Data Protection Policy

Last Revised on 21/09/2017

INTRODUCTION

APEXX Fintech Limited (“APEXX”, “We”) is the producer and owner of APEXX Services (“Services”) and owner of the APEXX website (“Website”).

APEXX is committed to protecting your data and will take all reasonable steps to ensure that your personal information is treated in accordance with the EU General Data Protection Regulation (GDPR).

This Data Protection Policy (“Policy”) has been created to inform you of how your data is being collected, processed, and how we use that information, and what choices we offer you to access, update, and control it. By accessing and using Services and Website, you consent to the collection, processing and use of your information as set out in this Data Protection Policy.

“You” in this policy means an individual who is accessing or applying to use the Services either on his or her own account or on behalf of a business.  This includes in relation to

a) a Merchant or prospective Merchant of APEXX

b) a Technical Partner or Introducer (both referred to as “Partner”) or a prospective Partner

c) any sole trader and any principals, including the managing and financial directors, any other directors and officers, shareholders, company partners and beneficial owners of a Merchant or Partner

d) any member of staff accessing or using the Services on behalf of a Merchant or Partner

TYPE OF INFORMATION

"Personal identifiable information" is any information that we could use to identify an individual. It does not include personal information that is anonymized, or publicly available information that has not been combined with non-public information.

"Sensitive personal identifiable information" is information that meets the "personal information" criteria and also a.) reveals race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or b.) concerns health or sex life, information about Social Security benefits, or information on criminal or administrative proceedings other than in the context of pending legal proceedings.

HOW WE COLLECT INFORMATION

We collect information two ways:

a) Information we get from your use of our Services and Website

b) Information you provide to us directly

Information we get from your use of the APEXX Services and Website is primarily non-personally-identifying information of the sort that web browsers and servers make available, such as the browser type, language preference, referring site, and the time of each visit. Other non-identifying information that we might have access to includes how you use the Service (e.g. search queries), your approximate location, cookies, etc. Please read our Cookies Policy for more information.

We collect this non-personally-identifying information in order to better understand how visitors use the Services and Website and, where possible, to improve their experience. In some cases, we may publicly display information that is not personally identifying in the aggregate, (e.g., by publishing a report on trends in the usage of our Services and Website) or may provide the aggregate data to third parties.

When you use the Services and Website, we also collect potentially personally identifying information in the form of Internet Protocol (IP) addresses and the unique identification number associated with the account. We handle and disclose this information in the same way we handle other potentially personally identifying information as described below.

Information you provide to us directly. Certain visitors to our Services and Website choose to interact with them in ways that may require them to provide us with personally identifying information. The amount and type of information that is provided depends on the nature of  the interaction.

Individuals or organisations who engage in a commercial relationship with APEXX will be requested to provide personal information for the successful on-boarding and delivery of the commercial agreement. This includes information to complete KYC and AML checks against individuals and company(ies) as well as information required by third party providers to implement a commercial agreement. In each case, we only collect as much information as is necessary or appropriate given the type of interaction. We do not disclose personally identifying information with any third party, other than as described below, unless APEXX receives explicit consent from you. You can always refuse to supply personally identifying information, with the caveat that it may prevent you from engaging in certain activities and prohibit your access to some of the Services and Website.

HOW WE USE INFORMATION WE COLLECT

Informed When we collect your personal information, we'll tell you how we're using it, any types of third parties to which we might disclose it, (other than "agents," such as vendors or contractors, who are only processing such information for us or at our direction), and the choices we offer you to limit the use of your information, including but not limited to marketing purposes.

Notice will be provided in clear and conspicuous language when you are first asked to provide us with personal information, or as soon as practicable thereafter, and we'll notify you before we use the information for something other than the purpose for which it was originally collected.

When consent is required and obtained by you, information collected may be used to:

  • provide our Services to you and your business including fulfilling APEXX’s obligations to you or to financial or other institutions in connection with the Services we provide to you (and / or your business);

  • improve and develop our business, including without limitation to optimise our Services and Website. This may include using information you insert into forms but do not submit to us, for example by using that information to optimise our Website and contacting you for customer services purposes in relation to that form;

  • provide you with the information, products and services you have requested or we think may be of interest to you;

  • manage and enforce our rights, terms of use or any other contracts with you (and/or your business) for the provision of Services; including, to:

    • assess financial and insurance risks, including the financial position of you (and / or your business) and any linked parties such as directors, shareholders and principals;

