dr-pay-logo
Apply Here

Privacy Policy

Your personal data is important to both you and us and it requires respectful and careful protection. This privacy policy applies to information held about customers and possible future customers, suppliers and possible future suppliers, contacts and all other people we hold personal data about. By `personal data’ we mean personal information that can identify you as an individual. ‘You’ means the person the information relates to. This policy contains important information on who we are, how and why we collect, store, use and share your information, your rights in relation to your information and how to contact us and supervisory authorities in the event of a complaint.

The information we collect

We collect, use and share information about you in order to respond to your enquiries, to provide you with information related to your enquiry and other services that may be of interest and to provide you with services and products you have asked for. The information may include any of the following personal data: name, address, company, email address, telephone number, payment information, voice recordings of calls to our helpdesk, CCTV recordings where in situ. To read more about additional information collected from visitors to our website please refer to the ‘Cookies’ section.

You may have provided this information directly to us through the following ways:

  • completing the contact form on our website
  • calling or visiting one of our offices
  • speaking directly to us at an event or meeting
  • writing to us
  • emailing us

We may also receive your information from a third party e.g. one of our product or service partners.

Sharing your information with us is essential for you to be able to communicate with us, for us to provide our services, to comply with contractual obligations and to keep you up to date with any changes and improvements to our products and services.

How we use your personal data

We use this data in any of the following ways:

  • to communicate with you
  • to provide our services to you
  • to keep you informed about the products and services you hold with us and to send information about products and services you may be interested in
  • to help us develop new and improved products and services to meet our client’s needs
  • for security and to check your identity to comply with legal and regulatory obligations
  • where we have a legitimate business need such as the protection of our business interests

Under data protection laws, whenever we process your personal information, we must meet at least one set condition for processing. These conditions are set out in data protection law and we rely on a number of different conditions for the activities we carry out.

Sensitive data

We do not collect any Sensitive Data about you. Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any information about criminal convictions and offences.

Who we share you data with and why

We may share your information with:

  • any company within DrPay, for the purposes set out in this Privacy Notice, (e.g. customer relationship management and to provide you with any information, applications, products or services that you have requested);
  • our service providers (including their sub-contractors) or third parties which process information on our behalf (e.g. internet service and platform providers, payment processing providers and those organisations we engage to help us send communications to you) so that they may help us to provide you with the applications, products, services and information you have requested or which we believe is of interest to you;
  • partners, including system implementers, independent software vendors that may help us to provide you with the applications, products, services and information you have requested or which we believe is of interest to you;
  • third parties used to facilitate payment transactions, for example clearing houses, clearing systems, financial institutions and transaction beneficiaries;
  • third parties where you have a relationship with that third party and you have consented to us sending information (for example third party application providers);
  • third parties for marketing purposes (e.g. our partners and other third parties with whom we work and whose products or services we think will interest you in the operation of your business activities. For example, financial services organisations, payment solutions providers, software and services providers that provide business solutions);
  • credit reference and fraud prevention agencies;
  • regulators to meet DrPay’s legal and regulatory obligations;
  • law enforcement agencies so that they may detect or prevent crime or prosecute offenders;
  • any third party in the context of actual or threatened legal proceedings, provided we can do so lawfully (for example in response to a court order);
  • any third party in order to meet our legal and regulatory obligations, including statutory or regulatory reporting or the detection or prevention of unlawful acts;
  • our own and DrPay professional advisors and auditors for the purpose of seeking professional advice or to meet our audit responsibilities;
  • another organisation if we sell or buy (or negotiate to sell or buy) any business or assets;
  • another organisation to whom we may transfer our agreement with you; and
  • Government departments where reporting is mandatory under applicable law.

We may share non-personally identifiable information about the use of our website, applications, products or services publicly or with third parties but this will not include information that can be used to identify you.

We always share your data securely, and we won’t share more than we need to.

Your rights

The GDPR aims to give you more control of your personal data. It provides new and strengthened rights.

Right to access – you can ask us whether we’re processing your personal data, including where and for what purpose. You can also request an electronic copy of your personal data free of charge. If you require further copies of the data there may be a charge where permitted by the legislation.

Right to restrict processing – in certain circumstances, you can ask us to restrict our use of your personal data.

Right to rectification – you can ask us to correct inaccurate personal data we hold about you.

Right to erasure (right to be forgotten) – in certain circumstances, you can ask us to erase your personal data.

Right to data portability – you can ask us to provide you with a copy of your personal data in a commonly used electronic format so that you can transfer it to other businesses.

