Privacy Information Notice
PERX – Privacy Information Notice
Publication Date: 20/09/2023
2 Who is processing your information.
3 The information we collect.
4 How we collect your personal data.
5 How we will use your personal data.
5.1 Legal Obligation.
5.2 Performance of a Contract.
5.3 Legitimate Interest.
6 Keeping your information safe and secure.
7 Who we might share your information with.
7.1 Our Group companies.
7.2 To meet our legal obligations.
7.3 Third parties suppliers and service providers.
8 International data transfers.
9 How long do we hold your information.
10 Your rights in relation to your personal information.
12 Changes to this Data Privacy Notice.
13 How to contact us.
14 The Data Protection Commissioner.
This Data Privacy Notice explains what information we collect about you, how we will use that information, who we will share it with and under what circumstances we will share it. It will also explain what we do to keep your information safe. It should be read alongside the terms and conditions you have for the product or service we are supplying to you.
2. Who is processing your information
Perx Rewards Cards are issued by EML Money Designated Activity Company (company number 423276) (EML Money DAC).
We are part of EML Payment Solutions Limited as are the following organisations (1) Prepaid Financial Services (Ireland) Limited ("PFSIL"), (2) Prepaid Financial Services Limited ("PFS UK"), (3) PFS Card Services Ireland Limited ("PCSIL"), (4) PFS Spain SL, (5) Spectre Technologies Limited, (6) EML Payments (EU) Limited, (7) EML Payments Europe Limited, (8) Flex-e-card Limited and (9) EML Payments AB (together known as "EML").
3. The information we collect
Personal data is any information that relates to you. It includes but is not limited to your name, address, email address, telephone numbers, date of birth, contracts you hold with us, card numbers we provide you with and details of the transaction you carry out.
We collect different types of personal data about you depending on the nature of your relationship with us, for example if you are a client or a cardholder, but we will only collect the information that we need to enable us to deliver the product or service we are providing.
The information that we will collect to deliver your Perx Rewards Card may include the following:
- Personal Address
- Work Address
- Work Email Address
- Work Email Address
- Mobile Phone Number
- Your date of birth
4. How we collect your personal data
We collect your personal data either from your Employer or directly from you so that we can deliver our products and services to you.
We will also gather information about our clients from any organisation we use to process our due diligence checks when they are a necessary part of our obligations.
We will also gather information from our interactions with you such as emails, postal correspondence, telephone calls you make to us, your use of our website and your use of our app.
5. How we will use your personal data
We will use the information we hold about you for a number of different reasons but we will always have a “legal basis” to do so. We have detailed our legal bases below.
5.1 Legal Obligation
Perx Rewards Cards are a regulated financial product. EML Money DAC is legally required to obtain and hold certain information about the organisations it enters into contract with. This information is used to satisfy EML Money DAC’s regulatory obligations under “Know Your Business” (KYB) requirements. If you are ordering cards from us for your employees we will need the following information about the Company and its representatives to complete an Order:
- The legal name of the Company and the Company registration number
- the names and dates of birth of directors;
- the names and dates of birth of any natural person(s) who exercises executive control over the daily or regular affairs of the Company
This information may need to be supported by documentary evidence (e.g. Passport or Driving Licence) should we need to carry out enhanced due diligence.
We have legal obligations to monitor the transactions that our customers carry out on their Perx Rewards Card to comply with Anti-Money Laundering and Counter Terrorist Funding legislation.
As a financial institution we have a legal obligation to record all telephone calls you make to us. We also have obligations in relation to Quality Assurance and the way we train our staff, both operations may include the use of your personal data.
5.2 Performance of a Contract
Once we have completed our legal obligations we will enter into an agreement with an organisation to deliver Perx Rewards Cards to its employees.
Your employer will provide us with your information so that we can deliver the Perx Rewards Card to you. You will be provided with Terms and Conditions at that time and these form your contract with us.
We will process your personal data to:
- Send your Perx Rewards Card to you either by post to your home or work address, by email or by SMS message;
- Set up and manage your Perx Rewards Card account;
- Communicate with you regarding your Perx Rewards Card;
- Enable you to carry out transactions with your Perx Rewards Card;
- Monitor the transactions you make using your Perx Rewards Card;
- Store the technical data you use, including you Username and Password when you access your account on our website or the app.
5.3 Legitimate Interest
We may process your personal data where it is in our legitimate interest to do so. Where we do this, we will keep a balance between our interests and your rights and freedoms. Such instances will include:
- Day to day operations;
- Internal administration, including reviewing and improving our processes;
- Management and maintenance of our Information Technology provision, including security testing;
- Service and Product improvement;
- Sharing information with third party service providers for operational and business purposes.
- Providing you with updates to our products and services.
- Sending you marketing messages.
6. Keeping your information safe and secure
Once we have received your personal data we will do our utmost to protect your personal data. We have strictly controlled technical and organisational measures to keep your information safe whilst it is in our possession.
