Website Privacy Policy

The purpose of this Privacy Policy is to help those using our web applications to make payments to RSM 2000 clients, to respond to RSM 2000 clients’ SMS text messages, or to initiate a text message to an RSM 2000 client, to understand what personal information we collect about them, what we use it for, and how we comply with data protection legislation. In the UK, that primarily means compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and the Privacy and Electronic Communications (EC Directive) Regulations 2003. Failure to comply with data protection legislation can lead to civil liability and criminal law penalties.

For the sake of clarity, if you are a client of RSM 2000 and use one of our systems to process payments, then this policy does NOT apply to you. Clients should refer to the Client Privacy Policy.

RSM2000 Ltd. is committed to safeguarding the privacy of web users; this policy sets out how we will treat your personal data.

Note RSM 2000 will not (except as detailed within this policy) supply your details to any other third party or use your data for any other RSM 2000 business-related purposes.

Our Data Protection Officer is Mark Freeland.

If you have any questions regarding our Privacy Policy, please write to:

The Data Protection Officer

RSM 2000 Limited

Wrest House

Wrest Park

Silsoe

Beds MK45 4HS

Email: electronicpayments@rsm2000.co.uk

Or call our team: 01525 862 555.

(1) What data do we collect?

We may collect, store and use the following kinds of personal data:

(a) Data about your computer and about your visits to and use of this website, such as your IP address, geographical location, browser type, referral source, length of visit and number of page views;

(b) Data relating to any transactions carried out between you and our clients in relation to this web-site, including data relating to any purchases you make of goods or services;

(c) Data that you provide to us for the purpose of registering with our clients (including name, address, contact telephones, email, etc.)

(d) Any other data that you choose to send to us.

(2) Using your personal data

Personal data submitted on this web-site will be used for the purposes specified in this privacy policy or in relevant parts of the website.

We may use your personal data to:

(a)    Administer the web-site;

(b)    Carry out payment-related transactions;

(c)  Send you transaction-related (non-marketing) communications such as transaction confirmations;

(d)  Deal with enquiries and complaints made by or about you relating to the web-site.

Personal data required to carry out payment-related transactions will be sent to third parties for processing. For card transactions, this will include card number, cardholder name, and address information. This data is sent to a gateway (e.g. SagePay, Credorax) and from there to the Client’s acquiring bank, and thence via the Card Scheme network (e.g. Visa, Mastercard, Amercian Express) to your Card Issuer for authorisation. For Direct Debits, this will include bank account number, bank sort-code, and address information. This data is sent to an account checking service (APT) and is then submitted to your bank via Bacs using an approved Bacstel-IP service (APT). For SMS services this will include mobile telephone number. This data is sent to an aggregator (e.g. IMI-Mobile, CLX Communications), and thence to your mobile network provider.

Note that the data captured as part of a transaction for an RSM 2000 Ltd. client will be made available to that client and will be subject to their privacy policies. RSM 2000 Ltd. will not (except as detailed in paragraph 3) supply your details to any other third party or use your data for any other RSM 2000 Ltd. business-related purposes.

(3) Other disclosures

In addition to the disclosures reasonably necessary for the purposes identified elsewhere in this privacy policy, we may disclose data about you:

(a) To the extent that we are required to do so by law;

(b) In connection with any legal proceedings or prospective legal proceedings;

(c) In order to establish, exercise or defend our legal rights (including providing data to others for the purposes of fraud prevention and reducing credit risk).

Except as provided in this privacy policy, we will not provide your data to third parties.

(4) International data transfers

Data that RSM2000 Ltd. collects may be stored, processed, and transferred between the different secure servers that we operate within the EEA, and not to any other countries outside them.

(5) Security of your personal data

We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal data.

We will store all the personal data you provide on our secure servers. All electronic transactions you make to or receive from us will be encrypted.

If applicable, you are responsible for keeping your password and user details confidential. We will not ask you for your password.

(6) Policy amendments

We may update this Privacy Policy from time-to-time by posting a new version on our web-site. You should check this page occasionally to ensure you are happy with any changes.

(7) Your rights

You retain control of how we use your data and you have the right to ask us to stop processing your personal information, which we will do. In some circumstances, we may legally be required to retain your personal information for audit purposes. However, this will be discussed with you depending on your requirements. Please contact our Data Protection Officer if you have any concerns.

You also have the right to request a copy of the information we hold about you. If you want to access your information, please contact our Data Protection Officer.

 

Under the General Data Protection Regulation, which will become law in the UK in May 2018, you are also granted a number of additional rights. These include:

•    The right to rectification

•    The right to erasure

•    The right to data portability

•    The right to object

For more information on these rights please read the relevant guidance issued by the ICO.

If you would like to make a complaint about how we process your personal data, please contact our Data Protection Officer.

If you are not happy with how your complaint is dealt with, you should contact the Information Commissioner’s Office.  Alternatively, you are entitled to make a complaint to the Information Commissioner’s Office without first referring your complaint to us.

For further information please see the Information Commissioner’s guidance.

We will not use your personal data for RSM 2000 Ltd. marketing purposes.

(8) Third party websites

The web-site contains links to other web-sites. We are not responsible for the privacy policies or practices of third party websites.

(9) Updating data

You can let us know if the personal data which we hold about you needs to be corrected or updated. However, RSM 2000 Ltd does not maintain client databases and our data normally only reflects the data that was correct at the time of the transaction. Data corrections or updates should ideally be directed to the relevant RSM 2000 Ltd. clients.

(10) Contact

If you have any questions about this privacy policy or our treatment of your personal data, please write to us by email to enquiries@rsm2000.co.uk or by post to RSM 2000 Ltd, Wrest House, Wrest Park, Silsoe, Bedfordshire MK45 4HS Tel.01525 862555 Fax. 01525 862500.