top of page

PERSONAL DATA PROCESSING POLICY

 

DEFINITIONS

  • Bedford Pay means Bedford Pay Ltd

  • Client means any private person who uses, has used or has expressed a wish to use or is in other way related to any of the services provided by Bedford Pay.   

  • Person (Data Subject) is a private person whose Personal data is being Processed.

  • Personal Data means any information directly or indirectly related to Data Subject.

  • Processing means any operation carried out with Personal data (incl. collection, recording, storing, alteration, grant of access to, making enquiries, transfer, etc.).

PURPOSE
1.1 Personal Data Processing Policy is aiming to ensure the following objectives:

  • to maintain the high quality of Personal Data Processing and to ensure its protection in accordance

  • with the requirements of the law;

  • to maintain and increase protection of personal data of Clients of Bedford Pay;

  • to ensure transparent and understandable method of Personal Data processing;

  • to prevent the risk of Personal Data breaches and to regulate the Bedford Pay actions in cases if such breaches are detected.

 

GENERAL PROVISIONS
 

2.1 The Personal Data Processing Policy applies if a Client uses, has used or has expressed an intention to use or is in other way related to any of the services provided by Bedford Pay, including to the relationship with the Client established before these Principles entered into force.
 

2.2 Personal Data Processing Policy describes how Bedford Pay Processes Personal Data on a general level. Specific details are also described in agreements and related documents.
 

2.3 Bedford Pay may use authorised processors for Processing Personal Data. In such cases, Bedford Pay performs actions to ensure that such data processors Process Personal Data under the instructions of Bedford Pay and in compliance with applicable law and requires adequate security measures.
 

2.4 Bedford Pay does not request from a Person and does not process more information than is necessary to achieve the certain purpose, thus observing the so-called principle of data minimization. The amount of 2.5 Personal Data will be processed no longer than necessary. The retention period may be based on agreements with the Client, the legitimate interest of Bedford Pay or applicable law (such as laws related to bookkeeping, anti-money laundering, statute of limitations, etc.).
 

2.6 Bedford Pay is entitled to unilaterally amend the principles at any time, in compliance with the applicable law, by notifying the Client of any amendments at Bedford Pay offices, via website of Bedford Pay, by post, via e-mails or in another manner not later than one month prior to the amendments entering into force.
 

2.7 If Personal Data breach occurs and it poses / may pose a high risk to the rights and freedoms of a Person, Bedford Pay informs about it the Person and the Information Commissioner’s Office without undue delay but not later than 72 hours after the breach was detected.

 

PERSONAL DATA
3.1 Personal Data may be obtained from the Client, from the Client’s use of the services and from external sources such as various registers or other third parties.

 

3.2 Examples of Personal Data processed by Bedford Pay are, but not limited to:

  • General information (name, surname, date of birth, personal identity number, passport or identity card data, citizenship);    

  • Contact information (phone number, e-mail, address, communication language)

  • Financial data (income, financial liabilities, source of income);

  • Information necessary for the performance of financial services (current account number of a Person in financial institution, payment card information, payment history);

  • Reputational and due diligence information (payment behavior, information necessary to perform due diligence measures regarding money laundering and terrorist financing prevention and to ensure the compliance with international sanctions, including whether the Client is a politically exposed person);

  • Professional information (CV, recommendations, diplomas);

  • IT information (cookies, IP address);

  • Information about family members, associated persons;

  • Communication information (visual and/or audio recordings, e-mail, messages and other communication mechanisms such as social media, data related to the visit and messages at websites or other web channels of Bedford Pay);

  • Information arising from lawful obligations (data resulting from enquiries made by investigative bodies, notaries, tax administrator, courts and bailiffs, remarks, historical remarks and debt balances);

  • Information about usage of services (performance of the agreements or the failure thereof, executed transactions, concluded and expired agreements, submitted applications, requests and complaints, interests and service fees).

 

LEGAL BASIS FOR PROCESSING OF PERSONAL DATA
 

4.1 Bedford Pay may initiate processing of Personal Data only if the processing has a certain purpose and
if the Processing has an appropriate legal basis.

