1. Who we are

PayPath provides a business payment facilitation service for UK businesses.

For the purposes of UK data protection law, PayPath is the data controller of the personal data described in this policy.

If you have any questions, contact us.

2. What data we collect

We may collect the following types of personal and business data:

Information you provide

• name, email address, and contact details

• business name, company number, and registered address

• director or authorised representative details

• documents uploaded for verification (e.g. ID, tenancy agreements, invoices)

Payment-related information

• payment amounts and references

• transaction dates and status

PayPath does not store credit or debit card details.

Technical information

• IP address

• browser type and device information

• website usage data (via cookies or similar technologies)

3. How we use your data

We use your data to:

• provide and operate the PayPath service

• verify your business and comply with regulatory requirements (KYC / KYB)

• process payments and maintain records

• send confirmations, reminders, and service-related communications

• respond to enquiries and provide support

• improve our website and services

We do not sell your personal data.

4. Legal basis for processing

We process personal data under the following lawful bases:

• Contract – to provide the PayPath service

• Legal obligation – to comply with UK financial and regulatory requirements

• Legitimate interests – to operate, improve, and secure our services

• Consent – where required (e.g. optional marketing communications)

5. Sharing your data

We may share your data with:

• regulated payment infrastructure providers

• identity verification and fraud prevention partners

• banking partners involved in payment settlement

• professional advisers (legal, accounting, compliance)

All partners are required to handle data securely and lawfully.

We do not share data with third parties for marketing purposes.

6. International transfers

Your data is primarily processed within the UK and EEA.

Where data is transferred outside the UK or EEA, appropriate safeguards are applied in accordance with UK GDPR.

7. Data retention

We retain personal data only for as long as necessary to:

• provide the service

• comply with legal and regulatory requirements

• resolve disputes

Retention periods may vary depending on the type of data and applicable law.

8. Data security

We take appropriate technical and organisational measures to protect your data, including:

• encryption

• access controls

• secure hosting environments

Sensitive payment data is processed by regulated partners in accordance with PCI-DSS requirements.

9. Your rights

Under UK data protection law, you have the right to:

• access your personal data

• request correction of inaccurate data

• request deletion of data (where applicable)

• object to or restrict processing

• request data portability

• withdraw consent at any time

To exercise your rights, contact us.

10. Cookies

We use cookies and similar technologies to:

• ensure the website functions correctly

• analyse usage and improve performance

You can manage cookie preferences through your browser settings.

A separate Cookie Policy may be provided if required.

11. Third-party links

Our website may contain links to third-party websites.

We are not responsible for the privacy practices or content of those sites.

12. Changes to this policy

We may update this Privacy Policy from time to time.

Any changes will be posted on this page and take effect when published.

13. Contact us

If you have questions about this Privacy Policy or how we handle your data, contact us.