Alternative Payments Ltd (Company number 07959933), also known as Judopay, a company incorporated in England and Wales and having its registered office at Rise London, 41 Luke Street, London, EC2A 4DP, United Kingdom (“Judo”, “Judopay”, “Us” or “We”) are committed to protecting your information and respecting your privacy.
This Privacy and Cookies Policy together with the Master Service Agreement (the “Agreement”) set out the basis on which any personal data we collect from you, or which you provide to us, through our website www.judopay.com (“Website”) or in connection with your Judo Account and Judo Services will be processed by us. In the context of the law and this notice, “process” means collect, store, transfer or use or otherwise act on information. You accept the terms of this Privacy and Cookies Policy when you sign up for or use our products, services or any other features, technologies or functionalities offered by us on our website, application or through any other means (collectively the “Services"). Additionally, this Privacy and Cookies Policy may change from time to time and your use of the Services indicates your acceptance to the current version of the Privacy and Cookies Policy. Please read this Privacy and Cookies Policy carefully to understand our practices regarding your personal data, how we use it and how we will treat it.
Our policy complies with UK law accordingly implemented, including that required by the EU General Data Protection Regulation (GDPR). We take seriously the protection of your privacy and confidentiality: we understand that our customers are entitled to know that their personal data will not be used for any purpose unintended or unexpected by them.
What information do we collect from you?
Judo provides a service to make the Merchant’s payments easier and safer. To do this, Judo may process personal and other data about the Merchant, Cardholders and the Merchant’s use of the Service ("Data"). Judo processes Personal Data (as defined in the UK Data Protection Act 1998 (as amended or replaced from time to time)) (the “DPA”) in accordance with, and to the extent applicable, the provisions of the DPA and GDPR.
The Merchant consents to the following categories of Transaction Data being processed by Judo:
- Basic Data, such as name, address, email address and telephone number;
- Other Data submitted by the Merchant, such as logins, personal identity number or company registration no., bank account numbers, other bank information, and all other data submitted to Judo websites and/or Software and/or by other means submitted to Judo;
- Data relating to Transactions carried out through the Service, such as amounts, description of the Transactions, number of items, unit price for the commodity, any discounts, GPS position at the time of the Transaction, details of the hardware used on the Transaction date and other technical data associated with the Transaction. Examples of technical data but not limited to being processed are the device model, operating system version, IP address or other unique identifier of a computer, mobile phone or other device used to use the Service. When logging on to the Website or the Software, data is also processed regarding the Merchant's navigation on the Website or the Software, data regarding browsers and operating systems, and data regarding time spent and activities performed on the Website or the Software. In cases where the Merchant contacts Judo, by mail, email, telephone or otherwise, Judo will also process data related to the content and purpose of the contact with Judo;
- Information that you provide to us through communication or feedback whilst you or your organisation uses the Services;
- Information from outside sources such as credit bureau, customer service providers, our partners and third party organizations to fulfil our legal obligations and prevent fraud and money laundering;
- Details of your visits to our Website or Mobile Applications including but not limited to your IP address, log-in times, operating system, location data and other communication data.
Why do we collect this information?
Where we process your information, we do after having given careful consideration to:
- Whether the same objective could be achieved through other means;
- Whether processing (or not processing) might cause you harm;
- Whether you would expect us to process your data, and whether you would, in the round, consider it reasonable to do so.
For example, we may use the information held about you for the purpose of:
- Assessing applications for Services, managing your account and updating your records;
- Carrying out your instructions to receive payments;
- Processing customer service enquiries or complaints and improving internal customer training;
- Performing statistical analysis, market research, or marketing services;
- Developing and improving our products, services, and website content;
- Allowing you to participate in interactive features of the Website and the Mobile Application;
- Identifying, preventing or tackling fraud, money laundering and other crime and enhancing the security of our service.
We may share your information with third parties in relation to the above activities where we use them to process information and provide services on our behalf. We carefully select our third party’ relationships and your information will be protected, in accordance with the applicable data protection legislation, and by strict confidentiality obligations which all members of our staff and that of third parties are subject to.