 

4.2 The legal basis for Processing of Personal Data is but not limited to the following:
Manage Client relations in general, provide and administrate access to products and services;

  • Perform risk assessments;

  • Execute transactions via payment system;

  • Comply with legal obligations and verification of identity;

  • Prevent misuse of services and ensure adequate provisions of services;

  • Establishing, exercising and defending legal claims;

  • Protect interest of the Client and/or Bedford Pay;

  • Provide additional services, perform customer surveys, market analyses and statistics;

  • Comply with public interest or exercise of official authority;

  • Comply with the legal obligation.

 

RECIPIENTS OF PERSONAL DATA
 

5.1 Personal Data may be shared with other recipients, such as:

  • Authorities (such as law enforcement authorities, bailiffs, notary offices, tax authorities, supervision authorities and financial intelligence units);

  • Auditors, legal and financial consultants, or any other processor authorized by Bedford Pay;

  • Third parties maintaining registers (such as governmental registers, population registers, commercial registers or other registers holding or intermediating Personal Data);

  • Debt collectors upon assignment of claims, courts, out-of-court dispute resolution body and bankruptcy or insolvency administrators);

  • Rating agencies;

  • Other persons who guarantee due discharge of the Client’s obligations to Bedford Pay (such as sureties, guarantors, owners of collaterals);

  • Participants and/or parties related to domestic, European and international payment systems, such as SEPA or SWIFT.

  • Other credit institutions, financial institutions, payment card companies, financial services intermediaries;

  • Other persons related to provision of services of Bedford Pay such as providers of archiving, postal services, providers of services rendered to

 

5.2 As a general rule the Personal Data is processed within the European Union/European Economic Area (EU/EEA) but in some cases transferred and processed to countries outside the EU/EEA.
 

5.3 Transfer and Processing of Personal Data outside the EU/EEA can take place provided there is a legal ground, i.e. legal requirement conclusion or performance of an agreement or Client’s consent and appropriate safeguards are in place, such as:

  • There is an agreement in place including the EU Standard Contractual Clauses or other approved clauses code of conducts, certifications etc., approved in accordance with the General Data Protection Regulation;

  • The country outside of the EU/EEA where the recipient is located has adequate level of data protection as decided by the EU Commission;

  • The recipient is individually certified.

 

5.4 Upon request the Client can receive further details on Personal data transfers to countries outside the EU/EEA.
 

5.5 Before transferring Personal Data to a third person, Bedford Pay shall conclude the agreement detailing the order in which partner will process and protect the Personal Data. During the cooperation, only information required for the certain purpose will be transferred to the partner.
 

5.6 Bedford Pay will not enter into a contract with a third party only in cases where the transfer of the relevant data is regulated by the applicable regulatory enactments of United Kingdom and the EU.

 

RIGHTS OF A PERSON
 

6.1 A Person has the following rights regarding the Processing of his or her Personal Data:

  • To receive information on the type, purpose and legal basis of their data processing;

  • to access their data and obtain approval for their data processing;

  • to correct their data if it is incorrect or inaccurate;

  • to erase their data or “right to be forgotten”, for example, if the data is no longer necessary in relation to the purposes for which it was collected or if the Person has withdrawn his/her consent on which the processing is based;

  • restrict data processing;

  • right to data portability or transfer in order to store or to enable the reuse of data, for example, by transferring to another service provider.

 

6.2 The Person is in right to ask any questions related to Processing or Personal Data directly to contact Data Protection Officer of Bedford Pay by e-mail info@bedfordpay.com
 

6.3 Bedford Pay shall accept Persons’ requests without undue delay and provide the answer within a month. Bedford Pay may extend the period of answering to the claims for another two months on a reasonable basis.
 

6.4 Bedford Pay responds to the Persons’ applications, as well as any other activities related to the implementation of Person requests, free of charge. However, when providing a response to a request or executing a request, Bedford Pay may charge a reasonable fee for additional costs incurred.

bottom of page