Privacy Policy

Last updated: 7 April 2026

United Payments Ltd ("United Payments", "we", "us", "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you visit our website, contact us, or use our merchant services, and sets out your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who we are

United Payments Ltd is a company registered in England and Wales (Company Registration Number 11274512), with its registered office at 601 Green Lanes, London N8 0RE. We are authorised and regulated in connection with our financial services activities and are the data controller responsible for personal data processed in relation to our website and merchant services.

If you have any questions about this policy or wish to exercise any of your rights, you can contact us at:

  • Post: Data Protection, United Payments Ltd, 601 Green Lanes, London N8 0RE
  • Email: info@unitedpayments.co.uk
  • Telephone: 0333 567 3568

2. Personal data we collect

Depending on your relationship with us, we may collect and process the following categories of personal data:

  • Contact and identity data — name, business name, job title, email address, telephone number and postal address submitted via our contact forms, telephone enquiries or onboarding documentation.
  • Merchant and financial data — bank account details, trading history, estimated turnover, VAT number, company registration number, beneficial ownership information and identification documents required for anti-money laundering and know-your-customer checks.
  • Transaction data — details of card transactions processed through our terminals, e-commerce gateways and EPOS systems, including amounts, currencies, dates, merchant category, masked card numbers and transaction references.
  • Technical data — IP address, browser type and version, device identifiers, operating system, time zone setting, referring URLs and pages visited on our website.
  • Usage and analytics data — information about how you use our website and services, collected via cookies and similar technologies (see our Cookie Policy).
  • Marketing and communications data — your preferences in receiving marketing from us and your communication preferences.

We do not knowingly collect special category data. We do not knowingly collect data relating to children under the age of 18 through our website.

3. How we collect your data

We collect personal data through:

  • Direct interactions — when you complete our contact forms, request a quotation, sign up for our services or correspond with us.
  • Automated technologies — as you interact with our website we may automatically collect technical and usage data via cookies and server logs.
  • Third parties and public sources — credit reference agencies, fraud prevention agencies, Companies House, sanctions lists, and our introducing partners.

4. Lawful bases for processing

Under UK GDPR we only process personal data where we have a valid lawful basis. The bases we rely on are:

  • Performance of a contract — to onboard you as a merchant, provide our payment processing services, and administer your account.
  • Legal obligation — to comply with anti-money laundering, counter-terrorist financing, FCA regulatory requirements, HMRC obligations, and card scheme rules.
  • Legitimate interests — to operate and improve our website, prevent fraud, protect our business, manage risk, respond to enquiries and conduct direct marketing to existing business customers. We carry out a balancing test before relying on this basis.
  • Consent — where required by law, for example for certain marketing communications or non-essential cookies. You may withdraw consent at any time.

5. How we use your data

We use personal data to:

  • Respond to enquiries submitted through our contact forms and by telephone or email;
  • Assess merchant applications, conduct due diligence and onboard new customers;
  • Provide and administer our card acquiring, EPOS, terminal and business finance services;
  • Process, authorise, settle and reconcile card transactions;
  • Detect, investigate and prevent fraud, money laundering and other financial crime;
  • Comply with our legal, regulatory and reporting obligations;
  • Manage risk, chargebacks, disputes and complaints;
  • Provide customer support and communicate with you about your account;
  • Improve our website, services and customer experience;
  • Send you service updates, and, where permitted, marketing communications about products we think may interest you.

6. Sharing your data

We only share personal data where necessary and always under appropriate safeguards. Recipients may include:

  • Regulated payment partners, acquirers and card networks that enable us to process your transactions;
  • Identity verification, credit reference and fraud prevention agencies;
  • Our professional advisers, auditors, legal counsel and insurers;
  • IT, hosting, customer support and analytics service providers acting as data processors on our behalf;
  • Regulators, law enforcement and government authorities where we are required to do so by law;
  • Any prospective buyer in the event of a sale, merger or restructure of our business.

We do not sell your personal data to third parties and we do not allow our service providers to use your data for their own marketing purposes.

7. International transfers

Where your personal data is transferred outside the United Kingdom, we ensure an adequate level of protection is in place, including UK adequacy regulations, the International Data Transfer Agreement, Standard Contractual Clauses, or other lawful transfer mechanisms recognised under UK GDPR.

8. Data retention

We keep personal data only for as long as necessary for the purposes for which it was collected, including to satisfy legal, accounting, regulatory or reporting requirements. Typical retention periods include:

  • Contact form enquiries that do not result in an account: up to 24 months;
  • Merchant account and transaction records: at least 6 years after the end of our relationship, in line with FCA, HMRC and anti-money laundering requirements;
  • Marketing preferences: until you unsubscribe or withdraw consent;
  • Website analytics: up to 26 months.

9. Data security

We maintain appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration or disclosure. Our card-processing environment is maintained in line with the Payment Card Industry Data Security Standard (PCI DSS). Access to personal data is restricted to authorised personnel on a need-to-know basis.

10. Your rights under UK GDPR

You have the following rights in relation to your personal data:

  • Right of access — to request a copy of the personal data we hold about you.
  • Right to rectification — to ask us to correct inaccurate or incomplete data.
  • Right to erasure — to ask us to delete your data where there is no compelling reason to keep it.
  • Right to restrict processing — to ask us to suspend the processing of your data in certain circumstances.
  • Right to data portability — to receive your data in a structured, commonly used and machine-readable format.
  • Right to object — to object to processing based on legitimate interests or for direct marketing.
  • Rights relating to automated decision-making — we do not carry out solely automated decision-making that produces legal or similarly significant effects without human review.
  • Right to withdraw consent — where we rely on consent, you can withdraw it at any time.

To exercise any of these rights, please contact us using the details in section 1. We will respond within one calendar month. There is normally no fee, although we may charge a reasonable fee or refuse clearly unfounded or excessive requests.

11. Complaints

If you are unhappy with how we have handled your personal data, please contact us first so we can try to resolve the matter. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection, at https://ico.org.uk/.

12. Cookies

Our website uses cookies and similar technologies. For details of the cookies we use and how you can manage them, please see our Cookie Policy.

13. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in the law, our business, or our practices. The "Last updated" date at the top of this page indicates when it was last revised. We encourage you to review this page periodically.

14. Contact us

Any questions regarding this Privacy Policy or our data practices should be addressed to United Payments Ltd, 601 Green Lanes, London N8 0RE, or by email to info@unitedpayments.co.uk.