This privacy notice lets you know what happens to any personal data that you give to us, or any that we may collect from or about you. It applies to all products and services, and instances where we collect your personal data.
This privacy notice applies to personal information processed by or on behalf of Electronic Card Acceptance Company Ltd (E.C.A.C LTD)/PDQ Machines.
You can also view Elavon Merchant Service Terms of Service by clicking Here
Use the links below to find out more about how we use your personal information:
- Who are we and how do you contact us and our Data Protection Officer?
- What kinds of personal information about you do we process?
- What is the source of your personal information?
- What are the legal grounds for our processing of your personal information (including when we share it with others)?
- What should you do if your personal information changes?
- For how long is your personal information retained by us?
- What are your rights under data protection laws?
Changes to this privacy notice
We may change this privacy notice from time to time by updating this page in order to reflect changes in the law and/or our privacy practices. We encourage you to check this privacy notice for changes whenever you visit our website – https://www.PDQMachines.com.
We’re the Electronic Card Acceptance Company Limited (E.C.A.C), Studio 2000 Suite 713/714 Elstree way, Borehamwood, WD61SF We are a data controller of your personal data. E.C.A.C Company or companies which provide your product or service are named at the start of these terms and conditions. E.C.A.C Ltd are the owners of the marketing company PDQ Machines.
We have a dedicated data protection officer (“DPO”). You can contact the DPO using the details below or by writing to the above address, marking it for the attention of the DPO or going to Contact Us.
Browsing of our web sites and most other services do not require any personally identifying information. E.C.A.C and PDQ Machines may collect limited non-personally identifying information your browser makes available whenever you visit a website. This log information includes your internet protocol address, browser type, browser language, the date and time of your query and one or more cookies that may uniquely identify your browser. We use this information to better understand users’ behaviour and to further improve our offerings.
What kinds of personal information about you do we process?
Some of our services require you to register for an account or contact us. We may you for some personal information and we will use that information to provide the service.
When we require personally identifying information, we will inform you about the types of information we collect and how we use it. We hope this will help you make an informed decision about sharing your personal information with us. It is then up to you to decide if you want to provide the information or not.
Personal information that we’ll process in connection with all of our products and services, if relevant, includes:
- Personal and contact details, such as title, full name, contact details and contact details history
- Your date of birth, gender and/or age
- Your nationality, if needed for the product or service
- Details of beneficiaries, such as joint policy holders, named drivers, beneficiaries of our products or services
- Family members (if relevant to the product or service)
- Records of your contact with us such as via the phone number of our breakdown service and, if you get in touch with us online using our online services or via our smartphone app, details such as your mobile phone location data, IP address and MAC address
- Products and services you hold with us, as well as have been interested in and have held and the associated payment methods used
- The usage of our products and services, any call outs and claims and whether those claims were paid out or not (and details related to this)
- Marketing to you and analysing data, including history of those communications, whether you open them or click on links, and information about products or services we think you may be interested in, and analysing data to help target offers to you that we think are of interest or relevance to you. Offers may include our car, insurance, financial services, connected car, travel and any of our other products and services
- Information about your use of products or services held with our business partners, such as insurance policies, mortgage, savings or financial services and products
- Information we obtained from third parties, including information about pricing, claims history, instances of suspect fraud and usage history
- Personal information which we obtain from Credit Reference Agencies and Fraud Prevention Agencies (see the section on ‘Fraud Prevention Agencies’ below), including public (for example, defaults, CCJs) and shared credit history, financial situation and financial history
- Fraud, debt and theft information, including details of money you owe, suspected instances of fraud or theft, and details of any devices used for fraud
- Financial details about you, such as your salary and details of other income, details of your savings, details of your expenditure, and payment method(s)
- Details about all of your existing borrowings and loans, if relevant
- Information about your employment status, if relevant
- Information about your property occupier status, such as whether you are a tenant, live with parents or are an owner occupier of the property where you live at the time of your application
- Your residency and/or citizenship status, if relevant, such as your nationality, your length of residency in the UK and/or whether you have the permanent right to reside in UK
- Your marital status, family, lifestyle or social circumstances, if relevant to the product (for example, the number of dependents you have or if you are a widow or widower)
- Insights about you and our customers gained from analysis or profiling of customers
What is the source of your personal information?
