Privacy Policy

Payment Guru Ltd Privacy Policy

Your privacy is important to us. It is Payment Guru Ltd's policy to respect your privacy and

comply with any applicable law and regulation regarding any personal information we may

collect about you, including via our app, ServA, and its associated services.

Personal information is any information about you which can be used to identify you. This

includes information about you as a person (such as name, address, and date of birth), your

devices, payment details, and even information about how you use an app or online service.

In the event our app contains links to third-party sites and services, please be aware that those

sites and services have their own privacy policies. After following a link to any third-party

content, you should read their posted privacy policy information about how they collect and use

personal information. This Privacy Policy does not apply to any of your activities after you leave

our app.

This policy is eFective as of 13 October 2025

Last updated: 13 October 2025

Information We Collect

Information we collect falls into one of two categories: "voluntarily provided" information and

"automatically collected" information.

"Voluntarily provided" information refers to any information you knowingly and actively provide

us when using our app and its associated services.

"Automatically collected" information refers to any information automatically sent by your

device in the course of accessing our app and its associated services.

Log Data

When you access our servers via our app, we may automatically log the standard data provided

by your device. It may include your device's Internet Protocol (IP) address, your device type and

version, your activity within the app, time and date, and other details about your usage.

Additionally, when you encounter certain errors while using the app, we automatically collect

data about the error and the circumstances surrounding its occurrence. This data may include

technical details about your device, what you were trying to do when the error happened, and

other technical information relating to the problem. You may or may not receive notice of such

errors, even in the moment they occur, that they have occurred, or what the nature of the error

is.

Please be aware that while this information may not be personally identifying by itself, it may be

possible to combine it with other data to personally identify individual persons.

Device Data

Our app may access and collect data via your device's in-built tools, such as:

Your Identity

Location Data

CameraCalendar

Contacts

Phone/SMS

Storage, photos and/or media

Background data refresh

Mobile data

Device/app history

Bluetooth

Payments data

When you install the app or use your device’s tools within the app, we request permission to

access this information. The specific data we collect can depend on the individual settings of

your device and the permissions you grant when you install and use the app.

Personal Information

We may ask for personal information - for example, when you submit content to us, when you

subscribe to our newsletter, when you register an account or when you contact us — which may

include one or more of the following:

Name

Email

Date of birth

Phone/mobile number

Home/mailing address

Sensitive Information

"Sensitive information" or "special categories of data" is a subset of personal information that is

given a higher level of protection. Examples of sensitive information include information relating

to your racial or ethnic origin, political opinions, religion, trade union or other professional

associations or memberships, philosophical beliefs, sexual orientation, sexual practices or sex

life, criminal records, health information, or biometric information.

The types of sensitive information that we may collect about you include:

Banking data for payment

We will not collect sensitive information about you without first obtaining your consent, and we

will only use or disclose your sensitive information as permitted, required, or authorised by law.

Legitimate Reasons for Processing Your Personal Information

We only collect and use your personal information when we have a legitimate reason for doing

so. In which instance, we only collect personal information that is reasonably necessary to

provide our services to you.Collection and Use of Information

We may collect personal information from you when you do any of the following on our app:

Register for an account

Sign up to receive updates from us via email or social media channels

Use a mobile device or web browser to access our content

Contact us via email, social media, or on any similar technologies

When you mention us on social media

We may collect, hold, use, and disclose information for the following purposes, and personal

information will not be further processed in a manner that is incompatible with these purposes:

to provide you with our platform's core features and services

to contact and communicate with you

for analytics, market research, and business development, including to operate and improve

our app, associated applications, and associated social media platforms

to enable you to access and use our app, associated platforms, and associated social media

platforms

for internal record keeping and administrative purposes

to comply with our legal obligations and resolve any disputes that we may have

to attribute any content (e.g. posts and comments) you submit that we publish on our app

for security and fraud prevention, and to ensure that our sites and apps are safe, secure, and

used in line with our terms of use

for technical assessment, including to operate and improve our app, associated applications,

and associated social media platforms

We may combine voluntarily provided and automatically collected personal information with

general information or research data we receive from other trusted sources. For example, If you

consent to us accessing your social media profiles, we may combine information sourced from

those profiles with information received from you directly to provide you with an enhanced

experience of our app and services.

