Welcome to the Atoa Pay Privacy Policy. It tells you how Atoa collects, and processes data received from you when you use Atoa Pay App that is designed to help you to make payments in-store, pay friends across any UK Bank without sharing Bank Account Details and split bill with friends. For information about how we process personal data when you interact with our website, please see our Website Privacy Policy available here. For information about how we process personal data when you use our Atoa Business app, please click on this link. Please read the following carefully to understand our views and practices regarding your personal data and how we will protect it. Please also read our Terms and Conditions carefully.
If you have any comments on this privacy policy, please email them to legal@paywithatoa.co.uk.
Consent to installation of the app
Under data protection laws, we are required to provide you with certain information about who we are, how we process your personal data and for what purposes, and your rights in relation to your personal data. This information is provided here and it is important that you read that information.
Before installation of this App, please indicate your consent to our processing of your personal data (including your name, contact details, financial and device information) as described in the policy.
YES I consent to the installation of the App for the purposes of making in-store payments and sending/receiving payments with family/friends.
NO I do not consent to the installation of the App.
How do you withdraw consent
Once you provide consent by selecting "YES", you may change your mind and withdraw consent at any time by contacting us (hello@paywithatoa.co.uk) but that will not affect the lawfulness of any processing carried out before you withdraw your consent.
Consent to processing Location Data
YES I consent to processing of my Location Data (including details of my current location disclosed by GPS technology so that location-enabled Services are activated to aid in the protection of users against unauthorised access by other parties and for provision of location-based offers and promotions.
NO I do not consent to processing of my Location Data and location-enabled Services are disabled in my settings.
Location Data
Atoa (we) are committed to protecting your personal data and respecting your privacy.
Introduction
This policy, together our Terms of Use applies to your use of:
- Atoa Pay mobile application software (App) available on App Store or Google Play Store and also hosted on https://apps.apple.com/gb/app/atoa-pay/id1629295721 and https://play.google.com/store/apps/details?id=com.atoa.paywithatoa&hl=en&gl=US&pli=1 (App Site), once you have downloaded or streamed a copy of the App onto your mobile telephone or handheld device (Device).
- Any of the services accessible through the App (Services) that are available on the App Site or other sites of ours (Services Sites). This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. This App is not intended for children and we do not knowingly collect data relating to children. Please read the following carefully to understand our practices regarding your personal data and how we will treat it.
Important Information and Who We Are
Atoa Payments Limited is the controller and is responsible for your personal data (collectively referred to as "Company", "we", "us" or "our" in this policy).
We have appointed a data privacy manager. If you have any questions about this privacy policy, please contact them using the details set out below.
Contact Details
Our full details are:
- Full Name of Legal Entity: Atoa Payments Limited
- Title of Data Privacy Manager: Chief Operating Officer
- Email Address: legal@paywithatoa.co.uk
- Postal Address: 85 Great Portland Street, First Floor, London W1W 7LT
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK regulator for data protection issues.
Changes to the privacy policy and your duty to inform us of changes
We keep our privacy policy under regular review.
This version was last updated on March 31, 2023. It may change and if it does, these changes will be posted on this page and, where appropriate, notified to you when you next log into your app or log onto one of the Services Sites. The new policy may be displayed on-screen and you may be required to read and accept the changes to continue your use of the App or the Services.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during our relationship with you.
Third Party Links
Our Sites may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. Please note that these websites and any services that may be accessible through them have their own privacy policies and that we do not accept any responsibility or liability for these policies or for any personal data that may be collected through these websites or services, such as Contact and Location Data. Please check these policies before you submit any personal data to these websites or use these services.
The Data We Collect About You
We may collect, use, store and transfer different kinds of personal data about you as follows:
- Identity Data: first name, last name, username or similar identifier, title, date of birth, gender.
- Contact Data: billing address, delivery address, email address and telephone numbers.
- Financial Data: bank account details.
- Transaction Data: includes details about payments to and from you and details of in-App purchases.
- Device Data: includes the type of mobile device you use, a unique device identifier (for example, your Device's IMEI number, the MAC address of the Device's wireless network interface, or the mobile phone number used by the Device), mobile network information, your mobile operating system, the type of mobile browser you use, time zone setting.
- Content Data: includes information stored on your Device, including friends' lists, login information, photos, videos or other digital content.
- Profile Data: includes your username and password, in-App purchase history, your interests, preferences, feedback and survey responses.
- Usage Data: includes details of your use of any of our Apps or your visits to any of Our Sites including, but not limited to, traffic data and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access.
- Marketing and Communications Data: includes your preferences in receiving marketing from us and our third parties and your communication preferences.
- Phone Contacts: if you grant us permission to access your contact list (when you enter the "Refer" and "Invite" pages), we may access this information to help send invites and track rewards.
