View our customer site:

Data Privacy Notice Introduction Modus UK Limited (trading as ‘OnePay’) is a limited company incorporated in England and Wales and is a ‘controller’ under the General Data Protection Regulation (“GDPR”) and the Data Protection Act 2018 (“DPA”) in respect of the data gathered and processed by us. When we refer to ‘we’, ‘our’, ‘us’ and ‘Modus UK Ltd T/A OnePay’ in this Privacy Notice we mean OnePay which, for Data Protection purposes, is the Data Controller. We’re committed to protecting and respecting your privacy. We are registered with the Information Commissioner’s Office under number Z995329X. Whose data do we hold We may hold data about the following people:
  • Clients
  • Suppliers and service providers
  • Advisers, consultants and other professional experts
  • The owners, controllers and beneficiaries of all of the above
  • Complainants and enquirers
Personal data we collect about you In general, we do not collect, use or share sensitive personal data about you but in some cases the personal data we do collect may reveal this. Sensitive personal data is defined by data protection regulations as ‘special category’, for example, your ethnic or racial origin, physical or mental health details, religious beliefs or other beliefs of a similar nature, sex life or sexual orientation, trade union membership and criminal convictions. We will only collect and use special category personal data when we must in order to meet a legal obligation, with your explicit consent or where we believe you or another person may be at risk. Personal data we collect in general are: Name, title, address, contact details, date of birth and/ or age, employment details, nationality and national identifiers, for example, national insurance, passport, national ID card and driving license numbers., family, lifestyle and social circumstances. We use this to:
  • Identify you
  • Manage your business relationship with us
  • Support crime and fraud prevention
Telephone, voice recordings, IP address where known, your location. We use this to:
  • Provide a record of the conversations you have with us
  • Understand your needs and assess the suitability of our business relationship with you
  • Protect you and provide security
  • Provide colleague training to help improve the quality of our service
  • Meet regulatory requirements
  • Support crime and fraud prevention
Financial details, business activities, goods or services provided We use this to:
  • To assess the suitability of a business relationship with you
  • To undertake the required checks and ongoing monitoring for the prevention and detection of crime, fraud and/ or money laundering.
Due Diligence We use this to: Comply with our obligations in relation to illegal activities involving money (for example, fraud, money laundering and terrorist financing) or in compliance with international sanctions, which processing data such as the source of your funds, the purpose of our business relationship, account usage and your political exposed or sanctioned status (for example you are not a politically exposed person/ PEP) Marketing We use this to: Depending on your marketing preferences, we will send you marketing communications from us and/ or third parties to promote our products and services. Cookie information
  • Read our Cookie Policy for more information on what cookies are and how we use them.
Who we share data with and why? There are times when we may need to share the personal information and special category (sensitive) personal data we process. We will only do this where necessary and where data protection law allows us to. We are required to comply with all aspects of the GDPR and DPA 2018 and ensure that appropriate security measures are taken in order to protect you and keep your data safe and secure. Others who we share your data with in general are: OnePay employees who are authorised to deal with your personal data, for example, Customer Services and Client Services
  • This allows them to do their job in order to provide you with support and answer any of your queries
Your authorised representatives for example family, associates. We can share your data with your authorised representatives subject to us receiving the appropriate authority documents, for example, Power of Attorney We share this data with them in order to:
  • Deal with their enquiries and requests
  • Manage the ongoing business relationship
Financial organisations We share this data with them in order to:
  • Support with crime and fraud prevention
  • Support with enquiries and investigations
Card bureau companies and mailing houses We share this data with them in order to:
  • Produce a OnePay card for cardholders
  • Provide you with communications about our products and services
Note – we will only send you marketing communications when you have given us your consent to do so. Information Technology, processing companies and anyone whose name or logo appears on our card issued to cardholders We share data with them in order to:
  • Provide you with a facility to send payments
  • Provide third party systems, storage and application support, including the OnePay portal and mobile app.
  • Undertake Know Your Customer (KYC) ID verification
Credit reference agencies We share data with the in order to:
  • Verify your identity
  • To check and monitor your credit score
  • Support crime and fraud prevention
Law enforcement agencies including police forces and security organisations We share data with them in order to:
  • Support crime and fraud prevention
  • Assist with any ongoing investigations relating to the security and/ or safety of individuals
Fraud prevention agencies We share data with them in order to:
  • Carry out checks in order to prevent fraud and money laundering
External auditors We share data with them in order to:
  • To support business decisions
  • Assist in meeting our legal and regulatory obligations
  • Assess OnePay’s performance
Professional bodies and Trade associations such as the Financial Ombudsmen and regulatory authorities such as the Financial Conduct Authority (FCA) We share data with them in order to:
  • Assist with complaints and investigations
  • Provide regulatory authorities data about our business
Central and local government We share data with them in order to:
  • Assist with enquiries and investigations
Others we may use, collect and hold personal data about This could be your authorised representatives such as, family and associates We will collect this personal data about them to:
  • Manage the ongoing business relationship in line with your authorisation
