Privacy Policy

Date: July 2025

Disclaimer
ACCESS SYSTEMS (UK) LIMITED of City Tower, Piccadilly Plaza, Manchester, M1 4BT (“we”, “us” or “our” in this privacy policy) are committed to protecting and respecting your privacy.

Purpose of this Privacy Policy

This policy (together with our terms of use and any other documents referred to on it) aims to give you information on how and the basis on which any personal data we collect from you, or that you provide to us, through the use of our website at www.accesspay.com (Website), through customer personnel use of our products and our marketing and sales activities, will be processed by us.

Please read the following carefully to understand how we collect, use and store your personal data.

Our website, services, marketing activities and sales activities are not intended for children and we do not knowingly collect data relating to children.

Controller

For the purpose of the General Data Protection Regulation and UK Data Protection Act (2018), we are the data controller where we collect personal data about:

visitors and customer personnel through the Website.
personnel of prospective and existing customers through our marketing and sales activities.

Processor

When our customers use our products, services and platforms, they are acting as the data controller and are responsible for ensuring that personal information collected about data subjects is being processed lawfully, and we act as processor, processing such personal data only as instructed by the customer.

How we collect and use personal data

Personal data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store, and transfer various types of personal data about you, but only where we have a valid legal basis to do so.

Details of the types of personal data we collect, how we collect it, the purposes for which we use it, and the legal basis for processing are outlined below.

Visitors to accesspay.com

When someone visits the Website, we use third party services to collect internet log information and details of the visitor’s behaviour patterns. This is necessary for our legitimate business interests, including to study how visitors use the Website, to improve the Website, to develop our business and to inform our marketing strategy.

Personal data we may collect:

Technical data: the Internet protocol (IP) address used to connect visitor’s computers to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
Usage data: information about visitor’s use of the Website, including the full Uniform Resource Locators (URL) clickstream (including date and time), products the visitor viewed or searched for, page response times, download errors, length of visits to certain pages and page interaction information (such as scrolling, clicks, and mouse-overs).

When visitors and customers complete a ‘contact request’ or a ‘download content request’ through the Website

We use a third-party marketing automation platform to host our ‘contact request’ forms across the Website. When someone fills out a ‘Contact Request’, ‘Request a Demo’, ‘Request a Quote’, ‘Request a call back’ or ‘Request a Price’ form or ‘Download Content’ on the Website, we will use the third-party marketing automation platform to organise and respond to the requests and for Direct Marketing purposes.

The processing of personal data collected via download forms is on the basis that it is necessary for our legitimate interest. The legitimate interest is for the purposes of direct marketing and the provision of relevant, requested product and services information from us to visitors and customers.

When visitors and customers speak with AccessPay

We use third-party call recording services to record telephone calls, voicemails and meetings.

The processing of personal data collected is on the basis that it is necessary for our legitimate interest and the performance of customer contracts. The legitimate interest is for the purposes of improving internal training and customer service procedures, and the provision of relevant product and services information from us to visitors and customers.

When customer personnel use our platform

We use third-party service providers to support customer experience. For example, to authenticate, raise support tickets and receive e-mail notifications.

The processing of personal data is based on performance of customer contracts.

When visitors and customers use our Live Chat service

We use a third-party service provider, to supply and support our Live Chat service, which we use to handle prospect and customer enquiries in real time.

Visitors and customers can request a transcript of their Live Chat session at any point during the chat.

The processing of personal data is based on consent and necessary for our legitimate interest and the performance of customer contracts. The legitimate interest being: to deliver service to customers.
to make suggestions and recommendations to visitors and customers about goods or services that may interest them.

Direct Marketing

We may process personal data for the purposes of direct marketing, predominantly electronic direct marketing (email) through some of the third party services listed below.

In addition, we may process data collected from previous ‘Download requests’ and ‘Contact Requests’ (as outlined above), store them in our CRM and share them with marketing automation platforms and third party service providers listed above and communicate periodically with people from these data sources, with news and updates on products, services and resources we believe could be of interest to them.

The processing of personal data is on the basis that it is necessary for our legitimate interest of direct marketing.

If you receive an email or communication from us and you don’t want to, you can opt-out of all our electronic direct marketing by selecting the ‘Unsubscribe’ link that is included in all of our communications.

Equally you can request to be removed from our databases by contacting privacy@accesspay.com (see the ‘Your rights’ section of this privacy notice for more detail on this).

Other third-party service providers:

In addition to the information we collect from visitors and customers we may also collect information from, or share information with, the following third party service providers for the purposes set out below:

Third Party Service / Tool	Purpose
AMS	Secure transmission of email communications
ANS	Website hosting
Chilipiper	Meeting booking solution
Cognism	Sales lead data platform
Companies House	Company due diligence checks
Duo	Authentication tool
MFA tooling	Multi Factor Authentication (MFA) security solution
Fivetran	Data warehouse solution
Google Analytics	Web analytics tool
Microsoft Clarity	Web analytics tool
HubSpot	Marketing automation platform, live chat
LinkedIn	Sales lead data
Customer notification tooling	Customer communications from our application(s)
MeetGeek	Virtual note taking tool for meetings
OktoPost	Social media content management tool
Outgrow	Site quizzes and return on investment (ROI) calculator
Outreach	Sales and Marketing automation platform including call and meeting recording
RingCentral	Call management including call recording
Salesforce	Customer relationship management platform
Trumpet	Sales enablement tool supporting information sharing with customers
Twitter	Social media platform
ValueCase	Project planning solution
Vidyard	Video sharing platform
Zendesk	Help Desk ticket management solution

The personal data we may share with the third party service providers:

Identity data: first name last name and job role/title.
Contact data: email address and phone number.
Call recording information.
Meeting dates and times / meeting information.
Additional information that may be shared by a customer.

