Privacy Policy

Who we are

eCOMM Merchant Solutions Ireland Limited (EMSI) and eCOMM Merchant Solutions Limited (EMS) is a fast-growing technology company and e-money payments institution with offices in Ireland, the UK and Malta. Our Head Office is located in IDA Business and Technology Park, Johnstown, Navan, Co Meath, C15 E8KV, Ireland.

EMSI and EMS are authorized and regulated by the Financial Conduct Authority in the UK, as an Electronic Money Institution, under a license number 900591. We are a one stop payment gateway and acquirer for merchants who require Point of Sale (POS), eCommerce and Mail Order/Telephone Order (MOTO) capability for Visa, Mastercard, AMEX and Alipay.

What, why?

Your privacy is very important to us.

We, EMSI and EMS, are committed to only collecting and processing the information about you that is required for us to offer and improve our products and services as well as to comply with the EU General Data Protection Regulation (GDPR) 2018 and all legal and regulatory obligations.

This Privacy Policy applies to information we collect and process when:

  • you sign up for our products and services
  • you access and use our website, applications, products and services
  • you otherwise interact with us
  • you are making payment transactions through our services, even if you did not sign up for the service directly with us

We will update this Privacy Policy in line with the regulatory and operational changes and post updated version on our website. We advise our merchants to regularly check the website for any updates.

In order to be able to sign up for and use our products and services you must accept all terms of this Privacy Policy.

The information about you and your business we collect includes:

  • Your full name, address, date of birth, email address, telephone number, gender, other personal information such as telephone recordings; security questions, user ID;
  • Your business: name, address and telephone number, legal form, type, nature and purpose, directors and Ultimate Beneficial Owners;
  • CCTV footage where you visit our offices
  • In order to facilitate payouts to you, we collect your bank account detail.
  • In order to verify your identity as required by anti-money laundering laws and to prevent fraud and financial crime we may collect information about you from third parties, which include (but is not limited to) your credit rating, company registration number and date, VAT, financial and processing history, share capital, board of directors.
  • The transactional information we collect include transaction: time, location, amount, payment method and cardholder detail
  • When you use our website or mobile application, we may automatically, through cookies and web beacons, collect information that include (but is not limited to): your IP address, identifiers of your device, operating system, visit date, time and usage behaviour
  • For marketing and research surveys we may track and analyze your preferences and interests

The purposes for collecting and processing information about you include:

  • Provision of services to you, as per our contractual obligations;
  • Provision of information to you, including transaction receipts, payout reports and security alerts;
  • Improvement and personalisation of our Services;
  • Protection of our rights, compliance with our legal and regulatory obligations, prevention and investigation of fraud, money laundering, counter terrorist financing, other illegal activities and misuse of services;
  • Communication with you, including in relation to our news, updates and promotions offered by us and our partners, unless you opt out of such communications

You can choose to opt out of receiving promotional offers and marketing communications by emailing the request and your detail to dpo@ecomm365.com.

Information sharing

  • We may share information about you to the extent that is necessary, with any member of our group of companies and partners in order to allow us to provide you with a full service, where other companies perform components of the full service offering or perform functions on our behalf. These services include anti-money laundering and fraud prevention, verification, financial institutions, payment card associations/ schemes, and other entities as part of payment and acquiring process...
  • We may disclose information about you to third parties in connection to any merger, sale of company assets, financing, acquisition, divestiture or dissolution of all or a portion of our business
  • We may disclose information about you to third parties in relation to advertising campaigns, special offers or other events and activities, unless you choose to opt out of such communications
  • We may disclose information collected about you when it is necessary for us to: comply with any applicable law or regulation, to enforce applicable terms and conditions or policies, to protect the security and integrity of our products and services and to protect our rights

In any case, we will always ensure that your information will only be shared and processed in connection with our products and services, in accordance with this Privacy Policy and applicable data protection laws.

Legal basis for collection and processing personal data by EMS and EMSI

  • receipt of your consent;
  • performance of a contract where you are a party;
  • legal obligations that EMSI and EMS are required to meet; and
  • national law.

Legitimate interests pursued by us, or third parties we use, are as follows:

  • the prevention and investigation of fraud, money laundering, terrorist financing, other illegal activities and misuse of services.

Consent

By consenting to this Privacy Policy you are giving us permission to process your personal data specifically for the purposes identified above. Consent is required for EMSI and EMS to process personal data, but it must be explicitly given. Where we are asking you for sensitive personal data, we will always tell you why and how the information will be used.

Consent for Children Under 16

If you are giving consent on behalf of a child under sixteen (16) years of age then please be aware that Children need specific protection with regard to their personal data, as they may be less aware of the risks, consequences and safeguards concerned, and also of their rights in relation to the processing of personal data for the purposes of using these services. By consenting to this Privacy Policy on behalf of a minor you are giving permission for their data to be used for the purposes described above.

Withdrawal of Consent Conditions

You may withdraw consent from direct marketing at any time by contacting us at dpo@ecomm365.com.

If you choose to withdraw your consent to our further processing of the information about you, as described in this Privacy Policy, please be advised we may not be able to continue providing you with the product and service you requested and may therefore terminate the relevant agreements with you. Nevertheless, we may have to retain the information about you as required by our legal and regulatory obligations.

