Privacy Policy & GDPR

Last updated 20th April 2018

This Privacy policy reflects how Stark Payments (“we”) provides its payment services (the “Services”) through third party websites (“Software Platforms”), such as marketplaces, digital services providers, and various ecommerce sites. Developers, Software Platforms and Digital Agencies provide Stark Payments’ Services to their end users (“Users” or “you”) by integrating with Stark Payments’ technology and application programming interface (“API”), which also enables them to provide User information to Stark Payments and receive information from Stark Payments. This Privacy Policy addresses how Stark Payments handles all User information, including User information provided by you, User information provided by the software platform provider, and User information obtained by Stark Payments from various third party service providers.

This Privacy Policy describes the ways we collect, store, use, and share User information. We may amend this Privacy Policy at any time by posting a revised version at this link. The revised version will be effective at the time we post it, unless we provide additional notice or an opportunity to “opt-in” because changes are material or retroactive.

Stark Payments is a global operation but its businesses are managed through various regional entities. When you provide information to us, to the extent that this is capable of being accessed from different countries, we will ensure that any operation complies in all respect with local legislation and applies the same global standards with regard to the security of the data.

By using the Services, you are accepting the practices described in this Privacy Policy. By using a platform or technology that has integrated with Stark Payments technology or API, you are also accepting the practices described in the respective Privacy Policy, which you should review carefully. Any information you enter on the third party technology or service provider’s website or application, or on Stark Payments pages, fields, or resources that are integrated with the Platform’s website or application, may be shared with the owner of the Platform website or application, subject to the requirements of the Payment Card Industry Data Security Standard (PCI-DSS) and applicable law. Stark Payments is not responsible for the content or information practices of third party platforms or technology providers.

Information collected

Stark Payments collects three types of information: information that Users intentionally provide to Stark Payments or the Platform/technology service provider, information about Users that third parties provide to Stark Payments or the Platform/technology service provider to augment or verify that information, and information automatically provided by Users as they interact with the Stark Payments or Platform/technology service provider website. Information that can be used to identify, contact, or locate a User is “personally identifiable information.” Automatically provided information that uniquely identifies a device or browser is not personally identifiable information, unless it is linked to a particular User.

Personal Data

Users either accept payments as “Merchants” or make payments as “Payers.” A Merchant must provide the Merchant’s name, email address, a self-selected password, street address, telephone number, tax identification number, merchant category code, date of birth (if a natural person), and bank account information. A Merchant may provide additional information, such as a link to its website or social media account, in order to accelerate account activation and qualify for faster disbursement of funds.

A Payer who is paying with a credit or debit card must provide the Payer’s name, card number, expiration date, CVV code, country, and zip code. A Payer who is paying by ACH or EFT must provide the Payer’s name and bank account information.

Merchants or Payers may voluntarily provide additional information to Stark Payments or the Platform/technology service provider, for example, when seeking customer support or in response to surveys or other inquiries.

Stark Payments uses the information collected from you to provide services and marketing information that Stark Payments believes may be of interest to you and your business. In having made your initial contact with Stark Payments, you consent to Stark Payments maintaining a marketing dialogue with you until either you opt out (which you can do at any stage) or we decide to discontinue promoting our services. Stark Payments also acts on behalf of its clients in the capacity of data processor. When working exclusively as a data processor, Stark Payments will be acting on the instruction of its client and will aim to ensure that the client is fully GDPR compliant.

Third-party provided information

Stark Payments or the Platform/technology service provider may obtain information about Users from third parties, such as identity verification services, credit reporting services, and social networks such as Facebook or LinkedIn. The Platform/technology service provider may provide Stark Payments with additional information, such as the User’s transactional history on the Platform/technology.

Automatically provided information

Stark Payments or the Platform/technology service provider may automatically record certain information about or related to your use of the Services and the Platform/technology that is made available through your computer. Four such technologies are described below.

Essential cookies
We may use essential cookies to authenticate users and prevent fraudulent use of user accounts.

