Privacy Policy

1. Introduction

This Privacy Policy explains how Persona Finance Ltd trading as QPACT (“QPACT”, “we”, “us” or “our”) collects, uses, stores, discloses and otherwise processes personal data in connection with the use of the QPACT website located at https://qpact.co.uk (the “Website”) and related services (the “Services”).

This Privacy Policy applies to all users of the Website and Services.

By accessing or using the Website or Services, you acknowledge that you have read and understood this Privacy Policy.

2. Company information

3. Data protection compliance

QPACT processes personal data in accordance with applicable data protection, privacy, anti-money laundering, compliance and regulatory obligations, including the UK General Data Protection Regulation, the Data Protection Act 2018 and other laws or regulatory requirements applicable to operation of the Website and provision of the Services.

4. Information we collect and process

In connection with operation of the Website and provision of the Services, QPACT may collect, receive, generate, combine, store, use, disclose and otherwise process information relating to users, prospective users, representatives, directors, shareholders, beneficial owners, authorised persons and other individuals connected with use of the Services.

Depending on the circumstances, QPACT may act as a data controller, processor, intermediary or service facilitator in relation to information processed through the Website or Services.

Such information may include:

• identifying information;
• contact information;
• verification-related information;
• transactional information;
• technical information;
• compliance-related information;
• fraud prevention information;
• other information reasonably necessary for business purposes.

In connection with identity verification and compliance procedures, QPACT and its service providers may process information relating to identity documents, proof of address documentation, biometric or liveness verification, device and fraud signals, sanctions or risk screening information, verification outcomes and related compliance information.

QPACT may receive verification-related information, extracted document information, verification status information, fraud prevention indicators, risk signals and related operational or compliance information from third-party verification providers used in connection with the Services.

Payment-related information may also be processed in connection with transactions conducted through the Website or Services. Payments are processed through third-party payment processors and QPACT does not intentionally store complete payment card details on its own systems.

QPACT may also collect technical and usage-related information relating to interaction with the Website, devices, browsers, systems, communications and online activity.

QPACT may combine information collected directly from users with information obtained from third-party providers, analytics providers, compliance providers, publicly available sources and other lawful sources where reasonably necessary for operation of the Services, fraud prevention, compliance, analytics, security or legitimate business purposes.

5. How information may be collected and used

Information may be collected directly from users, indirectly through use of the Website or Services, through communications and interactions, through verification and compliance procedures, through payment providers, through analytics technologies, through publicly available sources, through professional or compliance-related sources and through other lawful sources where reasonably necessary in connection with operation of the Website or provision of the Services.

QPACT may also combine information obtained from different sources where reasonably necessary for operational, legal, compliance, fraud prevention, security or legitimate business purposes.

6. How QPACT uses information

QPACT may process information for purposes connected with operation, administration, provision, protection, development and improvement of the Website and Services.

Such purposes may include:

• identity verification;
• onboarding procedures;
• fraud prevention;
• anti-money laundering obligations;
• compliance obligations;
• sanctions screening;
• operational administration;
• customer support;
• communications;
• analytics and service improvement;
• payment processing;
• information security;
• recordkeeping;
• enforcement of legal rights;
• regulatory cooperation;
• dispute resolution.

Where permitted by applicable law, QPACT may also use personal data to provide information regarding additional services, products or offerings made available by QPACT, Persona Finance Ltd or associated businesses.

QPACT reserves the right to process personal data where reasonably necessary to protect the Website, Services, users, service providers, business operations or legal interests of QPACT or third parties.

7. Legal basis for processing

Depending on the circumstances, QPACT may process personal data where reasonably necessary for performance of contractual obligations, compliance with legal and regulatory obligations, anti-money laundering and fraud prevention requirements, legitimate business and operational interests, protection of QPACT or third parties, establishment or defence of legal claims, operational administration, information security, regulatory cooperation or other lawful purposes permitted under applicable law.

Where processing is based on legitimate interests, such interests may include operation, improvement, security, administration and protection of the Website and Services, fraud prevention, analytics, business administration, compliance procedures, customer support, enforcement of legal rights and other reasonable commercial or operational interests.

8. Compliance, verification and regulatory matters

QPACT may conduct, facilitate or support identity verification, compliance procedures, fraud prevention activities, sanctions screening, due diligence procedures, onboarding procedures and related regulatory or operational processes in connection with provision of the Services.

Users acknowledge and agree that QPACT may request additional information or documentation, conduct enhanced due diligence procedures, verify information through third-party providers, monitor activity relating to use of the Services, suspend, delay, restrict or refuse Services, retain compliance-related records and disclose information where required by law or reasonably necessary for compliance, fraud prevention, operational security or regulatory purposes.

QPACT reserves the right to cooperate with governmental authorities, regulatory authorities, courts, law enforcement agencies, sanctions providers, fraud prevention organisations and professional advisers where reasonably necessary or legally required.

QPACT may refuse or discontinue Services where it reasonably believes that information provided is inaccurate, misleading or incomplete, where fraud or unlawful activity may be involved, where legal or regulatory obligations require refusal or where continuing the relationship may expose QPACT to legal, financial, operational or reputational risk.

9. Third-party providers and disclosures

QPACT may engage third-party providers, subcontractors, infrastructure providers, verification providers, analytics providers, technology providers, operational partners and professional advisers in connection with operation of the Website and provision of the Services.