- Use strict procedures and security features to prevent unauthorised access;
- Ensure that the information we hold about you is stored securely;
- Implement controls to ensure only appropriate, relevant and necessary personnel can access your personal data;
- Use encryption methods where appropriate.
You will have a username and password to enable you to access your Perx Rewards Card account and you are responsible for keeping your password confidential. We ask you not to share a password with anyone.
Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and security measures and that we do not accept any responsibility or liability for these policies.
7. Who we might share your information with
When we need to share your personal information, we will always take steps to ensure that your privacy rights continue to be protected.
7.1 Our Group companies
We may share your information with other companies within the EML group.
We may share your personal information with a third party as part of a sale of some, or all, of our business or as part of any business restructure or reorganisation.
7.2 To meet our legal obligations
We will share your personal information where:
- we are legally obliged to do so (under any law or regulation) and/or
- we are under a duty to comply with any legal obligation as part of our checks to prevent fraud, financial crime, or money laundering. This includes sharing with fraud prevention agencies and other organisations which may use the information to prevent fraud and money laundering.
7.3 Third parties suppliers and service providers
We will share your personal data with third parties where necessary for business, legal and regulatory purpose and where appropriate for our legitimate interest. This includes with:
- Trusted third parties who perform services for us such as IT providers;
- Identity management and verification providers (where applicable);
- Fraud and anti-money laundering service providers (where applicable)
- External law firms (where applicable);
- Payment processors and other providers to enable your transactions to be processed;
- Statutory, regulatory and law enforcement authorities, as required by law.
When we use third party service providers, we only disclose to them any personal information that is strictly necessary for them to provide their service. We will always ensure that we have a contract in place that requires them to keep your information secure and not to use it other than in accordance with our specific instructions.
Where third parties operate internationally, we will take steps to ensure that any transfer of your personal data outside of the European Economic Area (EEA) is managed carefully in accordance with applicable data protection law.
8. International data transfers
Where we store or transfer personal information outside the EEA or EU, robust procedures and safeguarding measures are applied to secure, encrypt and maintain the integrity of your personal data.
We complete continual reviews of the countries with sufficient adequacy decisions, standard data protection clauses or approved codes of conduct to ensure your personal data is protected.
We carry out due diligence checks with all recipients of your personal data to assess and verify that they have appropriate safeguards in place to protect your information.
We ensure that you have enforceable rights and effective legal remedies.
We rely on Standard Contractual Clauses and where necessary have identified additional supplementary measures and safeguards to ensure your personal data is given an equivalent level of protection as provided for under the General Data Protection Regulations (GDPR).
9. How long do we hold your information
When we collect your personal data, we do not hold on to it for any longer than is necessary.
The length of time we retain your information is determined by a number of factors including the purpose that we collected it for and our obligations for legal, regulatory, fraud prevention and legitimate interest purposes.
In general terms we hold your personal data for 7 years from the end of our relationship with you.
In certain circumstances we may need to retain your information for longer periods where we are requested to do so by regulatory or enforcement agencies. This is to ensure that we are able to produce records as evidence if asked to do so.
10. Your rights in relation to your personal information
You have significant rights on the way we process your personal data and we have significant obligations with regards to your rights.
You have the right to:
- Find out if we use your information, to access that information and to receive copies of the information we hold about you;
- Request that we correct and update any inaccurate and incomplete information;
- Object to particular uses of your personal data when we use it for our legitimate business interests. However, doing so may have an impact on the services and products we provide.
- Object to use of your personal data for direct marketing purposes. If you object to this use, we will stop using your data for direct marketing purposes.
- Have your data deleted or its use restricted – this right applies under certain circumstances.
- Obtain a transferable copy of certain data which can be transferred to another provider – this right applies under certain circumstances.
- Should we use your consent as our lawful basis for processing your personal data at any time, you have the right to withdraw your consent.
- Should we make any decisions about you by automated means you have the right to object to us doing so.
We are obliged to respond to you without undue delay. In most instances, we will respond within one calendar month. If we are unable to deal with your request fully within a calendar month (due to the complexity or number of requests you have made), we may extend this period by a further two calendar months. Should this be necessary, we will explain the reasons why to you. If you make your request electronically, we will, where possible, provide the relevant information electronically unless you ask us otherwise.
12. Changes to this Data Privacy Notice
This Data Privacy Notice may be updated from time to time.
If we change the way we use your information we will communicate those changes to you by way of updating this Data Privacy Notice.
13. How to contact us
- By email: EU-DPO@emlpayments.com
- By telephone, on +353 1 255 7111, or +353 1 255 7112
- By post, to 2nd Floor, La Vallee House, Upper Dargle Road, Bray, Co. Wicklow, A98 W2H9, Ireland
14. The Data Protection Commissioner
You may contact the Data Protection Commissioner (DPC) if you are concerned or wish to make a complaint about the way we have processed your personal information. Please visit the DPC’s website at www.dataprotection.ie further details.