Cepta – Creating Seamless Payment Experiences
Cepta – Creating Seamless Payment Experiences
Login
Get Started

Privacy Policy

  1. Home
  2. Privacy Policy

Privacy Policy

 June 06, 2024

This notice outlines how Cepta (“we” or “us”) handles personal data for merchants, end users, and web visitors. It includes information about your data privacy rights. Please read it carefully to ensure you understand how your data is handled.

Privacy Notice at Your Fingertips:

Our privacy notice is designed to be user-friendly, with easy navigation to specific sections that may interest you. 
Our goal is to provide clear and concise information about how we handle personal data.

Personal Information and Respective Privacy Law

1.1) Who Are We?

Cepta and all its Affiliates, members of the Cepta Payment Services Limited.

Cepta Payment Services Limited, trading under the brand name Cepta, is an electronic money institution regulated by the United Kingdom’s Financial Conduct Authority (FCA). We offer payment and financial services to our customers, including payment handling, payment account services, fraud detection services, and other payment processing services.

Depending on the level and nature of interaction with our company, Cepta may act as either a data controller or a data processor in accordance with applicable data protection laws.

As a data controller, we determine how and why data is processed in various activities we provide, including but not limited to:

  • Providing products and services to our merchants

  • Fraud detection and monitoring

  • Regulatory compliance requirements

  • Improving established products

  • Recruitment requirements

In other cases, we act as Data Processor when directed to process transactions at the request of merchants.

1.2) Our Privacy Mission Statement

Our mission is to provide our clients with a safe and secure e-commerce platform, where the confidentiality and integrity of personal data are top priorities. We commit to employing the latest and robust security methodologies to safeguard personal data and ensure its ethical use. Our goal is to empower our clients to achieve their business objectives while remaining confident that their personal data is in good hands.

1.3) Jurisdictions Where We Operate 

The following table lists the different jurisdictions in which we operate:

Location of User

Purposes of Processing

Name of Entity

Location of Entity

United Kingdom

All activities

Cepta Payment Services Limited (regulated and licensed by the Financial Conduct Authority (FCA)

United Kingdom

Canada

Provision of authorised payment and acquiring services in Canada.

Cepta Payment Services Limited (regulated by the Financial Consumer Agency of Canada)

Canada

Nigeria

Provision of authorised payment and acquiring services in Nigeria.

Cepta Payment Services Limited (regulatedby the Central Bank of Nigeria)

Nigeria

Our Contact Address:

  • United Kingdom Office: 2nd Floor, College House, 17 King Edwards Road, Ruislip, London, HA4 7AE

  • Canada Office: 1975 McCallum Rd, Unit 115 Abbotsford, BC V2S 3N3, Canada

  • Nigeria Office: 11, Adebisi Close off Ogunlana drive Surulere Lagos

  • Kenya Office:

If you have any queries regarding this privacy notice, contact our Group Data Protection Officer here. You can send us an email on: [email protected]

1.4) How Long Do We Keep Data?

If you are or become one of our customers or business partners, we will keep information relating to our business relationship for a minimum of 5 years, 7 years, or 10 years, depending on applicable legal jurisdictions, after the end of your contract with us or on rejection of your application. Data collected in relation to our legal obligation to verify our customers will be kept as long as legally required and to meet our fiscal, corporate, and other statutory obligations. Retention terms can be longer if required by applicable law or for the protection of our legal rights.

1.5) How Do We Protect Your Personal Data?

We take the security of your personal data seriously and have implemented robust technical and organizational measures to protect all personal data in our possession. These measures include:

  • Encryption of sensitive data in transit and at rest

  • Access controls limiting access to personal data to authorized personnel only

  • Regular testing and auditing of our systems and processes to ensure their effectiveness

  • Training for our staff on data protection and privacy best practices

How Personal Information is Used

2.1) When You Are a Cepta Customer

We use this information to set up our products and services for you, including providing support, onboarding, integrating with our platform, and helping you set up any of our technological offerings.

Furthermore, we use your information to fulfil our legitimate interests and legal obligations, such as internal administration, due diligence, KYC (Know Your Customer), AML/CFT (Anti-Money Laundering/Combating the Financing of Terrorism), and tax requirements.

We collect data on your use of our products and services, including login details, questions, queries, comments, and complaints, to perform our contract with you, provide support, and optimize and improve our offerings.

We may use your company email address to provide updates on our products and services, tailor offers to your needs, or invite you to our events.

As a financial institution, we are obligated to comply with relevant laws, regulations, and card/payment scheme rules, and to prevent fraud, money laundering, and terrorism financing. We conduct thorough checks on potential customers, identify ultimate beneficial owners and transaction purposes, monitor transactions, and verify representatives’ competency. We may collect and process data for these purposes, including your name, contact information, identification documents, citizenship proof, address proof, legal representative or shareholder address, bank details, signatures, and company registration details. We also use third-party verification services to verify your identity and documents. Throughout our relationship with you, we share data with third-party verification services as needed to meet legal and legitimate interests. This data aids us in identifying, preventing, and addressing illegal activities, ensuring compliance with KYC and AML obligations.

