Who are we?
eCOMM Merchant Solutions Ireland Limited (EMSI) is a fast-growing technology company and e-money payments institution with offices in Ireland, the UK and Malta. EMSI is an approved agent of Prepaid Financial Services Limited (PFS). PFS is authorised and regulated by the Financial Conduct Authority in the UK, as an electronic money institution, under reference number 900036. We are a one stop payment gateway and acquirer for merchants who require Point of Sale (POS), eCommerce and Mail Order/Telephone Order (MOTO) capability for Visa & Mastercard.
It is important that you know exactly what we do with the personal information you and others make available to us, why we collect it and what it means for you. This document outlines the EMSI approach to Data Privacy to fulfil our obligations under the EU General Data Protection Regulation (GDPR) 2018 of 25th May 2018. We also welcome it as an opportunity to reassure you of the importance we place on keeping your personal data secure, and of the strict guidelines we apply to its use.
The personal data we would like to collect from you is:
- First Name and Surname with title
- Date of birth
- Proof of address documents
- ID Documents
- Other personal information such as telephone recordings; security questions, user ID
- Bank Account details
- Telephone number
- Transactional information
- CCTV footage where you visit our offices
The personal data we collect will be used for the following purposes:
- Providing Point of Sale, eCommerce and or mail order/telephone order services to you as per our contractual obligations
- Providing e-wallet services to you
- Providing IBAN Account services to you
- Processing your account information
- To comply with our legal obligations for the prevention of fraud, money laundering, counter terrorist financing or misuse of services
- Verifying your identity
- Contacting you regarding our service to you
- Where requested by law enforcement for investigation of crime
Our legal basis for processing the personal data:
- receipt of your consent
- performance of a contract where you are a party;
- legal obligations that eCOMM is required to meet;
- national law
Any legitimate interests pursued by us, or third parties we use, are as follows:
- the prevention of fraud, money laundering, counter terrorist financing or misuse of services
By consenting to this privacy notice you are giving us permission to process your personal data specifically for the purposes identified above. Consent is required for EMSI to process personal data, but it must be explicitly given. Where we are asking you for sensitive personal data we will always tell you why and how the information will be used.
Consent for Children Under 16
If you are giving consent on behalf of a child under 16 then please be aware that Children need specific protection with regard to their personal data, as they may be less aware of the risks, consequences and safeguards concerned, and also of their rights in relation to the processing of personal data for the purposes of using these services. By consenting to this privacy notice on behalf of a minor you are giving permission for their data to be used for the purposes described above.
Withdrawal of Consent Conditions
You may withdraw consent from direct marketing at any time by contacting our Data Protection Officer. Please note, where you have consented to your data being used for carrying out financial transactions, then the right to withdraw consent does not exist. As a payment service provider, EMSI is obliged to retain data concerning financial transactions for 6 years in accordance with national law for the purpose of preventing, detecting and investigating, possible money laundering or terrorist financing.
EMSI will only pass on your personal data to third parties, including internationally, once we have obtained your consent. Some of our service providers, like payment processors, risk management solutions and suppliers are based outside of the EEA. Where we authorise the processing or transfer of your personal information outside of the EEA, we require your personal information to be protected to data protection standards and we ensure that there are adequate safeguards in place for data protection. The GDPR prohibits transfers of personal data outside the European Economic Area to a third country that does not have adequate data protection. Where transfer occurs outside the EEA the following mechanisms are in place with the third parties:
- Data Protection clauses in our contracts and agreements with third-parties
- EU-US Privacy Shield
- Personal Information Protection and Electronic Documents Act (PIPEDA)
EMSI will process personal data for the duration of the contract for services and will store the personal data for 6 years after that date of termination of the contract.
Your Rights as a Data Subject
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
- Right of access – you have the right to request a copy of the information that we hold about you.
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records. Your data relating to financial transactions, accounts or cards cannot be deleted due to national law associated with the prevention of fraud, money laundering, counter terrorist financing or misuse of services for crime.
- Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
- Right of portability – you have the right to have the data we hold about you transferred to another organisation.
- Right to object – you have the right to object to certain types of processing such as direct marketing.
- Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
- Right to judicial review, in the event that EMSI refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined below.
All of the above requests will be forwarded on should there be a third party involved in the processing of your personal data. You will find a copy of our Data Subject Access Request Form on our website.
In the event that you wish to make a complaint about how your personal data is being processed by EMSI (or third parties as above), or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and EMSI’s Data Protection Officer by email to DPO@ecomm365.com
Data Protection Officer
eCOMM Merchant Solutions Limited
IDA Business & Technology Park
If you are unhappy with our response or if you need any advice you should contact the Information Commissioner’s Office (ICO).
Data Protection Commissioner
Telephone: +353 (0)57 868 4800
Further information can be found in our Cookies Policy on our website.
You can also review our GDPR statement here.