This policy sets out the basis on which GUAVAPAY Limited (30 Moorgate, London, United Kingdom, EC2R 6PJ) (Company Number 10601900) (together with our subsidiaries, our holding company, subsidiaries of our holding company from time to time, collectively called “Guavapay” or “we”) collects personal data from you and how we process such data. By visiting our website www.guavapay.com (our “WebSite”), you accept and consent to the practices set out below.
1 Personal data - what we collect and what we use it for
1.1 Master data
When you access our Website, we will automatically generate a personal account for you on GUAVAPAY (“Account”) and collect the following personal data about you (the “Master Data”):
• Your username
• Your securely encrypted password, and
• Your email address.
If you transact with us we add further personal data to your profile comprising name, gender, city, country, address, bank account and language. This additional information will be part of the Master Data.
GUAVAPAY is a secure platform.
1.2 Information collected
When you transact on our Website, we collect the information you put in your transaction. This includes:
• The date of your transaction;
• A reference number or order ID.
Please don’t share any sensitive personal documents or information with us, either concerning yourself or others.
If you notify us about a transaction that you believe violates our User Guidelines, then we collect the information you provide in your notification to us. This can include which transaction you notified us about, the reason for your notification, the date of your notification, etc.
1.4 Information from other services, including social networks like Facebook
You can connect your GUAVAPAY profile with your profile on soial networks, e.g. Facebook, and Google+ (“Social Network(s)”). When you use this option we automatically collect selected information about you from your Social Networks. The information we collect depends on what information you have made available on those Social Networks and your privacy settings for sharing such information on the Social Networks. Depending on your settings and selection, we will collect the following information:
• Name and/or username
• Email address
When you make a request to connect your GUAVAPAY profile with a Social Network profile, you will be informed about which information we will collect from the Social Network in question. You will receive this information before your request is carried out.
You can choose to disconnect your Social Network profile from your GUAVAPAY profile via your Account. At this point, GUAVAPAY will remove your Social Network unique ID, and disconnect/revoke Guavapay from your Social Network.
Read more about which cookies the Website uses and for which purposes below (in 8).
1.6 Your IP address, browser settings and location
When you visit the Website, we register your computer’s IP address and browser settings. The IP address is the numerical address of the computer used to visit the Website. Browser settings can include the type of browser you use, browser language, and time zone. We collect this information so that we can trace the computer used in cases of misuse or unlawful actions in connection with visits to or use of the Website. We also use the IP address to approximate your location (at city level) and so that we know which sets of our Terms & Conditions apply to your use of our Website.
1.7 Newsletters and digest emails
We collect the information you provide us with when you subscribe to receive our newsletters, digest emails or similar (we collect your name, email address and newsletter preferences). If you no longer wish to receive our newsletters, digest emails or similar, you can unsubscribe by logging into your Account and changing your settings.
1.8 For what purposes do we use your personal information?
We will use the information you provide to us to:
• Provide our services to you, including displaying your transactions, and providing you with access to your profile and our Website
• Identify you as a registered user when you log in to the Website and re-visit the Website
• Verify the legitimacy of your transactions
• Improve the Website and our services
• Invite you to leave more transactions
• Respond to your questions and provide related customer service
• Pass on a message from the company you transactioned via the Website
• Contact you if your transaction is flagged by companies and, if necessary, ask you to provide documentation to verify your transaction or experience
• Send you our newsletters
• Engage in various internal business purposes, i.e data analysis, audits, fraud monitoring and prevention, developing new products and services, improving or modifying the Website, or our services identifying usage trends, determining the effectiveness of our promotional campaigns and operating and expanding our business activities
• Comply with legal requirements and legal process, requests from public and governmental authorities, relevant industry standards and our internal policies
• Enforce our Terms & Conditions
• Protect our operations or those of any of our affiliates
• Protect our rights, privacy, safety or property and/or that of our affiliates, you or others
• Allow us to pursue available remedies or limit any damages that we sustain
• We will also use the information in other ways for which we provide specific notice at the time of collection.
