The Control Portal is operated by Littlepay Limited and its affiliates (“Littlepay”, “we” or “us”).
What data do we collect and process?
When you use the Control Portal, we may collect, use, store and transfer the following personal data:
Personal data collected from Control Portal users. We will ask you to provide us with personal data such as your email address in order to provide you with access to the Control Portal.
Device Identifiers and Usage Data. We collect certain standard information that is automatically sent by your browser to the Control Portal. This includes technical information about your device, such as your IP address, browser type, device identifiers, operating system, language, time zone setting, access times and any referring website addresses, as well as usage information, such as what pages you visit, time spent on each page, and URLs.
Other data you provide to us. We may collect any other data you choose to provide to us when you interact with us, such as when you send us an email or request technical support. This may include your name, contact details, and any other information you provide when communicating with us.
What do we use this data for?
We use your data to:
- Fulfil our contractual obligations to our Merchant.
- Comply with our legal and regulatory requirements and obligations.
- Market, advertise and promote our services.
- Contact and communicate with you in connection with the provision of our services or where you have got in touch with us.
- Conduct analytics and carry out market research.
- Perform other business-related purposes, including negotiating, concluding and performing contracts, managing accounts and records, supporting corporate social responsibility activities, legal, regulatory and internal investigations.
Legal basis for processing your data
Our legal basis for processing your data under applicable data protection laws are:
- Your consent: In certain circumstances (e.g., for direct marketing, advertising and promotional purposes), we may request your consent to process your personal data. In such cases, consent will be collected in accordance with applicable legal requirements. Where we rely on consent as a legal basis to process your personal data you have a right to withdraw consent at any time by contacting us.
- Contract: the processing is necessary in order for us to fulfil our contract with the Merchant to provide payment processing services. Where we need to collect your personal data in order to fulfil our contract with you and you fail to provide the data where requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel the payment processing services to which you have subscribed or are seeking to subscribe.
- Legal obligation: the processing is necessary for our legal compliance.
- Legitimate interests: Where processing is necessary for Littlepay’s legitimate interests (to the extent your rights and interests do not override our legitimate interests), which may include one or more of the following:
- running our business;
- developing our products and services and growing our business;
- improving the Control Portal and/or our website and keeping it up to date and relevant;
- provision of internal administration and IT services;
- keeping our records up to date; and
- securing our network and systems.
Who do we share your data with?
We share your data in the following circumstances:
- People within our organisation who have a ‘need to know’ that data for business or legal reasons, for example in order to carry out an administrative function.
- With any entity within the Littlepay group of companies worldwide, as we operate internationally.
- With service providers performing services on our behalf, and our professional and legal advisors, as necessary for the running of our business.
- With third parties who provide us with fraud prevention and detection and security services.
- With law enforcement or other governmental authorities, e.g. to report a fraud or in response to a lawful request or to comply with a lawful obligation.
- With third parties in the event that we sell, buy or merge any business or assets, including to the prospective seller or buyer of such business or assets.
- Otherwise where we have your consent or are otherwise legally permitted to do so.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Storage and Retention
If you are a resident of the European Economic Area (“EEA”) or United Kingdom (“UK”), when we transfer data outside the EEA/UK (as applicable) we will, as required by applicable law, ensure that your privacy rights are adequately protected by: (i) only transferring your personal data to countries that have been deemed to provide an adequate level or protection for personal data, or (ii) appropriate safeguards, such as the EU’s standard contractual clauses (or such other data transferring clauses or safeguards that may be approved by the relevant data protection supervisory authority from time to time). Please contact us at firstname.lastname@example.org if you would like more information about these safeguards.
We will keep your data for as long as we need it for the purposes set out above, and so this period will vary depending on your interactions with us. Where we no longer have a need to keep your information, we will delete it. Please note that where you unsubscribe from our marketing communications, we will keep a record of your email address to ensure we do not send you marketing emails in future.
Your rights and choices
Depending on your jurisdiction of residence, you may, under certain circumstances have certain rights in respect of your data, including:
- the right to access your personal data;
- the right to request the correction of your personal data;
- the right to request the erasure of your data;
- the right to request the restriction of your personal data;
- the right to withdraw consent to the processing of your personal data; and
- the right to request the transfer of your personal data.
You may also, in certain circumstances, have the right to object to your data being used for certain purposes, including to send you marketing. See ‘Marketing’ below, for more details of how to opt-out of marketing.
We will comply with any requests to exercise your rights in accordance with applicable law. Please be aware, however, that there are a number of limitations to these rights, and there may be circumstances where we are not able to comply with your request. To make any requests regarding your data, or if you have any questions or concerns regarding your data, you should contact us using the details below.
If you are a resident of the EEA or the UK and have a complaint regarding our processing of data, you are entitled to contact your supervisory authority for data protection. However, where possible, we would appreciate the opportunity to deal with your concerns before you approach the supervisory authority, so we ask that you please contact us in the first instance.
If you are a resident of California in the United States, please see our California privacy notice below.
Depending on your relationship with us, we may send you marketing from time to time. Where you are a customer or partner, we may send such marketing communications on the basis of our legitimate interests. If you have no pre-existing relationship with us, we will seek your consent to send you marketing communications.
If you would no longer like to hear from us, please use the details provided in the marketing communication to unsubscribe or contact us at email@example.com with the subject line “Unsubscribe.”
VeraSafe has been appointed as Littlepay’s representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. If you are in the European Economic Area, VeraSafe can be contacted in addition to Littlepay, only on matters related to the processing of personal data.
To make such an enquiry, please contact VeraSafe using this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +420 228 881 031. Alternatively, VeraSafe can be contacted at: VeraSafe Ireland Ltd. Unit 3D North Point House, North Point Business Park, New Mallow Road, Cork, T23AT2P, Ireland.
California Privacy Notice
This section provides additional details about the personal information (as that term is defined in the California Consumer Privacy Act (CCPA)) we collect about California consumers, as well as requests California consumers can make regarding their personal information.
Please note that this section applies only to information that Littlepay controls as a “business.” Where Littlepay processes your information on behalf of a Merchant as a “service provider,” you must contact the Merchant to learn more about your rights with respect to your personal information.
How We Collect, Use, and Disclose your Personal Information. The “What data do we collect?” section above describes the categories of personal information we may collect. We collect this information for the purposes described in the “What do we use this data for?” section, and we share this information as described in the “Who do we share this personal data with?” section.
Requests About Your Personal Information. California consumers can make the following requests with respect to their personal information:
- A list of the categories of personal information we have collected about you, as well as the sources of that information, the purposes for which we collected it, and the categories of third parties with whom we share it;
- The specific pieces of information we have collected about you;
- Deletion of the personal information we have collected from you (subject to exceptions under applicable law).
Please note that we will need to request information to verify your identity before responding to your request.
Sale of Information. Littlepay does not “sell” (as such term is defined in the CCPA) information about consumers within the meaning of the CCPA.
Shine the Light. The California “Shine the Light” law gives residents of California the right under certain circumstances to request information from us regarding the manner in which we share certain categories of personal information (as defined in the Shine the Light law) with third parties for their direct marketing purposes. We do not share your personal information with third parties for their own direct marketing purposes.