Privacy statement

Last Revision Date: June 21, 2024

This is the Privacy Policy of Paylists LTD, a company registered in England and Wales under company number 14081565 and describes our practices concerning the information we receive or collect when you visit our website and/or our Paylists software which are located at paylists.com, paylists.co.uk or paylistsapp.co.uk.

We are committed to protecting any data that we collect concerning you and processing it only in ways which comply with the Data Protection Act 1998 (and any replacement legislation) (“the DPA”, for short) and the European Union’s General Data Protection Regulation (“the GDPR”).

Through this Privacy Statement, Paylists (“Paylists”, “we”, “our”, “us”) informs you about the way in which Paylists processes personal data from your business, customers, vendors, and users, registered or unregistered.

At Paylists, we value your privacy. If you have any questions regarding our use of your personal data, you can reach out to us via [email protected].

What is Paylists?

Paylists is cloud software that enables businesses and vendors to send payment requests to their customers. The software enables a conversation between businesses using emails and SMS. The software also enables the attachment of documents to be sent between businesses.

Paylists LTD enables the execution of payments between businesses using the services of Crezco which is authorised and regulated by the UK Financial Conduct Authority as an Authorised Payment Institution – Firm Reference Number: 925173. This service is optional, but we will share your information with Crezco, in case you do use it.

Debit and Credit cards sensitive data

Although Paylists allows payments to be made between businesses through a third-party services, which includes entering Debit or Credit card information, Paylists does not save or keep this information but only transfers it to the payment provider for the payment process.

Information Commissioner Office

Paylists LTD is registered with the UK information commissioner office (ICO) ico.org.uk under Reference: ZB593551.

What personal data does Paylists process?

Paylists processes your personal data because you use Paylists’ services and/or because you provide personal data to Paylists. Paylists distinguishes between users who are registered and users who receive payment requests, but are not registered.

Registered user

If you have registered Paylists software, the following personal data may be processed (also depending on your acceptance of cookies):

  • Your registration data:
    • First and last name,
    • Email,
    • Phone number.
  • Your details about your activities on our websites.
  • Your IP address.
  • Your location data.
  • Your internet browser and device type.

Unregistered user

If you are not registered with the Paylists websites, but you respond to a payment request, the following personal data may be processed (also depending on your acceptance of cookies):

  • Your details about your activities on our websites.
  • Your IP address.
  • Your location data.
  • Your internet browser and device type.

Business

Each registered user must create his own business or businesses to create and send payment requests. Please note that in principle, we process data about your business. Business information is not considered personal data. However, if you act as a sole trader, (some of) your business information may be qualified as personal data. Therefore, the data listed below is personal data:

  • Your business name.
  • Business email
  • Business phone number
  • Business fax number
  • Business address.
  • Your written correspondence via chat or email or SMS.
  • In some cases, information about the product or service that you have purchased from your customers.

Customers  

Each registered user must create his own customers to send them payment requests. The following business data is processed:

  • Customer name.
  • Customer email
  • Customer phone number
  • Customer fax number
  • Customer address.

We distinguish between a private customer whose data is managed by you and is not exposed to other businesses in Paylists and business customers. Paylists is a network of businesses and so is your business. After you have created your business and your email has been verified, your business can be used as a vendor or customer of another business. When you create a business customer, if it exists and is verified in the Paylists network then we create a link between you and the business customer. The data is shown to you, but you cannot update it. If your business customer has not yet been created in Paylists, then that data is managed by you and is only visible to you. Please note that if this customer is registered to Paylists and performs verification, then he takes ownership of the customer profile you created, and from this stage his data is managed only by him.

Vendors   

To plan payments to vendors you need them to be defined in the Paylists software. If the vendor is registered, you can select them and access their business data. If the vendor is not registered you can create their profile, and their data will be visible only to you. The following business data is processed:

  • Vendor name.
  • Vendor email
  • Vendor phone number
  • Vendor fax number
  • Vendor address.

Paylists is a network of businesses and so is your business. After you have created your business and your email has been verified, your business can be used as a vendor or customer of another business. When you create a business vendor, if they already exist and are verified in the Paylists network then we create a link between you and the business vendor. Their data is shown to you, and you cannot update the details. If your business vendor has not yet been created in Paylists, then their data is managed by you and is only visible to you. Please note that if this vendor is registered to Paylists and performs verification, then they take ownership of the vendor profile you created, and from this stage their data is managed only by them.

Does Paylists process sensitive personal data?

Paylists software, services and products are not aimed at activities that require special categories of personal data to be processed. Paylists therefore requests that you do not provide any such information. Furthermore, Paylists has no intentions at all of collecting personal data about Paylists users who are minors, even if they have permission from their parents or guardians. Unfortunately, Paylists cannot check whether a Paylists user is a minor and therefore Paylists advises parents or guardians to be involved in their children’s online activities in order to prevent minors’ data from being processed by Paylists.

We emphasize that our Services are not directed to children under 13 years of
age, and we do not knowingly collect information from children under 13. If we
become aware that a child under 13 has provided us with Personal
Information, we will prohibit and block such use and will make all efforts to
promptly delete any Personal Data stored with us regarding such child.

Where does Paylists collect and use your personal data for?

If you use Paylists software, your personal data is processed for the following purposes:

  • To create payment requests.
  • To enable conversations with your customers and vendors.
  • To perform analyses for statistical and scientific purposes.
  • To provide support (such as via e-mail and phone)
  • To record evidence (if necessary).

