2. POMELO’S PRIVACY PRINCIPLES
- Pomelo is committed to safeguarding the privacy and security of your information.
- We will only collect and use your information where we have a lawful basis under data protection laws to do so (or where a specificor exception applies).
- We will not ask for more information than we need for the purposes for which we are collecting it.
- We will update our records when you inform us that your details have changed.
- We have implemented and adhere to information retention policies relating to your information.
- We will ensure that your information is securely disposed of at the end of the appropriate retention period.
- We observe the rights granted to you under applicable privacy and data protection laws.
- We will ensure that queries relating to privacy issues are promptly and courteously dealt with.
- Our staff are trained on their privacy obligations.
- We will ensure there are appropriate measures in place to protect your information regardless of where it’s held and ensure that safeguards are in place before transferring your information to other countries.
3. WHAT INFORMATION DO WE COLLECT FROM WEBSITE USERS?
- You can browse our website as a Guest without giving us any information, and we won’t know who you are. However, even if you are a Guest, please bear in mind that we may: record the areas of our website which you visit and at what times; record information about your activities in using our website; and collect information about your computer, such as which browser you are using, your network location, your operating system, your IP address and the type of connection you are using (e.g. broadband, ADSL etc.).
- Additional services are available once you register with us and login to our website. In this case, we will know who you are, your activities on our website and information about your computer may be linked to you on our systems. We may retain copies of any correspondence you send us, details of your registration history and any materials you post or upload on the Pomelo website.
- We also store data that you submit to us via email, via our optional surveys, and through our contact form and email subscription sign-up form on our website.
4. WHAT INFORMATION DO WE COLLECT FROM MERCHANTS?
- The types of information we may request from you are: your contact information – including your name, business address, postcode and other contact information such as your business email address and telephone/mobile number; job title; company name; company registration number; information about your activities in using our website; proof of your identity and address, or the proof of identity and address of ultimate beneficial owners if you are an incorporated entity.
5. INFORMATION FROM OTHER SOURCES
We will also check information about you held on our own records and also obtain information from third party databases and verification services, which can include the following information:
- whether you have any county court judgements, bankruptcy or insolvency proceedings recorded in your name;
- whether you or your officers, agents or representatives are sanctioned individuals or politically exposed persons (as such term is defined in the Money Laundering Regulations 2017);
- if you are incorporated, your incorporation details including your country of incorporation, and details of your ultimate parent or beneficial owner; and
- verification information in relation to your identity and any documentation you send us as part of an application to become a Merchant.
6. INFORMATION COLLECTED WHEN YOU APPLY FOR A JOB
- In completing our job application form or submitting your CV to us by email, you will give us personal information about yourself, including your name, contact details, employment history and personal interests.
- We will use your personal data only for the purpose of assessing your suitability for employment by us and in any subsequent interviewing process. Copies of the information you submit and any further correspondence will be retained in order to progress your job application and as a record of our employment and fair access processes (and to such extent as is lawful for us to do so).
- Your application will only be processed by our HR team based in the UK. Our HR team based in Singapore may also have access to this data (please see section 9 below about data transferred outside the UK and EEA). The information you provide to us as a jobseeker is supplied in strict confidence and your personal information will be input onto a computer database for internal recruitment purposes only. Only employees of Pomelo who are part of the recruitment and selection processes, or IT support contractors engaged by us, will have access to your information.
- We take all reasonable steps to retain personal information only for as long as we need to process your job application. We may also retain your details after a decision has been reached regarding your suitability for current jobs for vacancies that may become available in the future where you have provided consent for us to do so, or in accordance with our legal obligations.
7. WHAT DO WE DO WITH THE INFORMATION WE COLLECT?
- Website Users
If you browse our website as a Guest, we collect the information specified above to make our website available to you; enrich your experience and interaction with our website by allowing you to store your details so that your preferences are retained when you revisit our website; to troubleshoot problems and to help protect you against fraud or other criminal activity; analyse site usage and improve our services and for any other specific purposes in relation to your activities on the Pomelo website. We rely on our legitimate interest to process your personal data for these purposes, or where for example we use certain cookies on our website, your explicit consent.
We process your personal data to allow us to provide the Services; deliver to you any administrative notices, alerts and communications relevant to your use of the Services; contact you from time to time to inform you about new features, carry out product development, statistical analysis and market research and to improve our products and services; to identify and provide details of the products and services which you may be interested in; for customer service, including answering questions and responding to feedback and complaints; comply with our anti-money laundering and know your customer legal and regulatory obligations and internal compliance requirements. We process this information where it is necessary to perform a contract with you, for our legitimate interests or to comply with our legal obligations.
- Job applicants
We process your information when you apply for a role with us to assess your suitability for the role and to help us develop and improve our recruitment process. The lawful basis for processing your personal data is that it is necessary to perform a contract or to take steps at your request, before entering a contract. If you provide us with any information about reasonable adjustments you require, we rely on our legal obligations to process this information. We rely on our legal obligations under applicable employment law and the safeguarding of your fundamental rights to process any special category data provided as part of your application, such as health, religious or ethnicity information. We conduct Disclosure and Barring Services (DBS) checks where required by law.
8. WHO DO WE SHARE YOUR INFORMATION WITH?
- We won't provide your personal information to other companies for their marketing purposes unless you have given us your consent. However, we may aggregate anonymised information based on your personal information (so you can no longer be identified) and disclose this to advertisers and other third parties.
