1. Home
  2. Legal information
  3. Privacy policy

Privacy policy

Effective from: 3 November, 2023

Updated Date: February 25, 2025

Definitions and Key Terms

To ensure clarity throughout this Privacy Policy, the following terms are strictly defined:

Cookie – A small data file generated by a website and stored by your web browser to identify your browser, provide analytics, or remember preferences like language or login details.

Company – Refers to Spoynt Limited, located at 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom, the entity responsible for your information under this policy.

Country – The United Kingdom, where Spoynt Limited and its owners/founders are based.

Customer – Any company, organization, or individual that registers to use Spoynt’s services to manage relationships with their consumers or service users.

Device – Any internet-connected device (e.g., phone, tablet, computer) used to access Spoynt’s services.

IP Address – A unique number assigned to your device when connected to the internet, often indicating your geographic location.

Personnel – Individuals employed by or contracted to Spoynt to perform services.

Personal Data – Information that can identify an individual, either directly or indirectly, including in combination with other data like a personal identification number, as defined under GDPR and UK GDPR.

Service – The payment processing and related services provided by Spoynt, as described on our platform.

Third-Party Service – External entities such as advertisers or analytics providers that enhance our content or services.

Website – Spoynt’s online platforms, mobile applications, accessible at spoynt.com, spoynt.co.uk  and spush.co.uk.

You – Any person or entity registered to use Spoynt’s services.

1. Introduction

Spoynt Limited, registered in England and Wales, acts as the data controller for your personal data under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Where applicable, we also comply with the EU General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA). Our registered office is:

71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom

This Privacy Policy explains how we collect, use, and disclose information from users, focusing on data tied to financial transactions. By accessing our websites spoynt.com, spoynt.co.uk  and spush.co.uk, subdomains, mobile application (collectively, the “Sites”), or payment processing services, you agree to this policy. If you disagree, please do not use our services.

 

 2. Information We Collect

We gather various types of information to deliver and enhance our payment processing services, in line with GDPR and UK GDPR requirements.

2.1. Personal Information

– Registration and Account Information: Name, email address, postal address, phone number, and payment details provided during account setup.

– Transaction Information: Details of payment transactions, including amounts, dates, and recipient data.

– Device Information: Details about your device, such as type, operating system, and unique identifiers.

– Login Details: Username, password, and security questions for account protection.

2.2. Non-Personal Information

– Aggregated Usage Data: Insights into how you use our Sites, like pages visited and time spent.

– Technical Data: IP address, browser type, and data collected via cookies or similar technologies.

2.3. Information from Third Parties

We may collect data from third parties, such as analytics providers, payment processors, or fraud prevention services, ensuring lawful bases under Article 6 of GDPR/UK GDPR (e.g., legitimate interests or contractual necessity).

Legal Basis for Processing: We process personal data where necessary for contract performance (e.g., providing services), compliance with legal obligations (e.g., financial regulations), or our legitimate interests (e.g., fraud prevention), balanced against your rights. Consent is sought for marketing purposes.

3. How We Use Your Information

We use your information under lawful bases outlined in GDPR Article 6 and UK GDPR, including:

Service Provision: Processing payments, managing accounts, and offering support (contractual necessity).

Communication: Sending transactional emails, service updates (contractual necessity), and promotional content (with consent).

Analytics and Improvement: Analyzing usage trends to refine services (legitimate interests).

Fraud Prevention and Security: Detecting and preventing fraud (legitimate interests and legal obligations).

Legal Compliance: Meeting UK and EU financial regulations, such as AML and KYC requirements (legal obligation).

 4. Information Sharing and Disclosure

We may share your information as follows, ensuring GDPR/UK GDPR compliance:

Subsidiaries and Affiliates: For operational purposes, under strict data processing agreements.

Service Providers: Third parties aiding in payment processing, hosting, or analytics, acting as processors under Article 28 of GDPR/UK GDPR.

Legal Authorities: When required by UK or EU law or to protect rights, safety, or property (legal obligation).

