Version 8 (July 2024)
Dojo is a trading name of Paymentsense Limited, Paymentsense Ireland Limited and WalkUp Limited. At Dojo, we are committed to respecting your privacy.
Personal data is any information which relates to an individual. This Privacy Policy outlines how and why we process personal data in connection with our payment services and on this website. This Privacy Policy does not apply to any non-personal data, such as purely business information in relation to companies.
Whenever we say ‘we’ in this Privacy Policy, we mean the relevant Dojo group company providing you with a product or service. That company is known as a data controller in relation to the relevant personal data processing activities.
Paymentsense Limited is the relevant data controller in relation to the activities covered in this Privacy Policy if you receive or apply for our payment services in the UK. Paymentsense Limited is registered with the Information Commissioner's Office (ICO), the data protection regulator in the UK, and its registration number is Z1683152.
Paymentsense Ireland Limited is the relevant data controller in relation to the activities covered in this Privacy Policy if you receive or apply for our payment services in Ireland or another EEA signatory state. Paymentsense Ireland Limited is regulated by the Irish Data Protection Commissioner (DPC), which is its lead supervisory authority in the EEA.
If you are a consumer using any of our consumer products and services, please see our Privacy Policy for Consumers, which describes how and why our group processes any personal data in respect of those products and services. For these services, WalkUp Limited is the relevant data controller.
In this Privacy Policy:
If you have any questions about this Privacy Policy or how we handle your data and privacy, please contact us at dataprotection@dojo.tech or by phone on 0800 103 2959 in the UK or 0818 021 090 in the EEA. You can contact us to exercise your rights by emailing dataprotection@dojo.tech. Our DPO is accessible from that inbox.
You have the right to make a complaint to the ICO (www.ico.org.uk) or or, if you are based in the EEA, the relevant supervisory authority for the signatory state in which you are based (https://www.edpb.europa.eu/about-edpb/about-edpb/members_en). We would, however, appreciate the chance to deal with your concerns in the first instance, so please contact us at dataprotection@dojo.tech or by phone on 0800 103 2959 in the UK or 0818 021 090 in the EEA.
This Privacy Policy applies to several categories of individuals whose personal data is processed in connection with the provision of our payment services and on this website:
In this Privacy Policy, ‘you’ refers to the relevant category of individual above, as the context requires.
Direct information
If you are a Sole Trader, Individual at a Partnership or Merchant Representative, you may provide information directly to us, for example by the way you communicate or do business with us, such as:
Indirect information
If you are a Sole Trader, Individual in a Partnership or Merchant Representative, we may also indirectly collect certain information, which may include:
If you are a Consumer, the information we require, and collect, to give effect to a transaction at a merchant, includes:
If you are a Consumer, we may also infer personal data about you based on: (i) the personal data that you have provided directly to us; and (ii) the personal data that we receive from third parties.
Technical and behavioural tracking information for Visitors
If you are a Visitor, we may generate certain information about your interactions.
This includes your IP address, location data, pages viewed on this and other websites, information which determines whether email communications (including embedded links within them) are opened, cookie identifiers, the types of devices you use to access or connect to our applications, unique device IDs, device attributes, network connection type and provider, network and device performance, browser type, operating system and application versions.
We use cookies and similar technologies on this website, which are outlined in greater detail here: https://dojo.tech/legal/cookies/. You can opt into ‘optional’ categories of cookies through our cookie banner or by following the ‘cookie preferences’ link at the footer of this website.
We use cookies and similar technologies to understand interactions with our marketing emails, so that we can tailor and improve those emails. These communications are aimed at Sole Traders, Individuals in a Partnership and Merchant Representatives. You can opt out of these communications at any time to object to this processing.
We use the information above and other information we may collect from time-to-time for various purposes and with various legal justifications (which are called ‘lawful bases’). Our lawful bases include:
We rarely rely on Consent to process your information, but there are certain circumstances where we ask for your Consent for related matters. For example, under ePrivacy law, we ask for your Consent to set cookies for non-essential purposes.
We may also need to use or share the information in the section above where we consider that there is a substantial public justification for doing so, such as to protect the integrity of the payments system or prevent and detect fraudulent or other criminal activities. We may not have to inform you of this.
We only need one lawful basis to process your information, but below we outline all relevant bases.
