top of page

Privacy Policy

A legal disclaimer


Poynton Payments Ltd. (“we,” “us,” “our”)  
Effective Date: 01 July 2024  
Version: 1.0  

1. Purpose  
This Website Privacy Policy explains how Poynton Payments Ltd. (“Poynton Payments,” “we,” “us,” or “our”) collects, uses, discloses, and protects personal information obtained through our website located at https://poyntonpayments.co.uk (the “Website”). Our goal is to be transparent about our data practices, to comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable laws, and to respect your privacy.  

2. Scope  
2.1 Applicability  
This policy applies to:  
  • All visitors and users of the Website.  
  • All personal data collected or processed in connection with the Website, including via forms, cookies, analytics, and payment-related services.  
2.2 Exclusions  
This policy does not cover personal data collected offline (e.g., in-person meetings) or via other channels (e.g., telephone).  

3. Definitions  
  • “Personal Data” means any information relating to an identified or identifiable natural person.  
  • “Processing” means any operation performed on personal data, including collection, storage, use, disclosure, or deletion.  
  • “Data Subject” means an individual whose personal data is processed.  
  • “Cookies” are small text files placed on a user’s device to collect standard Internet log information and visitor behavior information.  

4. Data Collection and Use  
4.1 Categories of Data Collected  
  a. Contact Information: name, email address, telephone number, billing address.  
  b. Account Data: login credentials, transaction history, payment details.  
  c. Technical and Usage Data: IP address, browser type, operating system, pages visited, referring URLs, time stamps.  
  d. Cookies and Tracking: session cookies, persistent cookies, Google Analytics.  
4.2 Purposes of Processing  
  • To provide and maintain the Website and payment processing services.  
  • To respond to inquiries, fulfil orders, and provide customer support.  
  • To personalise user experience, recommend products, and send promotional communications (with consent).  
  • To monitor and improve Website performance, troubleshoot issues, and analyse usage patterns.  
  • To comply with legal obligations and prevent fraud.  

5. Legal Basis for Processing  
  • Consent: for cookies, marketing communications, and other non-essential processing.  
  • Contractual Necessity: to perform services requested by you (e.g., payment processing).  
  • Legal Obligation: to comply with laws, regulations, and lawful requests by authorities.  
  • Legitimate Interests: for fraud prevention, network security, and internal business analytics (balanced against your rights).  

6. Data Sharing and Disclosure  
6.1 Service Providers  
We may share your personal data with:  
  • Payment processors, fraud detection providers, hosting and IT support vendors.  
  • Marketing platforms and email service providers (with your consent).  
6.2 Legal Requirements  
We may disclose personal data if required by law, regulation, legal process, or governmental request.  
6.3 Business Transfers  
In the event of a merger, acquisition, or asset sale, personal data may be transferred. We will notify you of any change in ownership or use of your personal data.  

7. Data Retention  
  • We retain personal data only as long as necessary to fulfil the purposes outlined in Section 4, to comply with legal obligations, resolve disputes, and enforce our agreements.  
  • Retention periods may vary by data type (e.g., transaction data retained for seven years to meet financial record–keeping requirements).  

8. Security Measures  
  • Technical Controls: encryption of data in transit (TLS), secure servers, firewalls, intrusion detection.  
  • Administrative Controls: access controls, staff training, data processing agreements with subprocessors.  
  • Physical Controls: restricted access to premises, secure device management.  

9. Cookies and Tracking Technologies  
9.1 Types of Cookies  
  • Essential Cookies: enable website functionality.  
  • Performance Cookies: collect anonymous usage data.  
  • Functional Cookies: remember user preferences.  
  • Targeting/Advertising Cookies: track browsing habits to deliver targeted ads.  
9.2 Cookie Consent  
On first visit, you will be prompted to accept or decline non-essential cookies. You may manage your preferences via your browser settings.  

10. Data Subject Rights  
Under UK GDPR, you have the right to:  
  • Access: obtain confirmation of whether we process your personal data, and request a copy.  
  • Rectification: correct inaccurate or incomplete data.  
  • Erasure (“Right to be Forgotten”): request deletion of data where legal grounds permit.  
  • Restrict Processing: in certain circumstances.  
  • Data Portability: receive your data in a structured, machine-readable format.  
  • Object: to processing based on legitimate interests or direct marketing.  
  • Withdraw Consent: at any time, without affecting processing before withdrawal.  
To exercise these rights, contact our Data Protection Officer at privacy@poyntonpayments.co.uk or in writing at Poynton Payments Ltd., 123 Commerce Street, Manchester, M1 2AB, United Kingdom. We will respond within one month.  

11. Procedures for Handling Data Requests and Breaches  
11.1 Data Requests  
  • Acknowledgement within 3 business days.  
  • Verification of requester identity.  
  • Fulfilment within one month (two months for complex requests).  
11.2 Data Breach Response  
  • Incident identification and containment.  
  • Risk assessment and notification to the Information Commissioner’s Office (ICO) within 72 hours, if required.  
  • Communication to affected Data Subjects where there is a high risk to rights and freedoms.  
  • Remediation measures and documentation of the breach.  

12. Compliance and Consequences of Non-Compliance  
12.1 Internal Audits  
  • Annual privacy audits and regular reviews of processing activities.  
12.2 Disciplinary Measures  
  • Non-compliance with this policy by employees or contractors may lead to disciplinary action, up to and including termination.  
12.3 Regulatory Penalties  
  • Failure to comply with data protection laws may result in fines of up to £17.5 million or 4% of global annual turnover (whichever is higher), as well as reputational damage.  

13. Disclaimer and Legal Considerations  
  • No Guarantee of Absolute Security: While we strive to protect your personal data, no transmission over the Internet or electronic storage method is 100% secure.  
  • External Links: This policy does not apply to third-party websites linked from our Website. We recommend reviewing their privacy policies.  
  • Changes to Policy: We may update this policy periodically. The “Effective Date” at the top reflects when changes take effect. Continued Website use constitutes acceptance of the updated policy.  

14. Company Culture and Commitment  
We are a customer-centric organisation committed to transparency, integrity, and excellence. We process personal data responsibly, respecting your privacy and building trust.  

15. Approval and Revision History  
Approved by: Board of Directors, Poynton Payments Ltd.  
Effective Date: 01 July 2025 
Next Review Date: 01 July 2026  
Version 1.0 – Initial policy release.

bottom of page