Security of Your Personal Information

When we collect and process personal information, and while we retain this information, we will

protect it within commercially acceptable means to prevent loss and theft, as well as

unauthorised access, disclosure, copying, use or modification.

Although we will do our best to protect the personal information you provide to us, we advise

that no method of electronic transmission or storage is 100% secure and no one can guarantee

absolute data security.

You are responsible for selecting any password and its overall security strength, ensuring the

security of your own information within the bounds of our services. For example, ensuring anypasswords associated with accessing your personal information and accounts are secure and

confidential.

How Long We Keep Your Personal Information

We keep your personal information only for as long as we need to. This time period may depend

on what we are using your information for, in accordance with this privacy policy. For example, if

you have provided us with personal information as part of creating an account with us, we may

retain this information for the duration your account exists on our system. If your personal

information is no longer required for this purpose, we will delete it or make it anonymous by

removing all details that identify you.

However, if necessary, we may retain your personal information for our compliance with a legal,

accounting, or reporting obligation or for archiving purposes in the public interest, scientific, or

historical research purposes or statistical purposes.

Children’s Privacy

We do not aim any of our products or services directly at children under the age of 13 and we do

not knowingly collect personal information about children under 13.

Disclosure of Personal Information to Third Parties

We may disclose personal information to:

a parent, subsidiary or aFiliate of our company

our employees, contractors, and/or related entities

our existing or potential agents or business partners

credit reporting agencies, courts, tribunals, and regulatory authorities, in the event you fail to

pay for goods or services we have provided to you

courts, tribunals, regulatory authorities, and law enforcement oFicers, as required by law, in

connection with any actual or prospective legal proceedings, or in order to establish, exercise,

or defend our legal rights

third parties, including agents or sub-contractors who assist us in providing information,

products, services, or direct marketing to you

third parties to collect and process data

an entity that buys, or to which we transfer all or substantially all of our assets and business

Third parties we currently use include:

Payment Guru and it's partners

payroll providers and softwares

EMI solution providers

Your Rights and Controlling Your Personal Information

Your choice: By providing personal information to us, you understand we will collect, hold, use,

and disclose your personal information in accordance with this privacy policy. You do not haveto provide personal information to us, however, if you do not, it may aFect your use of our app or

the products and/or services oFered on or through it.

Information from third parties: If we receive personal information about you from a third party,

we will protect it as set out in this privacy policy. If you are a third party providing personal

information about somebody else, you represent and warrant that you have such person’s

consent to provide the personal information to us.

Marketing permission: If you have previously agreed to us using your personal information for

direct marketing purposes, you may change your mind at any time by contacting us using the

details below.

Access: You may request details of the personal information that we hold about you.

Correction: If you believe that any information we hold about you is inaccurate, out of date,

incomplete, irrelevant, or misleading, please contact us using the details provided in this

privacy policy. We will take reasonable steps to correct any information found to be inaccurate,

incomplete, misleading, or out of date.

Non-discrimination: We will not discriminate against you for exercising any of your rights over

your personal information. Unless your personal information is required to provide you with a

particular service or oFer (for example serving particular content to your device), we will not

deny you goods or services and/or charge you diFerent prices or rates for goods or services,

including through granting discounts or other benefits, or imposing penalties, or provide you

with a diFerent level or quality of goods or services.

Notification of data breaches: We will comply with laws applicable to us in respect of any data

breach.

Complaints: If you believe that we have breached a relevant data protection law and wish to

make a complaint, please contact us using the details below and provide us with full details of

the alleged breach. We will promptly investigate your complaint and respond to you, in writing,

setting out the outcome of our investigation and the steps we will take to deal with your

complaint. You also have the right to contact a regulatory body or data protection authority in

relation to your complaint.

Unsubscribe: To unsubscribe from our email database or opt-out of communications (including

marketing communications), please contact us using the details provided in this privacy policy,

or opt-out using the opt-out facilities provided in the communication. We may need to request

specific information from you to help us confirm your identity.

Use of Cookies

Our privacy policy covers the use of cookies between your device and our servers. A cookie is a

small piece of data that an app may store on your device, typically containing a unique identifier

that allows the app servers to recognise your device when you use the app; information about

your account, session and/or device; additional data that serves the purpose of the cookie; and

any self-maintenance information about the cookie itself.

We use cookies to give your device access to core features of our app, to track app usage and

performance on your device, to tailor your experience of our app based on your preferences,

and to serve advertising to your device. Any communication of cookie data between your device

and our servers occurs within a secure environment.Please refer to our Cookie Policy for more information.

Business Transfers

If we or our assets are acquired, or in the unlikely event that we go out of business or enter

bankruptcy, we would include data, including your personal information, among the assets

transferred to any parties who acquire us. You acknowledge that such transfers may occur, and

that any parties who acquire us may, to the extent permitted by applicable law, continue to use

your personal information according to this policy, which they will be required to assume as it is

the basis for any ownership or use rights we have over such information.

Limits of Our Policy

Our app may link to external sites that are not operated by us. Please be aware that we have no

control over the content and policies of those sites, and cannot accept responsibility or liability

for their respective privacy practices.

Changes to This Policy

At our discretion, we may change our privacy policy to reflect updates to our business

processes, current acceptable practices, or legislative or regulatory changes. If we decide to

change this privacy policy, we will post the changes here at the same link by which you are

accessing this privacy policy.

If the changes are significant, or if required by applicable law, we will contact you (based on

your selected preferences for communications from us) and all our registered users with the

new details and links to the updated or changed policy.

If required by law, we will get your permission or give you the opportunity to opt in to or opt out

of, as applicable, any new uses of your personal information.

Additional disclosures for General Data Protection Regulation (GDPR) compliance (EU)

Data controller / data processor

The GDPR distinguishes between organisations that process personal information for their own

purposes (known as "data controllers") and organisations that process personal information on

behalf of other organisations (known as "data processors"). We, Payment Guru Ltd, located at

the address provided in our Contact Us section, are a Data Controller and/or Processor with

respect to the personal information you provide to us.

Legal bases for processing your personal information

We will only collect and use your personal information when we have a legal right to do so. In

which case, we will collect and use your personal information lawfully, fairly, and in a

transparent manner. If we seek your consent to process your personal information, and you are

under 16 years of age, we will seek your parent or legal guardian’s consent to process your

personal information for that specific purpose.

Our lawful bases depend on the services you use and how you use them. This means we only

collect and use your information on the following grounds:

Consent from youWhere you give us consent to collect and use your personal information for a specific purpose.

You may withdraw your consent at any time using the facilities we provide; however this will not

aFect any use of your information that has already taken place. You may consent to providing

your email address for the purpose of receiving marketing emails from us. While you may

unsubscribe at any time, we cannot recall any email we have already sent. If you have any

further enquiries about how to withdraw your consent, please feel free to enquire using the

details provided in the Contact Us section of this privacy policy.

Performance of a contract or transaction

Where you have entered into a contract or transaction with us, or in order to take preparatory

steps prior to our entering into a contract or transaction with you. For example, if you contact us

with an enquiry, we may require personal information such as your name and contact details in

order to respond.

Our legitimate interests

Where we assess it is necessary for our legitimate interests, such as for us to provide, operate,

improve and communicate our services. We consider our legitimate interests to include

research and development, understanding our audience, marketing and promoting our

services, measures taken to operate our services eFiciently, marketing analysis, and measures

taken to protect our legal rights and interests.

Compliance with the law

In some cases, we may have a legal obligation to use or keep your personal information. Such

cases may include (but are not limited to) court orders, criminal investigations, government

requests, and regulatory obligations. If you have any further enquiries about how we retain

personal information in order to comply with the law, please feel free to enquire using the

details provided in the Contact Us section of this privacy policy.

International Transfers Outside of the European Economic Area (EEA)

We will ensure that any transfer of personal information from countries in the European

Economic Area (EEA) to countries outside the EEA will be protected by appropriate safeguards,

for example by using standard data protection clauses approved by the European Commission,

or the use of binding corporate rules or other legally accepted means.

Your rights and controlling your personal information

Restrict: You have the right to request that we restrict the processing of your personal

information if:

you are concerned about the accuracy of your personal information;

you believe your personal information has been unlawfully processed;

you need us to maintain the personal information solely for the purpose of a legal claim; or

we are in the process of considering your objection in relation to processing on the basis of

legitimate interests.

