellbeing;
  • Other banks to help trace money if you're a victim of fraud or other crimes, or if there's a dispute about a payment;
  • Any other third parties where necessary to meet our legal obligations.

Debt Purchasers

If you default on any borrowing with us, we may share your contact details with debt purchasers who can help you manage your debt. Any debt purchasers we work with are regulated by the FCA.

Other Group companies

We may share your details with people or companies if we change the structure of our group of companies, merge with another company, or get bought by another company.

How long we keep your information

We’ll keep your information for 10 years after your account closes in case we need to respond to a legal claim. In some circumstances, like cases of anti-money laundering or fraud, we may keep data longer if we need to (that’s in our legitimate interest) and/or the law says we have to. To determine how long we keep different categories of data, we consider why we hold it, how sensitive it is, how long the law says we need to keep it, and the risks.

Companies that give services to us

Here, we mean companies that help us provide services and need to process details about you for this reason.

  • Cloud computing power, storage, and software providers;
  • Our business intelligence and analytics platform provider;
  • Companies that help us with functional analytics (to help us solve technical problems with the website, for example);
  • Software companies that we use for emailing you or for processing and storing email communications with you;
  • Companies that help us with customer support if you reach out to AuthPAY;
  • Our insurance providers and other third companies that give us benefits;
  • Companies that help us with fraud prevention.

Social media companies

We may share hashed versions of the email address and phone number you give us with social media companies, other communication platforms, and analytics and search engine providers.

Fraud prevention and Law enforcement agencies

We may share information about you with:

  • Authorities that spot and stop financial crime, money laundering, terrorism, and tax evasion if the law says we have to or if it’s necessary for other reasons;
  • The police, courts, or dispute resolution bodies if we have to;
  • Local health authorities, such as Adult Social Services, to safeguard your well-being;
  • Other banks to help trace money if you’re a victim of fraud or other crimes, or if there’s a dispute about a payment;
  • Any other third parties where necessary to meet our legal obligations.

We also may share your details with our regulators if required.

Anyone you give us permission to share it with

  • We may share your posts on social media platforms.
  • Journalists.

Other Group companies

We may share details about you with other Group companies for reasons explained in the Our reasons for using your information’ section. We may share your details with people or companies if we change the structure of our group of companies, merge with another company, or get bought by another company.