At Payment Assist, we are committed to safeguarding the privacy and rights of individuals whose personal data we process. This statement outlines how we comply with the UK GDPR and our responsibilities as a data controller.

Our Commitment to Data Protection

We process personal data lawfully, fairly, and transparently. Our data handling practices are guided by the following principles:

1. Lawfulness, Fairness & Transparency
2. Purpose Limitation
3. Data Minimisation
4. Accuracy
5. Storage Limitation
6. Integrity & Confidentiality

We maintain accountability through documentation, regular audits, and staff training.

Scope of This Statement

This applies to all employees, contractors, and third parties who process personal data on behalf of Payment Assist.

Key Definitions

• Personal Data: Information that identifies an individual (e.g., name, email, financial details).
• Special Categories: Sensitive data such as health, ethnicity, or political beliefs.
• Data Controller: Entity that determines how and why personal data is processed.
• Data Processor: Entity that processes data on behalf of the controller.

Lawful Basis for Processing

We only process personal data when one of the following applies:

• Consent
• Contractual necessity
• Legal obligation
• Vital interests
• Public task
• Legitimate interests

Each processing activity is documented and approved by our Data Protection Officer (DPO).

Individual Rights

Under GDPR, individuals have the right to:

• Be informed
• Access their data
• Rectify inaccuracies
• Erase data
• Restrict processing
• Data portability
• Object to processing
• Challenge automated decisions

Requests can be made via our Contact Page.

Data Security & Retention

We implement robust technical and organisational measures to protect data. Personal data is retained only as long as necessary, in line with our [Data Retention Policy].

Third Parties & International Transfers

We ensure all third-party processors meet GDPR standards and have appropriate contracts in place. International data transfers are restricted and require DPO approval.

Reporting & Breaches

Any data breach must be reported immediately. We notify the ICO within 72 hours of any reportable breach and inform affected individuals where necessary.

Contact Us

Data Protection Officer
Ametros Group Ltd
Lakeside Offices, Thron Business Park, Rotherwas Industrial Estate, Hereford, Herefordshire, HR2 6JT
Email: dpo@ametrosgroup.com

End of Statement