Privacy Policy

1. What Data We Collect

We collect personal information that you provide to us when you fill out our online quote forms. This includes:

• Personal identifiers: Name, email address, phone number
• Business information: Business name, company registration number (if provided), industry sector
• Financial information: Monthly card sales volumes, average transaction values, funding requirements
• Documentation: Card processing statements (if you choose to upload them)
• Technical data: We may collect certain usage data via cookies and similar technologies (see Cookies section below)

We collect personal information that you provide to us, such as your name, email, phone number, and business information when you fill out our online forms. We also may collect details about your business's financial transactions (e.g., monthly card sales) as part of the quote process.

2. How We Use Your Data

We use your information to provide our quote service and match you with suitable merchant service providers. Specifically:

• To assess your needs and obtain tailored quotes on card processing or funding from our network of trusted providers
• To communicate those quotes back to you via phone or email
• To contact you for additional information or to guide you through the process
• To improve our services and user experience
• To comply with legal obligations and prevent fraud

We may also use the data internally to improve our services or for direct marketing of our services if relevant.

3. Lawful Basis for Processing

Under UK GDPR, we process your personal data based on Legitimate Interests (Article 6(1)(f)). This means we process your data because:

• It's necessary to provide you with the quotes or services you requested
• It's in our business interest to pursue our work of connecting merchants with providers
• You have a reasonable expectation that we would process your data in this way

Our lawful basis for collecting and using your information is Legitimate Interests – specifically, to provide you with the quotes or services you requested and to pursue our business of connecting merchants with providers. We only use your data in ways one would reasonably expect for this purpose.

Your right to object: If processing is based on our legitimate interests, you have the right to object to such processing. If you object, we will review your request and, unless we have a compelling reason, will cease processing your data for that purpose.

4. Data Sharing and Disclosure

We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to any third parties. We also do not share it with third parties for their own marketing purposes.

Service Providers

We may share your data with trusted service providers that help us operate our business. For instance:

• Zapier: We use Zapier for workflow automation to transfer your form submission data securely to our internal databases and systems. Zapier acts as a data processor on our behalf and is committed to GDPR and UK GDPR compliance.
• HubSpot: We plan to integrate HubSpot CRM in the future to manage customer relationships and communications. Any personal information stored in HubSpot will likewise be used only internally by MerchantSwitch.

These platforms do not use your data for their own purposes; they simply help us serve you better. Your data remains under our control and is never sold or shared for advertising.

Merchant Service Partners

We may pass your details to relevant merchant service partners only to retrieve tailored quotes, with your consent or under our legitimate interest to fulfill your request. These partners are bound by confidentiality agreements.

Legal Requirements

We will share data if legally required, such as in response to a lawful request from authorities or to prevent fraud.

5. Data Storage and Security

We take data security seriously and implement appropriate technical and organizational measures to protect your information:

• Encryption: All personal data is stored securely and encrypted. Any sensitive data (e.g., documents you upload) is encrypted at rest and in transit.
• Secure transmission: We use SSL/TLS on our website to ensure information is encrypted when submitted.
• Access controls: We restrict access to your data – only authorized personnel or contractors (e.g., your assigned account manager) will access it, and they are bound by confidentiality.
• Secure databases: Your data is stored in secure, encrypted databases with regular backups.

Personal information, including payment data, is stored securely and encrypted. We use SSL technology to encrypt data transmission. We also restrict access to your data to only authorized personnel who are bound by confidentiality agreements.

Important: Your data stays in-house and is never sold. Your data is not shared outside of our organization except as explained above (e.g., with our service providers or necessary partners).

6. Data Retention

We retain personal data only as long as necessary for the purposes described. For quote requests, we may keep your information on file for a certain period (e.g., 12 months) in case you have follow-up questions or to offer updates on services, unless you request deletion sooner.

We also may retain minimal data as required for legal/compliance record-keeping.

7. Cookies and Tracking

Our website uses cookies or similar technologies for analytics and advertising purposes:

• Google Analytics: We use Google Analytics to collect anonymous traffic data to understand how visitors use our site.
• Facebook Pixel: We may use Facebook Pixel to measure the effectiveness of advertisements.

These tools may set cookies in your browser and may collect information like IP addresses, device info, and pages visited. They do not collect personal details like your name or email unless you explicitly provide them.

You can opt-out or disable cookies via your browser settings. See your browser's help documentation for instructions.

8. Your Rights under UK GDPR

You have certain rights regarding your personal data under UK GDPR:

• The right to access: You can request a copy of the personal information we hold about you.
• The right to rectification: You can ask us to correct or update any inaccurate or incomplete data.
• The right to erasure: You can request we delete your data (the "right to be forgotten"), as long as it's no longer needed for the purpose or there's no legal obligation to keep it.
• The right to restrict processing: You can ask us to limit how we use your data, for example, not to use it for marketing.
• The right to object: You can object to processing based on legitimate interests or for marketing purposes.
• The right to data portability: You can get your data in a portable format (if applicable).
• The right to withdraw consent: If any processing is based on consent, you can withdraw it at any time.
• The right to lodge a complaint: You can file a complaint with the UK Information Commissioner's Office (ICO) if you believe your data rights have been violated.

To exercise any of these rights, please contact us using the details in the Contact section below. We will honor your rights in accordance with applicable law. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) if you're unsatisfied with how we handle your data.

9. Contact Information

If you have questions, requests, or concerns regarding your personal data or this Privacy Policy, please contact us:

International Data Transfers

Zapier and HubSpot may involve transferring your data to their servers (which could be outside the UK/EU). We ensure any such transfers are protected by appropriate safeguards:

• Zapier participates in the EU/UK Data Privacy Framework
• We have data processing agreements in place with all service providers
• All transfers comply with UK GDPR requirements for international data transfers