Compliance

Welcome to the PayEscape Compliance Center.
Get the latest updates to our General Data Protection Regulation Policy.

Book a demoContact us

5* Service & Support

Fully Managed Software

ISO 27001 Certified

HMRC Recognition

BACS Approved

All individuals have rights with regard to the way in which their Personal Data is handled. During the course of our activities, we may collect, store and process Personal Data about our employees, customers, suppliers and other third parties, and we recognise that the correct and lawful treatment of this Personal Data will maintain confidence in our organisation and will provide for successful business operations.

This page sets out the priciples that Payescape (we, us, our) with a registered address at 2 Riada Avenue, Ballymoney, BT53 7LH, must follow when processing Personal Data to help ensure compliance with the General Data Protection Regulation (GDPR) EU 2016/679. Data Users are obliged to comply with this policy and any other documents referred to in this policy when processing Personal Data on our behalf. Payescape takes all breaches of this policy very seriously. Violations may result in disciplinary action, up to and including termination.

About this policy
The types of Personal Data that Payescape may be required to handle include information about current, past, and prospective employees, customers, suppliers, and others that we communicate with. The Personal Data, which may be held on paper or on a computer or other media, is subject to certain legal safeguards specified in the GDPR.

This policy and any other documents referred to in it sets out the basis on which we will process any Personal Data we collect from Data Subjects, or that is provided to us by Data Subjects or other sources.

This policy sets out rules on data protection and the legal conditions that must be satisfied when we collect, handle, process, transfer and store Personal Data. This policy does not form part of any employee’s contract of employment and may be amended at any time.

What personal data does payescape collect?
We collect personal data relating to employees and applicants for employment, clients who instruct us to provide payroll services to them, supplier contacts, industry professionals, and other individuals who provide goods and/or services to us.

Why do we collect personal data from data subjects?
We use Personal Data to manage our business including legal, personnel, administrative, and management purposes.

Payescape may share the Personal Data it collects with its corporate affiliates and third parties operating on its behalf. Payescape will only share Personal Data with companies that are required to protect Personal Data in accordance with relevant Data Privacy Laws, and subject to any appropriate security measures and directions from Payescape.

How do we process personal data?
Payescape processes all Personal Data in accordance with the following data protection principles. All Payescape personnel must follow these principles if they process Personal Data:

Processing must be fair, lawful, and transparent: For Personal Data to be processed fairly and transparently, Payescape (as a Data Processor) must inform Data Subjects, when Payescape processes Personal Data directly from them. Where we intend to process the Personal Data for a further purpose such as for our clients in providing payroll services, other than that for which the Personal Data were collected, we will provide the Data Subject prior to that further processing with information on that purpose.

Processing for limited purposes: Personal Data must generally only be processed for the specific purposes notified to the Data Subject when the Personal Data was first collected or for any other purposes specifically permitted by Data Privacy Laws.

Adequate, Relevant and Not Excessive: We will only collect Personal Data to the extent that it is required for the specific purpose(s) notified to the Data Subject. Accurate and Up-to-Date: We will ensure that Personal Data we hold is accurate and kept up-to-date.

Storage Limitation
We will only retain Data Subject’s Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of Data Subject’s Personal Data, the purposes for which we process Data Subject’s Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.

By law, we have to keep basic information about our Data Subjects (including Contact, Identity, Financial and Transaction Data) for six years after such Data Subjects cease being our customers for tax purposes

Personal Data must be kept secure, and processed in line with the rights of Data Subjects. Personal Data must not be transferred to people or organisations situated outside the EEA unless it will be adequately protected.

Rights of data subjects
Data subjects have rights under Data Privacy Laws regarding the processing of their personal data.

Subject access requests
Data Subjects may make a request for information we hold about them. This request may be made in writing or orally. A Data Subject has a right of access to a copy of the Personal Data we hold about him/her.

Requests for any inaccurate or incomplete personal data to be rectified
Where a Data Subject has requested the rectification of their Personal Data, we must inform recipients to whom that Personal Data have been disclosed, unless this proves impossible or involves disproportionate effort.

Objections to or requests for erasure or restriction of processing in specified circumstances
Where a Data Subject has requested the erasure or restriction of their Personal Data, we must inform recipients to whom that Personal Data have been disclosed, unless this proves impossible or involves disproportionate effort.

Objections to processing
Where a Data Subject has objected to Payescape processing their Personal Data for public or legitimate interest grounds, direct marketing or scientific, historical, or statistical purposes, we must stop processing the Personal Data, unless we can demonstrate compelling legitimate grounds for the processing which override the rights of the Data Subject or the processing is necessary for the defence of legal claims.

Record keeping
Payescape shall properly demonstrate its compliance with Data Privacy Laws. This includes maintaining accurate and detailed records of processing activities, consents provided by the Data Subject, data protection related policies and procedures. Employees who process Personal Data on behalf of Payescape shall retain adequate notes and records of all of the above in relation to such processing activities.

Breaches of this policy
Any actual or suspected breach of this policy should be immediately notified to the Operations Manager.

Changes to this policy
We reserve the right to change this policy at any time. Where appropriate, we will notify Data Users of those changes by mail or email.