This Privacy Information Notice explains what information we collect about you, how we will use that information, who we will share it with and under what circumstances we will share it. It will also explain what we do to keep your information safe. It should be read alongside the terms and conditions you have for the product or service we are supplying to you.

2 Who is processing your personal data

PFS Card Services Ireland Limited (“PCSIL”) is an electronic money institution with offices in Ireland, Spain and France. It is authorised and regulated by the Central Bank of Ireland under reference number C175999.

We are part of the EML Group of companies as are the following companies (1) Prepaid Financial Services (Ireland) Limited ("PFSIL"), (2) Prepaid Financial Services Limited ("PFS UK"), (3) PFS Spain SL, (4) Spectre Technologies Limited, (5) EML Money DAC, (6) EML Payments (EU) Limited, (7) EML Payments Europe Limited, (8) Flex-e-card Limited and (9) EML Payments AB (together known as "EML").

If we are the issuer of your Card, then we are the data controller in relation to the processing activities described below. This means that we decide why and how your personal information is processed.

If another company issued your Card, then that company (and not EML) is the data controller of personal information relating to the use of your Card.  Please refer to the privacy policy of your card issuer to find out how your personal information is used.

3 The information we collect from you

Personal data is any information that relates to you. We collect different types of personal data about you, but we will only collect the information that we need to enable us to deliver the product or service we are providing you with.

The information that we will collect to deliver our product or services is:

Identity Data includes Name, date of birth, photograph, government issued ID.
Biometric data in the form of facial analysis.
Contact Data includes address, email address and telephone numbers.
Financial Data including bank account details and payment card information.
Transaction Data includes details about the payments made or received using your Card.
Technical Data includes your login data, browser type and version, time zone setting and location and other technology on the devices you use to access this website.
Profile Data includes your username and password.
Usage Data includes information about how you use our website.
Marketing and Communications Data includes your preferences in receiving marketing from us.

If we do not collect this personal data, we will be unable to provide you with our products and services.

4 How we collect your personal data

We collect your personal data directly from you so that we can deliver our products and services to you. We also collect personal data from other sources.

We will also gather information about you from any organisation we use to process our due diligence checks when they are a necessary part of our obligations.

We will also gather information from our interactions with you such as emails, postal correspondence, telephone calls you make to us, your use of our website and your use of our app.

Information we collect from other sources

Where you purchase or request your Card from one of our partners or distributors, we may ask them to collect information about you such as personal information to verify your identity and transaction data in order to comply with our anti-money laundering obligations and to prevent financial crime. If you choose to continue with your Card purchase and provide the requested personal information to the distributor, then the distributor will pass this information to us.

Personal Information may be gathered in order to conduct customer due diligence checks in line with the risk of financial crime, screen new business applications, existing customers and incoming/outgoing payments to comply with international laws on sanctions, combatting terrorism and other financial crime.

5 How we will use your personal data

We will use the information we hold about you for a number of different reasons, but we will always have a “legal basis” to do so. We have detailed our legal bases below.

5.1 Performance of a Contract

We may use and process your personal information where we have supplied you (or continue to supply you) with any services in connection with your Card. You will be provided with Terms and Conditions at that time and these form your contract with us. This includes processing for the following reasons:

Where we have arranged for the supply of another company’s Cards or services to you, or where you are in discussions with us about any new Card or service;
We will also use and process your personal data if you require customer service support with respect to your Card or you lose your Card and request a replacement;
We will use this information in connection with the contract for the supply of Cards or services when it is needed to carry out that contract or for you to enter into it;
Provide prepaid card services to you as per our contractual obligations;
Provide e-wallet services to you;
Provide IBAN Account services to you;
Communicate with you regarding the contract we hold;
Store the technical data you use, including you Username and Password, when you access your account on our website or via APP technology.

5.2 Legal Obligation

We will use your personal data to the extent necessary to comply with applicable legal and regulatory obligations. We will process your personal data on this basis, including in the circumstances described below:

To comply with our legal obligations under anti-money laundering (‘AML’) / counter-terrorist financing and sanctions laws, we will:
- request certain documents, such as photo ID and proof of address, at account opening and at intervals thereafter in order to verify your identity and address and retain a copy of these on file;
- conduct customer due diligence checks in line with the risk of financial crime;
- screen new applications, existing customers and incoming / outgoing payments to comply with international laws on sanctions, combatting terrorism and other financial crime;
- if any suspicion of financial crime activity is identified, report to relevant law enforcement authorities.
Where we are required to disclose information by, or to, a court or regulatory authority with appropriate jurisdiction, or to law enforcement agencies.
For compliance with our obligations under the Central Bank of Ireland (‘Central Bank’) Consumer Protection Code, which includes:
- Retaining data in relation to the provision of financial products and services to you for specified time periods.
- Recording calls you make to us to support those obligations and to ensure we are dealing with your queries and any complaints in a satisfactory manner and for quality assurance and training of our staff.
To fulfil our tax and regulatory reporting obligations.

5.3 Legitimate Interest

We may process your personal data where it is in our legitimate interest to do so. Where we do this, we will keep a balance between our interests and your rights and freedoms. Such instances will include:

Day to day operations;
Internal administration, including reviewing and improving our processes;
Management and maintenance of our Information Technology provision, including security testing;
Service and Product improvement;
Sharing information with third party service providers for operational and business purposes;
To help us improve our services and systems, and our customers’ experience with us through:
- analysis of personal data generated from your use of our services;
- quality assurance of our sales and services including the review of our application processes, recorded calls, webchat transcripts, email to identify training and process improvements;
- analysis of complaints, errors and feedback.

5.4 Consent

We may, at times, request your consent to process your personal data for specific reasons, such as:

Where we wish to provide you with marketing information in relation to our products and services, or partner company products or services, which we believe may be of interest to you. We will only contact you for direct marketing purposes where you have specifically consented, and you may opt out of direct marketing at any time (see the section called Your rights in relation to your personal information below).
Where you have appointed a third party to represent you and deal with us on your behalf and we need to share your personal data with them.
Where we need to process your biometric data to verify your identity when you open or operate an account. In such cases we will ask for your explicit consent.

6 Keeping your information safe and secure

Once we have received your personal data we will do our utmost to protect your personal data. We implement technical and organisational measures to keep your information safe whilst it is in our possession.

We will:

Use strict procedures and security features to prevent unauthorised access;
Ensure that the information we hold about you is stored securely;
Implement controls to ensure only appropriate, relevant and necessary personnel can access your personal data; and
Use encryption methods where appropriate.

You may have a username and password to enable you to access your account with us, or with our Partner or Distributor providing the service and you are responsible for keeping your password secure and confidential. We will never ask you to share a password with anyone.

Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and security measures and that we do not accept any responsibility or liability for these policies.

7 Who we might share your information with

When we need to share your personal information, we will always take steps to ensure that your privacy rights continue to be protected.

7.1 Our Group companies

We may share your information with other companies within the EML group.

We may share your personal information with a third party as part of a sale of some, or all, of our business or as part of any business restructure or reorganization.

7.2 To meet our legal obligations

We will share your personal information where:

we are legally obliged to do so (under any law or regulation); and/or
we are under a duty to comply with any legal obligation as part of our checks to prevent fraud, financial crime, or money laundering. This includes sharing with fraud prevention agencies and other organisations which may use the information to prevent fraud and money laundering.

7.3 Third parties, suppliers and service providers

We will share your personal data with third parties where necessary for business, legal and regulatory purposes and where appropriate for our legitimate interest. This includes with:

Trusted third parties who perform services for us such as IT providers;
Identity management and verification providers (where applicable);
Fraud and anti-money laundering service providers (where applicable)
External law firms (where applicable);
Payment processors and other providers to enable your transactions to be processed; and
Statutory, regulatory and law enforcement authorities, as required by law.

