Book a Call

Privacy policy

Effective Date: 29 December 2025

NOTAPAY UK LTD («we», «us», or «our») is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our Website or use our services. It also describes your rights in relation to your personal data and how you can exercise them. We process personal data in accordance with applicable data protection law, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By using our Website or services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with any part of this Policy, please do not use the Website or send us personal information. We may update this Policy from time to time (see Changes to this Privacy Policy below), and will post any changes on this page.

Information We Collect

We may collect and process various types of personal data about you. The personal data we collect falls into several categories:

  • Contact Details: Information that you provide to us to identify or contact you, such as your name, email address, telephone number, and postal address. For example, you may give us these details by filling out a contact form, subscribing to a newsletter, or corresponding with us by email.
  • Client Identification and Details: If you engage us to provide services, we may collect additional identifying information such as your company name or business contact details, and any identification numbers or tax identifiers necessary for us to perform services (for instance, a UTR or National Insurance number for tax filings, or a company registration number for business clients). We will also record details related to the services you require.
  • Financial and Invoicing Information: For clients, we collect information needed for billing and payment. This may include your billing address, bank account or payment card details (if you pay us via bank transfer or card), and records of invoices issued and payments received. (Note: We do not store full card details on our systems; if card payments are processed, that may be handled by a secure third-party payment processor.)
  • Correspondence: We will keep records of any correspondence or enquiries you send us. For example, if you email us or send a message through the Website, we will retain the content of your communication, your contact details, and our responses.
  • Usage Data (Cookies and Analytics): When you visit our Website, we automatically collect certain technical information about your visit through cookies and similar tracking technologies. This may include your IP address, browser type and version, device type, pages you visit on our site, the date and time of your visit, and referring site (the page that led you to our Website). We use analytics tools (such as Google Analytics) that gather this data to help us understand how visitors use our Website. (See our Cookies Policy below for more details on how we use cookies and how you can control them.)
  • Marketing Preferences: If you subscribe to our mailing list or otherwise opt in to receive marketing communications, we will record your preferences (such as the types of updates you want to receive and how you wish to be contacted). We will also note if you opt out of marketing so we do not contact you further.

We generally collect personal data directly from you (for example, when you fill in forms or communicate with us). However, we may also receive information from third parties in some cases. For instance, if you are referred to us by a business partner or if we need to verify certain information with publicly available sources or professional databases (such as verifying a company’s registration details on Companies House).

How We Use Personal Data (Purposes and Legal Bases)

We use your personal data for specific purposes and only where we have a legal basis to do so under data protection law. The purposes for which we process personal data, and the corresponding legal bases, include:

