The information below is required pursuant to UK law regarding privacy and data protection and applies to our UK customers of Payoneer Payment Services (UK) Limited and websites visitors), in addition to the information in the rest of the Policy.
For the purposes of the UK data protection laws, the data controller is Payoneer Payment Services (UK) Limited of 37 Broadhurst Gardens, London, England, NW6 3QT, a company established in the United Kingdom and regulated for data protection purposes by the Information Commissioner’s Office (UK ICO). If you have any questions about this Policy, please contact our Data Protection Officer (DPO) at DPO@payoneer.com.
If you are unhappy about how we are processing your personal information or how we have responded to a request or complaint, you have the right to make a complaint to the UK ICO. You can find more details about how to contact the UK ICO on their website.
When do we disclose your personal information?
The table headed “How and Why We Disclose Your Information” in the main part of the Policy under the heading “WHEN DO WE DISCLOSE YOUR INFORMATION?” lists who we may disclose your information to, which includes transfers for reasons of legal compliance and necessity in order to provide you with our services.
You should be aware that when you disclose your information, it will be transferred to, and stored in, countries outside the UK, as applicable, including the USA and Israel.
Please note that where data is transferred outside of the UK, these countries may not offer the same level of protection for personal information as is available in the UK. Payoneer will take various measures to ensure that your data is treated securely, which may include, but not be limited to:
- assessing the security measures taken at any place your personal information is transferred to;
- having suitable contract terms in place that oblige a service provider / data processor to only process in accordance with our instructions;
- having monitoring, reporting and resolution procedures in place with regard to ongoing security; and
- only transferring your personal information to countries that have been assessed by the UK as offering an adequate level of data protection or implementing appropriate safeguards as necessary, which may include contractual clauses adopted by the UK ICO such as the UK International Data Transfer Agreement.
Please contact us at DPO@payoneer.com if you require more detailed information about international transfers of your personal information, and the safeguards applied.
Legal bases for processing your personal information
We process your personal information based on the following legal bases, as recognised by and in compliance with the applicable data protection laws:
- the processing is necessary to perform our contract with you (i.e., the Terms and Conditions that apply with respect to our services, for the provision of our services), or to take steps requested by you before entering into said contract;
- you are obliged to provide us with personal information as it is necessary to enter into and perform our contractual agreements. In the event that you do not wish to provide us with your personal information for the purposes outlined above in the “HOW AND WHY WE USE YOUR INFORMATION?” section, we will not be able to perform our contractual agreement with you;
- the processing is in Payoneer’s or someone else’s legitimate interests, and these interests are not overridden by your interests or rights in the protection of your personal information. This may include processing your data for identification or prevention of suspicious or high risk transactions or fraudulent activity, internal research and analytics assessments, for purposes of communication with you, and informing you about new products and services we are offering or to promote new products and services of other parties which we think may be of interest to you, etc.;
- before we process your personal information to pursue our legitimate interests for the purposes outlined above in the “HOW AND WHY WE USE YOUR INFORMATION?” section, we determine if such processing is necessary and we carefully consider the impact of our processing activities on your fundamental rights and freedoms. On balance, we have determined that such processing is necessary for our legitimate interests and that the processing which we conduct does not adversely impact on these rights and freedoms.
- you have given your consent to the processing of your data;
- the processing is necessary to meet a legal obligation which applies to Payoneer.
Sometimes we process data about you which the law considers as falling within special categories (see section “HOW, WHEN AND WHAT WE COLLECT?” for more details), in which case, we use one of the following grounds:
- the processing is necessary for the establishment, exercise or defence of legal claims;
- you have freely given your informed, specific consent to the processing; or
- the processing is necessary for reasons of substantial public interest, based on applicable law.
If you would like more information about the legal grounds used to process your information, or about the legitimate interests referred to above, please contact us.
In cases where we have asked for, and you have given, your consent to our processing of your personal information, you have the right to withdraw such consent at any time. You can do this by contacting our DPO at DPO@payoneer.com.
Do you have to give us your personal information?
In most cases, providing your personal information to us is optional, however, if you do not provide it, you will not be able to use our services. For example, we need details such as your name, address and bank account details so that we can make payments to you and receive payments from you. In other cases, you have a choice over whether we collect your personal information, for example, you can turn off cookies on your browser and we will not place any cookies on your device or computer (although in this case you may not be able to use all parts of our websites).
Profiling and automated decision making
We may use automated decision making as part of our process to evaluate eligibility for the use of our services. Such decision-making processes are solely automated and do not require human intervention. We use these tools as a measure of fraud prevention and for the purposes of security and risk assessment relating to the performance of our services, to comply with applicable “Anti Money Laundering” (AML) and “Know Your Customer” (KYC) rules and to verify your identity when you become a customer, including for example:
- Automated tools incorporated in our process of approval of your registration application: based on the information you provide, the tool may advise if additional information is required for the approval of your application.
- Automated tools incorporated in our process of approval of certain payment transaction of registered users: such tools may advise if additional information is required for the performance of the payment transaction.
- Automated tools used to verify your identity to enable us to comply with AML and KYC rules applicable to us as a financial services provider. For example, we carry out this process using selfies (self-photographs) and other forms of ID when you register to open an account with us and may also use tools that scan documents for authenticity, classify documents into types, extract required information from the document, approve or decline the sufficiency of documents you submit and determine if additional information or documents are required.
You have certain rights in respect of automated decision making, where the decision taken has significant effects on you, as detailed below in the “YOUR RIGHTS UNDER UK DATA PROTECTION LAWS” section.
