Privacy Statement

General

RapidPay provides services that help law firms process client payments for their services and is operated by Rapid Financial Services Solutions Limited, Company Number 9711560 (we, us, our).

RapidPay complies with the EU General Data Protection Regulation (GDPR) when dealing with personal information. Personal information is information about an identifiable individual (a natural person).

This statement explains how we may collect and process information about:

• visitors to our website
• people who use our services e.g. clients or other subscribers to our online services
• job applicants and our current employees.

We use cookies on our website and this is explained below.

Revisions to our Privacy Policy

We may change this policy from time to time in line with legislation or industry developments by uploading a revised policy onto the website. The change will apply from the date that we upload the revised policy.

How we collect your information

• when you provide it to us (e.g. by contacting us);
• from your use of our website via cookies (such as the type of browser you are using, the type of operating system you are using, and the domain name of your Internet service provider); and
• occasionally, from third party service providers.

Grounds for using your personal information

We rely on the following legal grounds to process your personal information, namely:

• Consent - we may (but usually do not) need your consent to use your personal information. You can withdraw your consent by contacting us (see below).
• Performance of a contract or provision of a service - we may need to collect and use your personal information to enter into a contract with you or to provide the services you request.
• Legitimate interest - we may use your personal information for our legitimate interests, such as developing and improving our products and services or, protecting the legal rights and interests of RapidPay and others.
• Compliance with law or regulation - we may use your personal information as necessary to comply with applicable law/regulation.

What information is collected?

Website Visitors

We collect personal data when you use our website, make an inquiry or communicate with us.

• Information about your use of our website via cookies including the type of browser you are using, the type of operating system you are using, and the domain name of your Internet service provider (see below).
• Information provided when you communicate with us by phone, email, webform or chat, including records of your contact, your country and language, your email address or other contact information, and other information about the reasons for the communication.
• Marketing preferences, such as whether you have agreed to receive marketing information or newsletters about our services or whether you have opted out, and the types of services that may interest you.

Law Firms

We collect data when you sign up for our services, when you access our services or otherwise provide us with the information. This may include personal information about your company’s employees, directors or owners.

• Identification information, this may include your name (including business name), email address, phone number, government-issued identification (for example, a passport or driver’s license) and account username and password. We may also ask you to provide additional information about your business and your preferences).
• Device and connection information, such as the type of device you use to access our services, operating system and version, device identifiers, network information, log-in records, IP address and location derived from it. Financial information, such as sort code, bank account number and account holder name and address
• Transaction information, such as the names of transacting parties, a transaction description, payment amounts and billing information.

Payers

We collect personal data when you set up and make or have a payment collected using our services.

• Identification and contact information, such as your name, home address, and email address. Where required by law or financial institutions, we also collect a government identifier.
• Financial information, such as your bank account number, sort code, account holder name, and other information you provide to us or give us consent to access directly from your bank.
• Transaction information, such as the names of the transacting parties, a description of the transactions, the payment amounts.
• Device and connection information, such as the type of device you use to access our services, operating system and version, device identifiers, network information, IP address and location derived from it.

How do we use your information?

We may use your information to:

• provide any information and services that you have requested or any applications or services that you have ordered;
• compare information for accuracy and to verify it with third parties;
• provide, maintain, protect and improve any applications, products, services and information that you have requested from us;
• manage and administer your use of applications, products and services you have asked us to provide;
• manage our relationship with you (for example, customer services and support activities);
• monitor, measure, improve and protect our content, website, applications and services and provide an enhanced, personal, user experience for you;
• undertake internal testing of our website, applications, systems and services to test and improve their security, provision and performance, in which case, we would pseudonymise any information used for such purposes, and ensure is it only displayed at aggregated levels which will not be linked back to you or any living individual;
• provide you with any information that we are required to send you to comply with our regulatory or legal obligations;
• detect, prevent, investigate or remediate, crime, illegal or prohibited activities or to otherwise protect our legal rights (including liaison with regulators and law enforcement agencies for these purposes);
• contact you to see if you would like to take part in our customer research (for example, feedback on your use of our applications, products and services);
• to monitor, carry out statistical analysis and benchmarking, provided that in such circumstances it is on an aggregated basis which will not be linked back to you or any living individual;
• deliver targeted advertising, marketing (including in-product messaging) or information to you which may be useful to you, based on your use of our applications and services;
• and deliver joint content and services with third parties with whom you have a separate relationship (for example, social media providers).

How is personal data shared?

• We share personal data with financial institutions and the law firms and payers in a transaction to provide our payment services.
• RapidPay works with partners who integrate our payment services into their applications. When you make a payment through a partner integration, or when you set up a RapidPay account with one of our partners, your personal data will be shared with the partner to provide the integrated services.
• We share data with RapidPay companies in countries where we offer the RapidPay payment services, who use it to provide and market our services in those countries, governed by this privacy notice.
• If ownership or control of all or part of our business or assets changes, we may transfer personal data to the new owner. If the owner will use the data for purposes other than those disclosed here, they will take the steps required by law to ensure such purposes remain lawful.
• We work with service providers who have access to personal data when they provide us with services, like technical infrastructure, web and app development, and marketing, analytics and survey tools. We impose strict restrictions on how service providers store, use and share data on our behalf.
• In exceptional circumstances, we share personal data with government agencies and other third parties if we believe it is reasonably necessary to comply with law, regulation, legal process or governmental request; to enforce our agreements, policies and terms; to protect the security of our services; to protect RapidPay and our customers, payers or the public from harm or illegal activities; or to respond to an emergency.

