Last updated: 19th May 2025
We know that you care how information about you is used and shared and we appreciate your trust in us to do that carefully and sensibly. This notice describes our privacy policy and forms part of our compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
This Privacy Policy is brought to you by Nexpay Merchant Services Limited. Nexpay Merchant Services Limited believes it is important to protect your personal data and we are committed to giving you a personalised service that meets your needs in a way that also protects your privacy. This policy explains how we may collect personal data about you. It also explains some of the security measures we take to protect your personal data, and tells you certain things we will do and not do.
When we first obtain personal data from you, or when you take a new service or product from us, we will give you the opportunity to tell us if you do or do not want to receive information from us about other services or products. You can normally do this by ticking a box on an application form, contract or by telling your account manager at the point of proceeding to do business with us. You may change your mind at any time by emailing or contacting us at the address below.
Nexpay Merchant Services Limited (registered number 08310633), whose Head Office is at 129 North Hill, Plymouth, Devon, PL4 8JY. Email: [email protected]
We collect personal data:
• Directly from you, for example when you fill out an application form either in paper, electronic format or over the phone with an account manager.
• By observing data trends, for example, from the transactions and operation of your accounts and services.
• From our website and social media; we will often contact you from the details you opt to supply us.
• CRM data and usage data which relates to the details you provide to us to either provide services to you now or at a future date.
• CRM data to identify yourself when you contact us about your services, contracts and how you use those services.
• From other organisations such as credit reference agencies, anti-money laundering, partner banks, our partners, business associates and fraud prevention agencies.
• From organisations to which you have given your consent, for example our partners’ services you wish to be introduced to from time to time.
Data protection law says that we can only use personal data if we have a proper reason to do so. These reasons include fulfilling a contract we have with you, a legal duty, a legitimate interest, or when you consent to its use. When allowed, we process personal data for our legitimate interests provided these do not override your own interests and rights.
We will only ask for personal data necessary to fulfil our services to you. In some cases, additional data such as a business plan may be required if you’re a high-risk merchant.
Entering into and fulfilling a contract includes:
• Processing applications for products and services.
• Delivering products and services.
• Providing information, guidance and support including contract renewals and merchant statements.
• Addressing enquiries or complaints.
Legal obligations include:
• Identity checks for anti-money laundering purposes.
• Conducting assessments of your business.
• Maintaining legally required records.
• Risk identification and management.
Legitimate interests include:
• Understanding and improving our services.
• Developing new products.
• Contacting you with relevant information (with permission).
• Sharing information with introducers.
• System improvement and debt recovery.
• Market research and customer surveys.
• Fraud and crime prevention.
We will retain your personal data for as long as we are required under relevant legislation and regulation, or where no such rules apply, for no longer than necessary for lawful purposes. Typically, this will be no more than seven years. Data may be retained longer if required for legal claims or anonymised for statistical purposes.
We may use service providers, agents, and subcontractors to provide services on our behalf. This may require them to access and process your personal data. From time to time, your personal data may be transferred to countries outside the UK and EEA. In such cases, we ensure data is protected using International Data Transfer Agreements (IDTAs) or similar safeguards.
You have the right to object to how we process your personal data. You can request access, correction, deletion, restriction, portability, and withdrawal of consent. To exercise your rights, contact us by:
• Email: [email protected]
• Post: Data Rights Team, Nexpay, 129 North Hill, Plymouth, Devon, PL4 8JY
• Telephone: 0333 305 2270
You may also contact the Information Commissioner’s Office at https://ico.org.uk or call 0303 123 1113.
We use automated systems to help manage your account and identify improvements to your pricing and services. These decisions do not have legal or similarly significant effects, and you may request human intervention where applicable.
We use credit reference agencies (CRAs) and compliance checks to verify identity, prevent fraud, and support your account. This may include soft credit searches. Further details are available in the Credit Reference Agency Information Notices (CRAINs).
We use your personal data for communications and marketing only with your consent or legitimate interest. You may opt out at any time by emailing [email protected] or using the unsubscribe link in communications.
We use cookies to improve your experience on our website. These may include strictly necessary and performance cookies. More information can be found at www.allaboutcookies.org and www.youronlinechoices.eu. Contact [email protected] for details.
Our website may include links to third-party sites. We do not share your personal data with them and are not responsible for their privacy practices. Please review their policies before providing personal data.
For questions about this Privacy Policy or to request a copy, please contact [email protected]. We may update this policy from time to time. You are responsible for checking the latest version. This policy applies to individual data and not to business or organisational data.
Copyright © 2025 Nexpay Merchant Services Limited
