ABOUT THIS DOCUMENT
This Privacy Notice will help you understand how we collect, use and protect your personal information.
WHO WE ARE
PPRO Financial Ltd (“PPRO UK”) is a company incorporated in England and Wales (company number 07653641) whose registered office is at 48 Chancery Lane, London, WC2A 1JF, England . PPRO UK is regulated by the UK Financial Conduct Authority (“FCA”) and is authorised provider payments and electronic money services (FCA register number 900029) within the United Kingdom.
PPRO Payment Services S.A. (“PPRO LU”), is a public limited company incorporated in Luxembourg (commercial register no. B235952) with its registered office at 48 Rue de Bragance, Luxembourg, 1255, Luxembourg. PPRO LU is regulated by the Commission de Surveillance du Secteur Financier (“CSSF”) and is authorised to provide payments services (CSSF register number Z00000022) within the European Union.
References to PPRO shall refer to both PPRO UK and PPRO LU, unless the context requires otherwise or specific reference is made to either entity.
Whilst carrying processing activities, personal data may be processed by other PPRO Entities part of PPRO Group:
PPRO Holding GmbH
WKV prepaid GmbH
PPRO Argentina S.A.
PPRO Brasil Ltda.
PPRO Chile SpA.
PPRO Colombia S.A.S.
PPRO Mexico Servicios de Pagos S.A. de C.V.
PPRO Peru S.A.C
PPRO Pte. Ltd.
PPRO Hong Kong Limited
If the PPRO Entity is located outside the EEA, in a country which has not been considered by the European Commission as providing an adequate level of protection for Personal Data, the PPRO Entity shall observe terms that comply with applicable Data Protection Laws, in particular the Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 (the ‘Standard Contractual Clauses’).
Where PPRO acts as a ‘data controller’ under the General Data Protection Regulation (also known as the GDPR), the Data Protection Act 2018; the Privacy and Electronic Communications Directive 2002/58/EC (as updated by Directive 2009/136/EC) and the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) as amended. It means that we, either alone or jointly with others, determine the purposes and means of the processing of your personal information. Our registration number with the Information Commissioner’s Office (ICO) is Z2958821. We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy notice. If you have any queries about this Privacy Notice or how we process your personal information, please contact us by email to email@example.com, or by post to PPRO Financial Ltd, 48 Chancery Lane, London, WC2A 1JF, England or PPRO Payment Services S.A., 48 Rue de Bragance, Luxembourg, 1255, Luxembourg.
WHAT INFORMATION WE COLLECT ABOUT YOU
The personal information we collect about you may include:
- name, date of birth and gender;
- identification document details;
- contact details, including address, telephone number and email address;
- identifiers assigned to your computer or other devices, including your Internet Protocol (IP) address.
Furthermore, by using our website, Cookies may be stored on your devices. You can find further information on Cookies below, under the title ‘Cookies and Web Beacons’.
Special categories of personal data
PPRO does not intentionally collect any special categories of personal data (sensitive personal information) via our websites unless in a specific country we are legally required to do so, for example, for recruitment purposes. Sensitive personal information includes: information revealing racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; the processing of genetic or biometric data for the purpose of uniquely identifying a natural person; information concerning health; information concerning a natural person’s sex life or sexual orientation; and in some cases, social security numbers or financial information.
PPRO works to protect the confidentiality and security of information it obtains in the course of its business. Access to such information is limited and policies and procedures are in place, designed to safeguard the information from loss, misuse and improper disclosure.
HOW WE COLLECT INFORMATION ABOUT YOU
Most of the personal information we hold about you is collected directly from you. We do this for example, when you:
- visit our website;
- register to receive information from us or sign up to our newsletter;
- register to access our portal (e.g. Partner Portal or Almanac);
- download e-books and other information from our website;
- contact us directly, either via the contact form on our website, by email or on social media;
- register with us for recruitment and vacancy updates;
- apply for an employment vacancy on our site;
- respond to communications or surveys;
We will also collect information about you if you get in touch through one of our external partners (for instance, if you apply for a job vacancy using a third party provider, such as a recruitment agency or Lever, our Applicant Tracking System.
