This Privacy Statement will help you understand what data Tunic Pay collects from you, why we collect it and what we do with it. This policy explains how we store and use your personal information when you use or interact with Tunic Pay, or where we otherwise obtain or collect your personal information. This Privacy Statement applies to all services offered by us, except where otherwise noted.
This statement also explains how we protect any personal data we obtain directly or passively from you or which we obtain indirectly from other sources.
We have done our best to present the information in this policy in clear and plain language, and we have structured it in a way to allow you to quickly find the information that is most important to you.
We reserve the right to change our privacy statement from time to time. We will update the Privacy Statement page content on our website and its last modified date.
This Privacy Statement was last updated on 1st May 2024.
We are committed to keeping your personal data safe and to ensuring the integrity and security of any personal data we may process.
You should read this privacy notice very carefully as it contains important information on the way inwhich we will process your personal data, in particular:
If you have any questions about this Privacy Notice, please contact our Data Champion (contact details below).
Tunic Pay Limited (Tunic Pay or the ‘Firm’) is a company incorporated and registered in England with company number 15259143. The Firm is the controller of your personal data for the purposes of fraud prevention as part of a payment transaction between the Payer (the sending party) and Payee (the recipient party).
We collect personal data about you when you are the Payer or Payee of a payment transaction and to assist Financial Institutions in the prevention of fraud. This data will relate to personal identifiable information such as your name, contact information (telephone number, email address), bank account information (such as sort code, account number) and details relating to your device (such as IP address). We will not process special categories of personal data (sensitive data) such as data revealing your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, or data about your health or conditions.
We may rely on a number of legal basis for collecting and further processing your personal data, which are:
We may also process your personal information to allow us to comply with certain legal obligations to which the Financial Institutions are subject. In particular, the legal obligation to prevent fraud to which the Financial Institution is subject, as per Article 6 (1) (c) of the General Data Protection Regulation (GDPR).
We may use your personal data where such processing is strictly necessary for the data controller to prevent fraud, whilst carefully considering and balancing any potential impact on you and your rights as a data subject under the relevant data protection regulation.
We will always ensure that our legitimate interests will never override your rights and freedoms under the data protection regulation.
We may rely on our legitimate interest to process your personal data for the following purposes:
In addition, we may use legitimate interests to perform statistical and other analysis on the personal data we collect, to help us understand and improve on how you interact with our services.
Please note, you have the right to object to the processing for which we rely on legitimate interest as the legal basis. You can do so by contacting info@tunicpay.com.
As a data subject you can exercise certain rights in relation to the processing of your personal data, under the relevant data protection regulation. These are:
You have the right to confirmation on whether or not we are processing your personal data and, where that is the case, access to that data, including the following information:
We shall provide a copy of the personal data being processed free of charge.
We will respond to your request within one month of your request.
We will advise any other recipients to whom the personal data has been disclosed.
You shall have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you.
Taking into account the purposes of the processing, you shall also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
We will respond to your request within one month of your request.
We will advise any other recipients to whom the personal data has been disclosed.
In some circumstances you have the right to have your personal data erased and no longer processed where:
We will respond to your request within one month of your request.
We will advise any other recipients to whom the personal data has been disclosed.
You have the right to obtain the restriction of processing where one of the following applies:
Where you have obtained restriction of processing you have the right to be informed by us before the restriction of processing is lifted.
We will respond to your request within one month of your request.
We will advise any other recipients to whom the personal data has been disclosed.
You have the right to object, on grounds relating to your particular situation, at anytime to processing of personal data concerning you which is based on our legitimate interest.
You also have the right to object to processing for direct marketing purposes. Where you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
We will respond to your request within one month of your request.
We will advise any other recipients to whom the personal data has been disclosed.
To object to us processing your personal data for direct marketing or other legitimate interest purposes, please email us at info@tunicpay.com
This may take a maximum of 48 hours.
You have the right to receive the personal data concerning you, which you have provided to us and have the right to transmit those data to another controller without hindrance from us to which the personal data have been provided, where:
Where feasibly possible, you also have the right to have the personal data transmitted directly to another controller.
We will respond to your request within one month of your request.
You have the right to lodge a complaint with the Information Commissioner's Office (ICO)
You have the right to be informed of the source of any personal data that are not collected directly from you
Where personal data are transferred to a third country (outside of the EU) or to an international organisation, you shall have the right to be informed of the appropriate safeguards relating to the transfer.
We will only process your personal data where we have a legal basis to do so. We may use your data to improve or maintain the services we offer to you. We will never share your data with any other third party, other than the category of data providers detailed below, nor use your data for any other purpose, unless we firstly gain your explicit consent to do so.
You have the right to restrict the processing of your personal data (see above).
As part of our commitment to providing efficient and personalised services, Tunic Pay will utilise profiling and automated decision-making processes to analyse and assess certain aspects of your personal data. Profiling involves the automated processing of personal data to evaluate and predict certain characteristics, behaviours, preferences, or risks associated with an individual. This enables us to protect Financial Institutions and consumers from the risk of fraudulent transactions.
Automated decision-making refers to the use of algorithms, computer programs, or systems to make decisions. Where a payment transaction is being denied on the basis of any automated decision-making, the Financial Institution in question will be the ultimate decision-maker and Tunic Pay will not be responsible for any final decision being made.
It's important to note that we strive to ensure that our profiling and automated decision-making processes are fair, transparent, and accountable. We implement appropriate safeguards and measures to protect your rights and interests, including the right to obtain human intervention, express your views, and challenge automated decisions.
You have the right to be informed about the logic involved in our profiling and automated decision-making processes, as well as the potential consequences of these decisions. If you have any concerns or objections regarding the use of profiling or automated decision-making, please contact Tunic Pay’s Data Champion to discuss your concerns and exercise your rights under the GDPR (please see contact details below).
We share your data with approved third-party providers that have adequate data protection measures in place that align with the requirements of the data protection regulation, such as third party data providers and vendors. These include identity verification providers, fraud prevention providers, data aggregators, telecommunications data providers and open banking providers. Further details will be provided on request.
We will only keep personal data for as long as necessary for the purposes for which it was gained and only where we continue to have a legal basis for doing so. We will review the personal data we hold in line with our retention policy, to check for accuracy and relevancy and to ensure we continue to have a legal basis for processing. If the personal data is no longer necessary, or where we no longer have the legal basis for processing we will delete or fully anonymise the data we hold on you, in line with our Data Protection Policy. If your data becomes inaccurate, we will update it accordingly.
We are committed to transparency, ensuring that your privacy is protected and that your data is used and retained fairly, transparently and in compliance with the data protection regulation. We will make sure that we have appropriate technical and organisational measures in place to keep your personal data secure and to protect against accidental or unlawful destruction, loss alteration, disclosure or access. We will provide a level of security appropriate to the risk presented by the nature of the processing we do.
This privacy statement details the standards that we will apply when processing your personal information. In return, it is important that you help keep your information, accurate, reliable and up-to-date. Any changes to your personal data, such as a new address can be notified to the Data Champion as detailed in the section below.
Our Data Champion contact details are:
Mr Robin N Barawid
Fourth Floor, 1 Earlham Street, London, WC2H 9LL
nico@tunicpay.com
+1 786 449 4141
If you have any queries or request concerning this privacy notice or your personal information or how we process it, please contact us via the Data Champion as detailed above.
We will be more than happy to help should you have any complaints about the processing of your personal data. You have the right to lodge a complaint with the Supervisory Authority, the Information Commissioner Officer (ICO), who are the national authority responsible for the protection of personal data.
A complaint can be made to the ICO via their website or through their helpline (0303 123 1113).