COMPASS PLUS (GREAT BRITAIN) LTD. PRIVACY POLICY
Effective Date of the current version of this Policy: March 14, 2022
PLEASE READ CAREFULLY AND SAVE THIS DOCUMENT.
Document Outline:
1. Scope of our Privacy Policy
2. How we collect information about you
3. What kind of information do we collect?
4. Our use of ‘cookies’
5. How we protect and store personal information
6. How we use the personal information we collect
7. How personal information is used for marketing
8. How we transfer personal information
9. How to access or change your personal information
10. How to contact us
11. Data protection officer
Please read the following carefully to understand our views and practices regarding your personal information and how we treat it. We are committed to protecting and respecting your privacy.
MOBICASH BIOPAY – CONSENT TO USE OF FINGERVEIN (BIOMETRIC) DATA
During enrolment, MobiCash BioPay scans your fingervein and converts it into a secure Biometric Identification Record (BIR). Following this, you can use the MobiCash Payments App QR facility to register your BIR and then link that to your chosen card. When using BioPay for purchases in-store, when you scan your fingervein our MobiCash host software receives the BIR and matches this against BIRs near the relevant POS in-store, thereby connecting the MobiCash customer and their associated card to allow a transaction to be made. You can register several fingers for use in MobiCash BioPay. Should you at a later stage decide that you do not want to use BioPay, you can unsubscribe completely (or for particular fingers) and our host software will no longer store your BIR.
The use of MobiCash BioPay technology is optional and at your discretion. It does, however, enable faster and more secure processing of Transactions through MobiCash App. An individual’s biometric data is almost impossible to replicate making it a secure means of identification.
Our MobiCash BioPay technology processes biometric data (considered as "special category" data under the GDPR) to validate your identity and your authorisation of Transactions. By accepting the contents of this Policy, you agree to the following statement "I hereby give my free, explicit and informed consent to my fingerprint data being used by Compass Plus for the purpose of using MobiCash BioPay technology as part of MobiCash Service. I understand that I can receive, in accordance with the applicable law, information relating to the processing of my
biometric data and withdraw this consent at any time by emailing compliance@compassplus.com. I also understand that if I withdraw my consent that any use of my fingervein already undertaken remains valid".
1. Scope of our Privacy Policy
1.1 For the purposes of the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”)), the data controller is Compass Plus (Great Britain) Limited (company number 5591482) of 9 The Triangle, NG2 Business Park, Nottingham, NG2 1AE, United Kingdom.
1.2 This Compass Plus (Great Britain) Ltd. privacy policy (the “Policy”), together with the Terms of Service and any additional terms incorporated by reference into the Terms of Service applies to personal information we collect from you, or that you provide to us, and describes how Compass Plus (Great Britain) Ltd. and its subsidiaries, affiliates, sub-contractors and associates (“Compass Plus”, “we”, “our” or “us”) collects, uses, protects, stores, shares and otherwise processes information about you when you interact with us and when you register to use Compass Plus’ services such as “MobiCash App” or other MobiCash co-branded apps or projects with our partner companies (hereinafter referred to as “MobiCash App”), our websites and any other features, technologies or functionalities offered by us on our websites, mobile applications or otherwise (collectively referred to as the “Services”). By agreeing the terms of this Policy when you register and use our Services, you understand that we shall process your personal information for unlimited period as described in section 3 below, including its collection, record, systematization, accumulation, storage, clarification, extraction, use, protection, transfer (including cross-border transfer) and any other processing in the ways set out in this policy either by automated or manual means.
1.3 Please note that you permit us to share certain information with third parties and this Policy does not apply to the practices of other users of our Services (including Third Party Suppliers (as defined in the Terms of Service)) that may collect information from you by various means through Third Party Sites (“Third Party Sites”) when you interact with them through the Services. This includes third parties which use our services on their websites,who are not under our control and process your personal information as an independent data controller; we are
not responsible for and do not endorse their content or their privacy policies (if any). You will need to make your own independent judgement regarding your interaction with these third parties, including the purchase and use of any products or services accessible through them, therefore please review their privacy policies for information about their own privacy practices before providing them with any personal information.
1.4 Throughout this Policy, we use the term "personal information" to describe any data associated with a specific person that can be used directly or indirectly to identify that person.