How long do we keep your personal information?
Payoneer retains your personal information for the duration of your engagement with us and for a period following termination of your engagement with us, as required by applicable laws or regulations and/or in accordance with Payoneer’s internal policies and procedures for purposes of prevention of fraudulent activity, risk management and security. Payoneer will periodically review the necessity of retention of your personal information.
Your rights under uk data protection laws
You have several rights in relation to your personal information which are described in more detail below. You can exercise your rights at any time.
For requests related to deleting your personal information or receiving a copy of your personal information, you can contact us at any time by using this online form.
For additional queries related to privacy and personal information you can contact our Data Protection Officer at DPO@payoneer.com.
Accessing your data
You can ask us to:
- Confirm whether we are processing your personal information.
- Give you a copy of that personal information.
- Provide you with other information about your personal information such as what data we have, what we use it for, who we disclose it to, whether we transfer it outside of the UK and how we protect it, how long we keep it for, what rights you have, how you can make a complaint, where we got your data from and whether we carry out any automated decision making or profiling. We aim to give you all this information in this Policy, although if anything is unclear, please contact our Data Protection Officer at DPO@payoneer.com.
You do not have to pay a fee for a copy of your personal information unless your request is manifestly unfounded, excessive or if you request further copies, in which case we may charge a reasonable amount in the circumstances. We will let you know of any charges before completing your request.
Correcting your personal information
You can ask us to correct any personal information which is inaccurate or incomplete. This is free of charge.
If we have disclosed the personal information to anyone else, we will tell them about the correction wherever possible.
If we cannot action a request to correct your personal information, we will let you know and explain why this is.
Erasing your personal information
This right is sometimes referred to as “the right to be forgotten”. This is not an absolute right but you have the right to have your personal information erased, free of charge, in certain circumstances.
You can ask for your personal information to be erased where:
- it is no longer necessary for the purpose for which it was originally collected or processed;
- we are processing your personal information based on your consent, and you withdraw that consent;
- you object to the processing and we do not have an overriding legitimate interest for continuing;
- your personal information has been unlawfully processed;
- your personal information must be erased to comply with a legal obligation;
- the personal information was processed to offer information society services to a child.
There are some exceptions to this right. If one of these applies, we do not have to delete the personal information.
If we have disclosed your personal information to third parties, we will tell them about the erasure of your personal information unless this is impossible or would involve disproportionate effort.
Please note, in connection with such requests, that personal information may be either deleted or retained in an aggregated manner without being linked to any identifiers or personal information, depending on technical commercial capability.
Restricting the processing of your personal information
You can ask us to restrict the processing of your personal information in some circumstances, free of charge. This is not an absolute right. If processing is restricted we can store the personal information and retain enough information to make sure the restriction is respected unless you consent or the processing is necessary in relation to a legal claim or to protect the rights of another person or for reasons of important public interest, but we cannot further process your personal information.
You can restrict the processing of your personal information in the following cases:
- if you contest the accuracy of your personal information, we will restrict processing until we have made sure the personal information is accurate;
- if you object to our processing pending the verification of whether or not our legitimate interests override your interests, rights and freedoms or in connection with legal proceedings;
- if the processing is unlawful but you do not want us to erase your personal information;
- if we no longer need the personal information but you require the data to establish, exercise or defend a legal claim.
If we have disclosed the personal information to a third party, we will inform them about the restriction unless it is impossible or would require a disproportionate effort. We will tell you if we decide to lift a restriction on processing your personal information.
Objecting to the processing of your personal information
You have a right to object to the processing of your personal information at any time. This request will befree of charge. It is not an absolute right, but you can object to our processing of your personal information where it is:
- based on the legitimate interest ground; or
- for the purposes of scientific/historical research and statistics.
We will stop processing your personal information unless we have compelling legitimate grounds for the processing which override your interests and rights, or unless we are processing the personal information for the establishment, exercise or defence of legal claims.
You can require us to stop using your personal information for direct marketing purposes. We will stop as soon as we receive your request. There are no exemptions or reasons for us to refuse.
This allows you to obtain and reuse your personal information for your own purposes across different services. It applies where the following conditions are met:
- you provided the personal information to us yourself;
- we are processing the personal information either based on your consent or because it is necessary for the performance of a contract; and
- the processing is carried out by automated means.
We will provide your personal information free of charge in a structured, commonly used and machine-readable form.
Automated decision making and profiling
You have the right not to be subject to a decision which is based solely on automated processing, and which produces a legal (or similarly significant) effect on you. In certain circumstances where automated decision making is used, you will be provided with an opt-out option by way of an alternative means of processing.
We will tell you about any automated decision making that affects you. You have the right to:
- request human intervention;
- express your point of view; and
- challenge the decision.
These rights are not absolute. We may not be able to comply with your request to obtain human intervention, obtain your point of view or to contest a decision, if the processing of personal information is:
- necessary for us to enter into or perform a contract with you;
- authorised by law (e.g., for fraud prevention) and which also lays down suitable measures to safeguard your right, freedoms and legitimate interests; or
- based on your explicit consent.
Dealing with requests to exercise your rights
We will respond to your request without undue delay at the latest within one (1) month of receiving your request unless it is particularly complicated or you have made several requests, in which case we may extend this by two (2) months. We will let you know if we are going to take longer than one (1) month in dealing with your request. If we have a lot of information about you we might ask you if you can tell us what exactly you want to receive. This will help us action your request more quickly.
For the purpose of complying with your requests to exercise the rights listed above, we shall perform the necessary internal processes to identify you.