arrow bars develop b facebook linkedin logo eml-logo mail perfect-incentive plus Group 2 release team

December 2024 - High Call Volumes During Peak Times

We're currently experiencing a high volume of calls, especially between 12 and 2PM

Click here for more support options

Privacy Information Notice.

Perx Privacy Information Notice

Publication Date: 25/10/2024

1. Introduction

The purpose of this PERX Privacy Information Notice is to explain what information we collect about you, how we will use that information, who we will share it with and under what circumstances we will share it. It will also explain what we do to keep your information safe. It should be read alongside the terms and conditions you have for the product or service we are supplying to you.

This Privacy Information Notice together with the Cardholder Agreement, which was either (i) provided to you when you were issued with your gift card or other pre-paid card (“Card”) or (ii) is available online at the website advised to you when you purchased your Card, sets out the basis on which any personal data we collect about you, or that you provide to us, will be used by us, the conditions under which it may be disclosed to others and how it is kept secure.

2. Who is processing your information

Perx Rewards Cards are issued by EML Money Designated Activity Company (company number 423276) (EML Money DAC).

EML Money DAC is a fully owned subsidiary of EML Payments Limited (EML), a leading prepaid services company. EML Money DAC is an Electric Money Institution, authorised and regulated by the Central Bank of Ireland, under reference number C95957.

We are part of EML Group which includes the following entities: Prepaid Financial Services Limited, EML Payments Ltd, Spectre Technologies Limited, EML Payments (EU) Limited, EML Payments Europe Limited, Flex-e-card Limited, and EML Payments AB (together known as "EML Group").

3. The information we collect

Personal data is any information that relates to you. We collect different types of personal data about you depending on the nature of your relationship with us, for example if you are a client or a cardholder, but we will only collect the information that we need to enable us to deliver the product or service we are providing.

The information that we will collect to deliver your Perx Rewards Card may include the following:

  • Name
  • Personal Address
  • Work Address
  • Work Email Address
  • Personal Email Address
  • Mobile Phone Number
  • Your date of birth

4. How we collect your personal data

We collect your personal data either from your Employer or directly from you so that we can deliver our products and services to you.

We will also gather information about our clients from any organisation we use to process our due diligence checks when they are a necessary part of our obligations.

We will also gather information from our interactions with you such as emails, postal correspondence, telephone calls you make to us, your use of our website and your use of our app.

5. How we will use your personal data

We will use the information we hold about you for a number of different reasons but we will always have a “legal basis” to do so. We have detailed our legal bases below.

5.1 Legal Obligation

EML MONEY DAC have legal obligations to process your personal data, as we are a regulated e-money financial institution. We will therefore process your personal data to meet the following obligations and purposes:

  • Provide the services;
  • Fraud prevention;
  • Anti-money laundering (AML);
  • Counter terrorist financing (CTF);
  • Countering misuse or abuse of financial systems or services;
  • Strong customer authentication (3DS)
  • Transition monitoring.
  • Telephone call recording - we also have obligations in relation to Quality Assurance and the way we train our staff, both operations may include the use of your personal data;
  • Responding to law enforcement agencies lawful requests, for the prevention and investigation of crime, and to other government agencies where required.

5.2 Performance of a Contract

Once we have completed our legal due diligence obligations, we will enter into a contract with you to deliver Perx Rewards Cards to your employees.

Your employer will provide us with your information so that we can deliver the Perx Rewards Card to you. You will be provided with Terms and Conditions at that time and these form your contract with us.

We will process your personal data to:

  • Send your Perx Rewards Card to you either by post to your home or work address, by email or by SMS message;
  • Set up and manage your Perx Rewards Card account;
  • Communicate with you regarding your Perx Rewards Card;
  • Enable you to carry out transactions with your Perx Rewards Card;
  • Monitor the transactions you make using your Perx Rewards Card;
  • Store the technical data you use, including you Username and Password when you access your account on our website or the app.

5.3 Legitimate Interest

We may process your personal data where it is in our legitimate interest to do so. Where we do this, we will keep a balance between our interests and your rights and freedoms. Such instances will include:

  • Day to day operations;
  • Internal administration, including reviewing and improving our processes;
  • Management and maintenance of our Information Technology provision, including security testing;
  • Service and Product improvement;
  • Sharing information with third party service providers for operational and business purposes.

5.4 Consent

We may ask for your consent to send you marketing information regarding our products and services. Where we do so, you may withdraw your consent at any time.

  • Where you have appointed a third party to represent you and deal with us on your behalf and we need to share your personal data with them.
  • Where we need to process special categories of data (for example, where you disclose health related data.
  • We may also process your biometric data to verify your identity when you open or operate an account. In such cases we will ask for your explicit consent.

Where we process your personal data on the basis of your consent, you have the right to withdraw your consent at any time (see sections 10 – Your Rights for more details).

6. Keeping your information safe and secure

Once we have received your personal data, we will do our utmost to protect your personal data. We have strictly controlled technical and organisational measures to keep your information safe whilst it is in our possession.