1.5 We may change this Policy from time to time. We will notify you of these changes when you next use our Services (where applicable) and/or also by way of posting an amended version on our website. We recommend that you regularly check the current version available. If we make changes to this Policy, the “Effective Date” at the top of this page will be updated accordingly. The revised version will be effective from the date it is posted on the website and/or from the date we notify you via “MobiCash Services”. If you do not accept any amendment(s) to the Policy, you must close your MobiCash Account by following the unsubscribe procedure set out in our Terms of Service (or any other specific agreement that we have entered into with you) and stop accessing and using our Services. If you do not object to an amendment by closing your MobiCash Account within the 30 day notice period, you will be deemed to have accepted the updated Policy. For this purpose a
“substantial or material change” means a change which we believe in our reasonable opinion to either reduce your rights or increase your responsibilities, but which does not relate to a new product or service, nor a change we must make to comply with any applicable law.
1.6 Special note about children. Children are not eligible to use our Service and we ask that minors (persons under the legal age required in the country of their residence to download, access and/or use the MobiCash App or the Services, including use of the banking products, compatible and / or registrable with the Services (cards, accounts etc.), with applicable user age-related limitations imposed by the local regulator) do not submit any personal information to us or use our Services. We do not knowingly solicit data online from, or market to, persons under the legal age.
2. How we collect information about you
We collect the personal information that you provide to us and the information you generate by your use of our Services.
3. What kind of information do we collect?
3.1 When you first use the MobiCash App and/or our other Services, you will be asked to register for an account (known as the “MobiCash Account”). We may request, collect and process the following data about you:
(a) Personal information: your name, address (including residential address, billing address and postal address), mobile phone number, email address, card registration number and other similar information. Before you may use our Services, we may also require you to provide additional data with which we can use to verify your identity, or manage risk, such as your date of birth, identification number, nationality, and other data which can be used for personal identification purposes that may be required by law.
(b) Financial information: payment card number (including credit card, debit card, charge card and/or stored value card) and/or any other number of an accepted method of payment (including a bank account number) and/or payment instrument number or identification (“Payment Method”) that you associate with your MobiCash Account in order to facilitate transactions (“Transactions”). We may also collect related
Payment Method information such as your card expiry date and billing address.
(c) Biometric data: dactyloscopic data (including the structure of the blood vessels in your fingers) for the purposes of converting this into a secure Biometric Identification Record (BIR). The BIR is stored in a database on the secure server in encrypted proprietary format (an actual copy of the fingervein image itself is not stored). Only the MobiCash BioPay fingervein reading technology can recognize this format.
3.2 Information generated from use of the Services
(a) When you visit our Services website or use MobiCash App, we may collect device-specific information about the mobile handset, tablet or any other device (Device) you may use to download MobiCash App, including where applicable, your hardware model, operating system version, unique device identifiers, mobile network information, your internet protocol (IP) addresses, internet service provider (ISP), clickstream data and standard web log data, (such as your browser type and language, and the webpages you access on our Services websites). We may associate Device information with registration information and will treat the combined information as personal information in accordance with this Policy for as long as it is combined.
(b) When you use the Services to make a Transaction, we may collect information generated from each of your purchases including the date, time and amount of the Transaction, a description provided by the seller of the goods or services purchased, names and email addresses of the seller and buyer (or sender and recipient), the type of Payment Method used, any notes you may enter about the Transaction and any special offers or loyalty programs associated with the Transaction.
(c) When you use a location-enabled device with the Services, we may collect geographical location data or use various means to determine the location, such as sensor data from your device that may, for instance, provide data on nearby cell towers and Wi-Fi access spots. You can withdraw your consent at any time by disabling the location services option for MobiCash App within the settings on your Device.
(d) We may collect device event information such as crashes, system activity, hardware settings, the date and time of web page requests and referral URLs.
3.3 Website traffic information. Because of the way Internet communication standards work, when you arrive at or leave our websites, we automatically receive the web address of the site that you came from or are going to. As mentioned above, in connection with our collection of web log data, we also collect information on which pages of our websites you visit, IP addresses, the type of browser you use and the times you access our websites. We use this information to try to understand our customers' preferences better and to manage the load on our servers, so as to improve our services and your experience with us.
3.4 We may collect additional information about you from third parties such as information from the Third Party Suppliers related to your Transactions with them, from third party credit and fraud prevention bureaus and/or identity verification services, the results when you respond to a survey or participate in competitions or promotions, loyalty programme information relating to a third party loyalty scheme which you may choose to provide to facilitate loyalty programme benefits by using MobiCash and Services, details of transactions you carry out through any Third Party Sites, including any transactions which you have commenced but not completed, from interactions with members of our corporate group entities and/or from interactions with the MobiCash customer service team.