International Data Transfers & Third-Party Disclosures

In limited situations where EMSI and EMS store or transfers personal information outside the EEA or the EU, robust procedures and safeguarding measures apply to secure, encrypt and maintain the integrity of the data. EMSI and EMS will complete continual reviews of the countries with sufficient adequacy decisions, such as the Privacy Shield in the US, and provisions for binding corporate rules, standard data protection clauses or approved codes of conduct. EMSI and EMS will further perform due diligence checks with all recipients of personal data to assess and verify that they have appropriate safeguards in place to protect the information. EMSI and EMS undertakes that it shall not transfer Personal Data outside of the EEA or the EU in full compliance with Article 46 of the GDPR, and shall not transfer data outside of the EEA or EU unless the following conditions are fulfilled:

  • The data subject has enforceable rights and effective legal remedies;
  • EMSI and EMS shall comply with its obligations under the Data Protection Legislation by providing an adequate level of protection to any Personal Data that is transferred (or, if it is not so bound, uses its best endeavours to assist the Customer in meeting its obligations);
  • EMSI and EMS complies with any reasonable instructions notified to it in advance with respect to the processing of the Personal Data; and
  • Upon written direction shall delete or return Personal Data (and any copies of it) unless EMSI and EMS is required by Law to retain the Personal Data.

Where EMSI and EMS is required to transfer Personal Data to the United States of America, EMSI and EMS shall only send such Personal Data to third-party sub-contractors that meet the minimum requirements contained under the Privacy Shield, or in the standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC of the European Parliament.

In the event that the Privacy Shield is repealed at any future date, for whatever reason, EMSI and EMS shall only contract with third-party sub-contractors that satisfy the requirements contained in the standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC of the European Parliament and of the Customer.

Data Security

We are committed to ensuring that the information collected about you is secure. We take reasonable measures including administrative, technical and physical processes to protect your information from loss, theft, misuse, unauthorized access, disclosure, alteration and destruction.

All internet communication, when you are logged into your account, is secured using Secure Socket Layer (SSL) technology with high security encryption.

The security can only be effective if you follow security practices including never sharing your account and log in detail with anyone and contacting us immediately if you believe your detail have been exposed.

As transmission of data via the internet in not completely secure, we cannot guarantee the security of the transmission of your information to us. Any transmission is at your risk. Once we receive the data from you, we will apply security procedures and structures to prevent it from unauthorised access.

Cardholder Data Security

EMSI and EMS are responsible for security of cardholder data which is stored, processed and transmitted within our systems. We are authorised under Payment Card Industry Data Security Standard (PCI-DSS).

We are required to maintain all Transactional Data for anti-money laundering purposes for a minimum period of 6 years after the end of our relationship with or customers. In line with this requirement, we maintain certain cardholder information.

Retention Period

We are required by law to retain certain information collected about you for a period of at least six (6) years after the date of termination of your contract with us or the time the last transaction took place.

Your Rights as a Data Subject

At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:

  • Right of access – you have the right to request a copy of the personal data that we hold about you.
  • Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
  • Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records. Your data relating to financial transactions, accounts or cards cannot be deleted due to national law associated with the prevention of fraud, money laundering, counter terrorist financing or misuse of services for crime.
  • Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
  • Right of portability – you have the right to transmit the personal data we hold about you to another organisation without any hindrance from us.
  • Right to object – you have the right to object to certain types of processing such as direct marketing.
  • Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
  • Right to judicial review, in the event that EMSI and EMS refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined below.

If you wish to exercise any of the abovementioned rights, please contact us at dpo@ecomm365.com

You will find a copy of our Data Subject Access Request Form on our website.

Cookies & Web Beacons

We use a number of cookies and web beacons within our website and applications. Cookies are small data files which are placed on your computer, mobile device or any other device as you browse our website or use any of our applications or web-based software. Web beacons are small graphic images or other web programming code which may be included in the website and any of our email messages.

We may use cookies and web beacons for the following purposes: to personalise our services to you; to facilitate the effective operation of our websites and applications; to track website traffic or application usage for statistical purposes and to monitor which pages or features users find useful or not; to identify you upon account login and to assist you when resetting your password; to assist in meeting our regulatory obligations, such as anti-money laundering and anti-fraud obligations, and prevent your account from being hijacked; or to enable us to link to our group companies' websites.

Some cookies may not be related to EMSI and EMS. When you visit a page on our website with content embedded from, for example, YouTube or Facebook, cookies may be stored on your computer from these websites. We do not control the dissemination of such Third Party cookies and you should check this Third Party website for more information about their privacy policy.

The cookies or web beacons will never enable us to access any other information about you on your computer, mobile device or any other device other than the information you choose to share with us.

The cookies or web beacons will never enable us to access any other information about you on your computer, mobile device or any other device other than the information you choose to share with us.

Most web browsers automatically accept cookies but you may modify your browser settings to decline cookies. Rejecting cookies used by our website, mobile application or web-based software may prevent you from utilising them to the full advantage and may stop them from operating properly when you use them.

If you do not consent to our use of the cookies, you must disable the cookies by deleting them or changing your cookie settings on your computer, mobile device or other device or you must stop using the Services. Information on deleting or controlling cookies is available at www.aboutcookies.org.

Linking to Other Websites

If you access links on our website to third party websites which are not owned by EMSI and EMS please be aware that these websites have their own privacy policies. We do not accept any responsibility or liability for these privacy policies. You should check and review these privacy policies before you submit any information about you to these websites.

Governing Law

This Privacy Policy shall be governed by and constructed under and in accordance with English Law

The English language version of this Privacy Policy shall be binding.

Complaints

In the event that you wish to make a complaint about how your personal data is being processed by EMSI and EMS (or third parties as above), or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and EMSI's and EMS's Data Protection Officer by email to dpo@ecomm365.com.