    • obtain information about you from credit reference agencies and fraud prevention agencies to check you (and / or your business’s) credit status/profile and identity on a periodic basis. The agencies will record our enquiries which may be seen by other companies who make their own credit enquiries; and a “footprint” may be placed on your credit file, whether or not you are accepted as a customer. Where we are providing services to you in respect of your business, if you are a Director, we will seek confirmation from credit reference agencies, that the residential address that you provide is the same as that held by the relevant companies registry (where applicable). For services to all customers, we may use credit scoring. Your application will be assessed using credit reference agency records relating to anyone with whom you have a joint account or similar financial association. If it is a joint application and such a link does not already exist then one may be created. These links will remain until you file a “notice of disassociation” at the credit reference agencies. Where you take services from us, we will give details of your accounts to credit reference agencies and how you manage them. If you do not repay any monies in full and on time, credit reference agencies will record the outstanding debt. Information regarding how you manage your account and/or any debt may be supplied to other organisations by credit reference and fraud prevention agencies to perform similar checks and to trace your whereabouts and recover any debts that you owe. Records remain on file at such agencies for 6 years after they are closed, whether settled by you or defaulted.

    • record and track details of transactions you (and / or your customers) carry out in relation to the Services;

    • record complaints; or

    • recover debt or in relation to your insolvency, including tracing your whereabouts;

  • prevent, detect and prosecute fraud or crime or to assist others in doing so;

  • identify and monitor for fraud, we and other organisations may access and use, from the UK or other countries, information recorded by fraud-prevention agencies. If false or inaccurate information is provided and/or fraud is identified or suspected by APEXX, information concerning you (and/or your business) may be passed to fraud prevention agencies by us or any other third party to whom we have shared your information. APEXX may also obtain information about you from fraud prevention agencies or services on a periodic basis, whether or not fraud is suspected. This may include recording sensitive personal information such as criminal offences you have been accused of;

  • participate in anti-fraud initiatives, which may involve assessing you (and / or your customers), including transactions and/or locations. This may involve utilising products and services from third parties (including the sharing of information with such third parties) to monitor transactions, detect patterns requiring investigation or otherwise profile and assess the likelihood of fraud occurring;

  • assist in the course of any investigation by APEXX, other financial organisations or other third parties into any suspected criminal activity;

  • mitigate information security risk, sector risk or credit risk;

  • obtain your views on our Services and our Website;

  • notify you about important changes or developments to our Website or our Services;

  • understand your requirements, perform analysis and comparisons, create profiles and create marketing opportunities (including how you and / or your customers use our Services and to better align our Services and marketing offers to your interests); this may include the aggregation and sharing of non-personal information to facilitate cross-industry analysis, customer-level insight and usage;

  • send you information we believe you would find interesting including marketing and promotional materials; by post, email, telephone, SMS text or other means, including electronic means. You can object to marketing at any time, as explained below;

  • develop and test products and Services;

  • comply with local and national laws, including card scheme rules and requests from law enforcement and regulatory authorities; and

  • develop marketing, market research and similar activities

Restriction — You have the ability to control how we share your personal information with others.

We won't share your personal information with non-agent third parties unless we are required to do so by law, or if we believe in good faith that disclosure is reasonably necessary to protect our property, rights or those of third parties or the public at large. It is possible that we may, on occasion, buy or sell assets from or to other companies. If that should occur, Merchant and Partner Data is typically one of the assets that gets transferred. Similarly, if APEXX or most of its assets were acquired, or in the unlikely event that we go out of business or enter bankruptcy, Merchant and Partner Data could be transferred or acquired. You should be aware that such events can occur, and that if it does, the buyer may continue to use your personal and non-personal information, but only as set forth in this policy. Other than in these rare circumstances, APEXX will not rent or sell potentially personally identifying information to anyone.

If we are required to share sensitive information with a non-agent third party, we will first give you the opportunity to explicitly consent (opt-in) to such disclosure or to any use of the information for a purpose other than the one for which it was originally collected or previously authorised, unless sensitive information has been requested by law.

If you are a registered Merchant or Partner of our Services and have supplied your email address, we may occasionally send you an email to tell you about new features, solicit your feedback, or just keep you up to date with what's going on with the Services. If we send you information that you no longer wish to receive, we will provide you with a way to request that you don't get any similar notices (opt-out, unsubscribe, etc.).

Onward Transfer — Prior to providing agents with any personal information, we will obtain assurances that they will safeguard it in accordance with this policy. Examples of assurances that may be provided include a commitment that they will handle the information in accordance with this policy, or will provide the same level of protection, as required by the EU Directive 95/46/EC ("the EU Data Protection Directive") and then General Data Protection Regulation from May 28th 2018 onwards or the Privacy Shield Principles.

In the unlikely event that we should discover that an agent is using personal information in a way that conflicts with this policy, we will take all reasonable steps to stop it immediately.

In cases of onward transfer to third parties of data of EU individuals received where APEXX is the Data Controller, pursuant to the GDPR, APEXX will remain liable.