Our basis for processing Comply with a legal obligation PSI Pay Ltd is the e-money issuer and card scheme provider for the OnePay product. As they are authorised and regulated by the Financial Conduct Authority under the Electronic Money Regulations 2011, Modus UK Ltd are the programme manager and must ensure that we comply with the laws and regulations set by government bodies and the regulators. Therefore, where we are required to do so by law to collect, use, share or keep personal data we will do so. Contract Where you choose to enter into a contract with us or make an enquiry with the intention of entering into a contract. If you do not enter into an agreement with us, we are unable to proceed with your application and provide the ongoing management of your business relationship with us. Legitimate interests This is where we have a valid interest in the data we collect, use, share and keep if it is warranted and does not cause you any detriment, damage or distress. You have the right to challenge our legitimate interest if you believe we do not have a valid reason to collect, use, share or hold your data. Consent and explicit consent Where we ask for your consent to carry out certain activities such as marketing, you can withdraw your consent at any time. Where we collect, use, share or keep special category (sensitive) personal data, we will ask for your explicit consent before we do this. Note – To withdraw you consent at any time you will need to contact our Data Protection Officer (DPO) via email How we will use your personal data Application and ongoing account management We will collect, use, share and keep personal data needed to deal with your enquiry, assess the suitability of a business relationship with you, process your application and manage the ongoing administration of your account, product and services. This includes keeping your account records up to date and contacting you when needed. Communicating with you We will use the contact details you have provided us with to communicate with you about the product and services you hold with us, contact you as requested, marketing purposes to promote our products and services and to send you information we are required to by law. We will also communicate with you about any changes to our business and/ or the features of our product and services or their operation and/ or associated news and/ or relevant regulatory changes. We may use your personal data for research and statistical purposes so we can understand your customer needs, and circumstances are, what you like about OnePay and any improvements you think could be made. We will use your personal data to process and respond to any complaints you raise in line with regulatory requirements. Verifying your identity We process your personal data on the basis that we have a legitimate interest in preventing fraud and money laundering and to verify your identity, in order to protect our business and to comply with laws that apply to us. In order to identify you, we may collect your full name, date of birth and residential address in the UK. In addition, we may request your national identifiers, for example, passport, driving license, ID card and national insurance. Fraud prevention We will use and share your data with fraud prevention agencies to carry out checks for the prevention of fraud and money laundering. How long do we keep your information for? We have a Data Retention Policy which is available upon request from the Data Protection officer (DPO) by emailing We will normally keep your information throughout the period that we do work for you and afterwards for a period of five years as we are required to do by law and by the regulations that apply to us. Our approach to sending information overseas It may sometimes be necessary to transfer personal information overseas. When this is needed, information is only shared within the European Economic Area (EEA). Any transfers made will be in full compliance with all aspects of the GDPR and DPA 2018. Keeping your information safe We shall ensure that all the information that you provide to us is kept secure using appropriate technical and organisational measures. In the event of a personal data breach we have in place procedures to ensure that the effects of such a beach are minimised and shall liaise with the ICO and with you as appropriate. Your rights You have a right to be: Informed This is what this Privacy Policy highlights to you. We do this by providing you with the notice on our, website and mobile app when we collect new or additional data from you. Access your personal data We will grant you access to and provide you with the details of the personal details we hold about you. To access this, you will need to provide a request in writing to our Data Protection Officer (DPO), together with your proof of identity. We will deal with your request within 30 days and are free of charge. However, we reserve the right to charge a reasonable administration fee and to extend the period of time by a further two months if the request is manifestly unfounded or vexatious and/ or is very complex. Have inaccurate or incomplete data corrected We will correct and/ or update your personal data if you inform us or we identify that it is inaccurate or incomplete. Right to erasure You have the right to ask us to delete your personal data in certain cases such as:
  • The personal data is no longer needed in relation to the purposes for which they were collected or processed
  • You withdraw your consent you’ve previously given us
  • You object and we do not have a valid business interest
  • Your personal data has been unlawfully processed
  • We are required to do so by law
  • The personal data is processed in relation to the offer of information society services to a child
We will deal with your request free of charge and within 30 days. We do reserve the right to refuse to erase information that we are required to retain by law or regulation, or that is required to exercise or defend legal claims. To exercise your right to delete your personal data please contact the Data Protection Officer (DPO). Restrict the processing of your personal data We will put on hold the processing of your personal data when:
  • The accuracy needs to be verified
  • If it has been collected unlawfully and you object to the deletion but want it restricted
  • We no longer need your data, but you request it to establish, exercise or defend a legal claim
  • You object and we need to consider if our legitimate business interest overrides your request
Data portability You can request that your data is transmitted to you and/ or another service provider where it is technically feasible. Right to object You can object to the processing of your personal data where you feel our legitimate interest will cause you distress or detriment. You can also object when you do not agree to direct marketing. Automated decision-making and profiling You have the right not to be subject to a decision based solely on automated processing, including profiling. We will give you the opportunity to discuss with us and review the accuracy of any decisions made based on automated processing. Complaints If you have concerns about how we collect, use, share or keep your personal data, or you think there has been a breach, you can contact us to make a complaint or to find out about complaints procedure by calling us on 0113 320 1900. If you do make a complaint, we will follow our internal complaints procedure to resolve your complain quickly and fairly. If we are unable to meet your expectations and resolve your complaint, you may contact The Financial Ombudsman Service (FOS). There details are: The Financial Ombudsman Service (FOS) Exchange Tower London E14 9SR Telephone: 08000 234 567 Email: Web: You also have the right to make a complaint to the Information Commissioner’s Office if you have concerns about how we collect, use, share or keep your personal data. There details are: Information Commissioner’s Office (ICO) Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF Web: Telephone: 0303 123 1113 Contact us If you have any questions, comments or require further details on how we collect, use, share and store your personal data, or about your rights and how to exercise them, please contact us: Data Protection Officer Modus UK Ltd T/A OnePay First Floor Mayfield House Lower Railway Road Ilkley LS29 8FL Email: Changes to this policy We will post any changes to our privacy notice on this page. However, for any significant changes we will contact you to let you know of the changes made.
Go to top