We’ll collect personal information from the following general sources:
- From you directly, associates or beneficiaries of products and services
- Information generated about you when you use our products and services
- Business partners (for example, financial services institutions,), account beneficiaries, or others who are a part of providing your products and services or operating our business
- From other sources such as Fraud Prevention Agencies, Credit Reference Agencies, other lenders, HMRC, DWP, publicly available directories and information (for example, telephone directory, social media, internet, news articles), debt recovery and/or tracing agents, other organisations to assist in prevention and detection of crime, police and law enforcement agencies
- We buy or rent information about you or customers generally from third parties including demographic information, marketing lists, publicly available information and other information to help improve our products and services or our business
What do we use your personal data for?
We use your personal data, including any of the personal data listed in section 1 above, for the following purposes:
- Assessing an application for a product or service, including considering whether or not to offer you the product or service, the price, the risk of doing so, availability of payment method and the terms
- Managing the product or service you have with us
- Updating your records, tracing your whereabouts and recovering debt
- Managing any aspect of the product or service
- To make automated decisions on whether to offer you a product or service, or the price, payment method, risk or terms of it
- To perform and/or test the performance of, our products, services and internal processes
- To improve the operation of our business and that of our business partners
- To follow guidance and best practice under the change to rules of governmental and regulatory bodies
- For management and auditing of our business operations including accounting
- To carry out checks at Credit Reference and Fraud Prevention Agencies pre-application, at application, and periodically after that
- To monitor and to keep records of our communications with you and our staff (see below)
- For market research and analysis and developing statistics
- For direct marketing communications and related profiling to help us to offer you relevant products and service, including deciding whether or not to offer you certain products and service. We’ll send marketing to you by SMS, email, phone, post, social media and digital channels (for example, using Facebook Custom Audiences and Google Custom Match). Offers may relate to any of our products and Services such as hardware updates and technical issues, money and financial services, assurance, and advice we think may be of interest
- To provide personalised content and services to you, such as tailoring our products and services, our digital customer experience and offerings, and deciding which offers or promotions to show you on our digital channels.
- To develop new products and services and to review and improve current products and services
- To comply with legal and regulatory obligations, requirements and guidance
- To provide insight and analysis of our customers both for ourselves and for the benefit of business partners either as part of providing products or services, helping us improve products or services, or to assess or improve the operating of our businesses
- To share information, as needed, with business partners (for example, financial services institutions), account beneficiaries, service providers or as part of providing and administering our products and services or operating our business
- To facilitate the sale of one or more parts of our business
What are the legal grounds for our processing of your personal information (including when we share it with others)?
