MULTIPLE CARD SYSTEMS A/S (“MCS”) PRIVACY NOTICE
Important information about MCS:
MCS is Part of Radius Payment Solutions
Radius and its affiliates (collectively referred to as “Radius” “MCS“, “we”, “us”) takes its data protection and privacy responsibilities seriously. This ‘Privacy Notice’ (also often referred to as a ‘Fair Processing Notice’) explains how we collect, use and share personal information in the course of our business activities, including:
- What personal information we collect and when and why we use it.
- How we share personal information within MCS and with our service providers, regulators and other third parties
- Transferring personal information globally
- How we protect and store personal information
- Legal rights available to help manage your privacy
- How you can contact us for more support
The MCS entity responsible for your personal information will be the member of MCS that originally collects information from or about you. This will be explained at the point at which your personal information is first collected by MCS or its official distributors, for example where you or the business you work for engages us to provide a service or where we engage you to provide a service to us.
You can find out more about MCS at www.mcscardsystems.com or by contacting us using the information in the contact us section.
We may amend this notice from time to time to keep it up to date with legal requirements and the way we operate our business. Please regularly check these pages for the latest version of this notice.
You might find external links to third party websites on our website. This privacy notice does not apply to your use of a third party site
WHAT PERSONAL INFORMATION WE COLLECT AND WHEN AND WHY WE USE IT
In this section you can find out more about · the types of personal information we collect · when we collect personal information · how we use personal information · the legal basis for using personal information |
When we collect information
We collect information about you if you:
- register with or use one of our website(s) or online services;
- purchase one of our services;
- work with us as a business partner; or
- you are identified as a potential customer or business partner, collectively (“you“)
Personal information we collect and use if you use our websites or online services
On our website, personal information (such as your name, address, telephone number, or email address) is collected when you voluntarily submit it through a website form, such as during a request for information about our services. Other information that may also constitute personal information (such as your browser type, operating system, IP address, domain name, number of times you visited the website, dates you visited the website, and the amount of time you spent viewing the website) may be collected via cookies and other tracking technologies (such as transparent GIF files). Aggregate Information (such as how many times visitors log onto the website) may also be collected.
Personal information we collect and use if you purchase one of our products or services
Where you purchase or receive our services, we may collect:
- basic identification and contact information (such as your name, address, telephone number, and email address) in order to fulfil your order, provide our services and manage your account;
- financial information (such as bank account information, tax registration information, billing and details) in order to manage and process payments you make to us;
- information held by credit references agencies and fraud prevention agencies, in order to assess your application for the use of our services;
- information about your use of our products and services and your satisfaction with them, in order to continuously improve the products and services that we provide to you; and
- in relation to our Fuel Management products and services, location based information.
Personal information we collect and use if you work with us as a business partner
Where you are engaged by us to provide goods or services to MCS, we may collect:
- basic identification and contact information (such as your name, address, telephone number, and email address) in order to fulfil your order, provide our services and manage your account;
- financial information (such as bank account information, tax registration information, billing and details) in order to manage and process payments you make to us; and
- information held by credit references agencies and fraud prevention agencies, in order to assess your application for the use of our services.
Personal information we collect and use if you are identified as a potential customer or business partner
We collect information directly, from other members of the MCS group, and from other third party lead providers about organisations who feel might like to hear from us or receive our products and services. In those circumstances, we may collect basic identification and contact information (such as your name, address, telephone number, and email address) in order to fulfil your order, provide our services and manage your account in order to market our goods and services to you. We will only do so in accordance with your preferences and as described in this privacy notice.
The legal basis for using your personal information
We will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis to do this. This may be because:
- our use of your personal information is in our legitimate interest as a commercial organisation (for example where we look to market our services to potential business customers, or in order to make improvements to our products and services) – in these cases we will look after your information at all times in a way that is proportionate and respects your privacy rights and you have a right to object to processing as explained in the Legal Rights section below;
- our use of your personal information is necessary to perform a contract or take steps to enter into a contract with you for example your basic contact information and billing information required to make/take payments)); and/or
- our use of your personal information is necessary to comply with a relevant legal or regulatory obligation that we have for example where we are required to disclose personal information to a court or tax authority.
