Privacy & Cookie Policy

Owner And Data Controller

Nationwide Payments (the Company) take your privacy seriously. This Privacy Policy describes who we are and how and why we collect, store, use and share your personal data in accordance with the Data Protection Legislation. It also explains your rights in relation to your personal data and how to contact us or supervisory authorities in the event you have enquiries. 

We collect, use and are responsible for certain personal data about you, which we process prior to, during and after your business relationship with us. This Privacy Policy is relevant to anyone who uses or makes enquiries about our services, as well as website users. If you have signed an agreement with us, such as a Merchant Service Agreement, Epos systems, and telecoms supply for businesses. The agreement shall prevail and, as set out in the Data Protection Legislation, this notice shall be used for information purposes only. 

We are subject to the UK General Data Protection Regulation (UK GDPR). We are also subject to the EU General  Data Protection Regulation (EU GDPR) in relation to goods and services we offer to individuals and our wider  operations in the European Economic Area (EEA). 

In this notice Nationwide Payments means:-

Nationwide Payments Limited,

Company Registration Number: 13447979

Registered Address: Unit 8 The Courtyard Goldsmith Way, Eliot Business Park, Nuneaton, Warwickshire, CV10 7RJ.

The Company is the “Controller”, as defined in the UK GDPR. This means that we are responsible for deciding  how we hold and use Personal Data about you. We are required under the Data Protection Legislation to notify  you of the information contained in this privacy notice. 

We have appointed a Data Protection Officer (DPO) to oversee compliance with our data protection obligations. You can contact the DPO if you would like to make some enquiries on how we process your personal data or related matters their email address is: dean.ohara@nationwide-payments.co.uk

Alternatively write or telephone:-

Nationwide Payments, 19 Ptarmigan Place, Attleborough Fields Industrial Estate, Nuneaton, CV11 6RX

☎ 024 7632 8995

Key terms

Data Protection Legislation refers to any of the following legislation:-

• Data Protection Act 2018
• (EU) General Data Protection Regulation (GDPR)
• UK General Data Protection Regulation (UK GDPR)
• Privacy and Electronic Communications Regulations 2003 (PECR)

We are – Nationwide Payments Limited,

Our data protection officer: dean.ohara@nationwide-payments.co.uk

Personal data means any information relating to an identified or identifiable individual.

Special category personal data means:-

• Personal data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership
• Genetic and biometric data (when processed to uniquely identify an individual)
• Data concerning health, sex life or sexual orientation

Data subject means the individual whose personal data is processed by a Controller or Processor

The personal data we collect about you depends on the particular products and services we offer you. We may collect and use the following personal data about you:-

• your name and contact information, including email address, telephone number and company details
• information to check and verify your identity, e.g. your date of birth
• your gender, if you choose to give this to us
• location data
• your billing information, transaction and payment card information
• your professional online presence, e.g. LinkedIn profile
• your contact history
• upon your express consent, information to enable us to undertake credit or other financial checks on you
• information on how you use our website, IT, communication and other systems

We collect and use this personal data for the purposes described in the section ‘How and why we use your personal data’ below. If you do not provide personal data we ask for, it may delay or prevent us from providing products and services to you.

How your personal data is collected

We collect most of this personal data directly from you—in person, by telephone, text or email and/or via our website and apps. However, we may also collect information:

• from publicly accessible sources, e.g. Companies House
• directly from a third party, e.g.: credit reference agencies; customer due diligence providers;
• from a third party with your consent, e.g. your bank or building society;
• from cookies on our website—for more information on our use of cookies, please see our cookie policy
• via our IT systems, e.g. details entered by customers on our website

How and why we use your personal data. Under the Data Protection Legislation, we can only use your personal data if we have a proper reason, e.g.:

• where you have given consent;
• to comply with our legal and regulatory obligations;
• for the performance of a contract with you or to take steps at your request before entering into a contract; or
• for our legitimate interests or those of a third party.

A legitimate interest is when we have a business or commercial reason to use your personal data, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own.

What we use your personal data for and why:-

Providing products and services to you
To perform our contract with you or to take steps at your request before entering into a contract. These companies include Elavon, DNA Payments Group, Epos Now, Daisy Telecoms, BT.

Preventing and detecting fraud against you or us
To meet our regulatory and legal obligations and to meet our legitimate interest, i.e. to minimise fraud that could be damaging for you and/or us.

Conducting checks to identify our customers and verify their identity; screening for financial and other sanctions or embargoes; other activities necessary to comply with professional, legal and regulatory obligations
To comply with our legal and regulatory obligations.

Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies
To comply with our legal and regulatory obligations.

Ensuring business policies are adhered to, e.g. policies covering security and internet use
For our legitimate interests, i.e. to make sure we are following our own internal procedures so we can deliver the best service to you.

Operational reasons, such as improving efficiency, training and quality control
For our legitimate interests, i.e. to be as efficient as we can so we can deliver the best service to you at the best price.

Ensuring the confidentiality of commercially sensitive information
Depending on the circumstances:

• For our legitimate interests, i.e. to protect trade secrets and other commercially valuable information.