Such providers may support:

• identity verification;
• biometric or liveness verification;
• fraud prevention;
• sanctions screening;
• payment processing;
• communications;
• hosting and infrastructure;
• analytics;
• operational administration;
• regulatory compliance;
• customer support;
• security monitoring.

Third-party providers used by QPACT may include, without limitation, DIDIT, Stripe, Google Analytics and other providers selected by QPACT from time to time.

QPACT may add, replace, remove or modify third-party providers, technologies, operational systems or service arrangements at any time without notice.

Third-party providers may process personal data in accordance with their own terms, operational practices and privacy policies. QPACT does not control third-party privacy practices and users should review applicable third-party policies where appropriate.

Depending on the circumstances, QPACT may act as a controller, joint controller, processor, intermediary or service facilitator in relation to personal data processed in connection with the Services.

QPACT may disclose personal data where reasonably necessary for operation of the Services, compliance with legal or regulatory obligations, fraud prevention and risk management, cooperation with governmental or regulatory authorities, enforcement of contractual or legal rights, corporate transactions or restructuring activities, or protection of QPACT, its users, service providers or third parties.

10. International processing and transfers

Certain third-party providers used by QPACT may process or store personal data outside the United Kingdom.

Where international transfers occur, QPACT will take reasonable steps designed to ensure that appropriate safeguards are implemented where required under applicable law, including through adequacy regulations, contractual safeguards, data protection agreements or other reasonable operational, organisational or technical measures considered appropriate in the circumstances.

Users acknowledge that international transfers may be necessary for operation of the Website, identity verification procedures, payment processing, compliance procedures, operational administration or provision of the Services.

11. Retention of information

QPACT may retain personal data for as long as reasonably necessary for:

• provision and administration of the Services;
• compliance with legal and regulatory obligations;
• anti-money laundering and compliance recordkeeping obligations;
• fraud prevention and risk management;
• dispute resolution;
• enforcement of contractual rights;
• investigations and legal proceedings;
• operational and accounting purposes.

Verification-related and compliance-related information and data used for the purpose shall be retained for seven years or such longer period as may be required or permitted under applicable law, regulation, compliance obligations or legitimate business requirements.

QPACT reserves the right to retain information where reasonably necessary to:

• comply with legal obligations;
• establish, exercise or defend legal claims;
• resolve disputes;
• investigate security or fraud-related matters.

12. Security

QPACT takes reasonable technical, organisational and administrative measures designed to protect personal data against unauthorised access, misuse, accidental loss, disclosure, alteration or destruction.

Such measures may include restricted access controls, operational monitoring procedures, use of third-party security providers, encrypted communications where appropriate and other reasonable safeguards considered appropriate in the circumstances.

However, no system, platform, transmission method or electronic storage mechanism can be guaranteed to be completely secure. Users acknowledge that transmission of information over the internet carries inherent security risks, that third-party providers may experience outages, breaches or operational failures and that QPACT cannot guarantee absolute security of information, systems or third-party infrastructure.

To the fullest extent permitted by law, QPACT disclaims liability arising from unauthorised access, hacking, data breaches, technical failures, third-party failures or circumstances outside its reasonable control.

13. Cookies, analytics and website technologies

The Website uses cookies and similar technologies in connection with operation, functionality, analytics, performance monitoring, security, user experience and related operational or commercial purposes.

QPACT currently uses Google Analytics to analyse Website traffic and usage patterns and may introduce additional analytics, marketing, advertising or operational technologies in the future.

Where required by applicable law, QPACT will request consent before placing non-essential cookies or similar technologies on a user’s device.

Users may manage cookie preferences through browser settings, although restricting certain cookies may affect operation or functionality of the Website or Services.

14. Marketing communications

QPACT does not currently conduct extensive marketing communications campaigns.

However, QPACT, Persona Finance Ltd or associated businesses may in the future contact users regarding additional products, services, offerings, updates or business-related information where permitted by applicable law or where consent has been obtained.

Users may opt out of non-essential marketing communications at any time in accordance with applicable law.

15. Data protection rights

Subject to applicable law, individuals may have certain rights relating to personal data processed by QPACT, including rights of access, correction, restriction, objection, deletion, portability and withdrawal of consent in certain circumstances.

Such rights are not absolute and may be limited where processing is necessary for compliance with legal obligations, anti-money laundering requirements, fraud prevention, regulatory compliance, legal claims, security purposes or protection of the rights and freedoms of others.

QPACT reserves the right to retain information where reasonably necessary for legal, regulatory, operational, security or compliance purposes notwithstanding any request for deletion or restriction.

Requests relating to personal data may be submitted to support@qpact.co.uk.

QPACT may require verification of identity and additional information before responding to requests.

Failure to provide information requested by QPACT or its service providers may result in inability to provide Services, delays, refusal of onboarding or discontinuation of Services.

16. External websites and services

The Website may contain links to third-party websites, platforms or services.

QPACT does not control and is not responsible for the privacy practices, content, security, availability or operation of third-party websites or services.

Users access third-party websites and services entirely at their own risk and should review the applicable terms and privacy policies of such third parties where appropriate.

17. Children

The Website and Services are not intended for individuals under the age of 18.

QPACT does not knowingly collect personal data from children.

18. Changes to this Privacy Policy

QPACT reserves the right to modify or update this Privacy Policy at any time.

Updated versions will be published on the Website.

Continued use of the Website or Services following publication of changes constitutes acceptance of the updated Privacy Policy.

19. Contact

Questions relating to this Privacy Policy or personal data processing may be directed to:

support@qpact.co.uk