Location Data: This includes ncludes your current location disclosed by GPS technology. We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific App feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
How we use your personal data
We will only use your personal data when the law allows us to do so. Most commonly we will use your personal data in the following circumstances.
- Where you have consented before the processing.
- Where we need to perform a contract we are about to enter or have entered with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation.
We will only send you direct marketing communications by email or text if we have your consent. You have the right to withdraw that consent at any time by contacting us.
Purposes for which we will use your personal data
Purpose/activity | Type of data | Lawful basis for processing |
To install the App and register you as a new App user | Identity Contact Financial Device | Your consent |
To process in-App purchases and deliver Services including managing payments and collecting money owed to us or to third parties | Identity Contact Financial Transaction Device Marketing and Communications Location | Your consent Performance of a contract with you Necessary for our legitimate interests (to process payments to third parties) |
To manage our relationship with you including notifying you of changes to the App or any Services | Identity Contact Financial Profile Marketing and Communications | Your consent Performance of a contract with you Necessary for our legitimate interests (to keep records updated and to analyse how customers use our products/ Services) Necessary to comply with legal obligations (to inform you of any changes to our terms and conditions) |
To enable you to participate in a prize draw, competition or complete a survey | Identity Contact Device Profile Marketing and Communications | Your consent Performance of a contract with you Necessary for our legitimate interests (to analyse how customers use our products/Services and to develop them and grow our business) |
To administer and protect our business and this App including troubleshooting, data analysis and system testing | Identity Contact Device | Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security) |
To deliver content and advertisements to you To make recommendations to you about goods or services which may interest you To measure and analyse the effectiveness of the advertising we serve you To monitor trends so we can improve the App | Identity Contact Device Content Profile Usage Marketing and Communications Location | Consent Necessary for our legitimate interests (to develop our products/Services and grow our business) |
- Where you have consented before the processing.
- Where we need to perform a contract we are about to enter or have entered with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation.
We will only send you direct marketing communications by email or text if we have your consent. You have the right to withdraw that consent at any time by contacting us.
Disclosures of your personal data
When you consent to providing us with your personal data, we will also ask you for your consent to share your personal data with the third parties set out below for the purposes set out in the table:
- External Third Parties such as merchants in order to facilitate authorised payments and refunds via Atoa mobile apps and websites.
- Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.
- We may disclose your personal data if we have a legal obligation to do so, or in order to protect other people’s property, safety or rights.
- Please note that our chat support services are supported by third parties. Any data provided under the chat boxes will be shared with the third parties providing the support.
- We may share some data with the Merchant including details such as your bank name, amount paid, last three digits of your bank account.
Atoa Pay app allows other users to see your name in their phone contact list when you consent. This may include other users to see your name, profile photo and Atoa ID under their phone contacts that use Atoa, send money to those same people.
International transfers
We do not transfer your personal data outside the UK
Data Security
All information you provide to us is stored on our secure servers. Any payment transactions carried out by us or our chosen third-party provider of payment processing services will be encrypted using Secured Sockets Layer (SSL) technology. Where we have given you (or where you have chosen) a password that enables you to access certain parts of Our Sites, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Once we have received your information, we will use strict procedures and security features to try to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way.
We will collect and store personal data on your Device using application data caches and browser web storage (including HTML5) and other technologies.
Certain Services include social networking, chat room or forum features. Ensure when using these features that you do not submit any personal data that you do not want to be seen, collected or used by other users.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator when we are legally required to do so.
Data Retention
By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for five years after they cease being customers.
In the event that you do not use the App for a period of 12 months then we will treat the account as expired and your personal data may be deleted.
Your Legal Rights
Under certain circumstances you have the following rights under data protection laws in relation to your personal data.
- Request access to your personal data.
- Request correction of your personal data.
- Request erasure of your personal data.
- Object to processing of your personal data.
- Request restriction of processing your personal data.
- Request transfer or your personal data.
- Right to withdraw consent.
You also have the right to ask us not to continue to process your personal data for marketing purposes.
You can exercise any of these rights at any time by contacting us at legal@paywithatoa.co.uk.
Automated Decision-Making and Profiling
In the event that we use personal data for the purposes of automated decision-making and those decisions have a legal (or similarly significant effect) on you, you have the right to challenge to such decisions under GDPR, requesting human intervention, expressing their own point of view, and obtaining an explanation of the decision from us.
For clarity, we make automated decisions to determine whether to allow a transaction or not. This automated decision is based on the checks carried out through our transaction monitoring service which monitors suspicious transactions based on the following factors:
- the age of merchant,
- size of transaction,
- time of day,
- type of transaction - customer present or not present.
Depending upon the results of the checks carried out, this could result in us automatically declining a transaction. The right to object to automatic processing of your personal data does not apply in the following circumstances:
- the decision is necessary for the entry into, or performance of, a contract between the you and us;
- the decision is authorized by law; or
- you have given you explicit consent