Privacy notice - business and website

Last updated on 15 April 2025.

Yaspa respects the importance of your data. In this privacy notice we outline how we handle your personal information - whether you're a business contact of Yaspa's, or a visitor to our website. We’ll try to keep it short and sweet.

For information about our cookie policy, please visit this page: www.yaspa.com/cookie-policy.

1. Who are we?

Yaspa Limited is a company registered in England and Wales (registered number: 09902175). We are regulated by the Financial Conduct Authority as an Authorised Payment Institution (reference number: 826720), and are data controllers for the processing of your personal data under this privacy notice.

2. Who does this privacy notice apply to?

We process different elements of your data in different ways, depending on how you interact with us. Here we outline how we process your personal data if you are: an employee or representative of a business customer, partner or prospect of ours ('business contact'); or a website visitor.

3. Processing data of business contacts or website visitors

Here we give you information on how Yaspa collects and processes your personal data when you use this website, when you contact us or subscribe for our marketing, or you (or your employer) signs up to our services, including any data you or your employer may provide through our websites, digital services or within merchant application forms.

3.1 The data we collect
We may collect your data in different ways, such as:

3.1.1 Direct interactions by you or your employer
When you, or your employer, applies for Yaspa’s products or services you may provide us with information when you contact us, subscribe for marketing purposes or give us feedback.

3.1.2 Automated technologies or interactions
As you interact with our website or digital product, we automatically collect technical data about your equipment, browsing/usage and patterns. This includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive technical data about you if you visit other websites employing our cookies. For information about our cookie policy, please visit this page: www.yaspa.com/cookie-policy.

3.1.3 Third parties
We may receive personal data about you from various third parties and public sources including:

- Where you are an employee of a Yaspa partner or merchant, we may receive information from your employer relating to your role, responsibilities and access permissions for the Yaspa products and services we provide;
- Technical data such as internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website from analytics providers and advertising networks;
- Identity data including first name, last name, title, date of birth; and contact information including your current residential address, previous addresses, email address and telephone numbers from brokers, aggregators and publicly available sources (such as Companies House and the Electoral Register); and
- Where you are an owner or director of a partner or merchant we may collect commercial data including percentage ownership of company (including beneficial ownership), political exposure and any information that is relevant to sanctions as part of our anti-money laundering (AML) and know your customer (KYC) checks.

3.2 How we use your personal data (business contacts or website visitors)
We will use your personal data in the following circumstances:

3.2.1 Where we need to take steps related to the contract we are about to enter into with you or have entered into with you. This includes:
- Managing payments, fees and charges;
- Collecting and recovering money owed to us;
- Communicating with you;
- Providing customer service; and
- Confirming your identity for the purposes of security and fraud prevention.

3.2.2 Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. In particular, we:
- Monitor use of our website and use your information to help us monitor, improve and protect our services, including asking you to leave reviews or take surveys related to our products or services;
- Tailor our services to the needs of the merchant (which may be you or your employer), including by implementing contextual or role-based access to customer information;
- Send you direct marketing, if we do not need your consent;
- Use your information to help us assess and improve the Yaspa services;
- Respond to any correspondence you may send us;
- Use information you provide as well as information which we have collected about you to investigate any complaints received from you, or from others, about our website, products or services; and
- Use data in connection with legal claims, compliance, regulatory and investigative purposes as necessary (including disclosure of such information in connection with legal process or litigation).

3.2.3 Where we need to comply with a legal or regulatory obligation.
For example:
- To discharge our obligations as a regulated financial service provider including KYC and AML checks, politically exposed persons (PEP) and sanctions checks; and
- In response to requests by government or law enforcement authorities conducting an investigation.

3.2.4 Where we have obtained your consent.
For example we may send you direct marketing communications and place cookies or use similar technologies to read information on your device for non-essential purposes. On other occasions, where we ask you for consent, we will use the data for the purposes we explain at that time.

3.3 Withdrawing consent or otherwise objecting to direct marketing
Wherever we rely on your consent, you will always be able to withdraw that consent, although we may have other legal grounds for processing your data for other purposes, such as those set out above. In some cases, we are able to send you direct marketing without your consent, where we rely on our legitimate interests. You can ask us to stop sending you marketing messages at any time by following the unsubscribe links on any marketing message sent to you; or by contacting us. Where you opt out of receiving these marketing messages, this will not affect our processing of data for other purposes (see above).