When we use third party service providers, we only disclose to them any personal information that is strictly necessary for them to provide their service. We will always ensure that we have a contract in place that requires them to keep your information secure and not to use it other than in accordance with our specific instructions.

Where third parties operate internationally, we will take steps to ensure that any transfer of your personal data outside of the European Economic Area (EEA) is managed carefully in accordance with applicable data protection law. We rely on Standard Contractual Clauses and, where necessary, have identified additional supplementary measures and safeguards to ensure your personal data is given an equivalent level of protection as provided for under the General Data Protection Regulations (GDPR).

8 International data transfers

Where we store or transfer personal information outside the EEA or EU, robust procedures and safeguarding measures are applied to secure, encrypt and maintain the integrity of your personal data.

We complete continual reviews of the countries with sufficient adequacy decisions, standard data protection clauses or approved codes of conduct to ensure your personal data is protected.

We carry out due diligence checks with all recipients of your personal data to assess and verify that they have appropriate safeguards in place to protect your information.

We ensure that you have enforceable rights and effective legal remedies.

9 How long do we hold your information

We will retain your personal data for no longer than is necessary for the purpose for which it was obtained by us or as required or permitted for legal, regulatory, fraud prevention and legitimate business purposes, including, if relevant, to deal with any claim or dispute that might arise in connection with the services you receive from us.

In general, the period for which we retain your personal data will be determined having regard to any statutory obligations imposed on us by law.

We may, in certain cases, retain your information for longer periods, particularly where required by order of a court, or in the context of an investigation by regulatory or law enforcement agencies. This is to ensure that we will be able to produce records as evidence, if required.

In general terms we hold your personal data for 7 years from the end of our relationship with you.

10 Your rights in relation to your personal information

You have significant rights in respect of the way we process your personal data and we have significant obligations with regards to your rights.

You have the right to:

Find out if we use your information, to access that information and to receive copies of the information we hold about you.
Request that we correct and update any inaccurate and incomplete information.
Object to particular uses of your personal data when we use it for our legitimate business interests. However, doing so may have an impact on the services and products we can / are willing to provide.
Object to use of your personal data for direct marketing purposes. If you object to this use, we will stop using your data for direct marketing purposes.
Have your data deleted or its use restricted – this right applies under certain circumstances.
Obtain a transferable copy of certain data which can be transferred to another provider – this right applies under certain circumstances.
Should we use your consent as our lawful basis for processing your personal data at any time, you have the right to withdraw your consent.
Should we make any decisions about you by automated means you have the right to object to us doing so.

We are obliged to respond to you without undue delay. In most instances, we will respond within one calendar month. If we are unable to deal with your request fully within a calendar month (due to the complexity or number of requests you have made), we may extend this period by a further two calendar months. Should this be necessary, we will explain the reasons to you. If you make your request electronically, we will, where possible, provide the relevant information electronically unless you ask us otherwise.

PLEASE NOTE: The above rights are subject to exemptions and may not apply in all circumstances. If you object to, or ask us to restrict, our processing of your personal data, or ask us to delete your data, we may have to suspend the provision of our products and services to you.

11 Cookies

Please click here to refer to our Cookie Policy for more information on how we use Cookies.

12 Changes to this Data Privacy Notice

This Data Privacy Notice may be updated from time to time.

If we change the way we use your information we will communicate those changes to you by way of updating this Data Privacy Notice.

13 How to contact us

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to EML’s EU Group Data Protection Officer:

By email: [email protected]
By telephone, on +353 1 255 7111, or
By post, to 2nd Floor, La Vallee House, Upper Dargle Road, Bray, Co. Wicklow, A98 W2H9, Ireland

14 The Data Protection Commissioner

You may contact the Data Protection Commissioner (DPC) if you are concerned about the way we have processed your personal information. Please visit the DPC’s website at www.dataprotection.ie further details.

PCSIL Privacy Information Notice

PCSIL - Prepaid Card Services Ireland Ltd

Privacy Information Notice

1 Introduction