Objecting to processing: You have the right to object to processing of your personal information

that is based on our legitimate interests or public interest. If this is done, we must providecompelling legitimate grounds for the processing which overrides your interests, rights, and

freedoms, in order to proceed with the processing of your personal information.

Data portability: You may have the right to request a copy of the personal information we hold

about you. Where possible, we will provide this information in CSV format or other easily

readable machine format. You may also have the right to request that we transfer this personal

information to a third party.

Additional disclosures for UK General Data Protection Regulation (UK GDPR) compliance (UK)

Data controller / data processor

The GDPR distinguishes between organisations that process personal information for their own

purposes (known as "data controllers") and organisations that process personal information on

behalf of other organisations (known as "data processors"). We, Payment Guru Ltd, located at

the address provided in our Contact Us section, are a Data Controller and/or Processor with

respect to the personal information you provide to us.

Third-party provided content

We may indirectly collect personal information about you from third-parties who have your

permission to share it. For example, if you purchase a product or service from a business

working with us, and give your permission for us to use your details in order to complete the

transaction.

We may also collect publicly available information about you, such as from any social media

and messaging platforms you may use. The availability of this information will depend on both

the privacy policies and your own privacy settings on such platforms.

Additional disclosure for collection and use of personal information

In addition to the aforementioned purposes warranting the collection and use of personal

information, we may also conduct marketing and market research activities, including how

visitors use our site, website improvement opportunities and user experience.

Personal information no longer required for our purposes

If your personal information is no longer required for our stated purposes, or if you instruct us

under your Data Subject Rights, we will delete it or make it anonymous by removing all details

that identify you ("Anonymisation"). However, if necessary, we may retain your personal

information for our compliance with a legal, accounting, or reporting obligation or for archiving

purposes in the public interest, scientific, or historical research purposes or statistical

purposes.

Legal bases for processing your personal information

Data Protection and Privacy Laws permit us to collect and use your personal data on a limited

number of grounds.. In which case, we will collect and use your personal information lawfully,

fairly and in a transparent manner. We never directly market to any person(s) under 18 years of

age.

Our lawful bases depend on the services you use and how you use them. This is a non-

exhaustive list of the lawful bases we use:Consent from you

Where you give us consent to collect and use your personal information for a specific purpose.

You may withdraw your consent at any time using the facilities we provide; however this will not

aFect any use of your information that has already taken place. When you contact us, we

assume your consent based on your positive action of contact, therefore you consent to your

name and email address being used so we can respond to your enquiry.

Where you agree to receive marketing communications from us, we will do so based solely on

your indication of consent or until you instruct us not to, which you can do at any time.

While you may request that we delete your contact details at any time, we cannot recall any

email we have already sent. If you have any further enquiries about how to withdraw your

consent, please feel free to enquire using the details provided in the Contact Us section of this

privacy policy.

Performance of a contract or transaction

Where you have entered into a contract or transaction with us, or in order to take preparatory

steps prior to our entering into a contract or transaction with you. For example, if you contact us

with an enquiry, we may require personal information such as your name and contact details in

order to respond.

Our legitimate interests

Where we assess it is necessary for our legitimate interests, such as for us to provide, operate,

improve and communicate our services. We consider our legitimate interests to include

research and development, understanding our audience, marketing and promoting our

services, measures taken to operate our services eFiciently, marketing analysis, and measures

taken to protect our legal rights and interests.

Compliance with law

In some cases, we may have a legal obligation to use or keep your personal information. Such

cases may include (but are not limited to) court orders, criminal investigations, government

requests, and regulatory obligations. For example, we are required to keep financial records for

a period of 7 years. If you have any further enquiries about how we retain personal information in

order to comply with the law, please feel free to enquire using the details provided in the

Contact Us section of this privacy policy.

International transfers of personal information

The personal information we collect is stored and/or processed in the United Kingdom by us.

Following an adequacy decision by the EU Commission, the UK has been granted an essentially

equivalent level of protection to that guaranteed under UK GDPR.

