This policy (together with any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting or using “our site” (the Countingup mobile application, and/or the website countingup.com), you are accepting and consenting to the practices described in this policy.
For the purpose of the Data Protection Act 2018 (the “Act”), we are the data controller. Please note that our financial services partner, PPS, is a separate Data Controller.
Countingup is not a bank. Counting Ltd designs and operates the Countingup websites and app. The Countingup business current account is an e-money account provided by Prepay Technologies Ltd (PPT) which is an electronic money institution authorised and regulated by the Financial Conduct Authority under the Electronic Money Regulations 2011 (FRN 900010) for the issuance of electronic money. As E-money accounts are not protected by the Financial Services Scheme (FSCS), PPS holds an amount equivalent to the money in Countingup current accounts in a safeguarding account with Barclays Bank PLC in accordance with the Electronic Money Regulations 2011 which gives customers protection against PPT’s insolvency. The Countingup Mastercard is issued by Prepay Technologies Limited pursuant to a licence by Mastercard International.
We may collect and process the following data about you:
Information you give us: You may give us information about you by filling in forms on our site or by corresponding with us by phone, e-mail or otherwise. This includes information/documentation you provide when you register to use our site or update when using our site, subscribe to our service, post material on our site, carry out transactions or make payments through our site, report problems with our site or carry out any other activities on our site. The information you give us may include:
Information we proactively collect: With regard to each of your visits to our site we may automatically collect the following information:
Information we receive from other sources: We may receive information about you if you use any of the other websites we operate or the other services we provide. We are also working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them.
You can block all cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.
We use information held about you in the following ways:
Information you give to us. We will use this information:
Information we collect about you. We will use this information:
Information we receive from other sources. We may combine this information with information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).
We may share your personal information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006
We may share your information with selected third parties including:
We may disclose your personal information to third parties:
The data that we collect from you may be transferred to, and stored at, destinations located outside the European Economic Area (“EEA”) where privacy laws offer the same protection as those of the UK or the EEA, or if we have agreed to standard data protection clauses approved by the European Commission with the relevant organisation. It may also be processed by staff operating outside the UK/EEA who work for us or for one of our suppliers.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share such a password with anyone and decline any liability or loss resulting from failing to meet this request.
Unfortunately, the transmission of information via the internet is not entirely secure. Although we will do our best to protect it, we cannot guarantee the security of personal data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
If you no longer wish to receive emails unrelated to our core services, there is an unsubscribe link located in the footer of all emails that we send and you can set your preferences in our site.
You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at email@example.com.
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
The Act gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act. Any access request is free of charge and will be completed within 30 days. We may charge a £10.00 fee for the administrative costs of complying with your request if:
This section is applicable if you apply for or have been issued a Card and/or Account which is regulated as E-Money or Payment Services.
Prepay Technologies Ltd, trading as PrePay Solutions (“PPS”, “Our” and “We”) is a company registered in England and Wales with number 04008083 and a registered office at 6th Floor, 3 Sheldon Square, Paddington, London, W2 6HY, United Kingdom. You can email PPS at firstname.lastname@example.org or you can call PPS on 0845 303 5303 (+44 845 303 5303 from outside the UK).
The Card and/or Account (Card) is issued by PPS (see details below). PPS is the Data Controller in relation to your Card and all necessary activities relating to the operation of the Card: allowing you to receive, activate and use your Card (activating, managing and using your online account where applicable, making and receiving payment transactions, meeting legal requirements, answering requests, providing information to you). You may be the Customer or you may be a person that has been provided with a Card by the Customer.
Our Data Protection Officer can be contacted at PO Box 3883, Swindon SN3 9EA or at DPO@prepaysolutions.com.
Processing is necessary for the performance your contract with PPS and for the issue and operation of Cards and is necessary for compliance with legal obligations applicable to PPS. PPS does not use your personal information for marketing purposes and will not share your information with third parties for marketing purposes.
