- How we use your information to provide Amberpay’s services
- Why we share your information within Amberpay
- Why we share your information with other organisations
- How we transfer your information to other countries
- How we use your information to contact you
- What happens to your information when we don’t need to use it anymore
- How we keep your information secure
- Your rights in relation to your information
- How we use social media
- Your rights when you follow links to external websites
- The cookies we use and how you can control them
- How you can ask for more information, ask a question, or make a complaint
- How to contact the Amberpay’s Data Protection Officer
Where we refer to Amberpay we mean Amberpay Offshore Services Limited and its wholly owned subsidiary companies.
Using your information to provide Amberpay services
Amberpay offers a wide range of commercial outsourcing services and we collect and hold personal information that identifies clients, employees, intermediaries, suppliers, self-employed operatives and other third parties linked to our clients. The types and amount of information we collect differs depending on your relationship with us. We only collect the data we need in order to provide the services you have asked for, or that we need in order to fulfil our legal or regulatory obligations in relation to those services. If we need to collect additional information we will explain why we need it.
You are not obliged to provide any of the information we ask you for, but If you do not provide certain information when requested, the Company may not be able to perform the contract we have entered into with you, such as paying you, providing a benefit, utilising your services or respond to your enquiries. You may also have to provide the Company with data in order to exercise statutory rights.
The examples in this section are only an overview of the types of processing we carry out. If you would like a more in-depth list of our processing activities and our legal basis for processing, please contact our Data Protection team via our online form.
When you enquire about our services and when you have appointed Amberpay to provide services, your personal information may be used for:
- Responding to enquiries, offering services, and agreeing terms of business
- Communicating with you about the services you have asked us to provide and informing you of changes that affect those services
- Time and location recording
- Make decisions about recruitment and deployment processes
- Maintain accurate and up-to-date contractor records and contact details (including details of whom to contact in the event of an emergency), and records of contractual and statutory rights
- gather evidence for, and keep a record of, disciplinary and grievance processes, to ensure acceptable conduct within the workplace
- pay you and make deductions for tax and National Insurance where appropriate
- operate and keep a record of contractor performance and related processes
- operate and keep a record of absence and absence management procedures, to allow effective workforce management and ensure that employees and self-employed operatives are receiving the pay to which they are entitled
- ensure effective general HR and business administration
- provide references on request for current or former contractors
- deal with legal disputes involving you or other workers and contractors
- Expenses claims
- Right to Work Checks
- Outsourced contract services
- Translation services
- Payment services
There are times when we are under a legal obligation to collect your personal information, including for:
- Preventing financial crime and the funding of terrorism
- Identifying politically or commercially exposed persons, or those with a significant exposure to the media
- FATCA/CRS reporting
- Obtaining certificates of competency, qualifications, certificates, licenses and health records for operatives
There are occasions where it is in our legitimate interests to collect and process your information, for example:
- CCTV monitoring of our office spaces helps to keep our staff and visitors safe and protects your personal information from unauthorised access - such data may be given to law enforcement agencies as evidence if we think an offence has been committed.
- Analysing details of the number of visits to our website and the pages visitors view allows us to update and improve it. This allows us to refine the site and make your visits to our website more interesting and informative.
- To make you aware of additional or new services that we feel could be of benefit to you and will complement the services we already provide.
- To make you aware of any changes that may be relevant to you whilst contracting with us
- We have the facility to record telephone calls to allow us to monitor staff performance, identify improvements in customer service and to assist in investigating and responding to disputes quickly and effectively. You will be notified by a member of our team if it is going to be recorded.
In some circumstances we cannot process your data without your explicit consent, such as when your physical or mental capacity for decision making needs to be assessed. If we ask you to provide sensitive information we will fully explain your options before we ask you to provide it.
Sharing your information within Amberpay
We share your information with other Amberpay companies where it is necessary in order for us to provide you with our services.
Sharing your information with other organisations
In the usual course of our business, we use third party organisations to support the essential delivery of our services to you. Under these circumstances Amberpay remains responsible for the security and privacy of your information and we regularly review all third parties' security measures to ensure they meet the same standards you expect from Amberpay. All third-party organisations operate under contracts that restrict their use of your personal information to providing the services we have employed them for.
The services they provide include:
- providing and supporting the IT systems in which your information is stored
- IT Systems backup and support systems
- Online forms an e-signature
- transportation and storage of information and confidential destruction
- translation of documents
- managing events arranged by Amberpay
- administering bulk email campaigns for information or marketing purposes
We may also have an obligation to share some of your personal information with public authorities, such as:
- Tax and VAT authorities
- Company and Trust Registries
- Regulatory authorities
- Law enforcement agencies
In some cases, your personal information will be shared with organisations outside Amberpay in order to obtain specialist or professional services that are necessary for the services we provide to you and you to us and our clients. These include:
- Professional advisers, such as accountants, lawyers, agents and architects
- Amberpay Clients
- Banks or other financial institutions
- Professional and Regulatory bodies (e.g.SIA)
- Credit reference agencies who assist us in meeting our customer due diligence obligations
- Services provided by our external IT providers
- Amberpay clients with whom we have a contract for services and with whom you may be sub-contracting with.
These external organisations have a legal obligation to comply with privacy and data protection legislation and most, if not all, will operate under a professional duty of confidentiality due to the type of service they provide. They have their own privacy policies that provide information about how they use your information.
You can find out more about the organisations your data has been shared with by contacting the Amberpay Data Protection team.
Transferring your information to other countries
When we share your information with organisations that are located in different jurisdictions, including other Amberpay companies and clients, we ensure they apply equivalent levels of protection.
Countries in the European Economic Area and those that have been awarded an adequacy ruling by the EU are considered to be secure. Personal information can flow freely between those countries because they provide equivalent levels of protection and their laws give you the same rights and protections in relation to your personal data.
For other international transfers we put data sharing contracts in place to ensure you retain the same rights and protections in the recipient country as you have in the country where your information was originally collected. This ensures that such transfers are legal and gives you and Amberpay, the reassurance of knowing that your privacy rights remain the same wherever your information is being processed.
If you would like more information please contact the Amberpay Data Protection team.
Using your contact details
From time to time we will send you important notices about the products or services you have asked us to provide, changes to our policies or terms and conditions, or changes to laws or regulations that could affect the service we provide. This is important information that keeps you informed about the products or services you have asked us to provide.
We may also send you emails containing newsletters and articles, information about additional services provided by Amberpay, or invitations to events we are organising, attending or sponsoring. You can opt-out of receiving these messages by contacting us here or by clicking on the unsubscribe link in those emails if applicable.
We never sell or lease your personal information or share it with other organisations outside Amberpay for marketing purposes.
Storing and deleting your information
The amount of time we keep your personal information will vary depending on your relationship with Amberpay. In some circumstances there is a legal or regulatory requirement to keep information for a specific amount of time, although this will be extended if there is ongoing legal action that overrides the normal retention period. Where there is no regulatory or legal requirement, we assess how long we reasonably need to keep your information in order to deal with ongoing queries.
When our relationship with you ends, there will be information we cannot delete immediately. Such information will be stored in our physical and/or electronic archives until we no longer have an obligation to keep them. At that point the information will be permanently deleted.
Keeping your information secure
We take the security of personal information and confidential documents extremely seriously. Amberpay complies with data protection legislation in the jurisdictions in which we operate and we have put in place appropriate safeguards to prevent unauthorised access or unlawful use of confidential information.
We restrict access to personal information to Amberpay employees, contractors, agents and clients who need to know that information in order to process it for us or in order to fulfil contractual obligations . They are subject to strict contractual confidentiality obligations and they may be disciplined or their contract terminated if they fail to meet these obligations.
We also employ a wide variety of technical and organisational security measures in order to safeguard the confidentiality, integrity and availability of your information.
We do not automatically encrypt emails and their contents and but should you require this please contact us in order that we may arrange to do so.
Subject to some exceptions, you have the right to:
- know whether Amberpay is processing your personal information
- request a copy of the personal information Amberpay holds about you
- have any inaccuracies corrected or/and have incomplete personal data completed
- have your personal data erased if it is no longer needed
- ask Amberpay to restrict the processing of your data
- object to Amberpay processing your data
- ask for your data to be transferred to a new service provider
- object to processing that is carried out in Amberpay legitimate interests
- not be subject to a decision based solely on automated processing if it produces legal effects or similarly affects you
- make a complaint to a data protection supervisory authority or regulator
You can find out more about your rights here.
If you would like to exercise any of your rights please contact the Amberpay Data Protection team.
Amberpay uses or may use a number of social media sites including Facebook, Twitter, LinkedIn and YouTube. We receive some information about you from these sites when you interact with us or access our social media content. The amount of information we receive is governed by your social media account privacy settings and the policies and procedures of each social media platform.
Links to external sites
The Amberpay website contains links to other websites which are not controlled by Amberpay. We are not responsible for the privacy of those sites and we encourage you to review the privacy policies of each one when you visit external sites so that you understand how those other organisations are using your personal information.
A cookie is a file which is sent to your computer or other access device when you visit a website. The Amberpay website may cookies to analyse user activities which helps us to develop it and initiate improvements aimed at making your visits more simple and relevant. The cookies we use do not collect personal information and they are not used to identify individuals.
For full details of the cookies used by Amberpay, please see our Cookies Policy.
Queries and complaints
If you have any concerns about the way we process your personal information we would prefer that you contact us to discuss your concerns. You also have the right to make a complaint to the data protection supervisory authority in the Isle of Man as below:
First Floor, Prospect House
Isle of Man
Phone: +44 1624 693260
Amberpay Data Protection Officer
Amberpay Data Protection Officer,
Court Row Chambers,
Isle of Man,
Phone: +44 1624 815189