On some occasions, where we share your data with third parties, they may be based outside of

the UK, or the European Economic Area ("EEA"). These countries to which we store, process, or

transfer your personal information may not have the same data protection laws as the country

in which you initially provided the information.

If we transfer your personal information to third parties in other countries:we will perform those transfers in accordance with the requirements of the UK GDPR (Article 45)

and Data Protection Act 2018;

we will adopt appropriate safeguards for protecting the transferred data, including in transit,

such as standard contractual clauses ("SCCs") or binding corporate rules.

Your data subject rights

Right to Restrict Processing: You have the right to request that we restrict the processing of your

personal information if (i) you are concerned about the accuracy of your personal information;

(ii) you believe your personal information has been unlawfully processed; (iii) you need us to

maintain the personal information solely for the purpose of a legal claim; or (iv) we are in the

process of considering your objection in relation to processing on the basis of legitimate

interests.

Right to Object: You have the right to object to processing of your personal information that is

based on our legitimate interests or public interest. If this is done, we must provide compelling

legitimate grounds for the processing which overrides your interests, rights, and freedoms, in

order to proceed with the processing of your personal information.

Right to be Informed: You have the right to be informed with how your data is collected,

processed, shared and stored.

Right of Access: You may request a copy of the personal information that we hold about you at

any time by submitting a Data Subject Access Request (DSAR). The statutory deadline for

fulfilling a DSAR request is 30 calendar days from our receipt of your request.

Right to Erasure: In certain circumstances, you can ask for your personal data to be erased from

the records held by organisations. However this is a qualified right; it is not absolute, and may

only apply in certain circumstances.

When may the right to erasure apply?

When the personal data is no longer necessary for the purpose for which it was originally

collected or processed for.

If consent was the lawful basis for processing personal data and that consent has been

withdrawn. Payment Guru Ltd relies on consent to process personal data in very few

circumstances.

The Company is relying on legitimate interests as a legal basis for processing personal data and

an individual has exercised the right to object and it has been determined that the Company has

no overriding legitimate grounds to refuse that request.

Personal data are being processed for direct marketing purposes e.g. a person's name and

email address, and the individual objects to that processing.

There is legislation that requires that personal data are to be destroyed.

Right to Portability: Individuals have the right to get some of their personal data from an

organisation in a way that is accessible and machine-readable, for example as a csv file.

Associated with this, individuals also have the right to ask an organisation to transfer their

personal data to another organisation.However, the right to portability:

only applies to personal data which a person has directly given to Payment Guru Ltd in

electronic form; and

onward transfer will only be available where this is "technically feasible".

Right to Rectification: If personal data is inaccurate, out of date, or incomplete, individuals have

the right to correct, update or complete that data. Collectively this is referred to as the right to

rectification. Rectification may involve filling the gaps i.e. to have to have incomplete personal

data completed - although this will depend on the purposes for the processing. This may involve

adding a supplementary statement to the incomplete data to highlight any inaccuracy or claim

thereof.

This right only applies to an individual's own personal data; a person cannot seek the

rectification of another person's information.

Notification of data breaches: Upon discovery of a data breach, we will investigate the incident

and report it to the UK's data protection regulator and yourself, if we deem it appropriate to do

so.

Complaints: You have the right, at any time, to lodge a complaint with the Information

Commissioner's OFice (ICO), the UK supervisory authority for data protection issues

(www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before

you approach the ICO so please contact us in the first instance using the details below. Please

provide us with as much information as you can about the alleged breach. We will promptly

investigate your complaint and respond to you, in writing, setting out the outcome of our

investigation and the steps we will take to deal with your complaint.

Enquiries, reports and escalation

To enquire about Payment Guru Ltd's privacy policy, or to report violations of user privacy, you

may contact our Data Protection OFicer using the details in the Contact us section of this

privacy policy.

If we fail to resolve your concern to your satisfaction, you may also contact the Information

Commissioner's OFice (ICO), the UK Data Protection regulator:

Information Commissioner's OFice

WycliFe House

Water Lane

Wilmslow

CheshireSK9 5AF

Tel: 0303 123 1113 (local rate)

Website: www.ico.org.uk

Contact Us

For any questions or concerns regarding your privacy, you may contact us using the following

details:

Tony Berry

https://www.paymentguru.uk/contact-us