Sole Traders, Individuals in a Partnership, Merchant Representatives and Visitors
Why we use your information? | Lawful bases |
---|---|
To provide you with our products and services end-to-end | Legitimate Interests, Compliance with Law, Contract Performance |
To administer any account or registration you may have with us | Legitimate Interests, Compliance with Law, Contract Performance |
To carry out our obligations arising from any agreements we enter into with you | Contract Performance |
To ensure that any payment transaction at your location is carried out securely | Legitimate Interests, Compliance with Law |
To administer your participation in any competitions or prize draws we may run from time-to-time | Legitimate Interests, Contract Performance |
To provide you with service communications relating to our products and services | Legitimate Interests, Compliance with Law, Contract Performance |
To conduct market research and to communicate with you (via the use of surveys or by other means) about any comments, queries or feedback you might have about us, our products and services, our website or our applications | Legitimate Interests, Contract Performance |
To ensure that content on our website or in our applications is presented in the most effective manner for you and for your device | Legitimate Interests, Contract Performance |
To provide you with information about products and services we offer that we feel may interest you by post, telephone, SMS, email or via in-application notifications | Legitimate Interests, Consent (if relevant or an opt-out from consent under ePrivacy law) |
To administer our site and applications and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes | Legitimate Interests |
To keep our website or our applications safe and secure | Legitimate Interests, Contract Performance |
To measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you | Legitimate Interests |
To make suggestions and recommendations to you and other users of our website and our applications about goods or services that may interest you or them | Legitimate Interests |
To verify your identity as well as your personal and contact information | Legitimate Interests, Compliance with Law, Contract Performance |
To record and prove that payments or other transactions have been executed | Legitimate Interests, Compliance with Law, Contract Performance |
To initiate, exercise and defend any legal claim or collection procedure | Legitimate Interests, Compliance with Law, Contract Performance |
To conduct compliance procedures | Legitimate Interests, Contract Performance |
To prevent misuse of our products and services | Legitimate Interests, Compliance with Law |
To carry out risk management and fraud prevention processes | Legitimate Interests, Compliance with Law |
To comply with applicable KYB/KYC, AML, book-keeping and capital adequacy laws and to report to tax authorities and other relevant law enforcement, regulatory or supervisory agencies | Legitimate Interests, Compliance with Law |
To communicate with you in relation to our products and services | Legitimate Interests |
To keep records and analyse common issues and topics raised by customers | Legitimate Interests |
To gather valuable information and conduct analysis to improve our service to you | Legitimate Interests |
To improve our customer service and other internal capabilities and enhance your customer experience | Legitimate Interests |
To conduct internal investigations in relation to fraud and security matters | Legitimate Interests |
Consumers
Why we use your information? | Lawful bases |
---|---|
To process a payment made by you via our products and services using your card or any other means of payment available from time to time. | Legitimate Interests, Compliance with Law |
To ensure that any payment transaction you make is carried out in a secure manner and mitigate the risk of fraud or any other criminal activity (including any related investigations). | Legitimate Interests, Compliance with Laws |
To enable our merchant to fulfil your order and mitigate the risk of fraud and other criminal activities. The personal data may also be processed when handling potential complaints and disputes | Legitimate Interests, Compliance with Laws |
To provide you with a receipt | Legitimate Interests, Compliance with Laws |
To analyse consumer spending and related transaction behaviour, and improve and develop our products and services | Legitimate Interests |
To provide our “loyalty” product to you | Consent |
Aggregated/Anonymised Datasets
In connection with our analysis of certain data sets (including consumer spending and related transaction behaviour), we may, from time to time, use personal data to create aggregated and/or anonymised datasets which we may use for our own purposes or make available to third parties.
We may also share your information with the following third parties.