4. Our use of ‘cookies’
Cookies are small files of data that reside on your computer and allow us to distinguish you from other users of our Services. This helps us to provide you with a better experience when you use our Services (such as when you browse our websites) and also allows us to improve our Services. For detailed information on the cookies we use and the purposes for which we use them, see our Cookie Policy.
5. How we protect and store personal information
5.1 The security of your MobiCash Account depends on you keeping your account PIN and any other Credentials (as defined in the Terms of Service) confidential. It is your responsibility to control access to your mobile device and the MobiCash App, which includes keeping your PIN confidential and not sharing it with anyone. It is also your responsibility to notify us if you believe that the security of the data in the MobiCash App or your Services have been compromised.
5.2 We will not store any personal information, including your PIN on your mobile device.
5.3 By allowing us to release your personal information to a Third Party Site, the data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (EEA) and / or the country of your residence including the US and/or Canada. It may also be processed by staff operating outside the EEA and / or country of your residence who works for us or for one of our suppliers. These staff may be engaged in the fulfilment of your request, order or reservation, the processing of your payment details and the provision of support services.
5.4 We store and process your personal information in a heavily encrypted format. We protect your personal information by maintaining strict electronic, physical and procedural safeguards. We use software-based safeguards such as firewalls and data encryption and we have strict security measures that limit physical access to our buildings and files. We authorize access to users’ personal information only for those Compass Plus employees who require it to fulfil their job responsibilities.
5.5 Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Services; any transmission is at your own risk. Once we have received your information, we will adhere to strict procedures and security features to try to prevent any unauthorised access as set out above.
5.6 We will not keep personal information any longer than is necessary for the fulfilment of the purposes (including any directly related purpose) set out in clause 6 below. We will purge unnecessary personal information from our system in accordance with the applicable law requirements and our internal procedures.
6. How we use the personal information we collect
6.1 We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:
(a) Where you have provided your consent, i.e. to receive marketing information (see section 7 below);
(b) Where we need to carry out any actions related to the MobiCash Account you have set up with us;
(c) Where we need to comply with a legal obligation;
(d) Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
(e) We may also use your personal information in the following situations, which are likely to be rare;
(f) Where we need to protect your interests (or someone else's interests); or
(g) Where it is needed or for official purposes.
6.2 Our primary purpose for collecting your personal information is to provide you with a simple, fast and secure experience when using the Services. Specifically we may use your personal information for the following purposes:
(a) application processing for the Services;
(b) provision of customer and location tailored Services;
(c) facilitation and validation of Transactions in a safe and secure way;
(d) provision of notifications regarding your Transactions and unpaid bills (including pending bills), and/or provision of other technical notices, updates, security alerts, and support and administrative messages;
(e) generation of usage, transaction, spending and/or other reports as requested by you;
(f) maintenance of your Transaction history for present and future reference;
(g) delivery of Loyalty Rewards and Offers (as defined in the Terms of Service) from Third Party Suppliers
(as defined in the Terms of Service) that you have made payments to using the Service;
(h) delivery of the MobiCash Loyalty (as defined in the Terms of Service);
(i) assisting charities and/or Community Amateur Sport Clubs (CASCs) to process the Gift Aid portion of a
donation made to your chosen charity/CASC;
(j) identification of usage trends and the determination of the effectiveness of our communications, assistance in disputes resolution and provision of other forms of customer support, including responses to your enquiries and the fulfilment of your requests for information;
(k) data analysis, audits, development of new products, tracking, operation, improvement and personalisation of the Services, content and advertising;
(l) comparison of the information collected for accuracy and verification of this information with authorised third parties;
(m) prevention or detection of potentially prohibited or illegal activities under applicable law, including laws outside your country of residence;
(n) compliance with and making such disclosures as are required by the applicable laws, rules, regulations and guidelines; and
(o) any other purposes directly related to the purpose for which the personal information was originally collected;
(p) as we believe to be necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from law enforcement and other government authorities including public and government authorities outside your country of residence; (d) enforce or apply this Policy and / or MobiCash Terms of Services and / or other MobiCash
Terms of Services for co-branding projects with our partner companies; (e) to protect our rights, privacy, property or safety, and/or that of our affiliates, you or others; and (f) to allow us to pursue available remedies or limit the damages that we may sustain; and
(q) in any other way that is envisioned by this Privacy Policy or the Terms of Service.
