This Privacy Notice covers Crunch Payments prepaid card products including the Accelovate card program.
As a UK company, Crunch is subject to UK and European Data Protection regulations. We are registered with the Information Commissioner’s Office and we have developed our internal data protection policies by consulting relevant UK, Gibraltar and EU legislation. The principles underpinning this legislation are there to help us maintain transparency with our users about how we process their personal data, only use it for legal or legitimate purposes and make sure that usage is appropriate for that purpose. We do this as we want to be clear and transparent about the information we collect from you, how we use it and how we store and protect it.
As part of our Card Program Operation we are required to collect information of a personal nature from you by our Controller which is the Issuer of your Card. This information is used to operate the facilities we offer to you through your card and to comply with laws and regulations.
Recently there has been the introduction of new regulations The General Data Protection Regulation, this is a new, European-wide law that replaces the Data Protection Act 1998 in the UK and the Data Protection Act 2004 (Amendment) Regulations 2018 in Gibraltar, both known as GDPR. These provide individuals with new rights in relation to how your personal data is collected, used and stored and provides new rules for organisations on how to handle personal data.
Crunch is required to appoint an EU representative in respect of EU cardholders whose personal data we are processing. The details of our EU representative are as follows:
Representative: Ester Piubeni
Address: Corso Filippo Turati 65
What is Personal Data and How Do We Collect It?
We only collect from you the personal data we require to operate your card service as instructed by our Issuers* and will always limit the purpose we use it for. We will not collect any personal data from you that we do not need in order provide the services we have agreed to provide you with or to fulfil legal requirements places upon us.
When you created an account on our platform, buy a product or service from us, or otherwise agree to our terms and conditions, a contract is formed between you and us. In order to carry out our obligations under that contract we must process the information you give us. Also through certain actions when otherwise there is no contractual relationship between us, such as when you browse our website or ask us to provide you more information about our business, including job opportunities and our products and services, you provide your consent to us to process information that may be personal information. This information we collect for these purposes is not required by our Issuer.
You may withdraw your consent at any time by instructing us at:
Compliance@crunchpayments.com or on our webpage at www.crunchpayments.com. However, if you do so, you may not be able to use our website or our services further.
The information we collect from you in the above situations can include the following:
- Name, date of birth, gender, email address, postal/billing address and mobile number;
- Payment information such as: debit card number, expiry date, CVC, bank account number;
- Personal documentation provided on request such as passport information Driving licence, utility bill or a bank statement.
For the use of our card services, when you use our app or website and if you contact us, the information we collect can include:
- Information you give to us in telephone calls, emails, instant messages, text messages or other means of communication;
- Media (should you choose to enable these features once available) such as Profile photos or other photos, e.g. to tag transactions, capture receipts;
- When using the Crunch App mobile device, a unique device identifier, operating system version and mobile carrier ;
- Crunch App usage information, pages visited, functions selected, login attempts;
- IP address, browser type, operating system, browser language, time zone, service provider, system settings, system tokens/keys;
- Information about activities you undertake, such as the pages you visit, searches you make, marketing or links you click on;
- Information about the location of your device and
- Location of the mobile device, or other technologies such as nearby Wi-Fi access points, mobile transmitters and sensor data.
Note: You will only be able to use location-based services if you have opted-in to do so and
When you use the Crunch Platform and services, the information we collect here includes:
- Information related to individual transactions, e.g. Loading information: time and date of load, load type;
- Purchase information: retailers used, value of transactions, category of retailer, time of transaction;
- Withdrawals: cash machine used, how much has been withdrawn, time of withdrawal.
If you do not provide personal information we need
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform that contract. In that case, we may have to stop providing our services to you. If so, we will notify you of this at the time.
How we use your Information
How we use your Information
- To create your Crunch account and send you Crunch cards that you have ordered;
- To enable you to use the Crunch card and app. This will let you load, spend and withdraw funds on the Crunch card and review transactions;
- To enable you to access, manage, spend and withdraw your money through the prepaid card, app and all types of notifications;
- To contact you regarding your account to provide you with essential services; communications, e.g. suspicious activity on your account, billing, responding to enquiries etc.
- Send you usage alerts to notify you of relevant account activity, e.g. allowance switched on/off, attempted card use at non-permitted merchants;
We use your information so you can use Crunch and for rules we have to follow;
- To send you the Crunch card;
- So you can use the Crunch app;
- To contact you if something is wrong;
- To check who you are and that you are following the rules;
- To see how you use Crunch so we can make it better;
- To provide you with customer service when we notice a problem;
- To verify your identity and to identify, prevent, detect or tackle financial crime, including fraud, money laundering and other unauthorised conduct. We may also access, use and store any identity verification or other checks made, and do anything else required for these purposes;
- To understand your use of the service so we can provide a safe, reliable and convenient Crunch experience. We will also use your data to make sure content is presented on your device in the most effective manner;
- We may access, read, preserve, and disclose information that we reasonably believe is necessary to comply with law or a court order; enforce or apply our conditions of use and
- other agreements; or protect the rights, property, or safety of Crunch, our employees, our customers, or others;
- We will use your data to carry out our obligations to you or any other users of the Crunch service, perform any services you have requested and allow you to participate in interactive features of the service when you choose to do so.