Cepta processes your personal information for the following purposes:

  • To provide you with the products and/or services as per any agreement between Cepta and you

  • To enhance our products and services

  • To comply with relevant laws and regulations, including card and payment scheme rules

  • To perform analysis for statistical, strategic, and research purposes

  • To protect our platform, systems, products, and services from misuse, fraud, financial crimes, or other unauthorized or illegal activities, including the prevention, investigation, and detection of payment fraud based on legitimate interests

  • For reporting and training purposes

2.2) When We Process Your Transaction

As a payment service provider, we act as an acquirer, accepting payment on behalf of the relevant merchant and transferring funds paid by the cardholder to the merchant.

Our role includes requesting authorization from relevant card/payment schemes (e.g., Mastercard, Visa), and processing transactions. We may collect and process merchant customer data for this purpose, including card numbers, transaction details, and merchant information, ensuring compliance with PCI DSS standards.

When a merchant needs to charge a card for a recurring payment and the card has expired, Cepta may request updated card information from the relevant payment scheme or retrieve it from the Cepta platform to process your payment.

For these purposes, we may collect the card number (encrypted in accordance with PCI DSS standards), the expiry date (month and year), bank account details (excluding your name), including IBAN and SWIFT/BIC, the transaction amount, the transaction currency, the date, time, and location of the transaction, and the merchant’s category and ID.

If necessary, we may also process this information to protect our legal rights, such as in connection with legal claims, and when we are legally obligated to process your data.

Our products and services that involve processing these information sets include, but are not limited to:

  • Acquiring/Gateway Services

  • Shopping Cart

  • Alternative Payment Methods

For more details on our product offerings, see here.

2.3) When You Visit Our Website

We collect and process information such as IP addresses, internet browser and device type, location data, and usage data to improve your browsing experience and ensure our website functions properly.

We do not sell personal data to third parties and take necessary steps to protect your data from unauthorized access, disclosure, or destruction. For more details on how we collect data from website visitors, refer to our cookie notice.

2.4) Who Do We Share Your Information With?

We may share some of your information, including personal data, with competent authorities and regulators to comply with our obligations as a financial institution, including preventing money laundering and terrorist financing. We may share the personal data you have provided or transferred to us with any member of the Cepta affliates, card and payment schemes, our employees, and third-party subcontractors and their employees. Additionally, we may share this data with other entities as reasonably necessary, including but not limited to, credit reference agencies, law enforcement agencies, anti-terrorism or organized crime agencies, fraud monitoring agencies, and central banks.

2.5) Fraud Detection Services for Merchants

We may share some of your information, including personal data, with competent authorities and/or regulators if required to comply with our obligations as a financial institution, including, but not limited to, the prevention of money laundering and terrorist financing. We may share personal data you have disclosed or transferred to us with any member of the Cepta Payment Services Limited and/or associated entities, card and payment schemes, our employees, and third-party subcontractors and their employees. Additionally, we may share this data with other entities as reasonably necessary, including, but not limited to, credit reference agencies, law enforcement agencies, anti-terrorism or organized crime agencies, fraud monitoring agencies, and central banks.

2.6) Social Media Buttons and Cookies

We use plugins on our website for social media networks and embedded video players. We also use cookies to improve our website and marketing strategy. Some cookies track your use of our website and visits to other websites to show you targeted advertisements. See our cookie notice.

2.7) Sharing Information with Third Parties

We may share your information with our service providers and advisers to offer our products and services. If our business is sold or integrated with another business, your details will be disclosed to advisers and new owners of the business. We may transfer information to other members of our corporate group outside the EU or UK, using appropriate safeguards.

Control You Have

3.1) Newsletter, Service Communication, and Marketing Purposes

If you sign up for our newsletter or events, we use your name and email address to send you information. If you are one of our merchants, we may contact you about relevant products or services. You can unsubscribe from these emails at any time. We use your data to improve our products and services and offer tailored products to our customers.

3.2) Your Rights

As per applicable data protection legislation, you have the right to object to us processing your personal data, ask for an overview or copy of your information, correct, or delete certain data, restrict processing of your data, or transfer some of this information to other organizations. You can also withdraw your consent at any time. Please note that we maintain a record of withdrawals of consent. If you wish to exercise any of these rights, please contact us. If you have any questions or complaints about our privacy notice or the way we process your data, you can contact our DPO or the data protection authority of the country you live or work in.

3.3) How to Complain

This section provides details on how to contact us to make a complaint about data privacy. It also shows you where you can contact the government regulator. If you are unhappy with how we have used your personal data, please let us know. Contact our Data Protection Officer here.

You also have the right to complain to the regulator and to lodge an appeal if you are not happy with the outcome of a complaint you’ve made to us. In the United Kingdom, this is the Information Commissioner’s Office, and they can be contacted here.

3.4) Contacting Us

You can contact us via our website, phone, or email. We collect the information you provide, including your name, company, and contact details, to answer your questions or assess your application. We use this data to establish or perform our contract with you, and for our legitimate interests in conducting business with you and managing our internal administration.