This privacy notice (“Notice”) is intended to explain how your personal information will be handled by ‘Smart Points Limited’, trading as “LoyLap” and “Facilipay” (“LoyLap”, “Facilipay”, “the Company”, “we”, “our” and “us) of Suite 12, Guinness Enterprise Centre, Taylor’s Lane, Dublin 8, Ireland and sets out the information including the personal information detailed below relating to you (“Personal Data”) that will be collected and processed by the Company and/or on its behalf by its third party service providers in the context of your engagement with our apps and services (the “LoyLap Services”).
The company’s mission is to help our Merchants thrive and grow with smart integrated payments that help them provide the best possible customer experience. We are committed to safeguarding the privacy of our Members, and as such, any personally identifiable information that we request, is strictly between you & the Merchant in which you use our Services. The Company is built on helping you have the most rewarding and convenient payments experience possible; while simultaneously helping our Merchants grow by letting them focus on what they do best.
We do not sell your personal data to any third-party companies. From time to time, third-party companies/consultants may be hired to help us improve our services, with these companies/consultants being held under strict Non-Disclosure Agreements (NDA) and requirements in the event that they require access to customer-level data. We are fully compliant with GDPR standards, and you can read more information on your rights under the GDPR, on your national Data Protection Authority website.
Please read our full privacy statement below for a more detailed breakdown of what data LoyLap collects, why we look to collect that information, and most importantly, how we safeguard that information.
LOYLAP PRIVACY NOTICE
1. PURPOSE AND SCOPE OF NOTICE
We provide a wide variety of payment services to its business clients (“Merchants”) that facilitate services such as online ordering and in-store loyalty linked app payments for their customers (“Members”). Members who are customers of any of our Merchants are asked to also read Section 10 of this Privacy Notice.
For the purposes of this Notice, the controller of your Personal Data is the Company. If you have any questions or concerns about this notice, please contact our Data Protection Representative by email at firstname.lastname@example.org. In certain circumstances, Merchants may be the controller of a Member’s Personal Data.
2. APPLICATION OF THIS NOTICE
IMPORTANT: Please note that this Notice, while intended to be as complete and accurate as reasonably possible, is not exhaustive and may be updated from time to time in accordance with Section 12 of this Notice.
This Notice applies to the way we collect and process your Personal Data. Personal Data will be collected and processed during the course of our relationship with you and for a period afterward as may be required by applicable law.
During the course of your dealings with us, we will collect Personal Data:
from you: for example when you communicate with us, register with the Services as a member or merchant, sign-in to the Services as a merchant or member, work with us or supply us with services, when you supply Personal Data via our website or apps by requesting a demonstration, submitting an enquiry or support request or when you subscribe to or express an interest in any of our newsletters or mailing lists.
3. MINORS AND VULNERABLE PERSONS
Persons under the age of 16 (sixteen), are not permitted to open a Member Account or open or operate a Merchant Account and we ask that persons under 16 do not submit any personal information to us or use our services.
A “vulnerable person” means a natural person who:
has the capacity to make his or her own decisions but who, because of individual circumstances, may require assistance to do so (for example, visually impaired); and/or
has limited capacity to make his or her own decisions and who requires assistance to do so (for example, persons with intellectual disabilities or mental health difficulties).
Vulnerable Persons should contact us at email@example.com before registering for an account with us or have their guardian or attorney contact us.
4. WHAT PERSONAL DATA WE PROCESS
We will collect and process Personal Data including, where applicable:
your transaction history when you use the Services to make a transaction with a merchant including the date, time, business location, transaction amount, transaction type, product details, whether a promotional code was used and the transaction ID.
your contact details, including your email address and phone number;
information about your mobile device such as the hardware model, operating system and version, software and file names and versions, preferred language, unique device identifier, advertising identifiers, serial number, device motion information, and mobile network information;
information about your visits to our website or app such as the domain and host from which you access the Internet, the Internet protocol (IP) address of the computer or mobile device you are using; the browser software you use; your operating system, the date and time you access the website or app, app features or pages viewed, app crashes and other system activity and the third-party site or service you were using before interacting with the Services;
documentation confirming your identity;
financial information, including information necessary to make or receive payments to and from you and for the purposes of fraud prevention;
your correspondence, communications and connections with our staff;
publicly available information;
any information which is provided to us by you or on your behalf;
Your business name, contact details, inventory & sales data, and other information about your business such as locations & employees.
information relating to your subscription to, receipt of or interest in any of our mailing lists or newsletters.
5. WHY WE PROCESS YOUR PERSONAL DATA
The following table details the key context for which (“Legal Basis”) and why (“Purposes”) we collect, obtain and process your Personal Data:
NECESSARY FOR ENTERING INTO OR PERFORMANCE OF A CONTRACT
Legal Basis It is necessary to process your Personal Data to enter into and perform our contract with you as part of our payment-initiating service provisions and cashless solutions services (“the/our Services”).