- When you contact the Crunch Support Team for assistance via any means we may keep a record of your communications to respond to your query and to improve our service to you. Your call may be recorded for training or quality purposes.
The personal data we collect from you will be processed by us, on the instruction of our Issuer, who will in turn be using it, furthermore some third parties who need the information to ensure a smooth operation and secure and lawful process will also be processing it.
We can provide you with a list of our providers who will have access to your information on request. Please be aware that your information may be stored on a cloud – based system whose servers are located within the European Union. We take all reasonable steps to ensure that your personal data is processed securely.
Personal Data and your Rights
The new regulation aims to give power back to you and let you have more control over your data. It gives you some new rights and builds on some old rights in relation to your data, these are your rights regarding your information we process below:
- You have a right to access the information we hold, obtain a copy and obtain details on how your data is processed within 30 days of a request;
- If any data we hold is incorrect, you can request this is corrected without delay.
- You can request that we remove any unnecessary information about you. Crunch is required to retain some information to comply with financial regulations;
- You can ask us to stop processing your data where it is inaccurate, our processing is unlawful, or we no longer need the data or you have objected to us processing your data in our interest. When you do this, you will be unable to access any of the Crunch services;
- You have the right to receive your data in a machine-readable format so that it can be used by another service;
- To update your information if it is wrong, we may ask you to provide supporting documents where necessary;
- You can object to automated decision-making which may significantly affect you;
- You have the right to contact the Information Commissioner’s Office which enforces data protection laws: https://ico.org.uk/;
If you would like to exercise any of your rights, including obtaining a copy of the information we hold about you, please send an email to email@example.com
How long do we keep this data?
We will generally keep your personal data for a period of 5 or 7 years from the date on which our relationship with you ends (this will depend on the Issuer your card has been issued by), after which it will be disposed of securely if it is no longer required for the lawful purpose(s) for which it was obtained.
How do we keep you information secure?
Crunch understands the importance of keeping your personal data secure. We will take appropriate technical and organisational measures to protect against unauthorised or unlawful processing, accidental loss or destruction of, or damage to personal data, although we cannot guarantee these things will never happen. No system is 100% safe from a sophisticated and sustained attack by determined hackers. A selection of measures we take to protect your personal data are provided below:
- Using industry standard security technology and procedures to protect your information;
- High-security password protection on internal systems;
- Encryption of our services using SSL (Secure Sockets Layer);
- Training of our employees on information security;
- Continual review of our policies and procedures in response to advances in technology and security best practice;
- Crunch App access password protection;
- Limiting access to your data;
- Measures to ensure access to Crunch systems is limited to approved persons to undertake their job
- We make sure your information stays safe, and
- All employees undergo data protection training and sign confidentiality agreements.
Cookies are small text files that are placed on your computer’s hard drive by your web browser when you visit any website. They allow information gathered on one web page to be stored until it is needed for use on another, allowing a website to provide you with a personalised experience and the website owner with statistics about how you use the website so that it can be improved.
- to track how you use our website;
- to record whether you have seen specific messages we display on our website;
- to keep you signed in to our website;
- to record your answers to surveys and questionnaires on our site while you complete them;
- to record the conversation thread during a live chat with our support team.
Unsubscribing from services
You may opt-out from some of the communications we send you. Where we process your data with your consent, you may withdraw that consent at any time.
Essential service communications
Crunch may communicate with you about important activity which has taken place on your account, for example, to alert you about suspicious transactions or problems with your account. You cannot opt-out of these communications.
Crunch may send you alerts regarding your account usage, for example, when money is loaded. These notifications are designed to keep you informed about important account activity. You are able to control these alerts although we will recommend that you continue to keep them on.
You have the right to ask us not to process your personal data for marketing purposes. If you have previously consented to marketing emails, but do not wish to receive marketing communications, then please send an email to firstname.lastname@example.org.
- “Unsubscribe me from third party marketing”
- “Unsubscribe me from Crunch marketing”
- “Unsubscribe me from all marketing”
To unsubscribe from Crunch marketing you can also use the unsubscribe link which will be at the bottom of any marketing emails we send.
We will need 5 working days to process these requests in most cases but please allow up to 2 weeks to take account of pre-prepared mailing lists.
If you have any general enquiries or questions about how we use your personal information or about this Privacy Notice, please contact the Crunch Support Team by email at email@example.com