- We may share your personal information with companies and other third parties performing services on our behalf (for example payment service providers, customer relationship management providers or other service providers) who will only use the information to provide that service. We may also share your personal information with other members of our corporate group, or a purchaser or potential purchaser of our business, where it is lawful to do so, or where we have your prior consent (or an applicable derogation applies).
- We undertake searches and checks on third party databases in order to comply with our anti-money laundering and know your customer legal and regulatory obligations, as well as our internal compliance requirements. We may need to share some of your personal data, and/or documents containing such personal data (such as your passport or proof of address) with these third parties in order to undertake these searches and checks. Any personal data we receive from such third parties will be stored by us solely to comply with the purpose set out at section 5 above.
- In some circumstances, we may have to disclose your personal information by law, because a court or the police or other law enforcement agency has asked us for it.
Before we disclose your personal data to other people, we will take reasonable steps so as to make sure that they have appropriate security standards in place to make sure your personal data is protected and we will enter into a written contract imposing appropriate security standards on them.
9. WHERE WE STORE YOUR PERSONAL DATA
The data that we collect from you will be transferred outside the UK to the European Economic Area ("EEA") via our third party providers. Countries within the EEA have been declared to have adequate protections by the UK Secretary of State.
Your personal data will also be copied, transferred to and stored in other countries outside the UK and EEA by such third-party providers to act as a back-up, should any of your data become lost, damaged or destroyed. HR data of employees is also stored on servers that are accessible by our HR team in Singapore. In case of transfers of your personal data to territories outside the UK that do not have equivalent levels of protection, we will take all steps to ensure that appropriate or suitable safeguards are in place to protect your personal data and your data is treated in accordance with data protection laws.
You can request a copy of the appropriate safeguards in place for any transfers outside the UK by contacting our appointed Data Protection Officer:
Address to: Data Protection Officer
Pomelo Group Limited
Level 39, One Canada Square, London, E14 5AB, United Kingdom
The best way to contact us in first instance is by email firstname.lastname@example.org
10. HOW LONG DO WE KEEP YOUR PERSONAL DATA
We will use your personal data only as long as it is strictly necessary to fulfil the purposes for which it was collected. This means we will only retain your personal data for a limited period of time. This will depend on a number of factors, including:
any laws or regulations that we are required to follow;
accommodating clearing, chargebacks and refund requests;
enabling payment authorisations;
enabling forensic investigation where required;
whether we are in a legal or other type of dispute with each other or any third party;
the type of information that we hold about you; and
whether we are asked by you or a regulatory authority to keep your personal data for a valid reason.
11. MARKETING AND COMMUNICATIONS
- If you have registered with us or have previously asked us for information on our products or services, provided you have given us your consent to do so or we are otherwise permitted to do so under applicable data protection and privacy regulations we may send you information on our range of products and services by phone, email and/or SMS.
- You have the right to withdraw your consent (where consent has been given) or, alternatively, object at any time to our processing (or certain processing) of your personal information for direct marketing purposes and if you decide at any time that you no longer wish to receive marketing phone calls, emails or SMS from us, please contact us in writing at Pomelo Group Limited, Level 39, One Canada Square, London, E14 5AB, United Kingdom or at email@example.com. We will always give you an opportunity to unsubscribe from receiving any marketing from us in each communication we send to you.
12. YOUR RIGHTS
- Access to Your Information and Updating Your Information
You have the right to access information which we hold about you. If you so request, we shall provide you with a copy of your personal information which we are processing. For any further copies which you may request, we may charge a reasonable fee based on administrative costs. Please contact us in writing at Level 39, One Canada Square, London, E14 5AB, United Kingdom or at firstname.lastname@example.org
You also have the right to receive your personal information in a structured and commonly used format so that it can be transferred to another data controller (“data portability”).
We want to make sure that your personal information is accurate and up to date. If you think any information we have about you is incorrect or incomplete, please contact us in writing at Level 39, One Canada Square, London, E14 5AB, United Kingdom or at email@example.com as soon as possible. We will correct, delete or update any information as soon as possible.
- Right to Object
Where we process your information based on our legitimate interests, you also have the right to object, on grounds relating to your particular situation, at any time to processing of your personal information which is based on our legitimate interests. Where you object on this ground, we shall no longer process your personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
- Your Other Rights
In certain circumstances, you have the right to: request the erasure of your personal information erasure (also known as the ‘right to be forgotten’); and to restrict or suppress the processing of your personal information.
13. EXERCISING YOUR RIGHTS
- Where we have reasonable doubts concerning the identity of the person making the request, we may request additional information necessary to confirm your identity.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk.
- This website makes use of third party solution providers for payment services and provision of servers and internet application services, either via direct sourcing of data or via use of third party applications. Your use of those applications is subject to their own privacy policies, which may be amended from time to time.
- Once you have left our website, we cannot be responsible for the content of other websites or for the protection and privacy of any information which you provide on these websites. Please note that these websites have their own privacy policies and website terms and conditions. We do not accept any responsibility or liability for these policies. Please check their privacy policies and their website terms and conditions when you visit them and before you submit any personal data to these websites.
16. HOW WE PROTECT YOUR INFORMATION
We have implemented the following measures to protect your personal information:
- we use an external PCI compliant payment gateway to handle all credit card transactions, and are not processed by or records stored on our servers;
- we use regular malware scanning on our systems;
- your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential;
- all personal information or financial details you supply is encrypted via secure socket layer (SSL) technology; and
- we implement a variety of security measures when a user enters, submits, or accesses personal information to maintain the safety and security of your personal information.
You have the right to complain to the Information Commissioner’s Office (https://ico.org.uk/) about our data processing activities (helpline on 0303 123 1113). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.