Nuapay is the trading name of Sentenial Ltd. a company registered in England and with its head office at 1, Primrose Street, London, EC2A 2EX. Nuapay is an Authorised Payment Institution, licenced and regulated by the FCA in London.
Nuapay provides payment services to organisations including the provision of payment accounts.
From a data privacy standpoint, Nuapay acts as the data controller with regards to data specifically related to the identity and status of its customers and customers are the data controllers for all data relating to payments being processed through the system including any personal data relating to clients of a customer which may be required to complete a payment transaction.
Where the customer acts as the data controller, Nuapay acts as the data processor.
Nuapay Data Handling
Data Storage. Nuapay neither store nor transfer any personal data outside of the European Economic Area.
Data Sharing. Nuapay will share personal data with other companies within the Sentenial group of companies. Such transfers are carried out under strict contractual control and such transfers are only used for the provision of the services requested by the customer.
To fulfil the requirements of its licence, Nuapay may pass some data relating to customers to external service providers for the purpose of confirming the identity of the customer or for the provision of credit checking the customer.
Nuapay may from time to time be subject requests to share data with government bodies, regulators or law enforcement bodies to meet obligations under law.
Contact Details. Nuapay must be able to contact the customer as part of the provision of the service. To fulfil this requirement the names, e-mail address and telephone number of representatives of the customer will be held.
Identification and status. Nuapay has a statutory duty under various financial crime legislation to carry out identity checks on all customers prior to allowing any payments being processed. The data held is dependent on the structure of the organisation and may include personal data of the beneficial owners or controllers of the organisation including items such as date of birth and a government issued identity document. Proof of establishment of the organisation will also be collected and credit checks will also be carried out.
Such information is periodically refreshed as required by legislation.
User Details. The customer can create a number of authorised users of the system. Such users will be issued with security credentials that will identify them to the system. By way of example this could be a user name and password. These credentials are held by Nuapay generally in an encrypted form.
Data Retention. Nuapay is obliged to retain copies of this information for a period defined by the financial crime legislation of the country where the data is being processed. For customer data the legislation currently defines the retention period as starting from the time the agreement between the customer and Nuapay is terminated however this happens. Data is automatically deleted at the end of the statutory period.
Customer rights. Customers have rights to see all of their data held by Nuapay and to have any errors corrected. Copies of all data held is available from the Nuapay Customer Support team who can also correct any errors contained there within.
Data held. To process payments customers must provide Nuapay with sufficient information to enable a transaction to be completed. As a minimum this will included the counterparty’s payment account details and their name.
For some payment types customers may hold data relating to the permission the counterparty gave for making the payment, an example would be mandate information required for authorising direct debit transactions.
Data retention. Data relating to transactions is subject to financial crime law. Under these laws the data has to be retained for a period as defined by these laws. Data is automatically deleted at the end of the statutory period.
Client rights. Clients have a right to view data held about them and to have this corrected if wrong. The management of this process is the responsibility of the customer and tools are provided to the customer to support this requirement. Nuapay provides no mechanism for customer’s clients to directly request information from Nuapay.
It should be noted that the financial crime legislation will usually override client rights as given in data privacy laws.
Web site, marketing use and general usage
The usage made of the Nuapay web site is monitored to support the ongoing site development programme. No personal data is stored during this process.
Users of the web site can request a meeting with Nuapay personnel. To fulfil this request the user’s name and contact details will be captured and stored. Such data will not be used for any other purpose and will be deleted once the requested process has been completed.
Customers and potential customers can opt to receive news and feature articles from Nuapay. Contact details including names will be collected to enable the process to be completed, this data will not be used for any other purpose and will not be disclosed to any third party except where that third party is contracted to Nuapay to perform part of the required service. Facilities are provided to allow those who have opted to receive such material to unsubscribe at any time.