What do we do with your information?
Where is my data stored?
The data that we collect from you may be transferred to, and stored at, destinations outside the European Economic Area (“EEA”), some of which do not have data protection laws equivalent to those in force in the EEA, for the reasons set out below:
- Where our group companies store or process your data in accordance with our internal operational requirements and procedures in order to administer the services you require or in connection with anti-fraud measures.
- Where you have consented to receive marketing material from our group companies.
- Where our anti-fraud agencies, credit reference agencies and other service providers are based outside the EEA and require access to your data to perform their obligations to us and provide services to you.
- If you have been referred to us by a third party and that third party is entitled to a commission payment.
We have taken and will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy and Cookies Policy no matter where it is located.
For your security
We give the greatest priority to compliance with UK data protection, EU General Data Protection Regulation (GDPR) and other privacy laws to which we are subject to and are committed to ensuring that your information is secure. To prevent unauthorized access or disclosure of information we have physical, electronic and managerial procedures in place to keep your information secure. Once logged into your Judo Account, all internet communication is secured using Transport Layer Security (TLS) technology with the best encryption ciphers available.
However, this high level of protection can only be effective if you follow certain security practices yourself. You must never share your Judo Account or login details with anyone. If you are concerned that your details have been compromised, you should contact customer service immediately. Details of how to contact customer service are available from the “Contact” section of the Website.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site. Any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
How long do we keep hold of your information?
Judo stores Transactional Data for the period which is the longer of (i) seven years from the end of the calendar year when the consent to processing was granted by the Merchant, (ii) seven years from the end of the calendar year during which the last Transaction was carried out using the Service, or (iii) seven years from the end of the calendar year when the Merchant last logged into the Merchant’s Account through the Website or the Software.
- To provide you with the Service you requested;
- To comply with the law, including for the period demanded by our tax authorities and the Card Scheme Rules;
- To support a claim or defence in court.
Who might we share your information with?
We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries. This may be necessary in order to, among other things, fulfil your request, process your payment details, provide better services, provide support services, monitor fraudulent activities and for our business purposes. The disclosure may entail a transfer outside the EEA as mentioned above in this Privacy and Cookies Policy.
Fraud and credit reference agencies (CRAs)
When you open a Judo Account, at intervals of up to every 3 months and at any other time we feel is necessary to do so to protect our financial interests and prevent money laundering or fraud we will share information about you and your Judo Account, financial history and transactions as part of our normal business operations with our banks, payment facilitator partners, credit/debit card processing services, identity verification service providers and credit reference agencies. We can provide you with a list of the credit reference agencies we use upon your written request to the email address set out in the Contact Us section below.
If we believe our financial interests are at risk, we may conduct a credit check of the director, partner, or member that signs the agreement on behalf of the organisation. The CRAs will record details of the search which will form part of your credit history and may be seen by other lenders. This will leave a footprint on the credit file of the main applicant and the business. The CRA supply us with public and shared credit and fraud prevention information and information on all applications will be sent to CRAs and recorded by them. CRAs may create a record of the name and address of your business and its proprietors if there is not one already. If you are a director, we will seek confirmation from CRAs that the residential address that you provide is the same as that shown on the restricted register of directors’ usual addresses at Companies House. We reserve the right to credit search you further, at our discretion, over a period of 12 months from the date of the initial credit search to manage your account with us.
To prevent crime, money laundering and to recover debt, we may exchange information with fraud prevention agencies (FPAs), debt recovery agencies and other organizations including other financial institutions. If false or inaccurate information is identified, details will be passed on to fraud prevention agencies and other organisations involved in crime and fraud prevention.
Transactional Data may be disclosed to Judo’s suppliers, Judo’s Acquirer and/or Card Schemes, to the authorities and to other banks and financial institutions to the extent necessary to enable Transactions to be carried out, handled or examined.