We will:

  • Use strict procedures and security features to prevent unauthorised access;
  • Ensure that the information we hold about you is stored securely;
  • Implement controls to ensure only appropriate, relevant and necessary personnel can access your personal data;
  • Use encryption methods where appropriate.

You will have a username and password to enable you to access your Perx Rewards Card account and you are responsible for keeping your password confidential. We ask you not to share a password with anyone.

Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and security measures and that we do not accept any responsibility or liability for these policies.

7. Who we might share your information with

When we need to share your personal information, we will always take steps to ensure that your privacy rights continue to be protected.

7.1 Our Group companies

We may share your information with other companies within the EML group.

We may share your personal information with a third party as part of a sale of some, or all, of our business or as part of any business restructure or reorganisation.

7.2 To meet our legal obligations

We will share your personal information where:

  • we are legally obliged to do so (under any law or regulation) and/or
  • we are under a duty to comply with any legal obligation as part of our checks to prevent fraud, financial crime, or money laundering. This includes sharing with fraud prevention agencies and other organisations which may use the information to prevent fraud and money laundering.

7.3 Third parties, suppliers and service providers

We will share your personal data with third parties where necessary for business, legal and regulatory purpose and where appropriate for our legitimate interest. This includes with:

  • Trusted third parties who perform services for us such as IT providers;
  • Identity management and verification providers (where applicable);
  • Fraud and anti-money laundering service providers (where applicable)
  • External law firms (where applicable);
  • Payment processors and other providers to enable your transactions to be processed;
  • Statutory, regulatory and law enforcement authorities, as required by law.

When we use third party service providers, we only disclose to them any personal information that is strictly necessary for them to provide their service. We will always ensure that we have a contract in place that requires them to keep your information secure and not to use it other than in accordance with our specific instructions.

Where third parties operate internationally, we will take steps to ensure that any transfer of your personal data outside of the European Economic Area (EEA) is managed carefully in accordance with applicable data protection law. We rely on Standard Contractual Clauses and where necessary, have identified additional supplementary measures and safeguards to ensure your personal data is given an equivalent level of protection as provided for under the General Data Protection Regulations (GDPR).

8. International data transfers

Where we store or transfer personal information outside the EEA or EU, robust procedures and safeguarding measures are applied to secure, encrypt and maintain the integrity of your personal data.

We complete continual reviews of the countries with sufficient adequacy decisions, standard data protection clauses or approved codes of conduct to ensure your personal data is protected.

We carry out due diligence checks with all recipients of your personal data to assess and verify that they have appropriate safeguards in place to protect your information.

We ensure that you have enforceable rights and effective legal remedies.

9. How long do we hold your information

When we collect your personal data, we do not hold on to it for any longer than is necessary.

The length of time we retain your information is determined by a number of factors including the purpose that we collected it for and our obligations for legal, regulatory, fraud prevention and legitimate interest purposes.

In general terms we hold your personal data for 7 years from the end of our relationship with you.

In certain circumstances we may need to retain your information for longer periods where we are requested to do so by regulatory or enforcement agencies.This is to ensure that we are able to produce records as evidence if asked to do so.

10. Your rights in relation to your personal information

You have significant rights on the way we process your personal data and we have significant obligations with regards to your rights.

You have the right to:

  • Find out if we use your information, to access that information and to receive copies of the information we hold about you;
  • Request that we correct and update any inaccurate and incomplete information;
  • Object to particular uses of your personal data when we use it for our legitimate business interests. However, doing so may have an impact on the services and products we provide.
  • Object to use of your personal data for direct marketing purposes. If you object to this use, we will stop using your data for direct marketing purposes.
  • Have your data deleted or its use restricted – this right applies under certain circumstances.
  • Obtain a transferable copy of certain data which can be transferred to another provider – this right applies under certain circumstances.
  • Should we use your consent as our lawful basis for processing your personal data at any time, you have the right to withdraw your consent.
  • Should we make any decisions about you by automated means you have the right to object to us doing so.

We are obliged to respond to you without undue delay. In most instances, we will respond within one calendar month. If we are unable to deal with your request fully within a calendar month (due to the complexity or number of requests you have made), we may extend this period by a further two calendar months. Should this be necessary, we will explain the reasons why to you. If you make your request electronically, we will, where possible, provide the relevant information electronically unless you ask us otherwise.

11. Cookies

Please click here to refer to our Cookie Policy for more information on how we use Cookies.

12. Changes to this Data Privacy Notice

This Data Privacy Notice may be updated from time to time.

If we change the way we use your information we will communicate those changes to you by way of updating this Data Privacy Notice.

13. How to contact us

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to EML’s EU Group Data Protection Officer:

  • By email:EU-DPO@emlpayments.com
  • By post, to 2nd Floor, La Vallee House, Upper Dargle Road, Bray, Co. Wicklow, A98 W2H9, Ireland

14. The Data Protection Commissioner

You may contact the Data Protection Commissioner (DPC) if you are concerned or wish to make a complaint about the way we have processed your personal information. Please visit the DPC’s website at www.dataprotection.ie further details.