This Privacy Information Notice explains what information we collect about you, how we will use that information, who we will share it with and under what circumstances we will share it. It will also explain what we do to keep your information safe. It should be read alongside the terms and conditions you have for the product or service we are supplying to you.

2 Who is processing your information

Prepaid Financial Services Limited (PFS UK) is a fully owned subsidiary of EML Payments Limited (EML), a leading prepaid services company. Prepaid Financial Services Limited (PFS UK) is an e money payments institution and is authorised and regulated by the Financial Conduct Authority in the UK, under reference number 900036.

We are part of EML Group which includes the following entities (1) Prepaid Financial Services (Ireland) Limited ("PFSIL"), (2) Prepaid Financial Services Limited ("PFS UK"), (3) PFS Card Services Ireland Limited ("PCSIL"), (4) PFS Spain SL, (5) Spectre Technologies Limited, (6) EML Money DAC, (7) EML Payments (EU) Limited, (8) EML Payments Europe Limited, (9) Flex-e-card Limited and (10) EML Payments AB (together known as "EML Group").

3 The information we collect

Personal data is any information that relates to you. We collect different types of personal data about you but we will only collect the information that we need to enable us to deliver the product or service we are providing to with.

The information that we will collect to deliver our services is:

Title, First Name and Surname;
Date of birth
Personal Address
Documentary evidence of your personal address
Personal Email Address
Telephone Number (Mobile, landline)
Bank Account details
Details of the services we provide you with
Contract details including card numbers
Transactional information

If we do not collect this personal data we will be unable to provide you with our products and services.

4 How we collect your personal data

We collect personal data about you initially through our partners who are authorised under contractual arrangements to provide our services directly to you. This data initially includes your contact information, proof of identity and your authorised representatives where applicable.

We may disclose or check your personal data with other organisations and obtain further information about you in order to verify your identity and comply with applicable money laundering and governmental regulations. A record of our enquiries will be left on your file.

We record personal data through your use of the services, such as transactions, interactions with you through emails, telephone calls you make to us, your use of our website or use of associates apps.

5 How we will use your personal data

We will use the information we hold about you for a number of different reasons, but we will always have a “legal basis” to do so. We have detailed our legal bases below.

5.1 Legal Obligation

PFS UK have legal obligations for the prevention of fraud, money laundering, counter terrorist financing and/or misuse of services. We will therefore process your personal data to meet those obligations.

We have legal obligations to monitor the transactions that our customers carry out and we will do so according to those obligations.

As a financial institution we have a legal obligation to record all telephone calls you make to us. We also have obligations in relation to Quality Assurance and the way we train our staff, both operations may include the use of your personal data.

We are obliged to respond to law enforcement agencies when requested to do so, for the prevention and investigation of crime, and to other government agencies where required to do.

5.2 Performance of a Contract

Once we have completed our legal due diligence obligations, we will enter into a contract with you. You will be provided with Terms and Conditions at that time, and these form your contract with us.

We will process your personal data to:

Provide prepaid card services to you as per our contractual obligations;
Provide e-wallet services to you;
Provide IABN Account services to you;
Communicate with you regarding the contract we hold.
Store the technical data you use, including you Username and Password when you access your account on our website or the app.

5.3 Legitimate Interest

We may process your personal data where it is in our legitimate interest to do so. Where we do this, we will keep a balance between our interests and your rights and freedoms. Such instances may include:

Day to day operations;
Internal administration, including reviewing and improving our processes;
Management and maintenance of our Information Technology provision, including security testing;
Service and Product improvement;
Sharing information with third party service providers for operational and business purposes;

5.4 Consent

We may ask for your consent to send you marketing information regarding our products and services. Where we do so, you may withdraw your consent at any time.

In some circumstances, you may provide consent to an authorised third party such as through the Self-Directed Support scheme to engage with PFS on your behalf to create a service and assist you to access or manage funds allocated for your needs or supervise your use of that service. That consent is managed by the Third Party and full details of your Data Protection Rights in relation to that Third Party is documented in their Privacy Information Notice.

6 Keeping your information safe and secure

Once we have received your personal data, we will do our utmost to protect your personal data. We have strictly controlled technical and organisational measures to keep your information safe whilst it is in our possession.

We will:

Use strict procedures and security features to prevent unauthorised access;
Ensure that the information we hold about you is stored securely;
Implement controls to ensure only appropriate, relevant and necessary personnel can access your personal data;
Use encryption methods where appropriate.

You will have a username and password to enable you to access your account with us and you are responsible for keeping your password confidential. We ask you not to share a password with anyone.

Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and security measures and that we do not accept any responsibility or liability for these policies.