If you grant an application access to your Judo Account, we will share your transaction history and account information at the most granular level with the entity who you grant access to. You can block access to your Judo Account at any time by contacting Judo.
With your permission we may use your personal details to give you information about products and services available from ourselves and other members of our group company, which may be of interest to you. If personal information is passed on, it is only such information as would allow them to contact you, by telephone, email, post, mobile messaging and other means.
You may instruct us not to process your personal data for marketing purposes by email to the following address at any time: Help@Judopay.com.
We will not share your information with third parties accept where outlined in this Privacy and Cookies Policy. If we intend to use your data for any marketing purposes outside of this policy, we will inform you and you will have the right to prevent this by “opting out” through check boxes.
We may also disclose your personal information to:
- Any person working for Judo or applicable acquirers;
- Any organisation which helps us to provide any of our products or services to you;
- Anyone you authorise us to give information about you to;
- A prospective buyer of our business or portion of our business or a buyer of a substantial number of the shares in our business
- Where required by law or by the rules and regulations of the Card Schemes
- Regulatory authorities, in the course of actual or prospective legal proceedings or to governmental authorities, as reasonably required or requested.
How can I access the information you hold about me?
- At any time you may review or update the information we hold about you by signing on your Judo Account or by contacting us.
- To obtain a copy of any information that is not provided on our website you may send us a request at Help@Judopay.com.
- After receiving the request, we will tell you when we expect to provide you the information, and whether we require any fee for providing it to you.
How you can withdraw your information
If you wish us to remove your information from our records you can contact us at Help@Judopay.com but this may limit the Service we provide you.
How we communicate with you?
We may contact you by email to the primary email address registered with your Judo Account or by telephone to the primary mobile number registered with your Judo Account.
You may also receive system-generated transactional emails, SMS’ or phone calls such as confirmation of uploads, notification of receipt of payment, notification of password changes etc. which are necessary for the proper operation and administration of your Judo Account.
WE WILL NEVER SEND EMAILS ASKING YOU PERSONAL DETAILS SUCH AS CREDIT CARD NUMBERS, USER NAMES AND PASSWORDS. OUR STAFF WILL NEVER ASK YOU FOR YOUR PASSWORD.
If you do receive such an email or are asked for your password by anyone claiming to work for us, please forward the email or report the incident by email by contacting customer service.
IP addresses and cookies
When using our Website or mobile applications we may collect information about your computer and about your visits. We may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer or mobile device. By using our Website or mobile application, you accept we may collect and use this information as outlined below.
What is a cookie?
A cookie is a small data file which contains information that is transferred to the hard drive of the device from which you access our site. For more comprehensive information about how cookies work, see http://www.allaboutcookies.org. Cookies are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
Types of cookies and consent
In summary, we use the following types of cookies:
- Cookies which are essential for our site to operate, such as those which identify you so you can log into your Judo Account. These cookies will always be activated.
- Cookies which are necessary to assist in meeting our regulatory compliance obligations, such as anti-money laundering and anti-fraud obligations, and prevent your Judo Account from being hijacked. These cookies will always be activated.
- Cookies that help us to improve our site and to deliver a better and more personalised service to you.
- Cookies that enable us to link to our group companies’ websites.
- Some cookies are not related to us or our group companies. When you visit a page with content embedded from, for example, YouTube or Twitter, you may be presented with cookies from these websites. We do not control the dissemination of these cookies: you should check the third party websites for more information about these cookies.
Changes to this Privacy and Cookies Policy
We may update this Privacy and Cookies Policy from time to time by posting a new version on our website and the revised policy will be immediately effective. You should check this page from time to time to ensure you are happy with any changes made, indicated by your continued use of the Services or the further provision of your personal information.
Questions, comments and requests regarding this Privacy and Cookies Policy are welcomed and should be addressed to firstname.lastname@example.org.
Post: Data Protection Officer, Alternative Payments Limited, Rise London, 41 Luke Street, London, EC2A 4DP, United Kingdom.