Effective Date: 26 September 2023
Table of Contents
2 Who is processing your information
4 How we collect your personal data
5 How we will use your personal data
6 Keeping your information safe and secure
7 Who we might share your information with
7.2 To meet our legal obligations
7.3 Third parties suppliers and service providers
8 International data transfers
9 How long do we hold your information
10 Your rights in relation to your personal information
12 Changes to this Data Privacy Notice
14 The Office of the Information Commissioner
This Privacy Information Notice explains what information we collect about you, how we will use that information, who we will share it with and under what circumstances we will share it. It will also explain what we do to keep your information safe. It should be read alongside the terms and conditions you have for the product or service we are supplying to you.
Prepaid Financial Services Limited (PFS UK) is a fully owned subsidiary of EML Payments Limited (EML), a leading prepaid services company. Prepaid Financial Services Limited (PFS UK) is an e money payments institution and is authorised and regulated by the Financial Conduct Authority in the UK, under reference number 900036.
We are part of EML Group which includes the following entities (1) Prepaid Financial Services (Ireland) Limited ("PFSIL"), (2) Prepaid Financial Services Limited ("PFS UK"), (3) PFS Card Services Ireland Limited ("PCSIL"), (4) PFS Spain SL, (5) Spectre Technologies Limited, (6) EML Money DAC, (7) EML Payments (EU) Limited, (8) EML Payments Europe Limited, (9) Flex-e-card Limited and (10) EML Payments AB (together known as "EML Group").
Personal data is any information that relates to you. We collect different types of personal data about you but we will only collect the information that we need to enable us to deliver the product or service we are providing to with.
The information that we will collect to deliver our services is:
If we do not collect this personal data we will be unable to provide you with our products and services.
We collect personal data about you initially through our partners who are authorised under contractual arrangements to provide our services directly to you. This data initially includes your contact information, proof of identity and your authorised representatives where applicable.
We may disclose or check your personal data with other organisations and obtain further information about you in order to verify your identity and comply with applicable money laundering and governmental regulations. A record of our enquiries will be left on your file.
We record personal data through your use of the services, such as transactions, interactions with you through emails, telephone calls you make to us, your use of our website or use of associates apps.
We will use the information we hold about you for a number of different reasons, but we will always have a “legal basis” to do so. We have detailed our legal bases below.
PFS UK have legal obligations for the prevention of fraud, money laundering, counter terrorist financing and/or misuse of services. We will therefore process your personal data to meet those obligations.
We have legal obligations to monitor the transactions that our customers carry out and we will do so according to those obligations.
As a financial institution we have a legal obligation to record all telephone calls you make to us. We also have obligations in relation to Quality Assurance and the way we train our staff, both operations may include the use of your personal data.
We are obliged to respond to law enforcement agencies when requested to do so, for the prevention and investigation of crime, and to other government agencies where required to do.
Once we have completed our legal due diligence obligations, we will enter into a contract with you. You will be provided with Terms and Conditions at that time, and these form your contract with us.
We will process your personal data to:
We may process your personal data where it is in our legitimate interest to do so. Where we do this, we will keep a balance between our interests and your rights and freedoms. Such instances may include:
We may ask for your consent to send you marketing information regarding our products and services. Where we do so, you may withdraw your consent at any time.
In some circumstances, you may provide consent to an authorised third party such as through the Self-Directed Support scheme to engage with PFS on your behalf to create a service and assist you to access or manage funds allocated for your needs or supervise your use of that service. That consent is managed by the Third Party and full details of your Data Protection Rights in relation to that Third Party is documented in their Privacy Information Notice.
Once we have received your personal data, we will do our utmost to protect your personal data. We have strictly controlled technical and organisational measures to keep your information safe whilst it is in our possession.
We will:
You will have a username and password to enable you to access your account with us and you are responsible for keeping your password confidential. We ask you not to share a password with anyone.
Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and security measures and that we do not accept any responsibility or liability for these policies.
When we need to share your personal information, we will always take steps to ensure that your privacy rights continue to be protected.
We may share your information with other companies within the EML group where they are providing services to us.
We may share your personal information with a third party as part of a sale of some, or all, of our business or as part of any business restructure or reorganization.
We will share your personal information where:
We will share your personal data with third parties where necessary for business, legal and regulatory purposes and where appropriate for our legitimate interest. This includes with:
When we use third party service providers, we only disclose to them any personal information that is strictly necessary for them to provide their service. We will always ensure that we have a contract in place that requires them to keep your information secure and not to use it other than in accordance with our specific instructions.
Where third parties operate internationally, we will take steps to ensure that any transfer or your personal data outside of the European Economic Area (EEA) is managed carefully in accordance with applicable data protection law. We rely on Standard Contractual Clauses and where necessary have identified additional supplementary measures and safeguards to ensure your personal data is given an equivalent level of protection as provided for under the General Data Protection Regulations (GDPR).
Where we store or transfer personal information outside the UK, EEA or EU, robust procedures and safeguarding measures are applied to secure, encrypt and maintain the integrity of your personal data.
We complete continual reviews of the countries with sufficient adequacy decisions, standard data protection clauses or approved codes of conduct to ensure your personal data is protected.
We carry out due diligence checks with all recipients of your personal data to assess and verify that they have appropriate safeguards in place to protect your information.
We ensure that you have enforceable rights and effective legal remedies.
When we collect your personal data, we do not hold on to it for any longer than is necessary.
The length of time we retain your information is determined by a number of factors including the purpose that we collected it for and our obligations for legal, regulatory, fraud prevention and legitimate interest purposes.
In general terms we hold your personal data for 7 years from the end of our relationship with you.
In certain circumstances we may need to retain your information for longer periods where we are requested to do so by regulatory or enforcement agencies. This is to ensure that we are able to produce records as evidence if asked to do so.
You have significant rights on the way we process your personal data and we have significant obligations with regards to your rights.
You have the right to:
We are obliged to respond to you without undue delay. In most instances, we will respond within one calendar month. If we are unable to deal with your request fully within a calendar month (due to the complexity or number of requests you have made), we may extend this period by a further two calendar months. Should this be necessary, we will explain the reasons why to you. If you make your request electronically, we will, where possible, provide the relevant information electronically unless you ask us otherwise.
Please click here to refer to our Cookie Policy for more information on how we use Cookies.
This Data Privacy Notice may be updated from time to time.
If we change the way we use your information we will communicate those changes to you by way of updating this Data Privacy Notice or where appropriate we will notify you by email.
Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to EML’s EU Group Data Protection Officer:
If you are unhappy with how we have used your personal information, you may contact the Office of the Information Commissioner. Please visit their website and refer to Make a complaint | ICO.
© Copyright 2024 Prepaid Financial Services
This site uses cookies for optimum website performance and the analysis of site traffic. To get more information about these cookies and the processing of your personal data, view our Cookie Policy. To edit your preferences, click the ‘Manage Cookies’ button. To accept these cookies and the processing of personal data involved, click the 'I Agree' button. You can change your choices at any time by clicking ‘Manage Cookies’ at the bottom of any page.