SHARING PERSONAL INFORMATION WITHIN MCS, WITH OUR SERVICE PROVIDERS, OUR REGULATORS
In this section you can find out more about how we share personal information: · within MCS · with third parties that help us provide our products and services; and · our regulators. |
We share your information in the manner and for the purposes described below:
- with third parties who help manage our business and deliver services. These third parties have agreed to confidentiality restrictions and use any personal information we share with them or which they collect on our behalf solely for the purpose of providing the contracted service to us. These include IT service providers who help manage our IT and back office systems;
- with credit reference agencies and organisations working to prevent fraud in financial services;
- with our regulators, which may include the UK Information Commissioner’s Office and any other relevant supervisory authorities, to comply with all applicable laws, regulations and rules, and requests of law enforcement, regulatory and other governmental agencies;
- we may share in aggregate, statistical form, non-personal information regarding the visitors to our website, traffic patterns, and website usage with our business partners, affiliates or advertisers;
- If, in the future, we sell or transfer some or all of our business or assets to a third party, we may disclose information to a potential or actual third party purchaser of our business or assets.
EXPLAINING MORE ABOUT DIRECT MARKETING, PROFILING AND AUTOMATED DECISION MAKING
In this section, you can find out more about
|
How we use personal information to keep you up to date with our products and services
We may use personal information to let you know about MCS products and services that we believe will be of interest to you. We may contact you by email, post, or telephone or through other communication channels that we think you may find helpful. In all cases, we will respect your preferences for how you would like us to manage marketing activity with you.
How you can manage your marketing preferences
To protect privacy rights and to ensure you have control over how we manage marketing with you:
- we will take steps to limit direct marketing to a reasonable and proportionate level and only send you communications which we believe may be of interest or relevance to you;
- you can change the way your browser manages cookies, which may be used to deliver online advertising, by following the settings on your browser as explained below.
TRANSFERRING PERSONAL INFORMATION GLOBALLY
In this section, you can find out more about: · how we operate as a global business and transfer data internationally. · the arrangements we have in place to protect your personal information if we transfer it overseas. |
MCS operates on a global basis. Accordingly, your personal information may be transferred and stored in countries outside the EU, that are subject to different standards of data protection. MCS will take appropriate steps ensure that transfers of personal information are in accordance with applicable law and carefully managed to protect your privacy rights and interests and transfers are limited to countries which are recognized as providing an adequate level of legal protection or where we can be satisfied that alternative arrangement are in place to protect your privacy rights. To this end:
- we ensure transfers within MCS will be covered by an agreement entered into by members of MCS (an intra-group agreement) which contractually obliges each member to ensure that personal information receives an adequate and consistent level of protection wherever it is transferred within MCS;
- where we transfer your personal information outside MCS or to third parties who help provide our products and services, we obtain contractual commitments from them to protect your personal information. Some of these assurances are well recognized certification schemes like the EU – US Privacy Shield for the protection of personal information transferred from within the EU to the United States; or
- where we receive requests for information from law enforcement or regulators, we carefully validate these requests before any personal information are disclosed.
HOW WE PROTECT AND STORE YOUR INFORMATION
Security
We have implemented and maintain appropriate technical and organisational security measures, policies and procedures designed to reduce the risk of accidental destruction or loss, or the unauthorised disclosure or access to such information appropriate to the nature of the information concerned. Measures we take include placing confidentiality requirements on our staff members and service providers; destroying or permanently anonymising personal information if it is no longer needed for the purposes for which it was collected.
Storing your personal information
We will store your personal information for as long as is reasonably necessary for the purposes for which it was collected, as explained in this notice. In some circumstances we may store your personal information for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax, accounting requirements.
In specific circumstances we may store your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or dealings.