1.9 On what legal basis do we process your personal data?
We need to process your personal information in order to:
• Perform our contract with you (see Article 6.1.b of the GDPR)
• Comply with our legal obligations (see Article 6.1.c of the GDPR) and operate an online transaction platform in compliance with these.
• Pursue legitimate business interests of our own related to operating the Website and providing our services to you, or to pursue the legitimate interests of third parties as long as your interests and fundamental rights do not override those interests (see Article 6.1.f of the GDPR).
• For the establishment, exercise or defense of legal claims, where necessary (see Article 9.2.f of the GDPR)
• Some of these grounds for processing your personal data overlap, so there may be several reasons which justify us processing your personal information.
In those limited circumstances where you have expressly given your consent to us to process your personal data (see Article 6.1.a of the GDPR), for example, when subscribing to our newsletters, you are free to revoke your consent at any time. However, please be aware that we may have the right to continue to process your information if it can be justified on one of the other legal bases mentioned above.
You have the right to object to how we process your personal information, or ask us to restrict the processing. Please see below, at 13, for more details.
If you would like more information about our legal basis for processing your personal information, please contact our Data Protection Officer (DPO) - see 14, below.
2 Disclosure of personal information
2.1 Disclosure of personal information on the Website
Master Data and other information
When you transact, the companies you transact with receive information about your transaction.
When you transact on the Website, we use your computer’s IP address (see 1.7 of this Policy, above) to approximate your location to the nearest city.
If you connect to a Social Network, information such as your name, birth year and approximate location will be collected from your Social Network profile and used to identify you on the Website. Subject to your privacy settings and the level of information available from the Social Network, companies you transact with can use this information to identify which transactions you have written.
2.2 Disclosure on services to which you connect your profile
2.3 Disclosure to other services, websites and companies
One of GUAVAPAY's main goals is to increase the availability of transactions on the Website. We therefore permit other services to show transactions created on the Website. This increases the potential audience for your transactions.
The categories of third party services and companies who you transact with can see your transaction(s):
Your name and any additional data you choose to add to your profile, such as your gender, address including city/country, and language.
2.4 Other disclosures
In addition to the above, we disclose your personal information to the following parties and in the following circumstances:
• To allow third party vendors, consultants and other service providers to perform services on our behalf
• To GUAVAPAY subsidiaries and other companies within the GUAVAPAY group of companies
• To comply with laws or to respond to claims, legal process (including but not limited to subpoenas and court orders) and requests from public and government authorities
• To cooperate with regulatory bodies and government authorities, including but not limited to Trading Standards, The Competition and Markets Authority, and the Danish Consumer Ombudsman, in connection with investigations or case referrals
• To third parties in connection with enforcement of our Terms & Conditions and Guidelines
• To third parties in order for us to protect our operations or those of our affiliates
• To third parties in order for us to pursue available remedies, or limit damages that we may sustain
• To third parties in order for us to investigate, prevent or take action regarding suspected or actual prohibited activities, including but not limited to fraud and misuse of our Website
• To a third party in the event of any reorganization, merger, acquisition, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business or assets (including in connection with any bankruptcy or similar proceedings).
3 Data controller
3.1 Information for which we are the data controller
We are the data controller of the Master Data you enter to create and maintain your profile, which includes but is not limited to your name, password and email address, as well as the registration of your IP address.
We are also the data controller of the information which is disclosed to other services (see 2.3). UK’s data protection laws govern our collection of your data.
3.2 Information for which you are the data controller
You are the data controller for the content you choose to disclose on the Website, and for the personal data disclosed when you connect your Social Network profile(s) with your profile on the Website.
4 Links to websites
Our Website contains links to other websites. Our inclusion of such links does not imply that we endorse those websites. We do not control the content of those third party websites, and assume no responsibility for the third party or their policies or practices.
We encourage you to transaction the privacy policies for these third party websites because their procedures for collecting, handling and processing personal data will be different from ours.
5 Data processors and transfer of personal information outside the EU
We use external companies to maintain the technical operation of the Website and our services. These companies are data processors for the personal data for which we are the data controller. By accepting this Policy, you agree that we may also allow the data for which you are the data controller to be processed by these data processors.