  • Providing Services and Responding to Enquiries: We use contact information and other personal details you provide to communicate with you and to carry out any services you request. For example, if you ask for a consultation or become a client, we will use your details to respond and deliver our services (such as preparing a tax return or providing a consulting report). Legal basis: This is usually to perform a contract with you or to take steps at your request prior to entering into a contract (for example, discussing a prospective service).
  • Service Administration and Performance: If you become a client, we will process your information to manage our relationship and fulfil our obligations. This includes using your data to perform the agreed services, send invoices, process payments, and communicate with you about the work. Legal basis: Performance of a contract (the contract for services between you and us).
  • Compliance with Legal Obligations: We may process your personal data where necessary for us to comply with laws and regulations. For instance, we keep financial records for tax and accounting purposes, and we may need to collect certain identification information to comply with anti-money laundering or fraud prevention laws applicable to providers of accounting or consultancy services. We may also be required by law to respond to lawful requests for information (e.g., court orders or regulatory inquiries). Legal basis: Compliance with a legal obligation.
  • Communications and Customer Support: We use your contact details to communicate with you about important information relating to services you use or enquiries you’ve made. This can include responding to your questions, sending service updates, or notifying you about changes to our terms or policies. We also use your correspondence with us to assist you and improve our customer service. Legal basis: Our legitimate interests in effectively running our business and providing good customer service (and, in some cases, performance of a contract, such as communicating about work we’re doing for you).
  • Marketing and Newsletters: With your consent (or in certain cases, as permitted by law for existing customers), we will use your contact information to send you newsletters, industry updates, promotions or event invitations that we think may interest you. You can opt out of such marketing at any time (see «Your Rights» below). We will not spam you or share your details with third parties for their own marketing. Legal basis: Consent (or legitimate interests to inform existing clients about our services, subject to your right to opt out).
  • Website Analytics and Improvement: We analyse how visitors use our Website (using data collected by cookies and similar technologies) to help improve the Website’s functionality, content, and user experience. For example, we look at aggregated data on which pages are most visited or how users navigate the site, so we can make improvements. We may also use this data to gauge the effectiveness of our content or marketing campaigns. Wherever possible, we use this information in an anonymised or aggregated form. Legal basis: Legitimate interests in understanding and improving our services. Where required by law (for example, for non-essential cookies), we rely on consent (which you give via the cookie consent mechanism).
  • Security and Fraud Prevention: We may process certain data (such as IP addresses or browsing behaviour) to protect the security of our Website, our company, and our users. This includes detecting and mitigating fraudulent or malicious activity. For example, we might use automated security monitoring to block unusual or suspicious attempts to access our site. Legal basis: Legitimate interests in maintaining the integrity and security of our systems and services, as well as legal obligations related to fraud prevention or cybersecurity.
  • Protecting Our Legal Rights: We may need to process and retain data as necessary to establish, exercise, or defend legal claims. This could include keeping records of communications, services provided, and transactions in case of a dispute, or using data to investigate potential misuse of our services. Legal basis: Legitimate interests in protecting our legal rights and interests (and those of our clients or others), and compliance with laws that require us to retain certain records.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another related purpose and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis that allows us to do so, or seek your consent if required.

Disclosure of Personal Data

We respect your privacy and do not sell or trade your personal information to third parties. However, in order to run our business and provide our services, we may need to share your personal data with certain third parties in the following circumstances:

  • Service Providers (Processors): We use trusted third-party companies to support our operations and they may process personal data on our behalf (acting as «data processors»). Examples include providers of:
    • Website hosting and IT infrastructure: (for instance, cloud server providers that host our Website and databases).
    • Email and communication services: (for sending out newsletters, service emails or for managing contacts).
    • Analytics services: (such as Google Analytics, which help us understand Website traffic – these providers may collect usage data via cookies on our site).
    • Payment processing services: (if we accept online payments, a third-party payment gateway might process your payment details securely).
    • Data storage and backups: (secure cloud storage providers where we might keep business records).

These service providers are bound by contracts that require them to only use your data under our instructions and to protect it. They cannot use your personal data for their own purposes.

  • Professional Advisors: We may share necessary personal data with our professional advisors (such as our accountants, auditors, insurers, or lawyers) for legitimate business purposes. For example, our accountants may see client invoicing records when preparing our financial statements, or our legal advisors might need information about a contract to provide us with legal advice. These parties are bound by duties of confidentiality.
  • Business Transfers: If we ever enter into a transaction to sell or transfer all or part of our business or assets (for example, through a merger, acquisition, or financing transaction), personal data we hold may be transferred to the buyer or new operator as part of that deal. We will ensure that any such transfer is handled securely and continues to protect your rights. If such a change occurs, we will notify users if their personal data becomes subject to a new privacy policy.
  • Legal Obligations and Protection: We may disclose your personal data if required to do so by law or if we have a good-faith belief that such action is necessary to:
    • Comply with a legal obligation or regulatory requirement (for example, we might have to provide information under a court order, or to law enforcement or tax authorities upon a legitimate request).
    • Enforce our Terms and other agreements, or investigate potential violations of them.
    • Protect the rights, property, or safety of NOTAPAY UK LTD, our clients, or others. This could include exchanging information with other companies and organizations for the purposes of fraud protection or information security.