Log files
Stark Payments or the Platform/technology may collect internet protocol (IP) address, browser type, device ID, internet service provider (ISP), information about your computer and software, links, materials you request, your approximate location, referring/exit pages, date/time stamp, and other metadata. Platforms/technology may embed Javascript code into page loads, which instructs Users’ web browsers to make web requests back to our servers to collect information about User page views and other activities.

Cookies
Stark Payments or the Platform/technology collects certain information from the User’s browser using small data files called “cookies.” For example, Stark Payments or the Platform/technology may use session cookies to help recognise a User who visits multiple website pages during the same session, so that the User does not have to enter a password to access each page. Session cookies terminate once the User closes the browser. By default, Stark Payments or the Platform/technology also uses persistent cookies to collect, store, and track information. For example, Stark Payments or the Platform/technology uses persistent cookies to store the User’s login ID (but not the User’s password) to make it easier for the User to login when the User returns to the website. We encode our cookies so that only we can interpret the information stored in them. You can remove or block persistent cookies using the settings in your browser, but this may limit your ability to use our Services.

Clear GIFs and Web Beacons
Stark Payments or the Platform/technology may employ a software technology, called clear gifs or web beacons, that helps us better manage content on the Stark Payments or Platform/technology service provider’s website, and in Stark Payments or Platform/technology emails, by informing us what content is effective. Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of Web users. In contrast to cookies, which are stored on a User’s computer hard drive, clear gifs are embedded invisibly on Web pages and are about the size of the period at the end of this sentence.

Use of information obtained by Stark Payments

Stark Payments uses User information primarily in order to develop, operate, support, maintain, enhance and provide the Services. Stark Payments uses User information to process payment transactions; to provide receipts and reports; to resolve disputes, collect fees, and troubleshoot problems; to customize, measure, and improve the Services; and to enforce our agreements with Platforms/technology and other Stark Payments integrated service providers and our Terms of Service and Merchant Agreement with Users.

Stark Payments also uses User information to detect and prevent fraud and other potentially illegal activities. Stark Payments may combine User information with information from other sources using proprietary algorithms to calculate a measure of the risk that a particular User or transaction is fraudulent (“Risk Score”).

Stark Payments User information for our administrative and operational purposes. Stark Payments or the Platform/technology provider may notify you of changes in the Services, or may solicit your feedback, or may conduct market research, or may send you promotional materials. To unsubscribe from promotional emails, click the “unsubscribe” link in the email.

Sharing information with third parties

Stark Payments may share User information with third-party service providers who help with certain parts of our business operations including payment processing, settlement, security, validation of user credentials, secure data storage, marketing, customer service, and other services. Stark Payments requires that these service providers use personally identifiable User information only in connection with the services they perform for Stark Payments.

Stark Payments also may share non-personally identifiable User information with third parties that help us better understand how Users use our Service or help us detect and prevent fraud and other unauthorised or suspicious activity. These third parties may use cookies and other technologies to collect non-personally identifiable information about Users and combine it with similar information collected from others. They may use this information to help Stark Payments to better understand our Users, and to help their other customers better understand their users.

A Stark Payments Risk Score is not personally identifiable information, and Stark Payments may share it (and other similar information generated by Stark Payments ) with Platforms/technology providers or other third parties. Stark Payments claims ownership of Risk Scores and similar analytical results that we generate using User information, whether alone or in combination with other information. Stark Payments may use, disclose, or sell Risk Scores in Stark Payments’ sole discretion.

Stark Payments may share User information in the event of a merger, acquisition, debt financing, sale of all or a portion of our assets, or similar transaction, or in the event of insolvency, bankruptcy or receivership in which User information is transferred to one or more third parties as one of our business assets. Should such an event occur, Stark Payments will endeavor to assure that the acquirer, successor, or assignee (as the case may be) follows this Privacy policy with respect to User information. If User information could be used contrary to this Privacy policy, Users will receive prior notice as well as the opportunity to opt out.