In order to understand more about you and to verify your identity, we may supplement and combine the personal information that we collect from you with other categories of data obtained from other sources.
We may change or add to these from time to time and the changes will be updated on our Privacy Notice.
Information we collect on social media platforms
You may wish to participate in the social media platforms which we make available to you. The main aim of these social media platforms is to inform, assist and engage with you. We monitor and record comments and posts made on these channels so that we can improve our products and services.
PPRO may also provide links to other social media platforms maintained on separate servers by individuals or organisations over which PPRO has no control. PPRO makes no representations or warranties regarding the accuracy or any other aspect of the information located on such servers.
A link to a third party’s website should not be construed as an endorsement by either PPRO or that third party of each other or its products and services. Furthermore, PPRO is not responsible for any information posted on those websites other than information we have posted ourselves. We do not endorse the social media websites themselves, or any information posted on them by third parties or other users.
We recommend reviewing the privacy statement of each third-party site linked from our site to determine their use of your personal information:
WHAT WE USE YOUR INFORMATION FOR AND REASONS FOR PROCESSING
We will store and use your personal information as is necessary for the performance of a contract between you and us, for compliance with our legal and regulatory obligations, for our legitimate interests or, for certain other additional purposes, based on your explicit consent. Examples of how we may use your personal information include:
- administering your account (as is necessary for performance of a contract between you and us and/or as is necessary for our legitimate interests);
- carrying out anti-fraud and anti-money laundering checks and verifying your identity (as is necessary for compliance with our legal and regulatory obligations and/or as is necessary for our legitimate interests);
- using your details to process payments (as is necessary for the performance of a contract between you and us and/or as is necessary for our legitimate interests);
- sending you information about our products and services (as is necessary for the performance of a contract between you and us and/or as is necessary for our legitimate interests);
- monitoring your usage and the effectiveness of our website (as is necessary for our legitimate interests);
- undertaking market research and statistical analysis, including analysing your use of our website and developing new products and services (as is necessary for our legitimate interests);
- fulfilling our obligations owed to a relevant regulator, tax authority, or revenue service (as is necessary for compliance with our legal and regulatory obligations and/or as is necessary for our legitimate interests); and
- storing the curriculum vitae of unsuccessful job candidates in line with our Data Retention Policy for consideration for future vacancies (as is necessary for our legitimate interests).
Our legitimate interests as referred to above (and below) include our legitimate business purposes and commercial interests in operating our business in a customer-focused, efficient and sustainable manner, in accordance with all applicable legal and regulatory requirements.
Using your data for fraud prevention
In certain situations, before we provide you with our prepaid products and services, we use your personal data to conduct checks for the purposes of preventing fraud and money laundering and to verify your identity. We may also share your details with other financial institutions, credit reference agencies, trade bodies, fraud prevention organisations and law enforcement agencies for the purposes of preventing fraud, money laundering, terrorist financing and other financial crimes, pursuing debtors and to verify your identity.
If we, or a fraud prevention agency, determine that you pose a risk of fraud or money laundering, we may refuse to provide you the prepaid products or services you have requested. We may also stop providing existing services to you. A record of any fraud or money laundering risk will be retained by us and the fraud prevention agencies. It may also result in others refusing to provide products, services, financing or employment to you. If you have any questions about our processing of your data for fraud purposes, please contact us via the details provided above.
When PPRO and fraud prevention agencies process your personal data, we do so on the basis that we have a legitimate interest to process your data in such way, in order to protect our business and to comply with the various laws that apply to us. Such processing may also be a contractual requirement in relation to the services you have requested from us.
Using your personal data for marketing
In addition to the purposes above, we may also use your personal information to send you newsletters and/or marketing about similar products and services by post, email, text message, and through various digital channels, such as social media platforms, if you have expressly consented to this or as is necessary for our legitimate interests. We consider that it is within our legitimate interests to send you information about our own products and services for marketing purposes.
We use a third party provider, Pardot LLC, to deliver our newsletters. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-newsletter. For more information, please see Pardot LLC privacy information.