6.3 We will send emails asking for you to access, review and edit your personal information and consents.
6.4 If we plan to use your personal information for purposes not set out in this Policy, we will notify you and seek your prior approval.
7. How personal information is used for marketing
7.1 Compass Plus may use your mobile phone number and email address (if and where applicable) for direct marketing or otherwise to provide you with information about goods or services and\or promotional offers that may be of interest to you. But we may not use your personal information without your consent.
7.2 We may use this personal information set out in clause 7.1 for the marketing of the new services and products, features and/or promotional offers provided by Compass Plus and/or our Third Party Suppliers. However, we will not pass on your phone number and/or email address to our Third Party Suppliers for direct marketing of their products or services to you. You will not receive any direct communication from the Third Party Suppliers unless you have entered into a separate agreement with them and in which case we are not responsible for and do not endorse their privacy policies and we do recommend that you use your own independent judgement regarding your interaction with them. All direct marketing communication will be provided to you via MobiCash App and/or sent to your email address by our marketing and/or customer service team (if and when applicable).
7.3 You may opt-in to allow information from MobiCash App to be used by Compass Plus in order to present you with relevant Offers and Loyalty Rewards from Third Party Suppliers that you have made payments to using the MobiCash Service. When you register for your MobiCash Account and agree our Terms of Service you will be asked to provide your consent to such use of your personal information by placing a tick in the appropriate box on the settings tab.
7.4 Should you choose to opt in, the MobiCash Service may send you marketing communications as part of the MobiCash Loyalty. In consideration for Compass Plus granting you access to and use of the MobiCash App and our other Services, you agree that Compass Plus may automatically subscribe you to the MobiCash Loyalty and you further consent to receiving all marketing communications related to MobiCash Loyalty.
7.5 We do not disclose information about identifiable individuals to our Third Party Suppliers, but we may provide them with aggregate information about our users (for example, we may inform them that 100 users have subscribed to their Loyalty Reward scheme and 50 of them have redeemed points in the last month). We may also use such aggregate information to help our Third Party Suppliers to reach the kind of audience they want to target (for example, the top 100 highest spenders in their location specific outlet). We may make use of the personal information we have collected from you to enable us to comply with our Third Party Suppliers’ wishes by providing Loyalty Rewards and/or Offers to that target audience.
7.6 We will not transfer, sell, rent or trade your personal information to other third parties for their marketing purposes without your consent. We may combine your information with information we collect from other companies and use it to improve and personalise our services, content and promotions.
8. How we transfer personal information
8.1 In general, your personal information, Payment Method data and any or all of your MobiCash Account data will be kept confidential. However, in order to fulfil the purposes set out in clause 6 of this Policy, Compass Plus may disclose your personal information to the following parties (whether within or outside your country of residence):
(a) MobiCash Third Party Suppliers that you transact with;
(b) Compass Plus’ group companies, subsidiaries, affiliates, strategic partners or acquirers that are under a duty of confidentiality to Compass Plus and have undertaken to keep your personal information confidential;
(c) agents, contractors, suppliers or third party service providers under contract who provide business operations support such as credit reference and fraud prevention, collection activities, and technology services. Our service agreements dictate that these service providers only use your data in connection with the services they perform for us and not for their own benefit, however, please note, that your personal information may then be used by the third party in accordance their own privacy policy as an independent data controller (for example, to contact you pursuant to your interactions with them);
(d) the police; security forces; any law enforcement agencies, competent governmental, intergovernmental or supranational bodies; competent agencies, departments, regulatory bodies, self-regulated authorities or schemes; or organisations or other authorities in the event:
(i) we are compelled to do so by a body referred to above, law or a court order;
(ii) we need to do so to comply with credit card association and/or payment scheme rules;
(iii) we are cooperating with a law enforcement investigation;
(iv) we believe in good faith that the disclosure of the information (including personal information) is necessary to prevent physical harm or financial loss, to report suspected illegal activity, or to enforce, act in compliance of, or investigate violations of, any standard Compass Plus Terms of Services;
(v) businesses or entities that we plan to merge with or be acquired by (should such a merger occur, we will require that the new merged entity follow this Policy with respect to your personal information); and
(vi) other third parties with your express consent or direction to do so.