Stark Payments may share User information with law enforcement, government officials, or other third parties in the event of a subpoena, court order or similar legal procedure, or when Stark Payments believes in good faith that the disclosure of User information is necessary or advisable to report suspected illegal activity, or to protect Stark Payments’ property or legal rights (including, but not limited to, enforcement of Stark Payments’ Terms of Service, Merchant Agreement, and other agreements) or the property or rights of others, or otherwise to help protect the safety or security of the Services.

Except as expressly disclosed in this Privacy policy, Stark Payments will not sell or disclose User information to third parties. Stark Payments will not sell, rent, share, or trade personally identifiable information to third parties (other than the Platform/technology through which Stark Payments collected such information) for their promotional purposes. Stark Payments may disclose aggregated or other types of non-personally identifiable information to third parties for various purposes.

Security

Stark Payments has implemented physical, technical, and procedural safeguards to protect User information from unauthorised access, disclosure, alteration, or destruction. Stark Payments uses computer safeguards such as firewalls and data encryption, and authorises access to personally identifiable information only for those employees, contractors, and agents who require it to fulfill their job responsibilities.

Stark Payments takes additional care to protect User information, such as credit card or bank account numbers, if disclosure of the particular type of User information could cause direct financial loss. Stark Payments encrypts such information and transmits it under Secure Socket Layer (SSL).

Data Storage

Data is held on multiple servers within the United Kingdom. Stark Payments does not store personal data outside the EEA.

Your Rights as a Data Subject

At any point whilst Stark Payments is in possession of or processing your personal data, all data subjects have the following rights:

  • Right of access – you have the right to request a copy of the information that we hold about you.
  • Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
  • Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
  • Right to restriction of processing – where certain conditions apply, you have a right to restrict the processing.
  • Right of portability – you have the right to have the data we hold about you transferred to another organisation.
  • Right to object – you have the right to object to certain types of processing such as direct marketing.
  • Right to object to automated processing, including profiling – you also have the right not to be subject to the legal effects of automated processing or profiling.

In the event that Stark Payments refuses your request under rights of access, we shall provide you with a reason, which you have the right to challenge legally. Stark Payments can, at your request, confirm what information it holds about you and how it is processed.

You can request the following information:

  • Identity and the contact details of the person or organisation (Stark Payments) that has determined how and why to process your data.
  • Contact details of the data protection officer, where applicable.
  • The purpose of the processing as well as the legal basis for processing.
  • If the processing is based on the legitimate interests of Stark Payments or a third party such as one of its clients, information about those interests
  • The categories of personal data collected, stored and processed.
  • Recipient(s) or categories of recipients that the data is/will be disclosed to.
  • How long the data will be stored
  • Details of your rights to correct, erase, restrict or object to such processing.
  • Information about your right to withdraw consent at any time.
  • How to lodge a complaint with the supervisory authority (ICO).
  • Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.
  • The source of personal data if it was not collected directly from you.
  • Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.

To access details of what personal data is held, identification will be required. Stark Payments will accept the following forms of ID when information on your personal data is requested: a copy of your driving licence; passport; birth certificate; and a utility bill not older than three months. A minimum of one piece of photographic ID listed above and a supporting document is required. If Stark Payments is dissatisfied with the quality, further information may be sought before personal data can be released.

All requests should be made in writing via email to support@starkpayments.com

Age restrictions

The Services provided by Staark Payments are not intended for children. We ask that persons under the age of 16 do not submit any personal information to us or use the Services.

Complaints

We take complaints very seriously. In the event that you wish to make a complaint about how your personal data is being processed by Stark Payments or any of its partners, you have the right to complain to Stark Payments’ Director, Mr Manjinderpal Matharu. If you do not get a response within 30 days, you can complain to the Information Commissioner’s Office on 0303 123 1113 or visiting their website: https://ico.org.uk/global/contact-us/email/

Contacting Stark Payments

In writing

Stark Payments Ltd
FAO: Manjinderpal Matharu
160 City Road
London
EC1V 2NX

Email: partners(at)starkpayments.com