• To comply with our legal and regulatory obligations.

Statistical analysis to help us manage our business
For our legitimate interests, i.e. to be as efficient as we can so we can deliver the best service to you at the best price.

Preventing unauthorised access and modifications to systems
Depending on the circumstances:

• For our legitimate interests, i.e. to prevent and detect criminal activity that could be damaging for you and/or us.

• To comply with our legal and regulatory obligations.

Protecting the security of systems and data used to provide the goods and services
To comply with our legal and regulatory obligations.
We may also use your personal data to ensure the security of systems and data to a standard that goes beyond our legal obligations. In those cases, our reasons are for our legitimate interests, i.e. to protect systems and data and to prevent and detect criminal activity that could be damaging for you and/or us.

Updating customer records
Depending on the circumstances:

• To perform our contract with you or to take steps at your request before entering a contract.

• To comply with our legal and regulatory obligations.

• Making sure that we can keep in touch with our customers about existing orders and new products.

Statutory returns
To comply with our legal and regulatory obligations.

Ensuring safe working practices, staff administration and assessments
Depending on the circumstances:

• To comply with our legal and regulatory obligations.

• For our legitimate interests, e.g. to make sure we are following our own internal procedures and working efficiently so we can deliver the best service to you.

Marketing our services and those of selected third parties
For our legitimate interests, i.e. to promote our business to existing and former customers in compliance with the requirements of the Privacy and Electronic Communications Regulations (PECR).

Credit reference checks via external credit reference agencies
To meet our legal obligations and to reduce the risks to our business.

Locations of Data Storage

Personal data may be held at our offices and those of our group companies, on our Microsoft Azure storage in  the UK South region, third party agencies, service providers, representatives and agents as described above. 

Some of these third parties may be based outside the UK/EEA. For more information, including on how we  safeguard your personal data when this happens, see below: ‘Transferring your personal data out of the UK and EEA’. 

We will not keep your personal data for longer than we need it for the purpose for which it is used. Different  retention periods apply for different types of personal data. Some of our retention periods are stated below but  you may also contact us for a copy of our Data Retention Schedule.

If you no longer have an account with us or we are no longer providing products and services to you, we will delete or anonymise your account data after six years. 

Following the end of the of the relevant retention period, we will permanently delete or anonymise your personal data. 

Transferring your personal data out of the UK and EEA 

The UK and EEA and other, third countries, have differing data protection laws, some of which may provide lower levels of protection of privacy. It is sometimes necessary for us to transfer your personal data to organisations based in countries outside the UK and EEA. In those cases we will comply with applicable UK and EEA laws designed to ensure the privacy of your personal data.

Your Rights

You have the following rights, which you can exercise free of charge:-

How to make enquiries about your personal data and how we use it, or to complain.

Please contact us if you have any queries or concerns about our use of your personal data, see above for our contact details. We hope we will be able to resolve any issues you may have.

You also have the right to lodge a complaint with:

The Information Commissioner

The Information Commissioner may be contacted using the details at https://ico.org.uk/make-a-complaint or by telephone: 0303 123 1113.

Changes to this privacy policy 

This privacy notice was last updated on 28th November 2024. 

We may change this privacy notice from time to time—when we do we will inform you via our website. 

Cookies Policy

The Internet pages of this website likely use cookies by default. Cookies are text files that are stored in a computer system via an Internet browser. Many Internet sites and servers use cookies. Many cookies contain a cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a character string through which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. A specific Internet browser can be recognised and identified using the unique cookie ID. Through the use of cookies, we can provide the users of this website with more user-friendly services that would not be easily possible without the cookie setting – something that has become a standard practice with websites for many years. By means of a cookie, the information and offers on our website can be optimised with the user in mind.

The purpose of this recognition is to make it easier for users to utilise our website. The website user that uses cookies, e.g. does not have to enter access data each time the website is accessed, because this is taken over by the website, and the cookie is thus stored on the user’s computer system. Another example is the cookie of a shopping cart in an online shop. The online store remembers the articles that a customer has placed in the virtual shopping cart via a cookie. The data subject may, at any time, prevent the setting of cookies through our website by means of a corresponding setting of the Internet browser used, and may thus permanently deny the setting of cookies. Furthermore, already set cookies may be deleted at any time via an Internet browser or other software programs. This is possible in all popular Internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be entirely usable. Please refer to your browsers own settings and documentation, or search online for latest information on how to do this.

It is possible to remove any cookies that have already been set by changing your browser settings. Please see some quick links to the most popular browsers. (A quick search should reveal the actions needed if you are using a different browser.) Internet Explorer: https://www.wikihow.com/Delete-Browsing-History-in-Internet-Explorer  Firefox: https://www.wikihow.com/Clear-Cookies-in-Firefox  Chrome: https://www.wikihow.com/Delete-Cookies-in-Google-Chrome  Safari: https://www.wikihow.com/Delete-Cookies-on-a-Mac  

You can also set privacy and cookie levels within the browser settings.