LEGAL RIGHTS AVAILABLE TO HELP MANAGE YOUR PRIVACY
Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, you have certain rights in relation to your personal information. Click on the links below to learn more about each right you may have:
- To access personal information
- To rectify / erase personal information
- To restrict the processing of your personal information
- To transfer your personal information
- To object to the processing of personal information
- To object to how we use your personal information for direct marketing purposes
- To obtain a copy of personal information safeguards used for transfers outside your jurisdiction
- To lodge a complaint with your local supervisory authority
We may ask you for additional information to confirm your identity and for security purposes, before disclosing the personal information requested to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.
Subject to legal and other permissible considerations, we will make every reasonable effort to honour any request promptly or inform you if we require further information in order to fulfil your request.
We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
Right to access personal information
You have a right to request that we provide you with a copy of your personal information that we hold and you have the right to be informed of;
- the source of your personal information;
- the purposes, legal basis and methods of processing;
- the data controller’s identity; and
- the entities or categories of entities to whom your personal information may be transferred.
Right to rectify or erase personal information
You have a right to request that we rectify inaccurate personal information. We may seek to verify the accuracy of the personal information before rectifying it.
You can also request that we erase your personal information in limited circumstances where:
- it is no longer needed for the purposes for which it was collected; or
- you have withdrawn your consent (where the data processing was based on consent); or
- following a successful right to object; or
- it has been processed unlawfully; or
- to comply with a legal obligation to which MCS is subject.
- for compliance with a legal obligation; or
- for the establishment, exercise or defence of legal claims;
We are not required to comply with your request to erase personal information if the processing of your personal information is necessary:
Right to restrict the processing of your personal information
You can ask us to restrict your personal information, but only where:
· its accuracy is contested, to allow us to verify its accuracy; or
· the processing is unlawful, but you do not want it erased; or
· it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
- you have exercised the right to object, and verification of overriding grounds is pending. We can continue to use your personal information following a request for restriction, where:
- we have your consent; or
- to establish, exercise or defend legal claims; or
- to protect the rights of another natural or legal person.
Right to transfer your personal information
You can ask us to provide your personal information to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller, but in each case only where:
- the processing is based on your consent or on the performance of a contract with you; and
- the processing is carried out by automated means.
Right to object to the processing of your personal information
You can object to any processing of your personal information which has our legitimate interests as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests.
If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.
Right to object to how we use your personal information for direct marketing purposes
You can request that we change the manner in which we contact you for marketing purposes.
You can request that we not transfer your personal information to unaffiliated third parties for the purposes of direct marketing or any other purposes.
Right to obtain a copy of personal information safeguards used for transfers outside your jurisdiction
You can ask to obtain a copy of, or reference to, the safeguards in the event that your personal information is transferred outside of the European Union.
We reserve the right to redact any data transfer agreements to protect our commercial interests.
Right to lodge a complaint with your local supervisory authority
You have a right to lodge a complaint with your local supervisory authority if you have concerns about how we are processing your personal information.
We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.
CONTACT US
The primary point of contact for all issues arising from this privacy notice, is our Data Protection Officer. The Data Protection Officer can be contacted via:
- dataprotectionofficer@radiuspaymentsolutions.com; or
- Radius Payment Solutions, Eurocard Centre, Herald Park, Herald Drive, Crewe CW1 6EG
If you have any questions or concerns regarding our compliance with this notice and the data protection laws, or if you wish to exercise your rights, we encourage you to first contact us. We will investigate and attempt to resolve complaints and disputes and will make every reasonable effort to honour your wish to exercise your rights as quickly as possible and in any event, within the timescales provided by data protection laws.
Additional Privacy Notices
We may undertake certain processing of personal information which are subject to additional Privacy Notices and we shall bring these to your attention where they engage.
Notice of changes
MCS may change or update this Privacy Notice at any time.
Should we change our approach to data protection, you will be informed of these changes or made aware that we have updated the Privacy Notice so that you know which information we process and how we use this information.
This Privacy Notice was last updated and reviewed on 11th April 2018 – Version 1.0.