Purposes We obtain, collect and process your Personal Data:
Entering Into and Performing our Contract with you as part of our Member Services:
- to determine, perform and execute the terms on which you will engage with us as a Member (“Member Services”);
- to ensure the smooth running of the Member Services (including all of the activities that need to be undertaken before, during and after your engagement with the Member Services);
- to add you and your contact details to our internal databases as part of the Member Services;
- to arrange, administer and send you information pursuant to the Member Services;
- to process payments pursuant to the Member Services; and
- to administer requests or procedures requested by you pursuant to the Member Services.
Entering Into and Performing our Contract with you as part of our Merchant Services:
- to determine, perform and execute the terms on which you will engage with us as a Merchant including our cashless, gift card, loyalty, mobile ordering & payment, promotional campaigns, self-check-out, digital wallet and business portal services (“Merchant Services”);
- to ensure the smooth running of the Merchant Services (including all of the activities that need to be undertaken before, during and after your engagement with the Merchant Services);
- to add you and your contact details to our internal databases as part of the Merchant Services;
- to arrange, administer and send you information pursuant to the Merchant Services;
- to process payments pursuant to the Merchant Services; and
- to administer requests or procedures requested by you pursuant to the Merchant Services.
Assessing your eligibility as a Merchant
- to determine, perform and assess your eligibility for engagement in Member Services.
IMPORTANT You are obliged to provide us with your Personal Data as it is necessary to enter into a contract with us for Member Services or Merchant Services as applicable. In the event that you do not wish to provide us with your Personal Data for the above purposes, you may not be able to participate in our Member Services or Merchant Services.
Legal Basis We may obtain, collect and process your Personal Data where we have a legitimate interest to do so part of your engagement with us as a recipient of the Services.
Purposes We obtain, collect and process your Personal Data:
Marketing, News & Events Communications
- to provide you with information in relation to our products and services, general news from us and other communications from us deemed to be of probable interest (please note that you may opt-out of receiving such marketing information by clicking the ‘unsubscribe’ button at the end of each mail, or by emailing us at firstname.lastname@example.org)
Sales Enquiries and Support Requests
- to process and respond to any enquiries and requests you may submit to our Sale Enquiry team or Support Centre by email, phone or via our website, mobile apps or POS apps.
- to process queries regarding your account.
Request a Demonstration
- to process and respond to your request to book a demonstration of the Merchant Services.
- to provide you with a sample of digital services, such as Digital Gift Cards, directly from the website.
Improving Website and App Functionality & Efficiency
- to provide, improve, test and monitor the effectiveness of the websites and apps;
- to monitor metrics such as total number of visitors, traffic data and demographic patterns; and
- to ensure the content on the website and app is presented in the most effective manner for you and to enhance your use of our Services.
Improving our services
- to better our services offering through online surveys and focus groups;
- to provide and process satisfaction surveys, policy surveys and referral forms; and
- to process and communicate with you if you choose to cancel your account, and/or request we provide you with a report on the data held about you.
IMPORTANT Before we process your Personal Data to pursue our legitimate interests for the above purposes, we determine if such processing is necessary and we carefully consider the impact of our processing activities on your fundamental rights and freedoms. On balance, we have determined that such processing is necessary for our legitimate interests and that the processing which we conduct does not adversely impact on these rights and freedoms.
Please note you have the right to object to the processing of your personal data for direct marketing.
You may unsubscribe from marketing communications (including but not limited to information regarding our events programme and general news from us) by contacting email@example.com, or by accessing your account on our website and navigating to your preferences.
COMPLIANCE WITH A LEGAL OBLIGATION
Legal Basis It is necessary to process your Personal Data in order to comply with legal obligations to which we are subject.
Purposes We obtain, collect and process your Personal Data in order to comply with the following legal obligations:
- To comply with Irish and European Union company and law; and
- To comply with other applicable Irish and European Union laws.
- To comply with EU Central Bank PISP regulations.
6. DISCLOSURE OF YOUR PERSONAL DATA
We may disclose some or all of the Personal Data we collect from and obtain about you to the following third parties:
Merchants with whom you have made a purchase & where we are providing Merchant Services;
Internal business units such as Human Resources, IT, Finance/Payroll, Managers, system administrators and support staff;
Service providers who provide support services or require your Personal Data to perform the services requested by us;
IT & website service providers, internal operational software, PR agencies, printers and other suppliers;
Regulatory authorities (e.g. enforcement agencies and public bodies); and
Third parties in connection with the sale or purchase of the Company or assets owned by us or our group of companies (“The Group”).
7. LOYLAP TRANSFERS OF YOUR PERSONAL DATA
We may transfer your Personal Data outside of the European Economic Area (“EEA”) to other members of The Group and other recipients. Certain recipients who process your Personal Data on our behalf may transfer your Personal Data outside the EEA to a country that does not provide an adequate level of protection to your Personal Data. Where such transfers of your Personal Data are made they will be made in accordance with applicable law. Where your Personal Data is transferred outside the EEA, this may include transfers on the basis of Standard Contractual Clauses, or as is otherwise permitted by applicable law. Standard Contractual Clauses are a form of data processing contract approved by the European Commission. You can find a copy of these clauses here
If you would like to find out more about any such transfers, please contact our Data Protection Representative who can be contacted on the following details – firstname.lastname@example.org, or by Freephone in the United States on 800 975 0122.
