1. General
1.1. Nuapay
Nuapay is the trading name of Sentenial Ltd. a company registered in England and with its head office at 35 Great St. Helen’s, London EC3A 6AP. Nuapay is an Authorised Payment Institution, licenced and regulated by the FCA in London.
Nuapay SAS is incorporated and registered in France with company number 892825670 having its registered address as 4 Place Louis Armand, 75012 Paris. Nuapay SAS is an Authorised Payment Institution, licenced and regulated by the ACPR in France.
Nuapay provides a range of payment and related services to organisations including the provision of payment accounts.
1.2. Nuapay Data Handling
All data processing carried out by Nuapay is compliant with the UK Data Protection Act 2018 and EU 2016-679 regulation known as the General Data Protection Regulation, GDPR and any successors thereof.
For data relating to individuals within or associated with a customer of Nuapay, Nuapay acts as the data controller within the terms of the above-mentioned regulations.
Where data relates to individual clients of the customer, the customer acts as the data controller and Nuapay acts as the data processor.
1.3. What Nuapay does with data
Nuapay requires access to personnel data for a variety of purposes as below:
- Delivering the range of Nuapay Services
- Assisting with the support of Nuapay Services
- Maintain high levels of security within the Nuapay environment
- To protect Nuapay and our customers from the risk of fraud or financial loss
- To enable Nuapay to meet its regulatory and legal obligations
Nuapay collects and stores the minimum amount of data required to achieve the above objectives. The required data is defined by the scheme rules relating to services being requested or by the various regulations covering the prevention of money laundering, terrorist financing and financial crime. Data is held for the minimum period required by the regulations under which Nuapay operates.
1.4. Data Storage
Nuapay stores data at its various data centres which are based within either within the European Economic Area or within the UK. Nuapay neither stores nor transfers any personal data outside of the European Economic Area or the UK. The data processing carried out by Nuapay is certified as being compliant with ISO 27001.
1.5. Data Access
Access to all personnel data held by Nuapay is available strictly on a need-to-know basis, data is only made available to personnel who require the data to provide the various Nuapay services requested by the customer.
All Nuapay personnel accessing data are security screened and undergo regular training on matters relating to data security and privacy.
1.6. Data Sharing
Nuapay may share personal data with other companies within the EML group of companies. Such transfers are carried out under strict contractual control and such transfers are only used where strictly necessary for the provision of the services requested by the customer.
To fulfil the requirements of its licence, Nuapay may pass data relating to individuals associated with a customer to external service providers for the purpose of confirming identity. Data may also be shared with external organisations such as a credit bureau, such transfers are only used where strictly necessary for Nuapay to meet its regulatory requirements.
Nuapay may, from time to time, be subject to requests to share data with government, regulators or law enforcement bodies to meet obligations under law. Should such a request be received by Nuapay, when possible, the customer will be informed of the nature of the request.
Nuapay does not sell or rent any data stored to third parties for any purpose. Personnel data is not used for any purpose other than for the provision of the services requested by the customer.
2. Customer Details
Nuapay is required to hold detail of the representatives of the customer that have permission to access the Nuapay platform as well as details of various individuals within the customer’s organisation. Such information is required to enable Nuapay to securely deliver services to the customer as well as being required to meet regulatory requirements.
When dealing with this data Nuapay acts as the data controller.
2.1. Data held
The information collected may include: –
- Name
- Telephone number
- Email address
In addition to the above, Nuapay has a statutory duty to carry out identity checks on various members of customer organisation. The data collected in this respect is dependent on the structure of the organisation and may include data relating to the beneficial owners, senior management and those individuals authorised to instruct Nuapay to carry out financial transactions. Such information may include the following: –
- Name
- Address
- Date and place of birth
- A Government issued identity document.
All such information held is periodically refreshed as required by legislation.
2.2. Data Retention
Nuapay is obliged to retain details of some elements of the data collected for a period defined by the appropriate regulations. Typically, specified data will be held for a period of 5 years following termination of any agreement between the customer and Nuapay.
2.3. Customer’s rights
Individuals have the right to see data held by Nuapay about them. Copies of all data held is available from the Nuapay Customer Support team who can also correct any errors contained there within.
Individuals can request, via the Nuapay Customer Support team, to have their details removed from the Nuapay platform. Such requests will be processed immediately where this can be carried out legally.
3. Customer’s Clients
To enable Nuapay to carry out instructions issued by a customer, the customer must provide and manage data within the Nuapay platform. With all such data the customer acts as the data controller and Nuapay acts as the data processor.
3.1. Data held.
To process payments and associated instructions customers must provide Nuapay with sufficient information to enable a transaction to be completed. The data required varies with the type and geographical location of the transaction, below lists the elements relating to the client that may be required.
- Name
- Bank account details
- Address
- Email address
3.2. Data Retention.
The treatment of data relating to financial transactions is subject to financial crime law. Such regulations, amongst other things, define how long Nuapay must keep copies of the data. Data is automatically deleted at the end of the statutory period.
3.3. Client rights.
Clients have a right to view data held about them and to have this corrected if wrong. The management of this process is the responsibility of the customer and tools are provided to the customer to support this requirement. Nuapay provides no mechanism for customer’s clients to directly request details of data held about them from Nuapay.
It should be noted that the financial crime legislation will usually override client rights as given in data privacy laws.