Personal Details Full name and date of birth
Contact Details Where you live and how to contact you including phone numbers and e-mail addresses
Transactional Data Details about use of your Countingup Card and payments to and from your accounts with us
Contractual information Details about the products or services we provide to you
Locational Data Data we get about where you are, such as may come from your mobile phone, the address where you connect a computer to the internet, or a shop where you buy something with your Countingup Card
Behavioural Data Details about how you use our products and services
Technical Data Details on the devices and technology you use
Communications What we learn about you from letters, emails and conversations between us
Documentary Data Details about you that are stored in documents in various formats, or copies of them. This could include things like your passport, drivers licence or birth certificate collected to fulfil customer due diligence
Personal information will only be collected directly and voluntarily from you as part of the application process or as a result of transactions relating to your Countingup Cards. Some personal information may be verified by PPS with use of publicly accessible sources to fulfil customer due diligence.
PPS will only send your personal information outside of the European Economic Area (EEA) to:
In relation to personal information processed by Mastercard certain processors are located outside of Europe. Personal information processed by Mastercard is subject to Mastercard Binding Corporate Rules which you have enforcement rights under as a third-party beneficiary.
PPS is committed to ensuring that your information is secure with us and with third parties who act on our behalf. These third parties include MasterCard, card manufacturers, suppliers of identity validation services, IVR and call recording (telephone) suppliers and Countingup. We use many tools to make sure that your information remains confidential and accurate and we may monitor or record calls, emails, text messages or other communications in order to protect you and us.
We do not keep your information for longer than we need to, which is usually up to 7 years after the end of the relationship or upon termination of the contract, unless we are required to keep it longer (for example due to a court order or investigation by law enforcement agencies or regulators).
We do this in order to comply with GDPR requirements (and/or UK equivalent) such as:
As a regulated financial institution, we are required to continuously screen/monitor applications/applications/account holders/accounts and any linked person(s) or business(es) (under – but not limited to – Part 3 of the UK Money Laundering Regulations 2017).
We are also required to comply with the requirements of the Proceeds of Crime Act 2002 and report to/liaise with/assist the relevant authorities when/where required/applicable.
We do this ongoingly as well as retrospectively, which is why any data provided to us is retained for a maximum of 7 years.
Amongst other requirements, retaining data for these purposes allows us to better align with a risk-based approach as recommended by the Financial Action Task Force and protect prospective/existing/previous customers, as well as our internal operations.
You have certain legal rights to control what we do with your information. These include:
Access – You have a right to access the personal information we hold about you
Rectification – You have a right to rectification of inaccurate personal information and to update incomplete personal information
Erasure – You have a right to request that we delete your personal information (where applicable – see “Retention of personal information” above, as well as Article 17 3(b) of the GDPR).
Restriction on processing – You have a right to request us to restrict a processing of your personal information
Objection to processing – You have a right to object to the processing of your personal information
Portability – You have a right to personal information portability
Marketing – You have a right to object to direct marketing
To exercise any of your legal rights, you can email PPS at email@example.com or you can write to PPS DPO at PO Box 3883, Swindon SN3 9EA.
If you wish to raise a complaint on how we have handled your personal information, you can contact our Data Protection Officer. We hope that we can address any concerns you may have, but if we fail to address your complaint you can contact the Information Commissioner’s Office (https://ico.org.uk/).
PPS will use your personal information to help decide if your accounts may be being used for fraud or money-laundering. We may detect that an account is being used in ways that bad actors operate. Or we may notice that an account is being used in a way that is unusual. If we think there is a risk of fraud, we may stop activity on the accounts or refuse access to them. We might also check and share your information with fraud prevention agencies. If fraud is identified or suspected, these agencies may keep a record of that information and we may refuse to provide any services. Law enforcement agencies may access and use this information.
If you choose not to give us your personal information, it may mean that we cannot perform services needed to run your Card. It could mean that we cancel your Card or services you have with us.