Companies in our corporate group | Dojo is a corporate group of several companies, so we may share your information within our group in ordinary course of business.If you receive services in Ireland or another EEA signatory state, then Paymentsense Ireland Limited (your data controller and service provider) outsources elements of its operations to Paymentsense Limited, so must share your information with Paymentsense Limited. |
---|---|
Suppliers and subcontractors | We engage various suppliers and subcontractors (including contingent workers) to help us to provide our products and services and may share your information with them. This includes the following categories: - Technology service providers, which support us in providing elements of our service. In particular, we engage certain providers to enable us to conduct analysis of common customer issues and topics to enhance customer experience, improving our customer service response and engagement capabilities. - AML and KYC service providers, which support us in meeting our legal and regulatory obligations in relation to our customers and the proper functioning of the financial services sector. - Logistics providers, which support us in the fulfilment of the provision and return of hardware. - Customer support providers, who support us in supporting our merchants in relation to our products and services. - Strategic advisers, ratings agencies, auditors and accountants, lawyers and other professional advisers, who support us in relation to better understanding our business, achieving and developing our corporate and commercial goals and meeting our obligations. We also engage a range of additional suppliers in the ordinary course of our business, including communication, marketing, acquiring, PCI compliance and collections providers. |
Financial service, card scheme and payments partners | We partner with a range of financial service, card scheme and payments partners in the end-to-end merchant acquiring space, which enable us to provide our services properly and securely. This includes sharing where to do so is necessary to operate the Visa, Mastercard, American Express and Discover Financial Services card schemes. In each case, your information may be shared within the corporate groups of each card scheme. |
Product partners | We partner with certain third parties to provide complementary products and services to you or products offered under our brand, such as the merchant cash advance product offered under our brand by YouLend. |
Credit reference agencies and identity checking partners | When processing an application, we will carry out credit and identity checks with one or more credit reference agencies or identity checking partner, which, if you are a Sole Trader, Individual in a Partnership or Merchant Representative, this may include information on you.In relation to credit reference agencies, we will give them your information and they will give us information about you. If you are rejected and not permitted to obtain our products and services, we may share this information and we may make it difficult for you to get credit in the future.We will also continue to exchange information of Sole Traders and Individuals in a Partnership with credit reference agencies during the business relationship. The credit reference agencies may also share this information with other third parties to make their own credit decisions.You can contact credit reference agencies directly below. Any use of your information independently by a credit reference agency is subject to the relevant agency’s ‘credit reference agency information notice’. In the UK, the relevant notices are: TransUnion: http://transunion.co.uk/crain Equifax plc: http://equifax.co.uk/crain Experian: http://experian.co.uk/crain If you are based in an EEA signatory state, the relevant processing will be carried out by an equivalent or similar credit reference agency. Please contact us if you would like us to direct you to the relevant agency’s notice. |
Fraud prevention agencies | When applying for any of our payments services, we undertake checks for the purposes of preventing fraud and money laundering and identity verification. Where we do so, we may share certain of the information listed in section 4 with fraud prevention agencies. We and fraud prevention agencies may also enable law enforcement agencies to access and use your information to detect, investigate and prevent crime. We provide context on our lawful bases in section 5. Fraud prevention agencies can hold your information for different periods of time, and if you are considered to pose a fraud or money laundering risk, your information can be held for up to six years (or longer, subject to local law) by a fraud prevention agency. For information on how we calculate our own retention periods, see section 6. If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financing you have requested, or to employ you, or we may stop providing existing services to you. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. You can contact fraud prevention agencies directly. Any use of your information independently by a fraud prevention agency is subject to the relevant agency’s privacy policy. In the UK, please seeCIFAS: http://cifas.org.uk/fpn If you are based in an EEA signatory state, the relevant processing will be carried out by an equivalent or similar fraud prevention agency, which you can contact directly. Please contact us if you would like us to direct you to the relevant agency’s notice. |
Analytics partners | We partner with analytics service providers, who support us in improving and optimising our websites, applications and other technology we offer. |
Advertising partners | We partner with advertising providers to serve you relevant advertisements in relation to our products and services. In order to collect information about your activities to tailor those advertisements, we set cookies (with your consent, which you can remove at any time through the functionality on this website).Further information about how we use this information can be found above at ‘Technical and behavioural tracking information’. |
User experience, service design and market research agencies | We partner with user experience, service design and market research agencies which assist us with the improvement and optimisation of our products and services, along with other market research projects. |
Payment Consultants (PCs) | PCs are our self-employed field sales force, which refer sales leads to us. We partner with PCs so that they can support us in managing your account or to offer you add-on services. |
Referral partners | We partner with referral partners, who refer potential prospects to us. If you are a prospect and become a merchant, then we may share limited information about you to the referral partner during our business relationship. In some cases, you will also be a customer of the referral partner in relation to complementary products and services. |
We may also disclose your information to third parties:
We ensure that we keep information for as long as is needed for the purpose for which we obtained it. We consider on a case-by-case basis as to the appropriate retention period for your information.