7 Who we might share your information with

When we need to share your personal information, we will always take steps to ensure that your privacy rights continue to be protected.

7.1 Our Group companies

We may share your information with other companies within the EML group where they are providing services to us.

We may share your personal information with a third party as part of a sale of some, or all, of our business or as part of any business restructure or reorganization.

7.2 To meet our legal obligations

We will share your personal information where:

we are legally obliged to do so (under any law or regulation) and/or
we are under a duty to comply with any legal obligation as part of our checks to prevent fraud, financial crime, or money laundering. This includes sharing with fraud prevention agencies and other organisations which may use the information to prevent fraud and money laundering.

7.3 Third parties suppliers and service providers

We will share your personal data with third parties where necessary for business, legal and regulatory purposes and where appropriate for our legitimate interest. This includes with:

Trusteed third parties who perform services for us such as IT providers;
Identity management and verification providers (where applicable);
Fraud and anti-money laundering service providers (where applicable)
External law firms (where applicable);
Payment processors and other providers to enable your transactions to be processed;
Statutory, regulatory and law enforcement authorities, as required by law.

When we use third party service providers, we only disclose to them any personal information that is strictly necessary for them to provide their service. We will always ensure that we have a contract in place that requires them to keep your information secure and not to use it other than in accordance with our specific instructions.

Where third parties operate internationally, we will take steps to ensure that any transfer or your personal data outside of the European Economic Area (EEA) is managed carefully in accordance with applicable data protection law. We rely on Standard Contractual Clauses and where necessary have identified additional supplementary measures and safeguards to ensure your personal data is given an equivalent level of protection as provided for under the General Data Protection Regulations (GDPR).

8 International data transfers

Where we store or transfer personal information outside the UK, EEA or EU, robust procedures and safeguarding measures are applied to secure, encrypt and maintain the integrity of your personal data.

We complete continual reviews of the countries with sufficient adequacy decisions, standard data protection clauses or approved codes of conduct to ensure your personal data is protected.

We carry out due diligence checks with all recipients of your personal data to assess and verify that they have appropriate safeguards in place to protect your information.

We ensure that you have enforceable rights and effective legal remedies.

9 How long do we hold your information

When we collect your personal data, we do not hold on to it for any longer than is necessary.

The length of time we retain your information is determined by a number of factors including the purpose that we collected it for and our obligations for legal, regulatory, fraud prevention and legitimate interest purposes.

In general terms we hold your personal data for 7 years from the end of our relationship with you.

In certain circumstances we may need to retain your information for longer periods where we are requested to do so by regulatory or enforcement agencies. This is to ensure that we are able to produce records as evidence if asked to do so.

10 Your rights in relation to your personal information

You have significant rights on the way we process your personal data and we have significant obligations with regards to your rights.

You have the right to:

Find out if we use your information, to access that information and to receive copies of the information we hold about you;
Request that we correct and update any inaccurate and incomplete information;
Object to particular uses of your personal data when we use it for our legitimate business interests. However, doing so may have an impact on the services and products we can / are willing to provide.
Object to use of your personal data for direct marketing purposes. If you object to this use, we will stop using your data for direct marketing purposes.
Right to Erasure in certain circumstances such as when we use your personal data for marketing purposes. Where we process your personal data in accordance with our legal and regulatory obligations, we must retain this data in accordance with those requirements.
Obtain a transferable copy of certain data which can be transferred to another provider – this right applies under certain circumstances.
Should we use your consent as our lawful basis for processing your personal data at any time, you have the right to withdraw your consent.
Should we make any decisions about you by automated means you have the right to object to us doing so.

We are obliged to respond to you without undue delay. In most instances, we will respond within one calendar month. If we are unable to deal with your request fully within a calendar month (due to the complexity or number of requests you have made), we may extend this period by a further two calendar months. Should this be necessary, we will explain the reasons why to you. If you make your request electronically, we will, where possible, provide the relevant information electronically unless you ask us otherwise.

11 Cookies

Please click here to refer to our Cookie Policy for more information on how we use Cookies.

12 Changes to this Data Privacy Notice

This Data Privacy Notice may be updated from time to time.

If we change the way we use your information we will communicate those changes to you by way of updating this Data Privacy Notice or where appropriate we will notify you by email.

13 How to contact us

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to EML’s EU Group Data Protection Officer:

By email: [email protected]
By post, to Fourth Floor, 35 Great St Helen’s, London, EC3A 6AP.

14 The Office of the Information Commissioner

If you are unhappy with how we have used your personal information, you may contact the Office of the Information Commissioner. Please visit their website and refer to Make a complaint | ICO.

PFSL Privacy Information Notice

PFSL - Prepaid Financial Services Ltd

Privacy Information Notice

1 Introduction