In any case where we share your personal data with third parties, we will only share the minimum amount of information necessary for the intended purpose, and we will ensure that appropriate safeguards are in place (such as confidentiality agreements or data processing addendums as required by law).

International Data Transfers

The personal data that we collect is generally stored and processed in the United Kingdom. However, some of our service providers or partners may be located outside of the UK (or may use servers outside of the UK). This means your personal data could be transferred to or accessed from other countries, including countries that may have different data protection laws than the UK.

Whenever we transfer personal data outside of the UK (for example, to a service provider based in the United States or in the European Economic Area), we will take steps to ensure that adequate safeguards are in place to protect your information. These safeguards may include:

  • Relying on a decision by the UK government that the destination country ensures an adequate level of data protection (an «adequacy regulation»).
  • Using standard contractual clauses (SCCs) approved under UK data protection law, which legally oblige the recipient to protect your data to UK standards.
  • Implementing additional technical and organizational measures as needed (such as encryption) to add security to the data in transit.

You can contact us if you would like more information about the mechanisms we use to transfer data internationally.

Please note that data transferred to another country may be subject to foreign laws and accessible by foreign governments or courts, but we will only transfer data that is necessary and will strive to maintain its protection.

Data Retention

We will retain your personal data only for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

In practice, this means:

  • Client Records: If you become a client of NOTAPAY UK LTD, we will retain your personal data for the duration of our relationship (while we are providing services to you) and generally for at least 6 years after the end of our engagement. A 6-year retention period is common in the UK for business records (for example, to comply with HMRC tax record requirements and in line with the statute of limitations for contract claims). In some cases, we may keep records longer if required by law or if needed for ongoing legal matters.
  • Enquiries (No Engagement): If you contact us with an enquiry but do not proceed to become a client, we will typically retain your correspondence and contact details for up to 12 months. We keep this information in case you decide to proceed later or have follow-up questions, and to maintain a record of our communication. We will delete it sooner upon request, provided we have no other lawful reason to keep it.
  • Marketing Mailing List: If you have consented to receive marketing emails, we will retain your contact information until you unsubscribe or opt out. If we notice that you do not engage with our communications over an extended period (typically 1–2 years), we may remove your details from our active mailing list to respect your privacy (you would be welcome to re-subscribe later).
  • Website Data: Analytics data collected via cookies is retained according to the cookie’s specific lifetime (see Cookies Policy below for typical durations). For instance, Google Analytics data may be retained for a certain period (e.g., 14 months) in aggregate form. We may also keep server logs and security logs for a short period (a few months) to ensure the security of our Website, after which they are deleted or anonymised.

When we no longer have a legitimate need or legal obligation to keep your personal data, we will securely erase or anonymise it. In some cases, rather than delete data entirely, we may anonymise it so that it can no longer be associated with you (for example, keeping aggregate business analytics).

If you request deletion of your data (see Your Rights below), we will also carry out that deletion once we have determined that no overriding legal basis requires us to keep the data.

Please note that even after we delete data from active systems, it might persist in backup archives for a period of time until those backups are cycled out. We also may retain a minimal record of your name and contact information on an internal «do not contact» list if you have asked not to be contacted, or a note that you were a client (without details) to avoid accidental re-contact or re-registration in the future.

Your Rights

Under UK data protection law, you have certain rights regarding your personal data. These rights include:

  • Right to Access: You have the right to request confirmation of whether we are processing your personal data, and if so, to request a copy of the personal data we hold about you. This is commonly known as a Data Subject Access Request (DSAR). We will also provide you with information about how we use your data, who we share it with, how long we keep it, and the safeguards we apply if we transfer it abroad, unless that information has already been provided in this Policy.
  • Right to Rectification: You have the right to have inaccurate personal data corrected or completed if it is incomplete. If you become aware that any information, we hold about you is incorrect or outdated, please let us know and we will rectify it promptly.
  • