top of page

This is the Privacy Policy of ONEWAYX LTD, a company registered in the United Kingdom, registered number 14150721 and whose registered office is at 3rd Floor 86-90 Paul Street, London, EC2A 4NE (“ONEWAYX”, Company”, “we”, “us” and “ours”)

 

The document provides the Merchants with the information on how we collect and use the Merchant’s and Customer’s personal data, giving the reason we collect, and how we use and share the information. We at ONEWAYX take our responsibilities, in respect of personal data, very seriously - “user”, “you”, “your” and “yours”

 

We only process personal information for these “legitimate interests” and only after considering the potential risks to you and your customers privacy. 

 

We only process personal information where you, the Merchants, have provided confirmation that you have consent for us to do so.  Please see our Data Processing Policy.

 

Below we detail what information we collect and how we deal with it.

 TABLE OF CONTENTS

  1. WHAT INFORMATION DO WE COLLECT

  2. SPECIAL CATEGORY DATA

  3. HOW DO WE PROCESS YOUR INFORMATION

  4. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?

  5. WHO DO WE SHARE YOUR PERSONAL INFORMATION

  6. HOW DO WE KEEP YOUR SECURE?

  7. HOW LONG DO WE NEED TO KEEP YOUR INFORMATION

  8. INTERNATIONAL TRANSFER OF YOUR DATA

  9. YOUR PRIVACY RIGHTS

  10. DO-NOT-TRACK 

  11. UPDATING THIS POLICY

1. WHAT INFORMATION DO WE COLLECT?

  We have set out the general categories of personal data that we collect. We do not collect any data from third parties.

  • We may process data enabling us to get in contact with you ("contact data"). This contact data may include your name, email address, telephone number and postal address. If you use our services you may also be provided with login details and passwords, by us, which will also be collected and retained by us. The contact data is provided by you, if you register to use our services is necessary for us to carry out the services we provide. 

  • We may process information contained in or relating to any communication that you send to us or that we send to you ("communication data"). The communication data may include the communication content and metadata associated with the communication. Our website will generate the metadata associated with communications made using our application forms.

  • We may process data about your use of services ("usage data"). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, usage, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is Google Analytics.

  • If you sign up for an account with us on our website, we will process this data to enable us to better provide our services to you.

  • Please do not supply any other person's personal data to us, the data you supply must only be your own. 

  • We may not retain all of the information above depending on what services you use and your interaction with our website, but this data if shared with other will be anonymised.

  • Application Data - If you use our website, we also may collect the following information if you choose to provide us with access or permission:

  • Geolocation Information - Track Location-based information from your device, to provide certain location-based services. 

  • If you wish to change our access or permissions, you may do so in your device's settings.

2. SPECIAL CATEGORY DATA

  • Special Category Data - is information about race, religion, ethnic origin, political opinion, religious or philosophical beliefs, trade union membership, genetic data, biometric data or health data.

  • We do not knowingly collect any ‘Special Category Data” unless you expressly give your permission, it may be included in the information you provide to us in your application, especially if you are an individual trader rather than an entity.

3. HOW DO WE PROCESS YOUR INFORMATION

  • We will take appropriate technical and organisational precautions to secure your personal data and to prevent the loss, misuse or alteration of your personal data.

  • We will store your personal data on secure servers, personal computers and mobile devices, and in secure manual record-keeping systems.

  • Any data relating to your enquiries and financial transactions that is sent from your browser to our server, or from our server to your browser, will be protected using encryption technology.

  • You acknowledge that the transmission of unencrypted or inadequately encrypted data over the Internet is inherently insecure, and we cannot guarantee the security of data sent over the Internet.

  • You should ensure that any password and any login details are not susceptible to being guessed, whether by a person or a computer program. You are responsible for keeping the password you use for accessing our website confidential and we will not ask you for your password except when you are logging into your account.

  • When you login: -

  1. We process your information to provide, improve, and administer the services our website supplies to you; 

  2. for security and fraud prevention, to communicate with you and to comply with law. 

  • We may also process your information for other purposes only with your specific consent:

  1. To provide you with an account and the necessary authentication and otherwise manage user accounts; 

  2. We may process your information so you can create and log in to your account, as well as keep your account in working order and update your account when used;

  3. To ensure proper delivery of services to you and to process your information to provide you with the requested service;

  4. To respond to your inquiries and to support you whilst using our services;

  5. We may process your information to respond to account inquiries and solve any potential issues you might have with the requested service;

  6. To send information to you for the administration of your account; 

  7. We may process your information to send you details about changes or updates to our services, changes to our terms and policies, and other such information; and 

  8. To save or protect an individual's or company’s vital interest to prevent harm.

  • We also use your information for the purposes of analysing our Users, use of our services, this information once provided and analysed, is retained and securely stored, see clause 4.3 for further information.

4. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?

  • Operations - We may process your data for the purposes of operating our website, the processing and fulfilment of Services, providing additional services, generating invoices, bills and other payment-related documentation, and credit control. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.

  • Relationships and communications - We may process personal data for the purposes of managing our business relationships, communicating with you by email, providing support services, and handling complaints. The legal basis for this processing is our legitimate interests, namely communications with our website users, partners and the maintenance of our relationships, enabling the use of our website and its proper administration and that of our business. 

  • Research and analysis - We may process usage data, service data and/or transaction data for the purposes of researching and analysing the use of our website and services, as well as researching and analysing other interactions with our business. The legal basis for this processing is our legitimate interests, namely monitoring, supporting, improving and securing our website services and business generally. This data is anonymised and your data cannot be identified to you.

  • Record keeping - We may process your data for the purposes of creating and maintaining our databases, back-up copies of our databases and our business records generally. The legal basis for this processing is our legitimate interests, namely ensuring that we have access to all the information we need to properly and efficiently run our business in accordance with this policy and any legal requirements we are obligated to.

  • Security - We may process your data for the purposes of security and the prevention of fraud and other criminal activity. The legal basis of this processing is our legitimate interests, namely the protection of our website, services and business, and the protection of others.

  • Insurance and risk management - We may process your data where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks and/or obtaining professional advice. The legal basis for this processing is our legitimate interests, namely the proper protection of our business against risks.

  • Legal claims - We may process your data where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, Your legal rights and the legal rights of others.

  • Legal compliance and vital interests - We may also process your data where such processing is necessary for compliance with a legal obligation to which we are subject or in order to protect your vital interests or the vital interests of another natural person.

  • If we are unable to obtain permission but believe it is in the interest of the individual that we collect and retain certain information, we will do so in the following circumstances:

  • If collection is clearly in the interests of an individual and consent cannot be obtained in a timely way;

  • For investigations and fraud detection and prevention;

  • For business transactions provided certain conditions are met;

  • If it is contained in a witness statement and the collection is necessary to assess, process, or settle an insurance claim;

  • For identifying injured, ill, or deceased persons and communicating with next of kin;

  • If we have reasonable grounds to believe an individual has been, is, or may be victim of financial abuse; and/or

  • If disclosure is required to comply with a subpoena, warrant, court order, or rules of the court relating to the services.

  • All processing of Information is done in line with the Data Protection Act 2018, EU GDPR Regulations (Data Protection Directive 95/46/EC), COPPA (Children’s Online Privacy Protection Act) and in compliance with CCPA (California Consumer Privacy Act). 

Also see table below 

PRIVACY POLICY

Purpose/Activity

Type of Data

Lawful basis for processing including basis of legitimate interest.

To register you as a new User

  1. Identity

  2. Contact

Performance of a contract.

To process your account details including: 

  1. manage any payments, fees and charges;

  2. Collect and recover money owed to us

  1. Identity

  2. Financial 

  3. Transaction

  4. Marketing and communications

Performance of a contract with you and necessary for our legitimate interest 

(to recover debts due to us)

To manage our relationship with you which will include:

  1. Notifying you about changes to our terms or privacy policy;

  2. Asking you to leave a review or take a survey;

  3. Agree to your modes of communication with you.

  1. Identity

  2. Contact

  3. Profile

  4. Marketing and communications

  1. Performance of a contract with you

  2. Necessary to comply with a legal obligation

  3. Necessary for our legitimate interest (to keep our records updated and to study how our Users use our products/services)

To enable you to partake in a prize draw, competition or complete a survey

  1. Identity

  2. Financial 

  3. Transaction

  4. Marketing and communications

  1. performance of a contract with you

  2. Necessary for our legitimate interests (to study how User use our products/services, to develop them and grow our business.

