Trustpilot

Handepay Ltd- General Privacy Notice

 

This privacy notice tells you what to expect us to do with your personal information. Please note that the information you provide us is business information and is processed against you as a merchant business and not as an individual.

  • Contact details
  • What information we collect, use, and why
  • Lawful bases and data protection rights
  • Where we get personal information from
  • How long we keep information
  • Who we share information with
  • Sharing information outside the UK
  • How to complain

 

Contact details


Telephone

0333 005 0999

Email

[email protected]

Attention: Privacy Team

 

What information we collect, use, and why

 

1. PROVISION OR ARRANGEMENT OF SERVICES TO YOU

 

We collect or use all or some the following information to provide services to you and/or arrange services for you. Where we arrange services for you, we will provide some or all of the following information with the relevant third party service provider, but will only do so if we have received specific and informed consent from you first.

  • Names and business contact details
  • Business addresses
  • Bank information where we may need to set up a Direct Debit on your account in relation to the services
  • Credit reference information
  • Information relating to loyalty programmes
  • Website user information (including cookie tracking)
  • Call recordings
  • Identification documents (where necessary or requested by third parties when we arrange services for you)
  • Information relating to complaints
  • Information on your customers (where you have agreed share this for the purpose of using or accessing a service provided to you- this will be limited to customer name and status on any transaction they have with you)

We may also collect or use (and share) the following special category information where you provide it, in order to ensure that any services provided or arranged for you are suitable given the information you shared.

  • Health information, such as any disability which may impact the way services are provided to you.

This information is subject to additional protection due to its sensitive nature and we only process or use this data where you have specifically provided it to us- we will not ask you for this information.

 

2. PREVENTION OR DETECTION OF CRIMES


We may also process the following information to assist relevant organisations with the prevention or detection of criminal activity.
•    Names and contact information
•    Customer or client accounts and records
•    Call recordings
•    Transaction information (where we are provided with this from a relevant third party for onward provision to you)

 

3. PROVISION OF SERVICE UDATES AND MARKETING 


We collect or use the following information to provide you with relevant service updates and marketing communications, including in relation to the Handepay Loyalty Programme:

  • Names and contact details
  • Addresses
  • Marketing preferences
  • Website and app user journey information
  • Records of consent, where appropriate

We may also collect or use the following special category information in relation to service updates (in order to ensure we communicate with you in a way that supports any health information you have provided). 

  • Health information, such as any disability which may impact the way services are provided to you

This information is subject to additional protection due to its sensitive nature and we only process or use this data where you have specifically provided it to us- we will not ask you for this information.

 

4. COMPLIANCE WITH LEGAL REQUIREMENTS


We collect or use the following information to comply with legal requirements:

  • Name
  • Contact information
  • Any other personal information required to comply with legal obligations.

 

5. CUSTOMER SUPPORT AND COMPLAINT HANDLING 


We collect or use the following personal information for dealing with queries and complaints:

  • Names and contact details
  • Address
  • Service history
  • Call recordings
  • Relevant information from previous investigations
  • Customer or client accounts and records
  • Financial transaction information (to the extent and detail provided to us from your third party provider in relation to services we have organised for you)
  • Correspondence
    We may also collect or use the following special category information in relation to service updates (in order to ensure we communicate with you in a way that supports any health information you have provided). 
  • Health information
    This information is subject to additional protection due to its sensitive nature and we only process or use this data where you have specifically provided it to us- we will not ask you for this information.

 

Lawful bases and data protection rights


Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website.

Which lawful basis we rely on may affect your data protection rights which are set out in brief below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website:

If you make a request, we must respond to you without undue delay and in any event within one month.

To make a data subject access request, please contact us using the contact details at the top of this privacy notice.


Our lawful bases for the collection and use of your data

Our lawful basis for collecting or using your personal information is detailed below:

 

1.    PROVISION OR ARRANGEMENT OF SERVICES

  • Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
  • Contract – we have to collect or use the information so we (or a third party) can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.

