BOPP (referred to as ‘us’, ‘our’ or ‘we’) is a trading name of Mia Pago Ltd, a company registered in England and Wales (No. 11263859), who is the data controller and responsible for your personal data. Mia Pago Ltd is authorised by the Financial Conduct Authority (Financial Services Register number 826380) as an Authorised Payment Institution, able to provide payment initiation services and account data services.
‘You’ means any user of any BOPP Services or other category of individual referred to or addressed in this Policy and ‘your’ is construed accordingly.
From time to time we may update this Policy by posting it on our Website. Where we make significant and material changes to this Policy, we will endeavour to notify you of those changes. By continuing to use our Services, you acknowledge our use of your personal data as set forth in the relevant sections of this Policy.
This Policy explains how we use the data we collect about the people who use our Services or otherwise interact with us, how we keep it secure and the conditions under which we may disclose it to others. This Policy applies to data we collect and process:
We are a privacy-centric organisation and BOPP does not collect more information than is absolutely necessary to provide our services and meet our legal and regulatory obligations. We have summarised our collection and use of your data below:
Data we collect:
Why we collect it :
In order to provide our Services, where you make a payment through BOPP or access our Website, we collect your IP address. If you have used the Website or our chat function to contact us, we collect your name, the email address you use to contact us and any other information you provide.
Where you as an individual receive a payment through BOPP, we collect your name, email address, your bank account name, sort code, account number, any nickname which you assign to the account, the account ID and your IP address.
For businesses or charities receiving payments through BOPP, we are obliged to collect the following information for “know your customer” purposes: contact name and email address, the registered company/charity name, registered number and registered address. In addition, we collect the following information in order to perform our Services: the bank account name, sort code, account number, any nickname which you assign to the account, the bank account ID and your IP address. We also collect certain personal data of the end users or customers (i.e. the users or customers of the services into which our Services are integrated) of your business or charity as described above under “individual users.”
We collect certain personal data of the personnel, representatives and/or agents of the commercial counterparties (for example, app developers and our service providers) with which we engage as part of our day-to-day business operations and the management of our business. In most cases, this includes full name, work email address and the organization they work for.
We may share personal data with third parties as follows:
We will only retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying legal, accounting, or reporting requirements. This will include the period of our relationship with you, together with a retention period after our relationship has ended (for example, when you delete your account).
To determine the appropriate retention period for the personal data we collect from you, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure of the data, the purposes for which we process the data and whether we can achieve those purposes through other means, and the applicable legal requirements. As a general rule, the period we keep personal data for is linked to the amount of time to bring legal claims, which is six or seven years after a payment or receipt of a payment. After this time, we will only keep your data where it is required by applicable law or regulation. In some circumstances we may anonymize your personal data (so that it can no longer be associated with you) in which case we may use this information indefinitely without further notice to you.
Your data may be stored in cloud infrastructure and this may mean it is transferred outside of the UK. To the extent we transfer or process your personal data outside the UK, we ensure the transfer is either (a) to a country deemed to provide an adequate level of protection by the UK ICO or (b) pursuant to specific contracts approved by the UK ICO to ensure your data is adequately protected.
Under certain circumstances, you have rights under data protection laws in relation to any personal data we have about you. We try to respond to all legitimate requests within one month, although we will notify you if it will take longer.
You have the right to make a complaint at any time to your supervisory authority for data protection issues. For the UK, this is the Information Commissioner’s Office (https://ico.org.uk/). If you wish to exercise any of these rights, please contact us at email@example.com.
Where we send marketing communications, we will provide you with an “opt in” or “opt out” mechanism depending on your status as an individual user or a business user. An “opt in” mechanism will provide you the opportunity to positively indicate that you would like or do not object to our sending you such further communications and we will not send you any unless you have “opted in”. An “opt out” mechanism (e.g., “unsubscribe”) will provide you the opportunity to indicate that you do not want us to send you such further communications, and if you “opt out” we will not send you any.
You may opt out of marketing-related emails by clicking on a link at the bottom of each such email, or by contacting us using the information below. You may continue to receive service-related and other non-marketing emails for which you have not opted out.
We do not sell, rent or share your data with third parties for their marketing purposes.
We have implemented appropriate technical and organizational measures designed to protect your personal data. For example, we use industry-standard encryption methods to ensure the security of your data in accordance with applicable law and regulations. This includes utilising appropriate measures to safeguard data against unauthorised access, disclosure, alteration, or destruction. These measures may also include, among others, encryption, physical access security, auditing, and other appropriate technologies. However, we cannot guarantee that this information will never be disclosed in a manner inconsistent with this Policy (for example, because of unauthorized acts by third parties that violate applicable law).
We collect information using automated technologies such as cookies and other tracking technologies. Cookies are files that gather small amounts of data from the device they are stored on. We may ask you accept cookies and/or other similar automated technologies (together “Cookies”) in order to use BOPP Services.
We use both ‘session cookies’ (which exist only while your browser is open) and ‘permanent cookies’ which survive after your browser is closed. Permanent cookies can be used by the Website to recognise your computer or mobile device when you open your browser and browse the Internet again.
You can find more information about cookies and how to manage them at www.allaboutcookies.org.
Our Services use the following types of Cookies for the purposes set out below:
You can typically remove or reject Cookies via your browser settings. To do this, follow the instructions provided in your browser (usually located within the “settings,” “help,” “tools” or “edit” facility). Many browsers are set to accept Cookies until you change your settings.
If you do not accept our Cookies, you may experience some inconvenience in your use of our Services.
If you would like to access, correct, amend or delete any personal data we have about you, register a complaint, or simply want more information about how we process your data, you can contact our Data Protection Officer at firstname.lastname@example.org.