Paylists processes personal data for the purposes listed above based on your consent to use the Paylists software. If Paylists wants to process your personal data for other purposes than described above, Paylists will only do so when we obtain your consent or when we have legitimate interests, if legally required. You can withdraw your consent at any time without giving reasons, or object to the processing of your personal data when we do so based on legitimate interest. Please note that withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent. You can withdraw your consent by sending your request to withdraw your consent to [email protected].

How long does Paylists keep your personal data?

Paylists will not retain your personal data longer than the mandatory statutory period or, if such a mandatory statutory period does not apply, no longer than is strictly necessary for the realisation of the purposes for which your personal data was obtained.

Please be aware that your personal information may be stored on backup tapes and locations, third-party servers, and residual information may be retained after we have ordered them to delete it. We are under no obligation to store such information indefinitely and disclaim any liability arising out of, or related to, the destruction of such information.

How does Paylists secure your personal data?

The protection of your personal data is very important to Paylists. Paylists has therefore taken technical security measures to protect your data and to comply with applicable laws and regulations.

If you believe you’ve found a security issue in our product or service, please notify us as soon as possible by emailing us at [email protected].

  • Do not share information about the security problem with others until the problem is resolved.
  • Provide information about how and when the vulnerability or malfunction occurs. Clearly describe how this problem can be reproduced and provide information about the method used and the time of investigation.
  • Be responsible with the knowledge about the security problem. Do not perform any actions beyond those necessary to demonstrate the security problem. Do not abuse the vulnerability and do not keep confidential data obtained through the vulnerability in the system.
  • Feel free to leave your contact details (e-mail address or telephone number), so that Paylists can contact you about the assessment and progress of the vulnerability solution.

However, we cannot guarantee the security of any information disclosed online, including the possibility that another person or organization may monitor, intercept, or obtain your information other than from us. By using our website, you accept the security implications of providing information over the internet and agree not to hold us responsible for any harm arising from those risks, unless we have been proven to be negligent. Any transmission of personal information over the internet is at your own risk.

Does Paylists share your personal data with third parties?

Paylists shares your personal data with third parties if this is necessary to provide our products and services. Paylists may use relevant third parties as listed below. Please not that Paylists Privacy Policy does not apply to those third-party websites, services, or applications. These third-party services are governed by their own privacy policies. Paylists is not responsible for the privacy policies and practices of these third parties. If you do not want your data to be used by us or selected third parties, you can notify us at any time if you do not wish your data to be used in this way. Please note that we may not be able to provide you with our services and you may need to stop using the Paylists software.

A list of third parties that process data for Paylists, can be found here. We recommend reviewing this list regularly, since third parties can be added or removed from the list.

Third partiesPurpose

Firebase

firebase.google.com

Server infrastructure

Google cloud platform

cloud.google.com

Cloud computing services

Twilio

twilio.com

Communications services

Crezco

crezco.com

Payment facilitator

LinkedIn

linkedin.com

Advertising (cookies)

Google

google.com

Advertising (cookies)

Facebook

facebook.com

Advertising (cookies)

Cross-border data transfers

When providing our services, if we need your personal data to be processed by third parties outside the European Economic Area (EEA) or in a third country (a country without an adequate level of protection as indicated by the European Commission), Paylists ensures that the correct contract will conclude regarding data processing, and an appropriate transfer mechanism will be in place, such as EU Standard Contract Clauses. In this way Paylists ensures that your personal data is always secured at least at the same level and that the confidentiality of your personal data is guaranteed.

Legal Compliance.

We may disclose or allow government and law enforcement officials access to certain Personal Information, in response to a subpoena, search warrant, or court order (or similar requirement), or in compliance with applicable laws and regulations. Such disclosure or access may occur if we have a good faith belief that we are legally compelled to do so, or that disclosure is appropriate in connection with efforts to investigate, prevent, or take action regarding actual or suspected illegal activity, fraud, or other wrongdoing.

Does Paylists use cookies?

Paylists uses functional, analytical, and marketing cookies. A cookie is a small text file that is stored in the browser of your device such as a computer, tablet, or smartphone when you first visit Paylists’s websites. On the one hand, Paylists uses cookies with a purely technical functionality. These cookies ensure that the website works properly and, for example, remember your preferred settings, so that Paylists can optimize the websites. On the other hand, Paylists uses cookies that keep track of your browsing behaviour so that Paylists can offer you tailor-made content and advertisements.

What rights do you have?

You have the right to access, correct, erase, restrict, transfer, or object to the personal data that Paylists processes, unless Paylists cannot execute these rights based on a legal obligation or whenever exceptions apply.

You can send your request to exercise your privacy rights to [email protected]. Paylists prefers to establish that this request originates from you and that you are who you say you are. If we are not capable of verifying it is you directly, Paylists may ask you to send a copy of your identification (i.e., a passport or identity card). Please make sure that in this copy your passport photo, MRZ (machine readable zone, the strip with numbers at the bottom of the passport), passport number and citizen service number (BSN) have been redacted to protect your privacy. Paylists will then respond to your request as soon as possible, but in any case, within 2 months.

How can you contact Paylists?

If you have any questions regarding our use of your personal data, you can contact us via [email protected].

If you believe that Paylists has used your personal data unlawfully or if you are not satisfied with Paylists’s response to your question or request, you have the right to file a complaint with the relevant Data Protection Authority.

Updates to this Policy

We reserve the right to update our Privacy Policy at any time. We will take reasonable steps to draw your attention to any changes in our Policy. We suggest that you read this document from time to time to ensure that it still meets with your approval. Should you disagree with any changes made, you may withdraw your consent at any time, and you can stop using Paylists software if without your personal data we can no longer provide our services.