Please note that we rely on legitimate interests as the basis for processing your data in the limited circumstances set out below:
2. Personally identifiable information (PII) provided directly by you. We collect PII that you provide to us when you register for an account, update or change information for your account, sign-up for email updates or online courses, send us email messages and/or participate in other services on our site. We may use the PII that you provide to respond to your questions, provide you the specific course and/or services you select, send you updates about transactional information, and send you email messages about site maintenance or updates.
3. Information to help us deliver our service to you. We work closely with third parties in order to help us deliver our service to you. These third parties are business partners (such as those we partner with to offer loyalty points like Avios), sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies, fraud prevention agencies, customer service providers and developers. Information we may collect about you from such parties can include credit search information, information which helps us to verify your identity or information relating to your payment transactions.Other additional information that we may collect:
1. Information relating to your use of our site. We use information relating to your use of the site to build higher quality, more useful services by performing statistical analyses of the collective characteristics and behavior of our users and by measuring demographics and interests regarding specific areas of our site. We may also use this information to ensure the security of our services and the site.
We will disclose the data we collect from you to certain third parties who use personal data in delivering their services to us, they use data securely and confidentially and under strict contractual controls in accordance with data protection laws and enforced by Midpoint.We send Personal Identifiable Information to the following sets of data processors in order to perform the Midpoint payments services:
In order to provide a unified service across all of our products and services, we may disclose your personal information to any member of Midpoint Holdings Ltd, which means any of our subsidiaries or related entities. Companies in the Midpoint will be acting as joint controllers or processors in order to provide the payment services.We may also disclose your personal information in the following circumstances:
Accessing information about you. You may access information held about you;Your right of access can be exercised as follows:
Request access to your personal data (commonly known as a "data subject access request": This enables you to receive a copy of the personal data we hold about you. If you require this, then please reach out to the Midpoint team via the Livechat function.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us. If you require this, then please reach out to the Midpoint team via the Livechat chat function.
Deleting your information: Generally, we will store your information for five years but in certain circumstances, including through regulatory requirements, we may have to store this for a longer period.Should you wish for your information to be deleted, this can be done. However, please note the circumstances in which it is possible:
Objecting to or restricting use of your information: You can ask us to stop using all or some of your information or to limit our use of it. We will do so but only if we do not need to retain or use it for any of the matters set out in the section "How We use the Information" In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights. As an FCA authorised firm, Midpoint is under certain obligations to process and retain certain data for compliance purposes.
Data Portability: We will provide your personal data in a structured, commonly-used, machine-readable format, which can be transferred easily should you wish to send them to a third party. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide the payment services to you. We will advise you if this is the case at the time you withdraw your consent.
If you reside or are located in the EEA, we keep your Personally Identifiable Information for no longer than necessary for the purposes for which the Personally Identifiable Information is processed. The length of time we retain Personally Identifiable Information for depends on the purposes for which we collect and use it and/or as required to comply with applicable laws and to establish, exercise or defend our legal rights.
Midpoint is obligated under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (SI 2017/692) to retain personal data about you and your transactional information for a period of five years. Also, as an authorised payment institution, we are required by law to maintain relevant records and keep them for at least five years from the date on which the record was created.
If you have any privacy-related questions, suggestions, unresolved problems, or complaints, please contact us at email@example.com.
If you reside or are located in the EEA, our Data Protection Officer and Privacy Team can assist with all queries regarding our processing of Personally Identifiable Information at firstname.lastname@example.org.
If you reside or are located in the EEA, you may also make a complaint to our supervisory body for data protection matters (namely the UK Information Commissioner's Office) or seek a remedy through local courts if you believe that your rights have been breached.