View our customer site:

Data Privacy Notice


Modus UK Limited (trading as ‘OnePay’) is a limited company incorporated in England and Wales and is a ‘controller’ under the General Data Protection Regulation (“GDPR”) and the Data Protection Act 2018 (“DPA”) in respect of the data gathered and processed by us. When we refer to ‘we’, ‘our’, ‘us’ and ‘Modus UK Ltd T/A OnePay’ in this Privacy Notice we mean OnePay which, for Data Protection purposes, is the Data Controller.

We’re committed to protecting and respecting your privacy. We are registered with the Information Commissioner’s Office under number Z995329X.

Whose data do we hold

We may hold data about the following people:

  • Clients
  • Suppliers and service providers
  • Advisers, consultants and other professional experts
  • The owners, controllers and beneficiaries of all of the above
  • Complainants and enquirers

Personal data we collect about you

In general, we do not collect, use or share sensitive personal data about you but in some cases the personal data we do collect may reveal this. Sensitive personal data is defined by data protection regulations as ‘special category’, for example, your ethnic or racial origin, physical or mental health details, religious beliefs or other beliefs of a similar nature, sex life or sexual orientation, trade union membership and criminal convictions. We will only collect and use special category personal data when we must in order to meet a legal obligation, with your explicit consent or where we believe you or another person may be at risk.

Personal data we collect in general are:

Name, title, address, contact details, date of birth and/ or age, employment details, nationality and national identifiers, for example, national insurance, passport, national ID card and driving license numbers., family, lifestyle and social circumstances.

We use this to:

  • Identify you
  • Manage your business relationship with us
  • Support crime and fraud prevention

Telephone, voice recordings, IP address where known, your location.

We use this to:

  • Provide a record of the conversations you have with us
  • Understand your needs and assess the suitability of our business relationship with you
  • Protect you and provide security
  • Provide colleague training to help improve the quality of our service
  • Meet regulatory requirements
  • Support crime and fraud prevention

Financial details, business activities, goods or services provided

We use this to:

  • To assess the suitability of a business relationship with you
  • To undertake the required checks and ongoing monitoring for the prevention and detection of crime, fraud and/ or money laundering.

Due Diligence

We use this to:

Comply with our obligations in relation to illegal activities involving money (for example, fraud, money laundering and terrorist financing) or in compliance with international sanctions, which processing data such as the source of your funds, the purpose of our business relationship, account usage and your political exposed or sanctioned status (for example you are not a politically exposed person/ PEP)


We use this to:

Depending on your marketing preferences, we will send you marketing communications from us and/ or third parties to promote our products and services.

Cookie information

  • Read our Cookie Policy for more information on what cookies are and how we use them.

Who we share data with and why?

There are times when we may need to share the personal information and special category (sensitive) personal data we process. We will only do this where necessary and where data protection law allows us to. We are required to comply with all aspects of the GDPR and DPA 2018 and ensure that appropriate security measures are taken in order to protect you and keep your data safe and secure.

Others who we share your data with in general are:

OnePay employees who are authorised to deal with your personal data, for example, Customer Services and Client Services

  • This allows them to do their job in order to provide you with support and answer any of your queries

Your authorised representatives for example family, associates.

We can share your data with your authorised representatives subject to us receiving the appropriate authority documents, for example, Power of Attorney

We share this data with them in order to:

  • Deal with their enquiries and requests
  • Manage the ongoing business relationship

Financial organisations

We share this data with them in order to:

  • Support with crime and fraud prevention
  • Support with enquiries and investigations

Card bureau companies and mailing houses

We share this data with them in order to:

  • Produce a OnePay card for cardholders
  • Provide you with communications about our products and services

Note – we will only send you marketing communications when you have given us your consent to do so.

Information Technology, processing companies and anyone whose name or logo appears on our card issued to cardholders

We share data with them in order to:

  • Provide you with a facility to send payments
  • Provide third party systems, storage and application support, including the OnePay portal and mobile app.
  • Undertake Know Your Customer (KYC) ID verification

Credit reference agencies

We share data with the in order to:

  • Verify your identity
  • To check and monitor your credit score
  • Support crime and fraud prevention

Law enforcement agencies including police forces and security organisations

We share data with them in order to:

  • Support crime and fraud prevention
  • Assist with any ongoing investigations relating to the security and/ or safety of individuals

Fraud prevention agencies

We share data with them in order to:

  • Carry out checks in order to prevent fraud and money laundering

External auditors

We share data with them in order to:

  • To support business decisions
  • Assist in meeting our legal and regulatory obligations
  • Assess OnePay’s performance

Professional bodies and Trade associations such as the Financial Ombudsmen and regulatory authorities such as the Financial Conduct Authority (FCA)

We share data with them in order to:

  • Assist with complaints and investigations
  • Provide regulatory authorities data about our business

Central and local government

We share data with them in order to:

  • Assist with enquiries and investigations

Others we may use, collect and hold personal data about

This could be your authorised representatives such as, family and associates

We will collect this personal data about them to:

  • Manage the ongoing business relationship in line with your authorisation

Our basis for processing

Comply with a legal obligation

PSI Pay Ltd is the e-money issuer and card scheme provider for the OnePay product. As they are authorised and regulated by the Financial Conduct Authority under the Electronic Money Regulations 2011, Modus UK Ltd are the programme manager and must ensure that we comply with the laws and regulations set by government bodies and the regulators. Therefore, where we are required to do so by law to collect, use, share or keep personal data we will do so.


Where you choose to enter into a contract with us or make an enquiry with the intention of entering into a contract.

If you do not enter into an agreement with us, we are unable to proceed with your application and provide the ongoing management of your business relationship with us.

Legitimate interests

This is where we have a valid interest in the data we collect, use, share and keep if it is warranted and does not cause you any detriment, damage or distress. You have the right to challenge our legitimate interest if you believe we do not have a valid reason to collect, use, share or hold your data.

Consent and explicit consent

Where we ask for your consent to carry out certain activities such as marketing, you can withdraw your consent at any time. Where we collect, use, share or keep special category (sensitive) personal data, we will ask for your explicit consent before we do this.

Note – To withdraw you consent at any time you will need to contact our Data Protection Officer (DPO) via email

How we will use your personal data

Application and ongoing account management

We will collect, use, share and keep personal data needed to deal with your enquiry, assess the suitability of a business relationship with you, process your application and manage the ongoing administration of your account, product and services. This includes keeping your account records up to date and contacting you when needed.

Communicating with you

We will use the contact details you have provided us with to communicate with you about the product and services you hold with us, contact you as requested, marketing purposes to promote our products and services and to send you information we are required to by law. We will also communicate with you about any changes to our business and/ or the features of our product and services or their operation and/ or associated news and/ or relevant regulatory changes.

We may use your personal data for research and statistical purposes so we can understand your customer needs, and circumstances are, what you like about OnePay and any improvements you think could be made.

We will use your personal data to process and respond to any complaints you raise in line with regulatory requirements.

Verifying your identity

We process your personal data on the basis that we have a legitimate interest in preventing fraud and money laundering and to verify your identity, in order to protect our business and to comply with laws that apply to us.

In order to identify you, we may collect your full name, date of birth and residential address in the UK. In addition, we may request your national identifiers, for example, passport, driving license, ID card and national insurance.

Fraud prevention

We will use and share your data with fraud prevention agencies to carry out checks for the prevention of fraud and money laundering.

How long do we keep your information for?

We have a Data Retention Policy which is available upon request from the Data Protection officer (DPO) by emailing

We will normally keep your information throughout the period that we do work for you and afterwards for a period of five years as we are required to do by law and by the regulations that apply to us.

Our approach to sending information overseas

It may sometimes be necessary to transfer personal information overseas. When this is needed, information is only shared within the European Economic Area (EEA). Any transfers made will be in full compliance with all aspects of the GDPR and DPA 2018.

Keeping your information safe

We shall ensure that all the information that you provide to us is kept secure using appropriate technical and organisational measures.

In the event of a personal data breach we have in place procedures to ensure that the effects of such a beach are minimised and shall liaise with the ICO and with you as appropriate.

Your rights

You have a right to be:


This is what this Privacy Policy highlights to you. We do this by providing you with the notice on our, website and mobile app when we collect new or additional data from you.

Access your personal data

We will grant you access to and provide you with the details of the personal details we hold about you.

To access this, you will need to provide a request in writing to our Data Protection Officer (DPO), together with your proof of identity.

We will deal with your request within 30 days and are free of charge. However, we reserve the right to charge a reasonable administration fee and to extend the period of time by a further two months if the request is manifestly unfounded or vexatious and/ or is very complex.

Have inaccurate or incomplete data corrected

We will correct and/ or update your personal data if you inform us or we identify that it is inaccurate or incomplete.

Right to erasure

You have the right to ask us to delete your personal data in certain cases such as:

  • The personal data is no longer needed in relation to the purposes for which they were collected or processed
  • You withdraw your consent you’ve previously given us
  • You object and we do not have a valid business interest
  • Your personal data has been unlawfully processed
  • We are required to do so by law
  • The personal data is processed in relation to the offer of information society services to a child

We will deal with your request free of charge and within 30 days. We do reserve the right to refuse to erase information that we are required to retain by law or regulation, or that is required to exercise or defend legal claims. To exercise your right to delete your personal data please contact the Data Protection Officer (DPO).

Restrict the processing of your personal data

We will put on hold the processing of your personal data when:

  • The accuracy needs to be verified
  • If it has been collected unlawfully and you object to the deletion but want it restricted
  • We no longer need your data, but you request it to establish, exercise or defend a legal claim
  • You object and we need to consider if our legitimate business interest overrides your request

Data portability

You can request that your data is transmitted to you and/ or another service provider where it is technically feasible.

Right to object

You can object to the processing of your personal data where you feel our legitimate interest will cause you distress or detriment. You can also object when you do not agree to direct marketing.

Automated decision-making and profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling. We will give you the opportunity to discuss with us and review the accuracy of any decisions made based on automated processing.


If you have concerns about how we collect, use, share or keep your personal data, or you think there has been a breach, you can contact us to make a complaint or to find out about complaints procedure by calling us on 0113 320 1900.

If you do make a complaint, we will follow our internal complaints procedure to resolve your complain quickly and fairly. If we are unable to meet your expectations and resolve your complaint, you may contact The Financial Ombudsman Service (FOS). There details are:

The Financial Ombudsman Service (FOS)
Exchange Tower
E14 9SR

Telephone: 08000 234 567



You also have the right to make a complaint to the Information Commissioner’s Office if you have concerns about how we collect, use, share or keep your personal data. There details are:

Information Commissioner’s Office (ICO)
Wycliffe House
Water Lane

Telephone: 0303 123 1113

Contact us

If you have any questions, comments or require further details on how we collect, use, share and store your personal data, or about your rights and how to exercise them, please contact us:

Data Protection Officer
Modus UK Ltd T/A OnePay
First Floor
Mayfield House
Lower Railway Road
LS29 8FL


Changes to this policy

We will post any changes to our privacy notice on this page. However, for any significant changes we will contact you to let you know of the changes made.

Go to top