8. RETENTION OF YOUR PERSONAL DATA
In general, we expect to keep your Personal Data for as long as is necessary for the purposes for which it was obtained from the date of collection or, where you enter into a contractual arrangement with us, following the end of the performance of our contract or when your engagement with our Services ends.
For example, we may hold your Personal Data if we are processing an ongoing claim or believe in good faith that the law or a relevant regulator may reasonably in our view expect or require us to preserve your Personal Data.
We do not sell or rent your personal information to any third parties for marketing purposes.
If you would like to know more about how long we will retain your Personal Data, please contact our Data Protection Representative at email@example.com, or by Freephone in the United States on 800 975 0122.
HOW WE STORE AND SAFEGUARD YOUR PERSONAL DATA
We care about protecting your information. That’s why we put in place appropriate measures that are designed to prevent unauthorised access to, and misuse of, your Personal Data. These include measures to deal with a suspected data breach.
We are committed to taking all reasonable and appropriate steps to protect the personal information that we hold from misuse, loss, or unauthorised access. We do this by having in place a range of appropriate technical and organisational measures.
9. YOUR RIGHTS AND HOW TO EXERCISE THEM
You have a number of rights in relation to your Personal Data, which are set out in this Section 9. In particular these rights include the right to object to processing of your Personal Data where that processing is carried out for our legitimate interests. Note that in certain circumstances these rights might not be absolute.
Right Further Information
Right of Access You have the right to request a copy of the Personal Data held by us about you and to access the information which we hold about you. We will only charge you for making such an access request where we feel your request is unjustified or excessive.
Right to Rectification You have the right to have any inaccurate Personal Data which we hold about you updated or corrected.
Right to Erasure In certain circumstances, you may also have your personal information deleted, for example if you exercise your right to object (see below) and we do not have an overriding reason to process your Personal Data or if we no longer require your Personal Data for the purposes as set out in this notice.
Right to Restriction of Processing You have the right to ask us to restrict processing your Personal Data in certain cases, including if you believe that the Personal Data we hold about you is inaccurate or our use of your information is unlawful. If you validly exercise this right, we will store your Personal Data and will not carry out any other processing until the issue is resolved.
Right to Data Portability You may request us to provide you with your Personal Data which you have given us in a structured, commonly used and machine-readable format and you may request us to transmit your Personal Data directly to another data controller where this is technically feasible. This right only arises where: (1) we process your Personal Data with your consent or where it is necessary to perform our contract with you; and (2) the processing is carried out by automated means.
Right to Object You have a right to object at any time to the processing of your Personal Data where we process your Personal Data on the legal basis of pursuing our legitimate interests.
Please note you have the right to object to the processing of your personal data for direct marketing.
You may unsubscribe from marketing communications (including but not limited to information regarding our events programme and general news from us) by contacting firstname.lastname@example.org
You can exercise any of these rights by submitting a request to our Data Protection Representative at email@example.com.
We will provide you with information on any action taken upon your request in relation to any of these rights without undue delay and at the latest within 1 month of receiving your request. We may extend this up to 2 months if necessary however we will inform you if this arises. Please note that we may ask you to verify your identity when you seek to exercise any of your data protection rights.
You also have the right to lodge a complaint with the Data Protection Commission. For further information see www.dataprotection.ie, or consult the data protection office in your country or State.
10. CONSUMERS OF OUR MERCHANTS
We provide a wide variety of services and solutions to our Merchants. We develop systems to interface with our Merchant’s systems, including digital payment, gift & loyalty programs and may receive information in relation to Member purchases.
Wherever we obtain access to a Member’s Personal Data from a Merchant, we are acting as a data processor on behalf of our Merchant, and we therefore conduct such activities strictly in accordance with their instructions and pursuant to our contractual arrangements with them. If you are a Member with an existing relationship with one of our Merchants, you should refer to the Merchant’s website or any terms provided by a Merchant to understand their privacy practices and policies. Where a Member would like to exercise any rights in relation to a Member’s Personal Data, over which the Merchant is the controller, you should contact the Merchant with any such requests. We will cooperate as appropriate with requests from our Merchants to assist with such requests
12. CHANGES TO THIS NOTICE & QUESTIONS
We may amend this notice on occasion, in whole or part, at our sole discretion. This policy will be reviewed annually. Any changes will be effective immediately upon communicating the revised notice to you.
If at any time we decide to use your Personal Data in a manner significantly different from that stated in this notice, or otherwise disclosed to you at the time it was collected, we will notify you by e-mail, and you will have a choice as to whether or not we use your Personal Data in the new manner.
If you have any questions, comments or concerns about the way your Personal Data are being used or processed by us, please submit your question, comment or concern in writing to our Data Protection Representative at firstname.lastname@example.org.