Please note that we rely on legitimate interests as the basis for processing your data in the limited circumstances set out below:
We gather three types of information about users through the Site:
1. Information relating to your use of our Site. When users come to our Site, we may track, collect and aggregate information indicating, among other things, which pages of our Site were visited, the order in which they were visited, when they were visited, and which hyperlinks were "clicked." We also collect information from the URLs from which you linked to our Site. Collecting such information may involve logging the IP address, operating system and browser software used by each user of the Site. We may be able to determine from an IP address a user’s Internet Service Provider and the geographic location of his or her point of connectivity.
3. Information to help us deliver our service to you. We work closely with third parties in order to help us deliver our Service to you. These third parties are business partners (such as those we partner with to offer Loyalty points like Avios), sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies, fraud prevention agencies, customer service providers and developers. Information we may collect about you from such parties can include credit search information, information which helps us to verify your identity or information relating to your payment transactions.
1. Information relating to your use of our Site. We use information relating to your use of the Site to build higher quality, more useful services by performing statistical analyses of the collective characteristics and behavior of our users, and by measuring demographics and interests regarding specific areas of our Site. We may also use this information to ensure the security of our services and the Site.
We will disclose the data we collect from you to certain third parties who use personal data in delivering their services to us, they use data securely and confidentially and under strict contractual controls in accordance with data protection laws and enforced by Midpoint.
We send personal identifiable information to the following sets of data processors in order to perform the Midpoint payments services:
In order to provide a unified service across all of our products and services, we may disclose your personal information to any member of Midpoint Holdings Ltd, which means any of our subsidiaries or related entities. Companies in the Midpoint will be acting as joint controllers or processors in order to provide the payment services.
We may also disclose your personal information in the following circumstances:
Accessing information about you: You may access information held about you. Your right of access can be exercised as follows:
Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you. If you require this, then please reach out to the Midpoint team via the Livechat function.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us. If you require this, then please reach out to the Midpoint team via the Livechat chat function.
Deleting your information: Generally, we will store your information for five years but in certain circumstances, including through regulatory requirements, we may have to store this for a longer period.
You may request that we delete your information and we will do so but:
Objecting to or restricting use of your information: You can ask us to stop using all or some of your information or to limit our use of it. We will do so but only if we do not need to retain or use it for any of the matters set out in the section “How We use the Information” In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights. As an FCA authorised firm, Midpoint is under certain obligations to process and retain certain data for compliance purposes.
Data Portability: We will provide to you, your personal data in a structured, commonly used, machine-readable format, which you can then transfer to an applicable third party. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide the payment services to you. We will advise you if this is the case at the time you withdraw your consent.
If you reside or are located in the EEA, we keep your Personally Identifiable Information for no longer than necessary for the purposes for which the Personally Identifiable Information is processed. The length of time we retain Personally Identifiable Information for depends on the purposes for which we collect and use it and/or as required to comply with applicable laws and to establish, exercise or defend our legal rights.
Midpoint is obligated under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (SI 2017/692) to retain personal data about you and your transactional information for a period of five years. Also, as an authorised payment institution, we are required by law to maintain relevant records and keep them for at least five years from the date on which the record was created.
If you have any privacy-related questions, suggestions, unresolved problems, or complaints you may contact us via firstname.lastname@example.org
If you reside or are located in the EEA, our Data Protection Officer and Privacy Team may assist with all queries regarding our processing of Personally Identifiable at email@example.com.
If you reside or are located in the EEA, you may also make a complaint to our supervisory body for data protection matters (namely the UK Information Commissioner's Office) or seek a remedy through local courts if you believe that your rights have been breached.
Toll Free UK: 0800 211 8620
Intl: +44 20 7448 3082
26 Finsbury Square London EC2A 1DS United Kingdom
Operating hours: Mon – Fri 08:00 – 18:00 UTC