Security — All records containing personal or financial information are afforded confidential treatment at all times. We work hard to protect against the unauthorised access, use, alteration or destruction of personal or financial information. All such electronic information is stored on restricted database servers, and is generally kept until such time as you may ask us to edit or delete it, as described below. We only disclose such information to our employees, contractors or affiliates that a) need to know that information in order to process it for us or to provide other Services, and b) have agreed not to disclose it to others.

All interactions with our Services use the Transport Layer Security/Secure Sockets Layer (TLS/SSL) protocol.

The safety and security of your information is also dependent upon you. If we have given you (or if you have chosen) a password or access code for access to certain parts of our Service, you are responsible for keeping this password and/or access code confidential. You must not share your password and/or access code with anyone. You must ensure that there is no unauthorised use of your password and access code. You authorise APEXX to act upon instructions and information received from any person that enters your user id and password and you agree to be fully responsible for all use and any actions that may take place during the use of your account. You also agree to promptly notify APEXX of any information you have provided to us which has changed.

The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your information transmitted to APEXX and our Services; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to prevent unauthorised access.

For more information regarding the Security of our Service, read our Security Policy.

Data Integrity — In addition to assuring you that we will protect your personal information, we also want to make sure that it is reliable, accurate, and up-to-date. In order to do that, we provide:

Access — Upon request, we will provide you with reasonable access to the personal information we collect about you. Because personal information—for example, your email address—is required to use the Services, we retain personal information as long as your account is active. Please note that there may be limits to the amount of information we can practically give you access to. For example, we may limit an individual's access to personal information where the burden or expense of providing access would be disproportionate to the risks to the individual's privacy or where doing so would violate others' rights.

Rectification — You will have the opportunity to correct, update or modify your information by updating your information in the Services or upon request to support@apexxfintech.com.

Erasure — You have the right to request erasure of your personally identifiable information. Please note that there may be limits to the amount of information we can practically erase. For example, we may limit an individual's erasure request where the burden or expense of providing erasure would be disproportionate to the risks to the individual's privacy or where doing so would violate others' rights.

Portability — Your data is yours. If you ever want to stop using APEXX, you are able to download your data from the APEXX Service. You may also request an export of your personal information that is stored in agent channels such as our CRM system. Requests can be made to support@apexxfintech.com.

Enforcement — We will conduct internal audits of our compliance with this privacy policy, including an annual self-assessment. Our employees take your privacy seriously and we will take all reasonable measures against any employee found to be in violation of this policy.

If you have any concerns or complaints about how you think we've handled your personal information, please contact support@apexxfintech.com or our Head of Operations at the address below. We will work hard to investigate and resolve any complaints you might have.

LEGAL BASIS FOR PROCESSING

APEXX will only process your personal information where we have lawful authority to do so. In general, APEXX will either process:

  • On the basis of your consent, including where consent is requested ‘as a condition of business’ (for example, where it is necessary to carry out a credit search prior to opening an account);

  • Where necessary for the performance of any contract we have with you;

  • Where APEXX has a legitimate interest to process data, subject to such processing not overriding your own rights and freedoms in objecting to such processing;

  • Where required by applicable law or similar rule (for example, money laundering or other anti-financial crime checks)

CHANGES TO OUR DATA PROTECTION POLICY

We may, from time to time, change our Data Protection Policy. If we make material changes to how we treat your information, we will notify you either on the APEXX Service or via email. The date the Data Protection Policy was last modified is at the top of the page. You are responsible for ensuring you periodically visit our website and this Data Protection Policy to check for any changes. By continuing to use our Services and Website you agree to changes in our Data Protection Policy.

Our Website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow such a link, please note that these websites have their own Data Protection Policy and Cookies Policy and APEXX does not accept any responsibility or liability for these third party websites.

This Policy is global in scope, but is not intended to override any legal rights or prohibitions in any territory where such rights or prohibitions prevail. In such event, the rights and obligations set out in this Policy will apply, subject only to amendment under any local applicable law having precedence.

DEFINITIONS AND INTERPRETATION

All defined terms in this Policy shall have the meaning assigned to them as defined here or elsewhere in this Policy and shall apply both to the plural and singular forms of each term, as the context may require.

CONTACT US

All comments, queries and requests relating to our use of your information are welcomed. If you wish to exercise any of your rights or receive further information, you should write to the address below, marked FAO Data Protection Department or Contact us.

APEXX Fintech’s Head of Operations is as stated below and can be contacted via Contact us or at the address below:

Tara Farrer

APEXX Fintech Limited, Rise London, 41 Luke Street, London, EC2A 4DP

support@apexxfintech.com

This Policy was last revised on 21 September 2017