To administer and protect our business and this Website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting data)

  1. Identity

  2. Contact

  3. Technical

  1. necessary for our legitimate interest (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)

  2. Necessary to comply with a legal obligation).

To deliver relevant Website content to you and measure or understand the effectiveness of the content we serve to you.

  1. Identity

  2. Contact

  3. Profile

  4. Usage

  5. Marketing and communications

  6. Technical

  1. Necessary for our legitimate interest (to study how customer, buyers and/or Merchantss use our products/services to develop them, to grow our business and to inform you of our marketing strategy).

Two use data analytics to improve our Website, services, marketing, customer relationships and experiences.

  1. Technical

  2. Usage

  1. Necessary for our legitimate interests (to define types of customers for our products/services, to keep our Website updated and relevant, to develop our business and to inform you of our marketing strategy)

To make suggestions and recommendations to you about services that may be of interest to you, this to include accuses to direct marketing by third parties on our website

  1. Identity

  2. Contact

  3. Technical

  4. Usage

  5. Profile

  6. Marketing and communications

  1. Necessary for our legitimate interest (to develop our products/services and grow our business)

5. WHO DO WE SHARE YOUR PERSONAL INFORMATION?

  • Our Partners and other third-party service providers that we made need to share such information with to enable them to perform the services we require of them. We ensure that these third parties cannot use or supply your personal information unless we have given them permissions to do so. They will also not share your personal information with any other organisation apart from us. They also commit to protect the data they hold on our behalf and to retain it for the period we instruct. The categories of third parties we may share personal information with are as follows:

  1. Marketing Programs; 

  2. Data Analytics Services;

  3. Sales & Marketing Tools;

  • We also may need to share your personal information in the following situations:

  1. Business Transfers - We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company;

  2. Partners - We may share your information with our Partners, in which case they are legally required to abide by this privacy notice. Also any Affiliates which include any parent company and any subsidiaries, joint venture partners, or other companies that we control or that are under common control with us;

  3. Insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice.

  4. Our database will be stored on the servers of our hosting services.

  5. In addition to the specific disclosures of personal data, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise, or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.

  6. Who are these people - Third-party service providers are used for business purposes, to properly run our site and business; anti-fraud checking providers to keep both you and use safe and secure; analytics and search engine providers like Google who improve and optimise our website; marketing tool providers that help us enable our marketing of our business and other such business which provide the services which allow us to function and offer you this service. 

 

6. KEEPING YOUR INFORMATION SAFE

  1. We will take appropriate technical and organisational precautions to secure your data and to prevent the loss, misuse or alteration of your personal data.

  2. We will store your data on secure servers, computers and mobile devices, and in secure manual record-keeping systems.

  3. Data relating to your enquiries and financial transactions that is sent from your browser to your server, or from our server to your web browser, will be protected using encryption technology.

  4. You acknowledge that the transmission of unencrypted or inadequately encrypted data over the Internet is inherently insecure, and we cannot guarantee the security of data sent over the Internet.

  5. You should ensure that any authentication details, password and any login details are not susceptible to being guessed, whether by a person or a computer program. You are responsible for keeping the password you use for accessing our Services confidential and we will never ask you for your password, except when you log in to our Services.

 

7. HOW LONG DO WE NEED TO KEEP YOUR INFORMATION?

These are our data retention policies and procedures, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of data.

  1. Data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

  2. We will retain your data for the purposes of any business transaction and account creation.

  3. We may retain your data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. This may entail your data being retained for longer period.

  4. We may retain your data for as long as required for the requirements of our accounting obligations and for providing details to the HMRC if requested.

  5. Wherever possible if we are required to retain your data for a longer period and we can do so safely we will anonymise your data. 

 

8. INTERNATIONAL TRANSFERS OF YOUR DATA

We provide information about the circumstances in which your data may be transferred to a third country under UK, EU and/or US data protection law.