We have data processing agreements in place with the data processors and it follows from these agreements that they must act solely in accordance with our instructions. By accepting this Policy, you authorize us to instruct the data processors to process data in accordance with the Policy and for the purposes of using the Website.
The data processors have taken reasonable technical and organizational measures to protect against the information being accidentally or illegally destroyed, becoming lost or deteriorating, and to protect against the information being disclosed to unauthorized persons, being misused, or in other ways being processed in violation of data protection laws.
On your request – and possibly in return for remuneration at the data processors' applicable hourly rates at any time for such work – the data processors must supply you with sufficient information to demonstrate that the above-mentioned technical and organizational safety measures have been taken.
Some of these data processors and third party services are located outside of the European Union, such as in the US. You consent to us using data processors in unsecure third countries provided that there is a legal framework governing the transfer of your personal data and ensuring adequate protection of it, for example if the data processor is part of the EU-US Privacy Shield framework.
6 Data retention
We keep the Master Data and other personal data you provide, including your transactions, for as long as you have an Account or as needed to provide you with our services. If you choose to delete your Account please note that all your transactions will also be deleted. We will delete this information upon your request and we will only save a log with the following information: your name, email address and the date of the deletion of your Account. We will keep the log for 3 years. All other information will be deleted.
If you only use our Website to open an account, we will retain your information and keep your Account open until you decide to close your Account. In some cases, even if you close your account, we then choose to retain certain information (e.g. visits to our Website) in an anonymized or aggregated form.
7 Security measures
We use reasonable organizational, technical and administrative measures to protect your personal information within our organization and we regularly audit our system for vulnerabilities. However, since the internet is not a 100% secure environment, we cannot ensure or warrant the security of the information you transmit to us. Emails sent via the Website may not be encrypted, and we therefore advise you not to include any confidential information in your emails to us.
To learn more about our current practices and policies regarding security and other information, please see ??. We are always working to improve our security practices and we will update this information as these practices evolve over time.
8.1 What types of Cookies do we use?
Cookies are small pieces of information that the Website places on your computer's hard disk, on your tablet or on your smartphone. Note that HTML5 introduced Web Storage that has a similar nature to Cookies, and that we therefore consider that as a Cookie in the following.
Cookies contain information that the Website uses to make the communication between you and your web browser more efficient. Cookies identify your computer or device rather than you as an individual user.
We use session cookies, persistent cookies, HTML5 sessionStorage and HTML5 localStorage session cookies and HTML5 sessionStorage objects are temporary in nature and are deleted when you exit your web browser. Persistent cookies are permanent in nature and are stored and remain on your computer until they are deleted. Persistent cookies expire or auto delete after a certain period of time, which is set per cookie, but are renewed each time you visit the Website. HTML5 localStorage objects are permanent in nature and remain on your computer until they are deleted.
• Generating statistics
• Measuring Website traffic such as the number of visits to the Website, which domains the visitors come from, which pages they visit on the Website and in which overall geographical areas the visitors are located.
• Monitoring Website performance and your use of our Website
• Monitoring the performance of the Website, our applications and how you use our Website, applications.
• Authentication and improving the functionality of our Website
• Optimizing your experience with the Website, which includes remembering your username and password when you return to the Website, and remembering information about your browser and preferences (e.g. which language you prefer).
• Quality assurance
• Ensuring the quality of transactions and to prevent misuse or irregularities in connection with writing transactions and using the Website.
• Targeted advertisements
8.3 Third party Cookies
Third party Cookies are set by third party websites – not our Website. When you visit our Website, the following third party Cookies may be set:
Facebook cookies, set when you log in to our Website with Facebook
Google cookies, set when you log in to our Website with Google
Google AdSense cookies, set when displaying relevant targeted advertisements on our Website. Some cookies may be set as DoubleClick, which is part of Google
8.4 Deletion of cookies
You can delete the cookies already on your device. You can typically delete cookies from the Privacy or History area, available from the Settings or Options menu in the browser. In most browsers, the same menu can be reached through the Ctrl+Shift+Del keyboard shortcut or Command+Shift+Del if you're on a Mac.