We rely on the following legal bases to use your personal data:
- Where it is needed to provide you with our products or services, such as:
a) Assessing an application for a product or service you hold with us, including consider whether or not to offer you the product, the price, the payment methods available and the conditions to attach
b) Managing products and services you hold with us, or an application for one
c) Updating your records, tracing your whereabouts to contact you about your account and doing this for recovering debt (where appropriate)
d) Sharing your personal information with business partners and services providers when you apply for a product to help manage your product
e) All stages and activities relevant to managing the product or service including enquiry, application, administration and management of accounts, illustrations, requests for transfers of equity, setting up/changing/removing guarantors
f) For some of our profiling and other automated decision making to decide whether to offer you a product and/or service, particular payment method and the price or terms of this
2. Where it is in our legitimate interests to do so, such as:
a) Managing your products and services relating to that, updating your records, tracing your whereabouts to contact you about your account and doing this for recovering debt (where appropriate)
b) To perform and/or test the performance of, our products, services and internal processes
c) To follow guidance and recommended best practice of government and regulatory bodies
d) For management and audit of our business operations including accounting
e) To carry out searches at Credit Reference Agencies pre-application, at the application stage, and periodically after that. Where you have been introduced to us by a broker or other intermediary they may do these searches on our behalf
f) To carry out monitoring and to keep records of our communications with you and our staff (see below)
g) To administer our good governance requirements and those of other members of our Group, such as internal reporting and compliance obligations or administration required for AGM processes
h) For market research and analysis and developing statistics
i) For direct marketing communications and related profiling to help us to offer you relevant products and services, including deciding whether or not to offer you certain products and service. We will send marketing to you by SMS, email, phone, post and social media and digital channels (for example, using Facebook Custom Audiences and Google Custom Match
j) Subject to the appropriate controls, to provide insight and analysis of our customers to business partners either as part of providing products or services, helping us improve products or services, or to assess or to improve the operating of our businesses
k) For some of our profiling and other automated decision making
l) Where we need to share your personal information with people or organisations in order to run our business or comply with any legal and/or regulatory obligations
3. To comply with our legal obligations
4. With your consent or explicit consent:
a) For some direct marketing communications
b) For some of our profiling and other automated decision making
When do we share your personal information with other organisations?
We may share information with the following third parties for the purposes listed above:
- Electronic Card Acceptance Company LTD companies and service providers
- Business partners (for example, financial services institutions, Terminal suppliers Lease Companies), account beneficiaries, or others who are a part of providing your products and services or operating our business
- Governmental and regulatory bodies such as HMRC, the Financial Conduct Authority, the Prudential Regulation Authority, the Ombudsman, the Information Commissioner’s Office and under the Financial Services Compensation Scheme
- Other organisations and businesses who provide services to us such as debt recovery agencies, back up and server hosting providers, IT software and maintenance providers, document storage providers and suppliers of other back office functions
- Credit Reference and Fraud Prevention Agencies (see below)
- Market research organisations who help us to develop and improve our products and services
How and when can you withdraw your consent?
Where we’re relying upon your consent to process personal data, you can withdraw this at any time by contacting us using the details below.
Is your personal information transferred outside the UK or the EEA?
We’re based in the UK but sometimes your personal information may be transferred outside the European Economic Area by one of our partners for application processing. If we do so we’ll make sure that suitable safeguards are in place, for example by using approved contractual agreements, unless certain exceptions apply.
How do we share your information with credit reference agencies?
To process your application, we’ll perform credit and identity checks on you with one or more credit reference agencies (CRAs). Where you take insurance, financial or credit services from us we may also make periodic searches at CRAs to manage your account with us. To do this we’ll supply your personal information to CRAs and they will give us information about you. This will include information from your credit application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information.
We’ll use this information to:
- Assess your creditworthiness and whether you can afford to take the product
- Verify the accuracy of the data you have provided to us
- Prevent criminal activity, fraud and money laundering
- Manage your account(s)
- Assess payment methods available to you
- Trace and recover debts
- Make sure any offers provided to you are appropriate to your circumstances
We’ll continue to exchange information about you with CRAs while you have a relationship with us. We’ll also notify the CRAs about your settled accounts. If you borrow and don’t repay in full and on time, CRAs will record the outstanding debt. This information may be given to other organisations by CRAs. The identities of the CRAs, their role as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail on our website.
When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders.
If you’re making a joint application, or tell us that you have a spouse or financial associate, we’ll link your records together, so you should make sure you discuss this with them, and share with them this information, before lodging the application. CRAs will also link your records together and these links will remain on your and their files until such time as you or your partner successfully files for a disassociation with the CRAs to break that link.
How do we share your information with Fraud Prevention Agencies?
There are more details about how credit reference and fraud agencies use your personal data here.
