Privacy Policy

THEPAYMASTER PRIVACY POLICY STATEMENT

Our Commitment to Your Privacy

ThePaymaster is committed to protecting your privacy while delivering secure, transparent high-value paymaster payment services. As an innovative financial technology company handling significant transactions, we understand that trust is paramount. This policy demonstrates our commitment to protecting your personal data through industry-leading standards and innovative technology.

Core Principles

Our approach to privacy is built on six fundamental principles:

1. Data Minimisation

• We collect and process only data essential for our services
• We actively avoid collecting unnecessary information
• We regularly review our data collection practices
• We maintain a clear justification for all data we process

2. Purpose Limitation

• Every piece of data we collect has a clear, documented purpose
• We use data only for the purposes we’ve specified
• We obtain consent for any new uses of your data
• We maintain transparency about how we use your information

3. Storage Limitation

• We keep data only for as long as necessary
• We have defined retention periods with clear justification
• We securely delete data when no longer needed
• We regularly review our retention practices

4. Security by Design

• Privacy and security are embedded in all our processes
• We use advanced encryption for data protection
• We maintain strict access controls
• We regularly test and update our security measures

5. Transparency

• We communicate clearly about our data practices
• We provide detailed information about how we use your data
• We notify you of any changes to our privacy practices
• We maintain open channels for privacy questions

6. Rights Protection

• We ensure you can easily exercise your privacy rights
• We respond promptly to privacy requests
• We maintain clear procedures for handling privacy concerns
• We provide appeals processes for our decisions

Our Services and Your Data

ThePaymaster provides high-value paymaster payment services that require processing certain personal data. We handle your information with care and respect, ensuring compliance with the UK General Data Protection Regulation (GDPR) and related privacy laws.

Data We Process

We collect and process only the information necessary to:

• Verify identities and maintain security
• Process high-value paymaster payments
• Meet regulatory requirements
• Prevent fraud and financial crime
• Provide our core services

Video Call Recording

We record client video calls through Grain.com to enhance operational efficiency and maintain compliance standards. These recordings are:

• Stored securely for 12 months
• Accessible only to authorised personnel
• Used solely for verification and training purposes
• Deleted automatically after the retention period

You will always be notified before recording begins and can request access to or deletion of your recordings at any time.

Innovation and Privacy

As pioneers in blockchain-based paymaster services, we’ve developed innovative ways to protect your privacy while maintaining transaction transparency:

Transaction NFTs

• Optional for clients
• Contain minimal personal data
• Can be deleted on request
• Provide transparent verification

Data Separation

We maintain strict separation between:

• Public blockchain records (containing no personal data)
• Secure, encrypted personal information

Your Privacy Rights

You have the right to:

• Access your personal data
• Correct inaccurate information
• Request deletion of your data
• Restrict how we use your data
• Object to processing
• Receive your data in a portable format

We make exercising these rights straightforward and respond to all requests promptly.

Security Measures

We protect your data through:

• Advanced encryption
• Multi-factor authentication
• Regular security testing
• Strict access controls
• Continuous monitoring
• Staff training

Retention Periods

We retain different types of data for specific periods:

• Transaction records: 5 years (regulatory requirement)
• Video call recordings: 12 months
• KYC/AML verification data: 5 years
• Communication records: 2 years
• Technical logs: 6 months

All retention periods are regularly reviewed and updated based on legal requirements and business needs.

Third-Party Services

We work with trusted partners who maintain high data protection standards:

• Grain.com: Video call recording
• Sumsub: KYC and AML verification

All partners are contractually bound to protect your data and comply with relevant privacy laws.

Contact Us

For privacy matters, contact us at:

• Email: info@thepaymaster.co.uk
• Phone: +44 20 7088 8267
• Post: Data Protection Team, ThePaymaster Limited, 3rd Floor, 43 Upper Grosvenor Street, London W1K 2NJ

Updates

This policy was last updated: December 21st 2024

We review this policy regularly and will notify you of any significant changes.