Corporate Transactions: In mergers or acquisitions, with safeguards per GDPR/UK GDPR requirements.

We do not sell your personal information. Data sharing outside the UK/EEA adheres to Section 9 below.

5. Data Retention

We retain your information in accordance with GDPR Article 5(1)(e) and UK GDPR:

KYC/KYB Data: Stored for 6 years post-relationship, as mandated by UK financial laws (e.g., Money Laundering Regulations 2017).

Transaction Data: Kept for your account’s duration and as required by law (e.g., 6 years under UK tax law).

Other data is deleted when no longer necessary for its intended purpose, adhering to the principle of data minimization.

 6. Your Rights

Under GDPR Chapter III and UK GDPR, you have these rights:

Access: Request your personal data (Article 15).

Rectification: Correct inaccurate data (Article 16).

Erasure: Request deletion (“right to be forgotten,” Article 17), subject to legal retention obligations.

Restriction: Limit processing in specific cases (Article 18).

Portability: Receive your data in a structured format (Article 20).

Objection: Oppose processing based on legitimate interests or for marketing (Article 21).

Withdraw Consent: Where processing relies on consent (Article 7).

Complain: Lodge a complaint with the UK Information Commissioner’s Office (ICO) at www.ico.org.uk or your local EEA supervisory authority.

To exercise these rights, contact our Data Protection Office: privacy@spoynt.co.uk. We will respond within one month, as required by GDPR/UK GDPR, extendable by two months for complex requests.

 7. Cookies and Tracking Technologies

We use cookies and similar tools to enhance your experience, per GDPR Article 6(1)(f) (legitimate interests) or Article 6(1)(a) (consent):

Session Cookies: Expire upon browser closure.

Persistent Cookies: Remain for a set period.

Third-Party Cookies: From providers like Google Analytics for usage insights.

You can manage preferences via browser settings. For cookies requiring consent, we provide an opt-in mechanism on our Sites, per UK Privacy and Electronic Communications Regulations (PECR).

 8. Data Security

We implement technical and organizational measures to secure your data, as required by GDPR Article 32 and UK GDPR, including encryption and access controls. However, no system is entirely secure, and we cannot guarantee absolute protection against breaches.

 9. International Data Transfers

Your data may be transferred outside the UK or EEA. We comply with GDPR Chapter V and UK GDPR by:

Transferring to countries with an adequacy decision (e.g., EEA countries under UK law).

Using Standard Contractual Clauses approved by the European Commission or UK ICO for other regions.

Conducting transfer impact assessments where necessary.

 10. Marketing Communications

We may send promotional materials with your consent (GDPR Article 6(1)(a), UK GDPR). Opt out anytime via unsubscribe links in emails or by emailing privacy@spoynt.co.uk.

 11. Children’s Privacy

Our services are not intended for individuals under 18. We do not knowingly collect data from minors without parental consent, aligning with GDPR Article 8 and UK GDPR. Contact us at privacy@spoynt.co.uk if you suspect otherwise.

12. Compliance with GDPR and UK Law

We are committed to GDPR and UK GDPR compliance, including:

Lawful Basis: Processing only with a valid legal basis (Article 6).

Transparency: Providing clear information about data use (Articles 12-14).

Accountability: Maintaining records of processing activities (Article 30) and appointing a Data Protection Officer.

Data Breach Notification: Reporting breaches to the ICO within 72 hours (Article 33) and informing affected users if high risk (Article 34).

UK Law: Adhering to the Data Protection Act 2018 and related regulations, such as AML and KYC obligations.

Our Data Protection Office oversees compliance and can be reached at privacy@spoynt.co.uk

 13. Changes to This Privacy Policy

We may update this policy, notifying you of significant changes via our Sites or email, per GDPR Article 13/14 transparency requirements. Updates take effect upon posting, with the “Effective Date” revised.

 14. Contact Us

For questions or concerns, contact:

Spoynt Limited

71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom

Email: privacy@spoynt.co.uk

This Privacy Policy underscores Spoynt Limited’s dedication to protecting your data while delivering secure payment processing services.

All Legal information