If you do not accept Cookies from our Website, you may experience inconvenience in your use of the Website, and you may be prevented from accessing some of its features.
9 Access and insights into the personal data we have about you
If you have an Account on GUAVAPAY, you can log in to your Account and see what information we have about you, including your transactions, and why we have that information.
If you don’t have an Account, you can email firstname.lastname@example.org and request information about your personal data. Upon receiving your request, we will let you know what personal information we have about you, how we collect the information, the purpose for which we process your personal data, and who we share your personal information with.
10 Download your personal data (data portability)
If you have a user profile on GUAVAPAY, you can download the personal data that you have provided to us, including your transactions. You can read more about how to download your personal data here.
11 Correction and deletion of your personal data
If any of the Master Data or other personal information that we have about you in our capacity as a data controller is incorrect or misleading, you can correct most of the information yourself via your Account. We recommend that you make any the correction(s) yourself. Otherwise, you are welcome to ask us to assist with correcting your information.
You may at any time correct or delete any content and personal information on the Website for which you are the data controller (see 3.2). If your personal information changes, or if you no longer wish to appear on the Website, you can update or delete the information by logging in to your Account.
If your Account is deleted, all the data associated with your Account will be deleted, including your Master Data and transactions on the Website.
We reserve the right to block access to your Account and/or delete it if the Account or the content associated with your Account or your transaction(s) on the Website is, in our assessment, discriminating, racist, sexually oriented, unethical, threatening, offensive, harassing or otherwise violates applicable laws, third party rights or our User Guidelines, or is inconsistent with the purpose of the Website. If we block access to or delete your Account, we will inform you of the reason for blocking or deleting your Account by sending an email to the address you provided when you created your Account.
12 Other rights
In addition to the rights set out above concerning your personal data, you also have the following rights:
You also have the right to object to the processing of your personal data and have the processing of your personal data restricted.
In particular, you have an unconditional right to object to the processing of your personal data for direct marketing purposes.
If our processing of your personal information is based on your consent, you have the right to withdraw your consent at any time. Your withdrawal will not affect the lawfulness of the processing of data carried out before you withdrew your consent. You may withdraw your consent by emailing us at email@example.com .
In some circumstances, these rights may be limited or conditional. For example, whether or not you have the right to data portability in a particular case depends on the specific circumstances of the processing activity.
13 Our Data Protection Officer
We have a Data Protection Officer (DPO). If you have any questions about the data processing activities performed by us, you are welcome to contact our DPO by email at: firstname.lastname@example.org
14 Changes to this Policy
We reserve the right to make changes to this Policy. The date shown at the start of this Policy indicates when it was last revised. If we make material changes to it, we will provide notice through our Website, or by other means, to give you the opportunity to transaction the changes before they come into effect. If you object to our changes, you can close your account. Your continued use of our Website after we publish or send a notice about the changes to the Policy will mean that you accept and agree to the updated Policy.
15 Contact information and where to send questions or complaints
If you have questions or concerns about our Policy, how we process your personal information, or would like us to correct your personal information, feel free to contact us at:
If contacting us does not resolve your complaint, you have further options, for example you may always lodge a complaint with a data protection supervisory authority, e.g. The Information Commissioner.
Our contact details are:
Website Complaints Policy
Guavapay Ltd’s complaint policy and procedure has been created to meet general standards and requirements and complies with standard complaint handling procedures, including the Financial Ombudsman Service (FOS) regulations.
The aim of this policy is to ensure that all customer complaints, either written or verbal, are handled in a consistent and regulated manner and that further complaint incidents are mitigated and where possible, prevented. Where a customer has cause to complain, the complaints handling procedure will be followed in every instance and a record will be made of the complaint nature and details to help improve our services and reduce the occurrence of similar complaints.
What is a complaint?
