Privacy Policy

Who We Are and How to Contact Us

If you have any questions about this Privacy Policy, how we handle your data, or if you would like to exercise any of your data protection rights, you can contact us using the email address above.

You can find general guidance about controllers and their responsibilities on the ICO's website under "data protection principles, definitions, and key terms".

What Information We Collect and Why

Information You Provide to Us

When you create and use a Pipster account or otherwise interact with us, we collect information you give us directly so that we can provide, operate and support our services. This includes, in particular:

• Names and contact details (for example, name, email address, phone number)
• Residential or billing addresses
• Date of birth
• Account registration and login details (including usernames and passwords)
• Purchase, trading or account history and related records
• Payment details (such as card or bank details used for transfers or direct debits)
• Information relating to any loyalty or rewards programmes you participate in
• Identification documents and information used to verify your identity (for example, passport, driving licence or other photo ID, proof of address, and similar KYC documentation)
• Information provided in connection with compliments, complaints, support requests or other correspondence with us

We use this information, depending on the context, to:

• Set up, operate and administer your Pipster account (including authentication and account security)
• Provide you with our products and services and process payments or refunds
• Maintain records of your use of our platform, including for performance and history tracking
• Communicate with you about your account, activity, changes to our services and other important service messages
• Deal with queries, complaints or claims and provide customer support

Information We Collect for Account Operation and Security

To run and protect customer accounts and any related guarantees or protections, we also collect and use:

• Names and contact details
• Addresses
• Payment details and transaction history
• Account information and registration details
• Information used for security purposes (for example, login activity, security questions, multi-factor authentication settings)
• Marketing and communication preferences

We use this information to:

• Manage access to your account and verify your identity when you log in or contact us
• Monitor activity to detect and prevent fraud, abuse and misuse of our services
• Keep accurate records of balances, entitlements and obligations connected with your account

Information We Collect for Service Updates and Marketing

We may collect and use certain information to send you service updates and, where permitted, marketing about our products and related services. This includes:

• Names and contact details
• Addresses
• Marketing and communication preferences
• Location data (where enabled)
• Purchase, viewing or interaction history
• IP addresses
• Website and app user journey information (including cookies and similar technologies)
• Records of consent, where appropriate

We use this information to:

• Send important updates about your account, security, changes to our terms and key product changes
• Inform you about new features, promotions or services that may be relevant to you, in line with your marketing preferences and applicable law
• Analyse how our services are used so we can improve and optimise the user experience

Information We Collect to Comply with Legal Obligations

To meet our legal, regulatory, tax, accounting and other compliance obligations, we may collect and use:

• Name and contact details
• Identification documents and verification data
• Financial transaction information (including payments, refunds and chargebacks)
• Any other personal information required to comply with applicable laws and regulations

This can include anti-money laundering (AML), counter-terrorist financing, fraud prevention and sanctions-checking requirements, as well as record-keeping for tax and accounting.

Information Collected for Recruitment

If you apply for a role with us, we collect and use personal information for recruitment and pre-employment checks, including:

• Contact details (such as name, address, telephone number, email address)
• Date of birth and National Insurance number
• Copies of passports or other photo ID and right-to-work documents
• Employment history and references
• Education history and qualifications
• Details of any criminal record checks (for example, DBS, Access NI or Disclosure Scotland checks), where required and permitted by law
• Security clearance details where applicable

We use this information to assess your suitability for a role, to comply with legal requirements, and to manage any recruitment-related queries or claims.

Information Collected When Dealing With Queries, Complaints or Claims

When you contact us about a query, complaint or claim, we may use:

• Names and contact details
• Address information
• Payment details and transaction data
• Account information
• Purchase, trading or service history
• Customer account records
• Financial transaction information
• Correspondence and call or chat records

We use this information to investigate and respond, resolve issues, improve our services and, where necessary, establish or defend legal claims.

Information We Collect When You Use Our Website or App

Our website and any Pipster apps use cookies and similar technologies to provide core functionality, improve performance, prevent fraud and show relevant content or marketing. This may involve collecting:

• Device and session information (for example, device type, operating system, IP address and unique identifiers)
• Usage information (such as pages viewed, features used, clickstream data, time spent, browser type and other information about how you interact with our services)

For more detail about how we use cookies, please refer to our Cookie Policy (or equivalent document) which forms part of this Privacy Policy.

Where We Get Your Information From

We collect personal information from a range of sources, including:

• Directly from you, for example when you create an account, make a purchase, contact us or take part in a promotion
• Publicly available sources, such as company registers and social media where allowed by law
• Market research organisations and providers of marketing lists (where they are legally permitted to share your information and, where relevant, you have consented)
• Suppliers and service providers who help us run our business and provide services to you (such as identity verification providers, payment processors, analytics and email platforms)

Our Lawful Bases and Your Rights

Lawful Bases We Rely On

Under UK data protection law, we must have a lawful basis for collecting and using your personal information. Depending on the situation, we rely on:

• Consent – where you have given clear permission, for example, for certain types of marketing or optional data uses. You can withdraw your consent at any time using the contact details above.
• Contract – where we need to process your data to enter into or perform a contract with you (for example, to provide your account and services).
• Legal obligation – where we must process data to comply with laws and regulatory requirements (for example, AML checks and record keeping).
• Legitimate interests – where the processing is needed for our legitimate interests or those of a third party, and those interests are not overridden by your rights and freedoms.

Our legitimate interests include, in particular:

• Operating, improving and protecting our services, including maintaining the reliability, performance and security of our platform, preventing fraud and abuse, and protecting accounts.
• Setting up and administering customer accounts and any related guarantees, monitoring for misuse and keeping accurate records of positions and obligations.
• Sending service updates and carefully selected marketing about Pipster products and related services in a proportionate and targeted way, with clear opt-out options.
• Understanding, applying and demonstrating compliance with our legal and regulatory obligations, including maintaining audit trails and cooperating with regulators and dispute resolution bodies.
• Effectively investigating and responding to queries, complaints and claims and defending our legal rights where appropriate.

Where we rely on legitimate interests, we assess and balance those interests against your rights and expectations, apply appropriate security and retention measures, and limit the data we collect to what is proportionate.

Your Data Protection Rights

You have a number of rights under UK data protection law. In summary, these include:

• Right of access
• Right to rectification
• Right to erasure
• Right to restrict processing
• Right to object to processing
• Right to data portability
• Right to withdraw consent

If you make a request, we will respond without undue delay and, in any event, within one month (subject to any lawful extensions). To exercise your rights, please contact us using the details at the top of this Privacy Policy.

Who We Share Your Information With

We limit access to your personal information to people and organisations who need it to fulfil the purposes described in this Privacy Policy and who are subject to appropriate confidentiality and data protection obligations.

Service Providers and Processors

We use carefully selected suppliers and service providers (acting as data processors) to help us operate and improve our services. This may include:

• Identity and document verification providers such as Veriff
• Platform, hosting and IT providers
• Payment processors, gateways and banking partners
• Analytics, security and fraud-prevention services
• Email, communication and marketing tools

Where you make a payment, your payment details are shared directly with the relevant payment processor, which will process your data in line with its own privacy information.

Other Recipients

We may also share personal information, where appropriate, with:

• Professional or legal advisers
• External auditors or inspectors
• Professional consultants and insurers
• Financial or fraud investigation authorities and law enforcement agencies
• Regulators and other organisations we are legally obliged to share information with
• Previous employers or referees in the context of recruitment
• Other parties involved in a merger, acquisition, restructuring or asset sale

In some cases we may publish limited information (for example, anonymised testimonials or success stories), but we will not publish identifiable personal information without a suitable lawful basis.

International Transfers

Some service providers may be located outside the UK. Whenever we transfer personal information outside the UK, we do so in accordance with UK data protection law using appropriate safeguards.

How Long We Keep Your Information

We keep personal information only for as long as reasonably necessary.

• Account and identification data: life of account + up to 7 years
• Trading and transaction records: at least 7 years
• Technical and usage data: up to 3 years
• Marketing preferences: while opted-in + up to 2 years
• Complaints and correspondence: up to 7 years
• Recruitment records: up to 12 months for unsuccessful candidates

In some circumstances, personal data may be anonymised and used indefinitely for research or statistical purposes.

Cookies and Tracking Technologies

Our website and apps use cookies and similar technologies for essential functionality, security, performance, analytics and, where permitted, marketing. You can manage your preferences through your browser settings or cookie tools.

Security of Your Information

We use technical and organisational measures to protect the confidentiality, integrity and availability of personal information, including secure servers, restricted access and appropriate safeguards.

External Links

Our website or communications may contain links to third-party websites or services. We are not responsible for their privacy practices.

How to Complain

If you have concerns about how we use your personal information, you can contact us using the details at the top of this Privacy Policy. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):