You can object to receiving marketing from us at any time – please follow the unsubscribe link in our marketing emails or text message; or send us your name, address and date of birth via email to firstname.lastname@example.org or by post to PPRO Financial Limited, 8 Chancery Lane, London, WC2A 1JF, England or PPRO Payment Services S.A., 48 Rue de Bragance, Luxembourg, 1255, Luxembourg.
We also use the personal data you provide to us, information about you provided for third parties (please see “How we collect information about you” for further details), and of individuals who have similar characteristics to you, to enable us to evaluate and predict your behaviour to assist us to provide and improve our products and services.
WHO WE SHARE YOUR DATA WITH
Where relevant given the nature of our relationship or of the products and services provided to you, we may also share your information with the following categories of third parties:
- payment service providers (as is necessary for the performance of a contract between you and us);
- third-party service providers with whom you also have a contractual relationship (as it is necessary for our legitimate interests and for the legitimate interests of the third-party service provider with whom you also have a contractual relationship);
- third-party service providers who we instruct for the purposes of processing service information (as is necessary for the performance of a contract between you and us and/or as is necessary for our legitimate interests and/or as is allowed by your explicit consent);
- third-party data suppliers, as explained under “How we collect information about you” (as is necessary for our legitimate interests);
- third-party service providers who support the operation of our business, such as IT and marketing suppliers, financial service providers and other administrative support services to operate our website (as is necessary for the performance of a contract between you and us and/or as is necessary for our legitimate interests);
- fraud prevention agencies and associations (as is necessary for compliance with our legal obligations and/or as is necessary for our legitimate interests);
- as required by a court order or any other legal or regulatory required such regulators and law enforcement agencies, including the police, the Financial Conduct Authority, HM Revenue and Customs or any other relevant authority who may have jurisdiction (as is necessary for compliance with our legal and regulatory obligations).
WHERE YOUR INFORMATION IS PROCESSED
The personal information that we collect from you, and which is shared with the third-parties mentioned above, may be transferred to and processed in a destination outside of the European Economic Area (EEA). It may also be processed by staff operating outside the EEA who work for us or one of our suppliers. In these circumstances, your personal information will only be transferred on one of the following bases:
- the country that we send the data is approved by the European Commission as providing an adequate level of protection for personal information; or
- the recipient has agreed with us standard contractual clauses approved by the European Commission, obliging the recipient to safeguard the personal information; or
- There exists another situation where the transfer is permitted under applicable data protection legislation.
To find out more about how your personal information is protected when it is transferred outside the EEA (and if you wish to obtain a copy of the standard contractual clauses which we have entered into with recipients of your personal information outside of the EEA), please contact us using the details above. PPRO will only disclose your personal information to third parties that have agreed in writing to provide an adequate level of privacy protection.
HOW LONG IS YOUR INFORMATION KEPT?
PPRO only ever retains personal information for as long as is necessary and we have strict review and retention policies in place to meet these obligations. Unless specifically mentioned otherwise, we keep your personal data (name, address, contact details) for a minimum of 6 years after which time it will be destroyed.
Where you have consented to us using your details for direct marketing, we will keep such data until you notify us otherwise and/or withdraw your consent.
We may retain some of your personal information for a number of purposes, as necessary to allow us to carry our business. The retention periods apply as follows:
- Personal data contained online where no account is opened:
We will retain this data for as long as necessary for us to anonymise it for the purposes of undertaking market research and statistical analysis.
However, this data will not be kept for longer than 1 year;
- Personal data contained within your prepaid product:
We need to retain your personal information for the purposes of processing of your existing or future claims for 6 years from the date your account is closed. Access to such data will be restricted to a small number of employees who need to access it for legitimate reasons;
- Personal data contained in complaints records and correspondence:
If you raise a complaint with our customer services team or correspond with us by email or letter, your records will be deleted 3 years after your complaint record is closed. However, in some circumstances, these records may be kept for 5 years to comply with our legal and regulatory obligations;
- For fraud prevention purposes:
Your records will be deleted 7 years after your fraud record is created; Fraud prevention agencies can hold your personal data for different periods of time, depending on how that data is being used and the jurisdiction. Please contact them for more information.