What should you do if your personal information changes?
You should tell us so that we can update our records using the details in the Contact Us section of our website. We’ll then update your records if we can.
Do you have to provide your personal information to us?
We’re unable to provide you with our products or services if you do not provide certain information to us. In cases where providing some personal information is optional, we’ll make this clear.
Do we do any monitoring involving processing of your personal information?
In this section monitoring means any: listening to, recording of, viewing of, intercepting of, or taking and keeping records (as the case may be) of calls, email, text messages, social media messages, in person (face to face) meetings and other communications.
We may monitor where permitted by law and we’ll do this where the law requires it, or to comply with regulatory rules, to prevent or detect crime, in the interests of protecting the security of our communications systems and procedures and for quality control and staff training purposes. This information may be shared for the purposes described above.
For how long is your personal information retained by us?
This Section sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.
Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
In some cases it is not possible for us to specify in advance the periods for which your personal data will be retained. In such cases, we will determine the period of retention based on the following criteria:
(a) The period of retention of personal data will be determined based on its sole purpose.
We may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another person or company.
Unless we explain otherwise to you, we’ll hold your personal information based on the following criteria:
- For as long as we have reasonable business needs, such as managing our relationship with you and managing our operations
- For as long as we provide goods and/or services to you and then for as long as someone could bring a claim against us; and/or
- Retention periods in line with legal and regulatory requirements or guidance.
What are your rights under data protection laws?
Here is a list of the rights that all individuals have under data protection laws. They don’t apply in all circumstances. If you wish to use any of them, we’ll explain at that time if they are engaged or not. The right of data portability is only relevant from May 2018.
- The right to be informed about the processing of your personal information
- The right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed
- The right to object to processing of your personal information
- The right to restrict processing of your personal information
- The right to complain to a supervisory authority
- The right to have your personal information erased (the “right to be forgotten”)
- The right to request access to your personal information and to obtain information about how we process it
- The right to move, copy or transfer your personal information (“data portability”)
- Rights in relation to automated decision making which has a legal effect or otherwise significantly affects you
- The right to withdraw consent
You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee. You can access your personal data by emailing us at firstname.lastname@example.org
You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.
In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims.
In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.
You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.
You have the right to object to our processing of your personal data for scientific or historical research purposes or statistical purposes on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
To the extent that the legal basis for our processing of your personal data is:
(a) Consent; or
(b) That the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract,
And such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format.
However, this right does not apply where it would adversely affect the rights and freedoms of others.
If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.
To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
You may exercise any of your rights in relation to your personal data by written notice to us.
Your right to object
You have the right to object to certain purposes for processing, in particular to data processed for direct marketing purposes and to data processed for certain reasons based on our legitimate interests. You can contact us by going to the Contact Us section of our website to exercise these rights.
What are your marketing preferences and what do they mean?
We may use your home address, phone numbers, email address and social media or digital channels (for example, Facebook, Google and message facilities in other platforms) to contact you according to your marketing preferences. You can stop our marketing at any time by contacting us using the details below or by following the instructions in the communication.
Our Details and Contacting Us
This website is owned and operated by E.C.A.C and PDQ Machines.
We are registered in England and Wales under registration number 08158895, and our registered office address is 37 Beechwood Drive, Camelford, United Kingdom, PL32 9NAOur principal place of business is at Suites 713/714, Studio 2000, 5 Elstree Way, Borehamwood, WD6 1SF
You can contact us:
(a) By post, to the postal address given above;
(b) Using our website contact form;
(c) By telephone, on 0330 333 1212; or
(d) By email, using email@example.com
If you have any questions about this privacy notice, or if you wish to exercise your rights or contact the DPO, you can contact us by going to the Contact Us section of our website. Alternatively, you can write to Studio 2000 -Suite 713/714 -5 Elstree Way -Borehamwood -Herts -WD61SF, marking it for the attention of the DPO.