3.4 Data retention (business contacts or website visitors)
How long will you use my personal data for?

3.4.1 Where we process information about you in connection with our contract with you, or your employer, and the transactions carried out through our services, we process this for six years after you cease being a customer for legal and regulatory purposes.

3.4.2 Where we process personal data for marketing purposes or with your consent, we process the data until you ask us to stop and for a short period after this (to allow us to implement your requests). We also keep a record of the fact that you have asked us not to send you direct marketing or to process your data indefinitely so that we can respect your request in future.

3.4.3 Where we process your data for other purposes, such as complying with laws or defending our legal position, we process this data for as long as is necessary to fulfil that purpose.

4. Disclosures of your personal data

We may have to share your personal data with the parties below for the purposes described above:

- Third party service providers (e.g. providing fraud prevention, IT and admin support services) acting as processors who process the data under our instructions.
- Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
- Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
- HM Revenue & Customs, regulators and other authorities or law enforcement bodies based in the United Kingdom, the EU or elsewhere if required for the purposes above, or if mandated by law or if required for the legal protection of our or third-party legitimate interests in compliance with applicable laws.

5. International transfers

Some of the third parties who will receive your data may be based outside the European Economic Area (EEA) or United Kingdom so their processing of your personal data will involve a transfer of data outside the EEA or United Kingdom.

6. Your rights and how to complain

You have certain rights in relation to the processing of your personal data, including the:

Right to be informed
You have the right to know what personal data we collect about you, how we use it, for what purpose and in accordance with which lawful basis, who we share it with and how long we keep it. We use our privacy notice to explain this.

Right of access (commonly known as a 'Subject Access Request')
You have the right to receive a copy of the personal data we hold about you.

Right to rectification
You have the right to have any incomplete or inaccurate information we hold about you corrected.

Right to erasure (commonly known as the right to be forgotten)
You have the right to ask us to delete your personal data.

Right to object to processing
You have the right to object to us processing your personal data. If you object to us using your personal data for marketing purposes, we will stop sending you marketing material.

Right to restrict processing
You have the right to restrict our use of your personal data.

Right to portability
You have the right to ask us to transfer our personal data to another party.

Automated decision-making
You have the right not to be subject to a decision based solely on automated processing which will significantly affect you. We do not use automated decision-making.

Right to withdraw consent
If you have provided your consent for us to process your personal data for a specific purpose, you have the right to withdraw your consent at any time. If you do withdraw your consent, we will no longer process your information for the purpose(s) you originally agreed to, unless we are permitted by law to do so.

Right to lodge a complaint
You have the right to lodge a complaint with the relevant supervisory authority, if you are concerned about the way in which we are handling your personal data. The supervisory authority in the UK is the Information Commissioner’s Office who can be contacted online at:

Contact us | ICO
0303 123 1113

For supervisory authorities in other countries within the EU see the link: https://edpb.europa.eu/about-edpb/about-edpb/members_en

How to exercise your rights
You will not usually need to pay a fee to exercise any of the above rights. However, we may charge a reasonable fee if your request is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

If you wish to exercise your rights, you may contact us using the details set out below within the section called ‘How to contact us and our Data Protection Officer’. We may need to request specific information from you to confirm your identity before we can process your request. Once in receipt of this, we will process your request without undue delay and within one month. In some cases, such as with complex requests, it may take us longer than this and, if so, we will keep you updated.  

7. Children’s privacy

We do not offer our products and services to children and we do not knowingly collect personal data of children without parental consent, unless permitted by law. If you are a child, you must have your parent’s permission to use our services. If you learn that a child has provided us with their personal data without parental consent, you may contact us, as described below, and if appropriate, we will securely and permanently delete it, in accordance with applicable law.

8. How to contact us and our Data Protection Officer 

If you wish to contact us in relation to this privacy notice or if you wish to exercise any of your rights outlined above, please contact us as follows:

Yaspa Limited
1 St Katharine's Way
London, E1W 1UN
England

dpo@yaspa.com 

We have also appointed a Data Protection Officer ('DPO'). Our DPO Evalian Limited can be contacted as follows:

Evalian Limited
Unit 5 West Lodge
Nobs Crook, Colden Common
Winchester, SO21 1TH
England

dpo@evalian.co.uk
+44 (0)3330 500111

Please mark your communications FAO the ‘Data Protection Officer’.

9. Changes to this privacy notice

We may update this notice (and any supplemental privacy notice), from time to time as shown below. We will notify you of the changes where required by applicable law to do so.

Last modified: 15 April 2025.