Cookies

Cookies are small text files that are placed on your computer by websites you visit. Cookies help make this website work and provide information to us about how users interact with our site. We use this information to improve our website.

The cookies we use help to provide us with anonymised, aggregated technical information. This is principally so that we can make sure that the website is easy to navigate, identify the areas that are of particular interest to visitors and generally improve the site and our services. The information that we collect in this process will not identify you as an individual. We do not seek to identify individual visitors unless they volunteer their contact details through one of the forms on the site. In some circumstances our records will identify organisations visiting our site and we may use that information in managing our relationship with those organisations, for example, in considering how to develop the services that we offer them.

By using our website you agree that we can place these types of cookies on your device.

Disabling/enabling cookies

When you accessed this website our cookies were sent to your web browser and stored on your computer. If you wish to remove them, you can manage this via the settings on your browser, but note that this may impact your ability to utilise this and other websites. The way to clear cookies varies from one browser to another. You should look in the "help" menu of your web browser for full instructions. For your reference, please click the following links for details on how to manage cookies in each of the major web browsers:

• Internet Explorer (https://support.microsoft.com/en-gb/kb/278835)
• Firefox (http://support.mozilla.org/en-US/kb/delete-cookies-remove-info-websites-stored)
• Chrome (http://support.google.com/chrome/bin/answer.py?hl=en&answer=95647)
• Opera (http://www.opera.com/browser/tutorials/security/privacy/)
• Safari (http://support.apple.com/kb/PH5042)
• Safari for iPad and iPhone ().

Your rights in relation to your personal information

Most of the data we collect and the purposes we use it for are necessary for us to operate and improve our services or comply with our obligations as a payment processor. You may have certain legal rights under the GDPR in relation to the personal information that we hold about you and you can exercise your rights by contacting us using the details set out below.

These rights include:

• Obtaining information regarding the processing of your personal information and access to the personal information which we hold about you.
• Requesting that we correct your personal information if it is inaccurate or incomplete.
• Requesting that we erase your personal information in certain circumstances. Please note that there may be circumstances where you ask us to erase your personal information but we are legally entitled to retain it.
• Objecting to, and requesting that we restrict, our processing of your personal information in certain circumstances. Again, there may be circumstances where you object to, or ask us to restrict, our processing of your personal information but we are legally entitled to refuse that request.
• In some circumstances, receiving some personal information in a structured, commonly used and machine-readable format and/or requesting that we transmit that information to a third party where this is technically feasible. Please note that this right only applies to personal information which you have provided to us.
• Withdrawing your consent, although in certain circumstances it may be lawful for us to continue processing without your consent if we have another legitimate reason (other than consent) for doing so.
• Lodging a complaint with the relevant data protection authority, if you think that any of your rights have been infringed by us. We can, on request, tell you which data protection authority is relevant to the processing of your personal information.
• If you have unresolved concerns, you have the right to complain to an EU data protection authority where you live or work, or where you believe a breach may have occurred.

International Transfers

RapidPay’ services are offered from our United Kingdom headquarters. Personal data may also be stored and accessed by service providers located in other countries in the European Union. Some of our service providers are located in the United States or other countries that do not provide the same standard of data protection as the EU.

When we work with a service provider, we look for a legal mechanism that requires them to protect data to EU standards. For example, the service provider has signed on to the EU-US Privacy Shield, operates under EU-approved binding corporate rules, or is in a country the EU recognises as having adequate data protection laws. Where no other legal mechanism exists, we enact the EU-approved standard contractual data protection clauses in our contracts.

Our services are available in a number of countries around the world. If you use our services to pay or receive payment from a law firm or payer in another country, personal data will be transferred as necessary to complete this transaction.

Contacts

If you have any questions about our privacy policy, want to exercise your right to see a copy of the information that we hold about you, or think that information we hold about you may need to be corrected, want to delete all or any part of it or to object to the processing on legitimate grounds, please contact us at info@rapidpay.co.uk with enquiry topic "Data privacy". See the “Contact Us” section of our website for information on our offices worldwide.

Internet Use

While we take reasonable steps to maintain secure internet connections, if you provide us with personal information over the internet, the provision of that information is at your own risk.

If you follow a link on our website to another site, the owner of that site will have its own privacy policy relating to your personal information. We suggest you review that site’s privacy policy before you provide personal information.

In addition, if you linked to our website from a third party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site.

Retaining your Personal Information

We review our retention periods for personal information on a regular basis. We are legally required to hold some types of information to fulfil our statutory obligations. We will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with us.