Privacy and You
Who are we?
PFS Card Services Ireland Limited (“PCSIL”) is a fast growing technology company and e money payments institution with offices in the UK, Ireland, Spain, France and Malta. PCSIL is authorised and regulated by the Central Bank of Ireland in Ireland, as an electronic money institution, under reference number C175999. We provide own label and white label e-money financial solutions, including e-wallets, prepaid cards, current accounts and additional products. PCSIL provides complete end to end solutions for clients by designing, developing, implementing, and managing these programmes.
It is important that you know exactly what we do with the personal information you and others make available to us, why we collect it and what it means for you. This document outlines the PCSIL approach to Data Privacy to fulfil our obligations under the EU General Data Protection Regulation (GDPR) 2018, as implemented on the 25th of May 2018. We were delighted to welcome the advent of GDPR, as it provided PCSIL with a further an opportunity to reassure our customers of the importance we place on keeping your personal data secure, and of the strict guidelines we apply to its use.
Who is the Data Controller?
PCSIL, Front Office Scurlockstown Business Campus, Trim, Co. Meath, Ireland
The personal data we would like to collect from you is:
- First Name and Surname (with title);
- Date of birth;
- Proof of address documents;
- ID Documents;
- Other personal information such as telephone recordings; security questions, user ID;
- Bank Account details;
- Telephone number;
- Transactional information; and
- CCTV footage where you visit our offices.
The personal data we collect will be used for the following purposes:
- Providing prepaid card services to you as per our contractual obligations;
- Providing e-wallet services to you;
- Providing IBAN Account services to you;
- Processing your account information;
- To comply with our legal obligations for the prevention of fraud, money laundering, counter terrorist financing or misuse of services;
- Verifying your identity;
- Contacting you regarding our service to you; and
- Where requested by law enforcement for investigation of crime.
Our legal basis for processing the personal data:
- receipt of your consent;
- performance of a contract where you are a party;
- legal obligations that PCSIL is required to meet; and
- national law.
Any legitimate interests pursued by us, or third parties we use, are as follows:
- the prevention of fraud, money laundering, counter terrorist financing or misuse of services.
Consent for Children Under 16
Withdrawal of Consent Conditions
You may withdraw consent from direct marketing at any time by contacting our Data Protection Officer. Please note, where you have consented to your data being used for carrying out financial transactions, then the right to withdraw consent does not exist. As a payment service provider, PCSIL are obliged to retain data concerning financial transactions for 6 years in accordance with national law for the purpose of preventing, detecting and investigating, possible money laundering or terrorist financing.
International Data Transfers & Third-Party Disclosures
In limited situations where PCSIL stores or transfers personal information outside the EEA or the EU, robust procedures and safeguarding measures apply to secure, encrypt and maintain the integrity of the data. PCSIL will complete continual reviews of the countries with sufficient adequacy decisions, such as the Privacy Shield in the US*, and provisions for binding corporate rules, standard data protection clauses or approved codes of conduct. PCSIL will further perform due diligence checks with all recipients of personal data to assess and verify that they have appropriate safeguards in place to protect the information. PCSIL undertakes that it shall not transfer Personal Data outside of the EEA or the EU in full compliance with Article 46 of the GDPR, and shall not transfer data outside of the EEA or EU unless the following conditions are fulfilled:
- The data subject has enforceable rights and effective legal remedies;
- PCSIL shall comply with its obligations under the Data Protection Legislation by providing an adequate level of protection to any Personal Data that is transferred (or, if it is not so bound, uses its best endeavours to assist the Customer in meeting its obligations);
- PCSIL complies with any reasonable instructions notified to it in advance with respect to the processing of the Personal Data; and
- Upon written direction shall delete or return Personal Data (and any copies of it) unless PCSIL is required by Law to retain the Personal Data.
Where PCSIL is required to transfer Personal Data to the United States of America, PCSIL shall only send such Personal Data to third-party sub-contractors that meet the minimum requirements contained under the Privacy Shield*, or in the standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC of the European Parliament.
*In the event that the Privacy Shield is repealed at any future date, for whatever reason, PCSIL shall only contract with third-party sub-contractors that satisfy the requirements contained in the standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC of the European Parliament and of the Customer.
PCSIL will process personal data for the duration of the contract for services and will store the personal data for six (6) years after that date of termination of the contract.
Your Rights as a Data Subject
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
- Right of access – you have the right to request a copy of the information that we hold about you;
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete;
- Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records. Your data relating to financial transactions, accounts or cards cannot be deleted due to national law associated with the prevention of fraud, money laundering, counter terrorist financing or misuse of services for crime;
- Right to restriction of processing – where certain conditions apply to have a right to restrict the processing;
- Right of portability – you have the right to have the data we hold about you transferred to another organisation;
- Right to object – you have the right to object to certain types of processing such as direct marketing;
- Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling; and
- Right to judicial review, in the event that PCSIL refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined below.
All of the above requests will be forwarded on should there be a third party involved in the processing of your personal data.
In the event that you wish to make a complaint about how your personal data is being processed by PCSIL (or third parties as above), or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and PCSIL’s Data Protection Officer by:
- email to EU-DPO@emlpayments.com
- post, at PCSIL, Front Office Scurlockstown Business Campus, Trim, Co. Meath, Ireland
PFS Card Services Ireland Limited issues the cards pursuant to a license from Mastercard International Incorporated.
PFS Card Services Ireland Limited is regulated and authorised by the Central Bank of Ireland, as an Electronic Money Institution, registration number C175999
Registered Office: Front Office Scurlockstown Business Campus, Trim, Co. Meath, Ireland.
Company Registration number: 590062.