In this Privacy Notice, when we say ‘we’ or ‘us ’, we mean BenePay Payments Limited which act as a data controller in respect of your personal data. BenePay Payments Limited operates www.Benepay.com. In this Privacy Notice Overview, and in each of the full privacy notices, ‘Beneficiary’ or ‘you’ means the individual identified as a payee on the BenePay.co.uk or benepay.io and any other communication we send to you; and ‘Customer’ means the entity that has requested us to make a payment to a Beneficiary. This could be any institution or their bank.
We could also gather from the records of correspondence and other communications between us, including email, telephone conversations, live chat, instant messages and social media communications; information that we need to support our regulatory obligations, e.g. information about transaction details, purpose of payment, ordering customer information, counterparty/beneficiary information, identification documents, detection of any suspicious and unusual activity and information about parties connected to you or these activities; information about the devices you use to access our website, e.g. software and IP address.
We may record details of your interactions with us, including emails, telephone conversations, live chats, video chats and any other kinds of communication. We may use these recordings to check your instructions to us, assess, analyse and improve our service, train our people, manage risk or to prevent and detect fraud and other crimes. We may also capture additional information about these interactions, such as information about the devices or software that you use. Compliance with laws and regulatory compliance obligations We’ll use your information to meet our compliance obligations, to comply with other laws and regulations and to share with regulators and other authorities that we are subjected to. This may include using it to help detect or prevent crime (including terrorism financing, money laundering, fraud and other financial crimes). We’ll only do this on the basis that it’s needed to comply with a legal obligation or it’s in our legitimate interests and that of others. These verifications could also be done by the Customers’ banks or Customers, who may use the information above for the purposes outlined in this document.
We can share your personal information and bank account details only with the Customers bank for making the payment, and with the customer for any regulatory and compliance purposes.
We’ll use your information, for example:
to share the updates on the payment to be made to you either via email or on your mobile number.
We do send a password to validate the details provided by you.
for the provision of our services and as necessary for us to approve, manage, administer or effect any transactions authorised by the Customer;
to prevent or detect crime including fraud and financial crime;
for product and service improvements, including data analytics to better understand how you use our services, and to respond to any service issues you may have;
to protect our legal rights and comply with our legal obligations
We may share your information with others where lawful to do so including where we or they need to share your information in order to execute your payment request, sharing information with third party vendors who we may utilise for this purpose only have a public or legal duty to do so, e.g., to assist with detecting and preventing fraud, tax evasion and financial crime need to share your information in connection with regulatory reporting, litigation or asserting or defending legal rights and interests need to share your information in order to manage risk, verify your identity.
We will retain the information gathered from you in line with our data retention policy, which is driven by the regulations in the countries we operate. For example, for our operations in the UK and the services we provide to our customers in the UK, we will normally keep transactional data for a period of seven years from the date that you log in to our portal and use our services. This enables us to comply with legal and regulatory requirements in various countries, and to use it where we need to for our legitimate purposes such as transaction management and reporting, and dealing with any disputes or concerns that may arise. We may need to retain your information for a longer period where we need it to comply with regulatory or legal requirements or where we may need it for our legitimate purposes e.g. to help us respond to queries or complaints, fighting fraud and financial crime, responding to requests from regulators, etc. If we don’t need to retain information for this period of time, we may destroy, delete or anonymise it more promptly.
Your information may be transferred to and stored in locations outside the country of our service and where we are storing the data including countries that may not have the same level of protection for personal information. When we do this, we’ll ensure it has an appropriate level of protection and that the transfer is lawful. We may need to transfer your information in this way to process your payment, to carry out our commitment and obligation to you, to fulfil a legal obligation, to protect the public interest and / or for our legitimate interests. In some countries the law might compel us to share certain information, e.g. with tax authorities. Even in these cases, we’ll only share your information with people who have the right to see it, and will share only the relevant information. You can obtain more details of the protection given to your information when it is transferred outside the country of our operations by contacting us through Contact Us form on our website.
Whilst we store the data, and when we are processing your information, you have right to access it and obtain information about how we process it. You can also withdraw your consent to our processing of your information, which you can do at any time. However, we may continue to process your information if we have another legitimate reason for doing so. You can also request from us to receive certain information in an electronic format and/or request we transmit it to a third party where this is technically feasible. This is applicable only to information provided to us. You can request that we rectify your information if it’s inaccurate or incomplete or request us to erase your information. We may continue to retain your information if we are entitled or required to retain it. You have the right to object to, and to request that we restrict, our processing of your information in some circumstances. Again, there may be situations where you object to, or ask us to restrict, our processing of your information but we are entitled to continue processing your information and / or to refuse that request. You can exercise your rights by contacting us using the details set out below. You may also have a right to complain to the relevant data protection regulator in the country in which you live or work.
We use a range of measures to keep your information safe and secure which may include encryption and other forms of security. We require our staff and any third parties who carry out any work on our behalf to comply with appropriate compliance standards including obligations to protect any information and applying appropriate measures for the use and transfer of information. We also obtained various accreditations to demonstrate our security measures and carry periodical audits to ensure our compliance with security requirements.