Guavapay adopts the following definition of a complaint for the purposes of this policy and as it appears in the Glossary to the FCA Handbook “any oral or written expression of dissatisfaction whether justified or not from, or on behalf of, a person about the provision of, or failure to provide, a financial service, a claims management service or a redress determination which alleges that the complainant has suffered (or may suffer) financial loss, material distress or material inconvenience”.
Negative feedback not requiring a resolution or a formal investigation do not constitute a complaint, although Guavapay values and welcomes all feedback.
Who is a complainant?
For the purposes of this policy, a complainant is a user of Guavapay’s services.
Guavapay will not accept complaints pertaining to relations between users or between a user and a third party. This policy only covers complaints pertaining to the lack of or poor execution of a payment services carried out by Guavapay.
Timing of complaints
All complaints received by Guavapay will be considered and responded to, regardless of how they are raised or what they refer to.
The Financial Ombudsman Service in the UK sets up time limits for referral of complaints. Any complaint made outside of those timelines will be automatically rejected and answered to with an email explaining the rationale for the rejection.
The time limits to raise a complaint with Guavapay are as follows:
- more than six (6) years following the issue resulting in the complaint,
- more than three (3) years of the complainant becoming aware (or should reasonably have become aware) that the complainant could have complained,
Additionally, complainants are expected to complain to the FOS within six (6) months of receiving Guavapay’s final response. Unless the complainants can show exceptional circumstances justifying the delay, any complaints made after this timeframe will be rejected by Guavapay.
How to make a complaint
To lodge a complaint, complainants must contact Guavapay either by email at email@example.com or by phone calling Guavapay’s customer support phone number: +[XXXXXXX]
At the request of the complainant, Guavapay will provide a PDF copy of its complaint handling procedure policy.
Guavapay will consider all complaints and the process will happen as follows:
- Payment Services / Electronic Money Complaints (PSD/EMD) investigation will be conducted within 1 week of the initial complaint being received, and final response sent in the form of a decision letter within 15 days from the initial contact.
- General Complaints investigation will be conducted within 6 weeks of the initial complaint being received, and final response sent in the form of a decision letter within 8 weeks from the initial contact.
All responses will always be provided in writing, unless the complainant makes a specific interest for an alternate form of communication, which will be provided in addition to the written format.
If Guavapay comes to the conclusion that another party is responsible for the issue resulting in the complaint, the complainant will be redirected to the relevant party.
Timing of response from Guavapay
Upon receipt of a complaint, Guavapay will endeavour to:
- acknowledge any complaint in a timely manner and no later than 3 working days,
- provide a final response within:
o fifteen (15) days for PSD/EMD. If a final conclusion cannot be reached within the 15 days timeframe, the complainant will be given a detailed explanation of the issue(s) and when a final response can be expected, which should not be later than thirty-five (35) days of the receipt of the initial complaint;
o eight (8) weeks for general complaints.
Content of Guavapay’s response
The final response from Guavapay will contain Guavapay’s findings further to the investigation and any decision regarding any action(s) to be taken or compensation awarded, which could be:
- acceptance of the complaint and if applicable, offer of redress or remedial action,
- rejection of the complaint and explanation.
Details of the complainant’s right to refer to or lodge the complaint with the appropriate body should the complainant be unhappy with Guavapay’s final decision. The relevant bodies are:
The Financial Ombudsman Service (FOS), the final response will detail the FOS’s telephone number mail and email addresses: The Financial Ombudsman Service, South Quay Plaza, 183 Marsh Wall, London E14 9SR, or online at https://www.financial-ombudsman.org.uk/contact-us/complain-online or by email or phone at firstname.lastname@example.org or +44 800 023 4567.
The complainant will be provided with the options for taking the matter further and that they have 6 months to log the complaint with the FOS.
The Information Commissions Office (ICO), for complaints related to personal data and/or breaches of the data protection laws and regulations, the final response will reiterate the complainants right to lodge a complaint with the ICO and will detail the ICO’s telephone number and website: +44 303 123 1113 and https://ico.org.uk/make-a-complaint/, along with the possibility of seeking a judicial remedy.
Guavapay will keep a record of all complaints and relevant data associated with them for a minimum of five (5) years after the resolution of the complaint.