This “Privacy Policy” explains how EchoPay Technology Ltd (“Us” or “We”) collects, uses, discloses, and otherwise processes personal data on behalf of our customers – typically, merchants (any, a “Merchant” and “You”) – in connection with our application EchoPay, which runs on the Clover Point of Sale system (“Clover POS”). This Privacy Policy does not apply to Company’s privacy practices in any other context.
We process personal data in connection with our application is governed by this Privacy Policy and our agreements with Merchants. In the event of any conflict between this Privacy Policy and a customer agreement, the customer agreement will control to the extent permitted by applicable law.
This Privacy Policy is not a substitute for any privacy policy that a Merchant may be required to provide to their customers, personnel, or other individuals.
EchoPay Technology Ltd, a limited company registered in England under company number 13176418. Registered address: Thistle House, Felsham, Bury St. Edmunds, Suffolk, United Kingdom, IP30 0PT.
We collect personal information about individuals and customers from the sources listed below:
2.1. Information collected when a merchant’s customer interacts with EchoPay
When you make a payment using the EchoPay custom tender for a Clover Point of Sale system (“Clover POS”), we collect information about the transaction, which may include personal data. Information about transactions includes the status of payment (“Successful” or “Failed”), the date and time of payment, payer name, payment reference, payment amount and currency.
We may collect additional information, depending on how a merchant configures its Clover POS. This information may include an email address or phone number, for example, if you choose to receive an electronic receipt or opt-in to receive marketing information.
2.2. Information collected from a merchant about their customers
Our merchants may provide us with information about their customers. This information may include names, email addresses, and phone numbers to help perform customer assistance on behalf of the merchant.
2.3. Information that we collect about merchants and their personnel
We may collect personal data from the Merchants. Merchants determine the scope of the personal data transferred to us or that we collect, and the information we receive may vary by Merchant. We may collect information from merchants in a variety of contexts, such as when completing one of our online forms, making an application for one of our products or services, interacting with us on social media, or corresponding with us.
2.4. The types of information we obtain include
Contact information of the business entity and its personnel who interact with us: such as name, company name, company number, job title, address, telephone number, and email address.
Financial account information: such as bank account details.
Information about merchants: such as merchant name and merchant ID, and information about transactions processed by the merchant, including transaction volume and amount.
We use the personal data we collect to provide the services and functionality of our application, which includes:
3.1. Providing our products and services
3.2. Development
3.3. Marketing
We may use your personal data to form a view on what products or services we think you may want or need, or what may be of interest to you. We will only contact you if we obtain an accepted agreement to send and receive marketing communications.
You can ask us to stop sending marketing communications at any time by using the contact information below.
3.4. Compliance, fraud prevention and safety
In addition, Company may use personal data as we believe necessary or appropriate to:
We may share personal data that we collect with:
4.1. Clover
The platform on which our application runs, the Clover POS. You may view Clover’s Privacy Notice here.
4.2. Service Providers
With third-party service providers that help us manage and improve the application (such as companies that develop our EchoPay applications and open banking infrastructure providers).
These third parties may use your information only as directed by EchoPy in a manner consistent with this privacy notice and are prohibited from using or disclosing your information for any other purpose.
4.3. Merchants
The Merchant from whom or on whose behalf we collected the personal data - for example, we may share data collected from a customer transaction with the merchant. We are not responsible for the privacy practices of merchants who use our services.
4.4. To comply with laws and law enforcement; protection and safety
We may disclose personal data to government or law enforcement officials or private parties as required by law, and disclose and use such information as we believe necessary or appropriate to:
4.5. Business transfers
We may sell or transfer some or all of its business or assets, including your personal data, in connection with a business transaction (or potential business transaction) such as a merger, consolidation, acquisition, reorganisation or sale of assets or in the event of bankruptcy, in which case we will make reasonable efforts to require the recipient to honour this Privacy Policy.
5.1. Data Subject Rights
To the extent that applicable law provides individuals with rights pertaining to their personal information, such as to review and request changes to their personal information, individuals should contact the Merchant with any requests pertaining to the Merchant’s use of our application.
To the extent that Clover is responsible for responding to data subject rights requests under applicable law, individuals may contact Clover with applicable requests as explained in Clover’s Privacy Notice, https://www.clover.com/privacy-policyWe will assist a Merchant, or Clover, as applicable, in responding to such requests subject to our contract with a Merchant or Clover.
Under certain circumstances, data subjects in Europe and the UK have certain rights relating to their personal data, which include the rights to request from the Controller to
Data subjects may also object to a controller’s processing of personal data under certain circumstances. Where processing is based on a data subject’s consent, the data subject has the right to withdraw consent at any time; however, the withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal. Data subjects may also file a complaint with a supervisory authority. You may view contact information for supervisory authorities at https://edpb.europa.eu/about-edpb/board/members_en
Data subjects in Europe or the UK should direct any rights request to the appropriate Controller.
5.2. Controller
This policy applies where we are acting as a data controller with respect to the personal data of our website visitors, contact forms and service users; in other words, where we determine the purposes and means of the processing of that personal data.
Whilst we receive personal data about merchants' customers in order to facilitate payment on the merchant's behalf this does not determine our role as a controller. The processing of the data is not the target of our service but is simply necessary to carry out our task which is facilitating payments. We do not use any personal data that we receive from a merchant for any other purpose.
Clover is also a controller of personal data in some circumstances. Clover’s Privacy Notice is available at https://www.clover.com/privacy-policy
5.3. Legal Basis for Processing
We process personal data as directed or permitted by the Merchant that uses our application. The Merchant is responsible for establishing a legal basis for our processing of personal data for or on behalf of the Merchant.
5.4. Cross Border Data Transfer
When we transfer personal data outside of Europe (or the UK) to countries not deemed by the European Commission to provide an adequate level of protection for personal data, we make the transfer pursuant to one of the following transfer mechanisms:- A contract approved by the European Commission (sometimes called “Model Clauses” or “Standard Contractual Clauses”);- The recipient’s Binding Corporate Rules;- The consent of the individual to whom the personal data relates; or - Other mechanisms or legal grounds as may be permitted under applicable European law.
You may contact us with questions about our transfer mechanism.
5.5. Data Retention
Subject to our agreement with a Merchant, We retain personal data for as long as necessary to (a) provide our products and services; (b) comply with legal obligations; (c) resolve disputes; and (d) enforce the terms of any agreement we may have with a Merchant. You may contact us for additional information about our data retention practices in connection with the application.
5.6. Complaints
If you have a complaint about our handling of personal data, you may contact us via the contact information provided below.
5.7. Updates
We reserve the right to modify this Privacy Policy at any time. We will notify you of updates by updating the date of this Privacy Policy.
You may contact us with any questions, comments, or complaints, about this Privacy Policy or our privacy practices via:
EchoPay Technology Ltd
Registered office address Thistle House, Felsham, Bury St. Edmunds, Suffolk, United Kingdom, IP30 0PT
Company number 13176418
Need help? Email: support@echopay.co.uk