8.2 The data that we collect from you will be shared within the Compass Plus Group. This will involve transferring your data outside the UK. It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers or Third Party Suppliers. These staff may be engaged in the fulfilment of your request, order or reservation, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. We will take all reasonable steps necessary to
ensure that your data is treated securely and in accordance with this Policy. In particular, all information you provide to us is stored on our secure servers and any information we process relating to your payment transactions will be sent over an encrypted connection to Third Party Sites. We also employ the Model Contractual Clauses which have been drafted in conjunction with, and approved by, the Information Commissioner’s Office. If you require further information about this protective measure, you can request it from our Data Protection Officer.
8.3 Third Party Sites may be located in other countries where the laws on processing personal information may be less stringent than in your country. We also adopt strict procedures and security features to prevent unauthorised access as outlined in the relevant data centre security policy, an electronic copy of which can be requested via the ‘Contact us’ option in the settings menu within the MobiCash App.
8.4 Our Services websites may, from time to time, contain links to and from the websites / applications of our partner networks and affiliates (including, but not limited to, websites on which the MobiCash App or the Services are advertised). If you follow a link to any of these websites, please note that these websites and any services that may be accessible through them have their own privacy policies and that we do not accept any responsibility or liability for these policies or for any personal information that may be collected through these websites or
services, such as contact and location data. Please check these policies before you submit any personal data to these websites or use these services. You should be aware, however, that the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your data transmitted to any third parties; any transmission is at your own risk.
9. How to access or change your personal information
9.1 You may access, review and edit your personal information at any time by logging in to your account via the MobiCash App.
9.2 You have the right to:
(a) if at any point you wish to either confirm whether your Personal Data is being processed and/or access the data we hold on you, you have the right to request to see this information, usually free of charge, by writing to us at the address at the head of this document and we will respond to this request within one month;
(b) to have certain data you have provided to us with to be provided to you in a structured and commonly used electronic format (for example, a Microsoft Excel file), so that you can move, copy or transfer this data easily to another data controller, or request that we transmit this data directly to another organisation where it is practical for us to do so;
(c) to have data corrected if it is inaccurate or incomplete;
(d) to have data deleted if it is no longer needed or there is no longer a legitimate reason for the processing, or if the data in question has otherwise unlawfully been processed. You may also request deletion of your Personal Data if it was only being processed as a result of your consent which has since been withdrawn;
(e) to object to the processing of your Personal Data (note that this only provides you with the right to raise your objections, not a blanket right to have any and all processing cease);
(f) to restrict the processing of your Personal Data under certain circumstances, including if you have contested its accuracy and while this is being verified by us or, if you have previously objected to its processing, while we are considering whether we have legitimate grounds to continue to do so;
(g) be informed of our policies and practices in relation to personal information and to be informed of the kind of personal information held by us;
(h) to be informed of any automated means by which your personal information is processed; and
(i) to cancel the processing of your personal information for marketing purposes. You can exercise the right at any time by contacting us via the MobiCash App.
9.3 Your right of access to personal information held about you can be exercised in accordance with the GDPR. The information should be provided to you within one (1) month and there is no fee incurred for our providing this information to you, although repeated requests for the same information may incur a fee to cover our reasonable administrative costs.
10. How to contact us
Requests for access to personal information, or correction of personal information, or for information regarding policies and practices and kind of personal information held are to be addressed to us by choosing the ‘Contact us’ option in the settings menu within the MobiCash App or by writing to us at MobiCash, 9 the Triangle, NG2 Business Park, Nottingham. NG2 1AE United Kingdom.
For the avoidance of doubt, this Policy does not constitute a "framework contract" for the purpose of the EU Payment Services Directive (2007/64/EC) or any implementation of that directive in the European Union or EEA (including, without limitation, the UK Payment Services Regulations 2009).
11. Data protection officer
We have appointed a data protection officer (DPO) to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please contact the DPO. You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues.
If you wish to exercise any of your rights under the GDPR, raise a complaint about or seek more information regarding how we have handled your Personal Data, including in relation to any of the rights outlined above, you can contact one of our nominated representatives:
UK Contact
Position: Data Protection Officer (UK)
Telephone: 0115 753 0120
Email: compliance@compassplus.com
and your concerns will be investigated.
If you are not satisfied with our response, or believe we are processing your data unfairly or unlawfully, you can complain to the Information Commissioner’s Office (ICO). You can find further information about the ICO and their complaints procedure here: https://ico.org.uk/concerns/.