  1. We may transfer your personal data to the European Economic Area (EEA) or the US from the UK and process that personal data in the EU for the purposes set out in this policy, and may permit our suppliers and subcontractors to do so, during any period with respect to which the EU is not treated as a third country under UK data protection law or benefits from an adequacy decision under UK data protection law; and We may transfer your personal data from the UK to the EEA and process that personal data in the EEA for the purposes set out in this policy, and may permit our suppliers and subcontractors to do so, during any period with respect to which EEA states are not treated as third countries under UK data protection law or benefit from adequacy regulations under UK data protection law.

  2. We may transfer outside of the UK, other than the EU or EEA, If we intend to do this we will notify you, in doing so we will ensure that the terms under which Data is held is such that it complies with all of the same or similar requirements as if it was held in the EU, EEA or EU.

  3. The hosting facilities for our website are situated in the UK only. The competent data protection authorities have made an adequacy determination with respect to the data protection laws of each of these countries. Transfers to each of these countries will be protected by appropriate safeguards, namely the use of standard data protection clauses adopted or approved by the competent data protection authorities.

9. YOUR RIGHTS

  1. We have summarised the rights that you have under UK Data Protection Law (Data Protection Act 2018) and other laws in other jurisdictions where relevant. 

  2. Further information can be found at https://ico.org.uk/  , if you are in Europe contact https://EC.europa.eu/info/law/law-topic/data-protection/data-protection-eu_en and for the US contact The Federal Trade Commission at www.ftc.gov .  

  3. Your principal rights under data protection law are:

    1. the right to access - you can ask for copies of your data;

    2. the right to rectification - you can ask us to rectify inaccurate data and to complete or incomplete personal data;

    3. the right to erasure - you can ask us to erase your data;

    4. the right to restrict processing - you can ask us to restrict the processing of your data;

    5. the right to object to processing - you can object to the processing of your data;

    6. the right to data portability - you can ask that we transfer your data to another organisation or to you;

    7. the right to complain to a supervisory authority - you can complain about our processing of your data; and

    8. the right to withdraw consent - to the extent that the legal basis of our processing of your personal data is consent, you can withdraw that consent.

  4. You have the right to confirm as to whether or not we process your data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply you with a copy of our data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.

  5. You have the right to have any inaccurate data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.

  6. In some circumstances you have the right to erase your data without undue delay. Those circumstances include: the data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims.

  7. In some circumstances You have the right to restrict the processing of your data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; We no longer need the data for the purposes of our processing, but you require data for the establishment, exercise or defence of legal claims; and You have objected to processing, pending the verification of your objection. Where processing has been restricted on this basis, We may continue to store your data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.

  8. You have the right to object to our processing of your data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in Us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.

  9. You have the right to object to our processing of Your data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your data for this purpose.

  10. You have the right to object to our processing of your data for scientific or historical research purposes or statistical purposes on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

  11. To the extent that the legal basis for our processing of your data is: consent; or

  • hat the processing is necessary for the performance of a contract to which you are party or in torder to take steps at your request prior to entering into a contract, and such processing is carried out by automated means, you have the right to receive your data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.

  • If you consider that our processing of your data infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. In relation to complaints under EU data protection law, you may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement; in relation to complaints under UK data protection law, you should do so in the UK. In the US you should make a complaint to your state regulator.

  • To the extent that the legal basis for our processing of your data is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.

  • California Civil Code Section 1798.83, also known as the 'Shine The Light' law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided.

  • You may exercise any of your rights in relation to your data by emailing the company information email address here and making a Data Subject Request. Such a request must only be in respect of your one data.

 

10. DO NOT TRACK

  1. ONEWAYX LTD does not support “Do Not Track” requests. Whether or not any of the third-party services uses “Do Not Track” requests you must read their privacy policies.

  2. You can check on your browser and set your options to Do Not Track independently of our App/website should you wish to do so. 

 

11. UPDATING THIS POLICY

  1. We may update this policy from time to time to ensure we continue to be in compliance with the appropriate laws and regulations or if we offer additional services on our app/website which would require this policy to be updated.

  2. Please see at the bottom of this document the “Last Updated Date.” 

  3. We recommend that you read this policy from time to time to ensure you understand how we deal with your Data.

bottom of page