Sometimes we are subject to a legal or regulatory requirement which means that we need to retain your information for a set period of time, such as in relation to customer records (which we keep for the entirety of each customer’s relationship with us and for a period after that, as required under the laws of the jurisdiction in which we provide services to you).
If you are rejected, we will retain information relating to your application after the rejection. We may also collect information from credit reference agencies and fraud prevention agencies in relation to rejected applications. We do this for legitimate business purposes, to help prevent fraud and financial crime and for other legal and regulatory reasons.
You have several rights under data protection laws. Some of these rights are subject to exceptions. You can exercise your rights through the details above.
Right to be informed | You have a right to be told about how and why we process your information. We do that through this Privacy Policy and other information we may make available. |
---|---|
Right to access | You have a right to access that information we hold on you. This right does not extend to accessing information on other people or businesses. |
Right to deletion | You have a right to have information about you deleted or erased, unless an exception applies. In some cases, we need to retain information due to legal or regulatory requirements. This is also known as the ‘right to be forgotten’. |
Right to restrict | You have a right to restrict how we use your information in certain circumstances, such as where you think it is inaccurate. |
Right to portability | You have a right to receive your information in a structured, commonly-used and machine-readable format or have it shared with another data controller if we process your information based on Consent or Contract Performance. |
Right to object | You have a right to object to the processing of your information based on Legitimate Interests, except where we have ‘compelling interests’ which override that. An example would be where we consider the processing necessary to ensure the safety of the financial services sector. |
Right to withdraw your consent | You have a right to withdraw your Consent at any time if we rely on this as our legal basis. If you do this, we will stop further processing the relevant information on that basis, but may rely on another basis. We do not routinely rely on Consent for any processing activity, except where we need to under ePrivacy law (in relation to cookies and certain electronic marketing activities). |
Right to not be subject to an automated decisions without human intervention which have certain effects | You have a right not to be subject to automated decisions which have ‘legal effects’ or ‘similarly significantly affect’ you (such as the denial of a financial service), if a human does not intervene in that decision. |
We have in place a level of security appropriate to the nature of the information we process and the harm that might result from a breach of security. Your information is stored on our secure servers. The transmission of any payment transactions will be encrypted using TLS technology.
All environments that are used in the processing, storage or transmission of payment card details are PCI DSS compliant and, as a Level 1 Service Provider, our compliance is assessed by an independent Qualified Security Assessor (QSA) on an annual basis.
If you think your password or any other aspect of your account has become compromised, please inform us immediately at dataprotection@dojo.tech or by phone on 0800 103 2959 in the UK or 0818 021 090 in the EEA.
If a third party processes your information on our instruction they are likely to be a data processor. An example of this will be in relation to our suppliers of IT and marketing services. In such cases, we only share your information for purposes that are compatible with the reasons contained in this Privacy Policy. All data processors are subject to written agreements that ensure we retain control over how that information is used.
If a third party is considered to be a data controller, we are not able to dictate how that third party will process the data that has been provided. Examples of common third party data controllers are credit rating agencies and financial institutions. In such cases, the data protection policies of the third party data controller will apply.
This and our other website feature third party advertising which provides links to and from third party websites. If you follow a link to any of these third party websites, you should be aware that these websites have their own privacy policies and the operators of those websites will handle your information in accordance with their privacy policies. We have no control over such third-parties or their websites or privacy policies.
Our core data and information processing takes place in either the UK or an EEA signatory state. However, like most businesses, we engage some suppliers and partners based outside of the UK or the EEA. In these cases, we may need to export your data to another country outside of the UK or the EEA. Where that is the case, we ensure that the relevant transfer is made in accordance with applicable law. The main ways we do this are where:
We do not knowingly collect information from individuals who are under the age of 16 in the UK and 18 in the EEA. If you are, then please do not apply to any of our payment and related services. If you have already done so, please contact us.
AML means anti-money laundering.
CTF means counter-terrorism financing.
Data controller means a person who determines how and why personal data is processed.
Data processor means a person who processes personal data on behalf of a data controller.
EEA means the European Economic Area.
ePrivacy law means the law relating to electronic communications, including the use of cookies and similar technologies and the sending of email marketing messages.
KYB means know-your-business.
KYC means know-your-customer.
PC means a Dojo payment consultant who supports us in selling our payment services.
Personal data means any information relating to an identified or identifiable individual.
UK means United Kingdom.