Privacy Policy

1. Introduction

SAUNDERS CONSULTING LTD ("we", "us", or "our") operates Paypath, a payment processing quote comparison service. This Privacy Policy explains how we collect, use, disclose, and protect your personal information in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

2.1 Information You Provide

When you use Paypath, we collect:

• Personal Details: Full name, email address, phone number
• Business Information: Business name, type, annual turnover, average transaction value, card payment mix, terminal requirements
• Company Details: Companies House registration number, registered address, company status (for limited companies)

2.2 Automatically Collected Information

• Usage Data: Pages visited, time spent, clicks, navigation patterns
• Technical Data: IP address, browser type, device information, operating system
• Analytics: Collected via Google Analytics and Mixpanel (with your consent)

3. How We Use Your Information

We use your information to:

• Generate personalised payment processing quotes
• Share your details with payment service providers (Worldpay and partners)
• Facilitate merchant account applications
• Send quote confirmations and updates via email
• Improve our service through analytics and usage patterns
• Comply with legal and regulatory requirements
• Prevent fraud and ensure service security

Legal Basis for Processing

We process your data based on:

• Consent: You explicitly agree to data sharing when requesting quotes
• Contract: Processing is necessary to provide our referral service
• Legitimate Interests: Improving our service and preventing fraud
• Legal Obligation: Compliance with financial regulations

4. Data Sharing with Third Parties

As a referral service, we share your business information with:

Payment Service Providers

• Worldpay - For merchant account applications and quote processing

Data Shared: Business name, contact details, transaction volumes, card mix, terminal requirements

Purpose: To process your quote request and facilitate merchant account setup

Service Providers

• Supabase - Database hosting and storage
• Vercel - Website hosting and infrastructure
• Vercel Blob - Image and file storage
• Google Analytics - Website analytics (with your consent)
• Mixpanel - Product analytics (with your consent)
• Resend - Transactional email delivery

We ensure all third parties comply with GDPR and have appropriate data protection measures in place.

5. Data Retention

We retain your data for:

• Quote and Application Data: Up to 2 years from last activity
• Analytics Data: Aggregated and anonymised indefinitely
• Legal Records: As required by financial regulations (typically 6-7 years)

After the retention period, your data is securely deleted unless we have a legal obligation to retain it longer.

6. Your Rights Under GDPR

You have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restriction: Limit how we process your data
• Portability: Receive your data in a machine-readable format
• Object: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent for data processing at any time

To exercise your rights, contact us at: contact@paypath.uk

We will respond to your request within 30 days.

7. Cookies and Tracking

We use cookies and similar technologies for analytics and service functionality. You can control cookie preferences through our cookie consent banner. See our Cookie Policy for full details.

8. Data Security

We protect your data using:

• Encrypted connections (HTTPS/TLS)
• Secure cloud infrastructure with access controls
• Regular security audits and monitoring
• Employee training on data protection
• Incident response procedures

While we implement industry-standard security measures, no system is 100% secure. We cannot guarantee absolute security of your data.

9. International Data Transfers

Your data may be processed in countries outside the UK/EEA where our service providers operate. We ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs)
• Adequacy decisions by the UK Information Commissioner
• Provider certifications and compliance frameworks

10. Children's Privacy

Paypath is intended for business use only. We do not knowingly collect information from individuals under 18 years of age.

11. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be posted on this page with an updated "Last updated" date. Significant changes will be communicated via email.

12. Contact and Complaints

For privacy-related questions or to exercise your rights:

If you're not satisfied with our response, you have the right to lodge a complaint with: