WONDAPAY is a trading name of DEPOSITMATE LTD hereinafter known as “the Company”, “the Firm” or “we”, is fully committed to compliance with the requirements of the General Data Protection Regulation (Regulation (EU) 2016/679), which came into force on 25th May 2018.
The Firm is committed to protecting and respecting your privacy. This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed, and stored by the Firm. Please read the following carefully to understand our views and practices regarding your personal data and how the Company will treat it. By using our website, you are agreeing to be bound by this Policy, however, you are free to withdraw your consent anytime by notifying us.
For the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’), the data controller is DEPOSITMATE LTD.
Purpose of the Data processing
We are required to maintain certain personal data about individuals for the purposes of satisfying our operational and legal obligations (to register and maintain an account, customer due diligence, money laundering prevention, transact business effectively and to safeguard your assets and your privacy). We recognise the importance of correct and lawful treatment of personal data as it helps to maintain confidence in our organisation and to ensure efficient and successful outcomes when using this data.
We only use personal information as legally appropriate to provide you with a high quality of service and security. We may use the personal data collected from you to verify your identity and contact information. We may also use this information to establish and set up your registration, which allows you to set up a secure password, maintain your transaction activity, and contact you with information.
This information helps us improve our services, satisfy financial regulations, and inform you about new products, services or promotions that may be of interest to you.
Personal data may consist of data kept on paper, computer, or other electronic media; all of which is protected under the GDPR.
Principles of the Data processing
All data is:
Not kept for longer than necessary;
Personal Data We Collect
We may collect and process the following data about you:
The types of personal data that we may process may include information about current, past, and prospective customers, website visitors, etc. with whom we have dealings. This information includes information required to communicate with you, including your name, mailing address, telephone number, email address, date of birth, ID, and your location information
We may also ask you for information when you report a problem with the Site. If you contact us, we may keep a record of that correspondence. We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
You have choices about the data we collect. When you are asked to provide personal data, you may decline. You are also entitled to have the Firm erase your personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal however, if you choose not to provide data that is necessary to provide a service or to withdraw the data that is still relevant to original purposes of processing, you may not be able to use that service.
The data we collect depends on the context of your interactions with the Company, the choices you make, including your privacy settings, and the service and features you use.
We may share Website usage information about visitors to the Website with reputable advertising companies for targeting our internet banner advertisements on this site and other sites. For this purpose, pixel tags (also called clear GIFs or web beacons), may be used to note the pages you have visited. The information collected by the advertising company using these pixel tags is not personally identifiable.
Reasons We share Personal Data
We share your personal data with your consent or as necessary to complete any transaction or provide any service you have requested or authorised. We also share data with:
Our affiliates and partners.
We may share information with affiliates if the information is required to provide the service you have requested, or to provide you with the opportunity to participate in the products or services our affiliates offer. We may also forge partnerships and alliances, which may include joint marketing agreements, with other companies who offer high-quality products and services that might be of value to our customers.
To ensure that these products and services meet your needs and are delivered in a manner that is useful and relevant, we may share some information with partners, affiliates, and alliances. This allows them to better understand the offers that are most relevant and useful to you. The use of your personal information is limited to the purposes identified in our relationship with the partner or affiliate.
Non-affiliated third parties.
We do not sell, license, lease or otherwise disclose your personal information to any third party for any reason, except as described.
We reserve the right to disclose your personal information to third parties when required to do so by law to regulatory, law enforcement or other government authorities. We may also disclose your information as necessary to credit reporting or collection agencies. We may also disclose your information to non-affiliated third parties if it is necessary to protect the Company’s rights or property.
To help us improve our services to you, we may engage another business to help us to carry out certain internal functions such as account processing, fulfillment, customer service, customer satisfaction surveys or other data collection activities relevant to our business. We may also provide a party with customer information from our database to help us to analyse and identify customer needs and notify customers of product and service offerings.
Use of the shared information is strictly limited to the performance of the task we request and for no other purpose. All third parties with which we share personal information are required to protect personal information in a manner similar to the way we protect personal information. We use a variety of legal mechanisms, including contracts, to help insure your rights and protections.
Restriction of responsibility
Access to Personal Data
All individuals who are the subject of personal data held by us are entitled to
If you cannot access certain information and personal data collected by the Firm, you can always contact the Company by using compliance@WondaPay.com. We will respond to requests to access or delete your personal data within thirty  days.
Security of Personal Data
We maintain strict security standards and procedures with a view to preventing unauthorised access to your data by anyone, including our staff. We use leading technologies such as (but not limited to) data encryption, firewalls, and server authentication to protect the security of your data. The software protection tools include strict control mechanisms as follows: SSL 3, TLS 1.2 with keys equal or larger than 2048-bit. The Firm’s staff and other third parties, whenever contracted to provide support services, are required to observe our privacy standards and to allow us to audit them for compliance.
Breach of Personal Data
In the case of a personal data breach, the Company shall without undue delay and, where feasible, not later than seventy-two  hours after having become aware of it, notify the personal data breach to the supervisory authority – Information Commissioner’s Office, UK (“ICO”) unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification to ICO is not made within seventy-two  hours, it shall be accompanied by reasons for the delay according to the Article 33 of GDPR.
Where Personal Data is stores and processed
Personal data collected by the Firm will be stored and processed in the UK with a backup to a datacentre also sited in the UK.
The storage location(s) are chosen to operate efficiently, to improve performance, and to create redundancies to protect the data in the event of an outage or other problem. We take steps to ensure that the data we collect under this privacy statement is processed according to the provisions of this statement and the requirements of UK law. We do not transfer personal data outside of the UK.
Retention of Personal Data
The Company retains personal data for as long as necessary to provide the services, or for other essential purposes such as complying with our legal obligations, including as an authorised financial services provider, resolving disputes, and enforcing our agreements. Because these needs can vary for different data types in the context of various products, actual retention periods may vary significantly. The criteria used to determine the retention periods include, for example:
This includes such things as maintaining and improving the performance of those services, keeping our systems secure, and maintaining appropriate business and financial records. This is the general rule that establishes the baseline for most data retention periods.
If so, we will retain data in accordance with the consent.
Mandatory data retention laws can be applied in the UK. Government orders to preserve data relevant to an investigation, or data that must be retained for the purposes of litigation.
We encourage you to periodically check and review this policy so that you will always know what information we collect, how we use it, and to whom we disclose it. If you have any questions that this statement does not address, please contact us via compliance@WondaPay.com.
If you have a privacy concern, complaint, or a question for the Data Protection Officer, please contact us via compliance@WondaPay.com. We will respond to questions or concerns within thirty  days.
Unless otherwise stated, the Firm is a data controller for personal data we collect through the services subject to this statement. The Company is a private limited company under Companies House number: 11825276. The Registered Office address is 34, Westway, Caterham-on-the-Hill, Surrey, CR3 5TP.
The Firm’s Responsible Officer for Compliance is also the person responsible for data protection as the Data Protection Officer (DPO”). The Firm’s DPO is PAUL SAWYER and the address for correspondence is: Meadow Lodge Annexe, Montefiore Avenue, Rayleigh, Essex, SS6 9QU. Telephone: +44 (0) 1268 661 696.