The processing of personal data collected via contact forms and /or third party automation platform and shared with our third party service providers listed above is necessary for our legitimate interest and the performance of customer contracts. The legitimate interest is for the purpose of direct marketing and the provision of relevant, requested product and services information from us to visitors and customers.

Disclosure of personal data

We may share personal data with other members of our group.

We may disclose personal data to the following third parties:

Credit reference agencies for the purpose of assessing the relevant person’s credit score where this is a condition of us entering into a contract with them.
Third party service providers set out above.
Third parties to whom we choose to sell, transfer, merge or buy any business or assets, in which case we may disclose personal data to the prospective seller or buyer of such business or assets and the personal data held by us about our customers will be one of the transferred assets.
If we are under a duty to disclose or share personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms of Use or Terms and Conditions of Business and End User Licence Agreement and other agreements, or to protect the rights, property, our safety, our customers or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

We require all third parties to respect the security of personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use personal data for their own purposes and only permit them to process personal data for specified purposes and in accordance with our instructions or legal requirements.

Personal data storage and security

All personal data collected by us is stored securely on the third party platforms listed above. In all instances, data is stored securely, with access restricted to appropriate staff members within AccessPay.

We may transfer your personal data to service providers that carry out certain functions on our behalf, such as the third party platforms set out above. This may involve transferring personal data outside the UK and EEA to countries which have laws that do not provide the same level of data protection as English or European law.

Whenever we transfer your personal data out of the UK or EEA to service providers, we ensure a similar degree of protection is afforded to it by ensuring that the following safeguards are in place:

We may transfer your personal data to countries that have been deemed by the UK to provide an adequate level of protection for personal data.
We may use specific standard contractual terms approved for use in the UK and EEA which give the transferred personal data the same protection as it has in the UK and EEA, such as the International Data Transfer Agreement, and The International Data Transfer Addendum to the European Commission’s standard contractual clauses for international data transfers.

The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we use strict procedures and security features to try to prevent unauthorised access.

Retention of personal data

We will only retain personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

Your rights

You have rights under data protection laws in relation to your personal data to:

Request that any personal data that we collect and hold on you that is incomplete or incorrect be updated or corrected.
Request access to your personal data. This enables you to receive a copy of any personal information that we collect and hold on you.
Request that any personal information we hold on you be transferred to you or a third party.
Request that we restrict us from processing your personal data where one of the following applies:
- if you want us to establish the data’s accuracy;
- where our use of the data is unlawful but you do not want us to erase it;
- where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
- you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Object to any of the ways that we process your personal data. Where we are relying on a legitimate interest (or those of a third party) as the legal basis for that particular use of your data (including carrying out profiling based on our legitimate interests). In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your right to object.
Request that we delete or remove any or all of your personal data in certain circumstances. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. Object to the processing of your personal data for direct marketing purposes.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

You may exercise any of the above rights by getting in touch with us through the following routes:

By email to: privacy@accesspay.com.
In writing to: The Data Controller, AccessPay, City Tower, Piccadilly Plaza, Manchester, M1 4BT.

Please note that the Website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

Opting Out

You can ask us not to process your personal data for marketing purposes. We will inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by unsubscribing from electronic communications using the unsubscribe link on all of our emails or by requesting in writing to privacy@accesspay.com

Similarly, if you receive an email or communication from us and you don’t want to, you can opt-out of all our electronic direct marketing by selecting the ‘Unsubscribe’ link that is included in all of our communications. Alternatively, you can request to be removed from our databases by contacting privacy@accesspay.com.

Changes to our privacy policy

Any changes we may make to our privacy policy in the future will be posted on this page please check back frequently to see any updates or changes to our privacy policy.

Contact

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to privacy@accesspay.com.

Complaints procedure

If you have any objections to the way in which we process your personal data you can raise them with us directly by contacting us through the following routes:

By email to privacy@accesspay.com.
In writing to The Data Controller, AccessPay, City Tower, Piccadilly Plaza, Manchester, M1 4BT.

If you wish to lodge a formal complaint with our supervisory authority you can do so by contacting the Information Commissioners Office (also known as the ICO). Contact and complaints procedures can be found on the ICO’s website https://ico.org.uk/.

Solutions View all

Account Name Verification: part of the AccessPay Fraud & Error Prevention Suite

By Use Case

Thorn Baker: Streamlined payment security for a high-volume recruitment firm

Corporates View all

Financial Services View all

Charles Russell Speechlys: Supporting an international law firm’s service delivery and growth ambitions with client account payment automation

All Resources View all

Topics & Categories

New report reveals account name verification tops finance teams’ technology priorities heading into 2025

About View all

AccessPay acknowledged as one of the UK’s Best Workplaces