- For Discover portal purposes:
records are used within Discover applications to manage and identify the user’s session. This data is not shared with parties external to PPRO. Your login will expire after 24 hours or 30 days, when there is continuous usage.
- For hiring purposes:
CVs of unsuccessful candidates are stored for 2 years in line with our Data Retention Policy for consideration for future vacancies.
COOKIES AND WEB BEACONS
What Cookies do we use?
The Cookies used by our website can be:
- Transient (or per-session) Cookies – these only exist for your site visit and are deleted on exit. They recognise you as you move between pages, for example, recording items added to an online shopping basket. These Cookies also help maintain security.
- Persistent (or permanent) Cookies – these stay on your machine until expiry or deletion. Many are built with automatic deletion dates to help ensure your hard drive does not get overloaded. These Cookies often store and re-enter your log-in information, for example for our Discover platform, so you don’t need to remember login details.
We use both types of Cookies.
- Google Analytics/Firebase/Crashlytics
- Google Tag Manager
- Google Ads
How do I disable Cookies?
You are free to decline our Cookies if your browser or browser add-on permits it, unless our Cookies are required to prevent fraud or ensure the security of our website. However, declining our Cookies may interfere with your use of our website and services. To enable or disable cookies, follow the instructions provided by your browser (usually located within the “Help”, “Tools” or “Edit” facility). Alternatively, an external resource is available at www.allaboutcookies.org/manage-cookies providing specific information about cookies and how to manage them to suit your preferences.
You can also accept selected/deny all cookies using this link.
We use small graphics (also called tracking pixels or clear GIFs – collectively, “Web Beacons”) in our websites or emails which remain invisible to you but provide us with information about your experience and interaction with our website and emails such as which browser has been used, if an email was opened and similar. As part of our effort to track the success of our advertising campaigns, we may at times use visitor identification technology such as these “web beacons” which count visitors who have come to our website after being exposed to a PPRO banner ad on a third party site.
PPRO uses Web beacons also for remarketing, to reach visitors that have previously visited our website. If you wish to opt-out of such tools, this can be done through this link.
Web Beacons often work in conjunction with Cookies. No personally identifiable or sensitive personal data is collected via Web Beacons.
By navigating on our website, you agree that we can place Cookie and Web Beacons on your computer or device, as applicable. If you prefer not to receive Cookies or Web Beacons, then you should consult your browsing settings or stop using website.
According to data protection legislation you have the right to:
- obtain access to, and copies of, the personal information that we hold about you;
- require that we stop processing your personal information if the processing is causing you damage or distress;
- ask us not to send you marketing communications;
- ask us to erase your personal information;
- ask us to restrict our data processing activities;
- receive from us the personal information we hold about you which you have provided to us, in a structured, commonly used and machine-readable format, including for the purpose of you transmitting that personal information to another data controller; and
- require us to correct the personal information we hold about you if it is incorrect.
Please note that these rights may be limited by data protection legislation, and we may be entitled to refuse requests where exceptions apply.
If you are not satisfied with how we are processing your personal information, you can make a complaint to the Information Commissioner. You can find out more about your rights under data protection legislation from the Information Commissioner’s Office website.
If you are concerned about an alleged breach of privacy law or any other regulation by PPRO, please contact us at email@example.com or by post to PPRO Financial Ltd, 28 Chancery Lane, London, WC2A 1JF, England or PPRO Payment Services S.A., 48 Rue de Bragance, Luxembourg, 1255, Luxembourg.
If you are not satisfied with the way in which PPRO has resolved your complaint, you have the right to complain to the ICO, CNPD or the data protection authority in your country. You can find out more about your rights under data protection legislation from the ICO’s website or CNPD’s website.
CHANGES TO THIS PRIVACY NOTICE
We may update this Privacy Notice from time to time by publishing a new version on our website. You should check this page occasionally to ensure you are happy with any changes. If the changes are substantial, we may notify you of changes to this Notice by email.
If you have any questions or concerns about this Privacy Notice, please contact us at firstname.lastname@example.org.
last update 12/07/2021