Right to object to automated decision-making – in certain circumstances, you can ask us not to make automated decisions about you based on your personal data that produce significant legal effects.

Right to lodge a complaint – you can lodge a complaint with the supervisory authority ICO but we ask that you allow us to see if we can resolve the problem first (See complaints and queries section).

This means you can at any time you can:

  • inform us of a correction to your personal data;
  • withdraw any permission you have previously given to allow us to use your information;
  • object to any automated decision-making;
  • ask us to stop or start sending you marketing messages;
  • ask us to send you (or someone you nominate) a copy of the information we hold about you;
  • ask us to stop processing your information in certain circumstances.

Data subject access request (DSAR)

You have the right to request a copy of the personal data we hold about you and to have any inaccuracies corrected. We will require you to prove your identity with 2 pieces of approved identification. We will use reasonable efforts consistent with our legal duty to supply, correct or delete personal information about you on our files.

We will respond to your request within one month of you providing information that confirms your identity. If you can advise of the specific information that you require, we can process your request more quickly. We will then give you a description of your data, why we have it, who it could be disclosed to and if copies have been requested, they will be in a format that you can access easily.

If you wish to make a DSAR request please contact us using the contact details at the end of this notice and we will provide you with the necessary request documents.

Retention of your data

We will retain your data while we have a relationship with you. Once our relationship has come to an end we will only retain your personal data for a period of time that is calculated depending on the type of personal data and the purposes for which we hold that data. We maintain a Retention of Records Schedule to communicate our record retention requirements to all relevant employees and ensure data is not retained for longer than necessary.

We only retain information that enables us to:

  • maintain business records to comply with our contractual obligations
  • comply with record retention requirements under the law
  • defend or bring any existing or potential legal claims
  • maintain records of anyone who does not want to receive marketing from us
  • deal with any future complaints regarding services we have delivered
  • if required to by law enforcement agencies

How we protect your personal data

We are committed to protecting your information. We take appropriate technical and organisational measures to guard against unauthorised or unlawful processing of your personal data and against accidental loss or destruction of, or damage to, your personal data.

The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information. However, please bear in mind that IT infrastructure and the internet cannot be guaranteed to be 100% secure.

We have access security measures in place and restrict access to databases only to those who need access appropriate to their job role.

All personal information and details provided as part of an enquiry, support or service request, or financial details are stored on a secure server. We do not store credit card numbers or related identifying information on any of our servers.

Digital data and hard copy data is securely disposed of when no longer required in line with our secure disposal of data process.

Cookies and why we use them

A “cookie” is a small piece of information sent by a Web server to store in a Web browser so that it can later be read back from that browser. We may use cookies to store some personal preferences for your future visits. Cookies allow us to recognise you more quickly; therefore, your time spent on our site can be more personalised and productive. You’ll find that cookies are an industry standard and are used at most major Web sites in much the same way we use them on the DrPay website.

We may use third-party site usage tracking companies to analyse your Site visit or to conduct surveys e.g. Google Analytics. When visiting our website these third parties may place or recognise a unique “cookie” on your browser. These companies may use information (not including your name, address, e-mail address or telephone number) about your visits to our website and other Web sites in order to help us understand how to serve you better.

If you wish, you can prevent cookie files from using (non-personal) information about you by either deleting the cookie folder in your browser or by putting your browser’s Privacy setting higher, but doing so will mean that:

  • your experience of this and other sites that use cookies to enhance or personalise your experience will be adversely affected, and
  • you will not be presented with advertising that reflects the way that you use our, and other, sites.

You can find out how to make these changes to your browser at this site:
www.allaboutcookies.org/manage-cookies/

Complaints

We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. Please get in touch with us at contact@drpay.com if you think we are using or collecting your data in an inappropriate way.

If you remain dissatisfied with our response, The supervisory body for the UK is the Information Commissioners Office (ICO) You can visit their website at: https://ico.org.uk/ or contact them on: 0303 123 1113

Apply Today

Let’s connect to discover how we can help your business innovate and prepare for the future, today. If you prefer to speak to us directly, you can reach us at 0800 970 9400.

Facebook-f X-twitter Linkedin-in Youtube Instagram

Payment solutions for everyone

With next business day settlement, funds are remitted to your bank account the following business day after you take a card transaction.

Registered address: 2nd Floor College House, 17 King Edwards Road, Ruislip, London, United Kingdom, HA4 7AE

© 2025 Dr Pay LLP - Company number: OC457470.