Data protection

All data as provided by you is collected exclusively by Masterpayment. If your data has to be made accessible to selected service providers for certain procedures (e.g. payment transactions), those third parties are always under an obligation of secrecy.

For reasons of data protection, your personal data may never be sold or lent or otherwise passed on to third parties without your prior agreement. However, in order to support the investigation of internet fraud or manipulation, we may in the context of any such suspicions pass on the data stored by us to authorities or other third parties concerned with the investigation thereof. The company does of course fulfil the applicable statutory provisions in the context of the collection and processing of personal information.

Masterpayment complies with the the following Key Principles according to the Data Protection Act 1998 (DPA) and the Privacy and Electronic Communications (EC Directive) Regulations 2003.

  • Data are only used for the specific purposes for which it was collected.
  • Data are not disclosed to other parties without the consent of the individual whom it is about, unless there is legislation or other overriding legitimate reason to share the information (for example, the prevention or detection of crime). It is an offence for Other Parties to obtain this personal data without authorisation.
  • Individuals have a right of access to the information held about them, subject to certain exceptions (for example, information held for the prevention or detection of crime).
  • Personal information will be kept for no longer than is necessary and must be kept up to date.
  • Personal information may not be sent outside the European Economic Area unless the individual whom it is about has consented or adequate protection is in place, for example by the use of a prescribed form of contract to govern the transmission of the data.
  • Masterpayment has registered with the Information Commissioner's Office.
  • Masterpayment has adequate security measures in place. Those include technical measures (such as firewalls) and organisational measures (such as staff training).
  • Subjects have the right to have factually incorrect information corrected (note: this does not extend to matters of opinion).

Anonymised or aggregated data is not regulated by the Act, providing the anonymisation or aggregation has not been done in a reversible way. Individuals can be identified by various means including their name and address, telephone number or Email address. The Act applies only to data which is held, or intended to be held, on computers ("equipment operating automatically in response to instructions given for that purpose"), or held in a "relevant filing system".

According to the Data Protection Act following rights are created for those who have their data stored:

  • View the data Masterpayment holds on them. No fees, such as 'subject access fee, are applied.
  • Request that incorrect information be corrected. If the Masterpayment ignores the request, a court can order the data to be corrected or destroyed, and in some cases compensation can be awarded.
  • Require that data is not used in any way that may potentially cause damage or distress.
  • Require that their data is not used for direct marketing.

Personal data are dealt with in compliance with following principles

  1. Personal data are processed fairly and lawfully
  2. Personal data are obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
  3. Personal data are adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
  4. Personal data are accurate and, where necessary, kept up to date.
  5. Personal data processed for any purpose or purposes are not kept for longer than is necessary for that purpose or those purposes.
  6. Personal data are processed in accordance with the rights of data subjects under this Act.
  7. Appropriate technical and organisational measures are taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
  8. Personal data are not transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

Following conditions are applicable to the data dealt with:

  1. The data subject (the person whose data is stored) has consented ("given their permission") to the processing;
  2. Processing is necessary for the performance of, or commencing, a contract;
  3. Processing is required under a legal obligation (other than one stated in the contract);
  4. Processing is necessary to protect the vital interests of the data subject;
  5. Processing is necessary in order to pursue the legitimate interests of the "data controller" or "third parties" (unless it could unjustifiably prejudice the interests of the data subject).

Sensitive personal data are processed according to a stricter set of conditions, in particular as the consent is explicit.

Exceptions

  • Section 28 - National security. Any processing for the purpose of safeguarding national security are exempt from all the data protection principles, as well as Part II (subject access rights), Part III (notification), Part V (enforcement), and Section 55 (Unlawful obtaining of personal data).
  • Section 29 - Crime and taxation. Data processed for the prevention or detection of crime, the apprehension or prosecution of offenders, or the assessment or collection of taxes are exempt from the first data protection principle.
  • Section 36 - Domestic purposes. Processing by an individual only for the purposes of that individual's personal, family or household affairs is exempt from all the data protection principles, as well as Part II (subject access rights) and Part III (notification).

Offences

For certain civil and criminal offences Masterpayment shall be liable if Masterpayment has failed to gain appropriate consent from a data subject.