 

2.    PREVENTION OR DETECTION OF CRIMES

  • Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.

 

3.    PROVISION OF SERVICE UDATES AND MARKETING 

  • Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
  • Contract – we may also have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.

 

4.    COMPLIANCE WITH LEGAL REQUIREMENTS 

  • Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
  • Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.

 

5.    CUSTOMER SUPPORT AND COMPLAINT HANDLING

  • Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
  • Contract – we may also have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
  • Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.

 

Where we get personal information from

  • Directly from you
  • Credit reference agencies
  • Providers of marketing lists and other personal information
  • Suppliers and service providers

 

How long we keep information


We hold information for a period of 7 years after the end of any contract for service that you have entered into by or through us, in accordance with our retention policy. Our retention policy is updated from time to time to reflect changes in our obligations and legal duties. For more information on how long we store your personal information or the criteria we use to determine this please contact us using the details provided above.

 

Who we share information with


We may also share your personal information with the following parties:

  • Financial or fraud investigation authorities
  • Relevant regulatory authorities
  • Organisations we’re legally obliged to share personal information with
  • Debt collection agencies
  • Suppliers and service providers
  • Other relevant third parties:
    • Third parties for whom you have given us specific informed consent to share data with, for example, for the provision of products and services by them directly to you.
    • Credit reference agencies in relation to any credit agreement you enter into through us.

 

Sharing information outside the UK


In order to provide certain services or support to you, we may use service providers located outside of the UK, or implementing cloud-based data storage or other similar technology. These services may include operational, technical and administrative support that is based outside of the UK or the EEA. Any transfer personal information outside of the UK shall be in accordance with the UK GDPR and any relevant data transfer model applicable at the time, making sure appropriate safeguards are in place.

For further information or to obtain a copy of the appropriate safeguard for any of the transfers below, please contact us using the contact information provided above.

 

How to complain


If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.

 

The ICO’s address:           

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint

Revised: February 2026 (v1.6)

Handepay Logo White

Helping Businesses Grow

Handepay Ltd, registered address 1 The Boulevard, Shire Park, Welwyn Garden City, AL7 1EL.
Handepay Ltd is authorised and regulated by the Financial Conduct Authority (FCA) under FRN number 673564 for credit broking.
Handepay is not a lender.
Trading address, Westway Park, Galway Crescent, Haydock, St Helens, WA11 0GR
© Handepay Ltd 2006 - 2026

Financial disclaimer:

Handepay Ltd is authorised and regulated by the FCA for consumer credit under FRN 673564. Handepay is a credit broker not a lender. Handepay receives commission from the credit provider for each successful introduction it conducts.

Terminal hire contracts are provided by Merchant Rentals Limited, who is authorised and regulated by the Financial Conduct Authority for Consumer Hire under FRN 720500. Terminal hire can be for consumer hire and non-regulated hire contracts. Please check your contract carefully for details. Regulation of all consumer hire fall under the control of the FCA.

Handepay is not an acquirer. Your acquiring service provider will depend on the service package you choose to receive through Handepay. Handepay acts as an introducer of card acquiring services on behalf of the card acquiring service providers which include Lloyds Bank plc trading as Cardnet and EVO Payments UK.

Lloyds Bank are authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority under registration number 119278. Cardnet is a registered trademark of Lloyds Bank plc.

EVO Payments UK is the trading name of EVO Payments UK Ltd, a payment institution that is authorised and regulated by the Financial Conduct Authority (FRN number 959332).

Editorial disclaimer:

The information we provide does not constitute financial advice and might not apply to your business. Always carry out research into your business’ needs when choosing a new merchant services provider.

Sometimes, we link to other third-party websites to provide you with additional information. At the time of publication, we consider the information accurate, however, we do not have control over their content and are not responsible if any information on these websites change.

The products we display on our website are for illustrative purposes only - if your business requires additional facilities, you may receive a different model than advertised. All of the information contained on this website, including fees, services and functionality, are correct at time of publishing. E&OE.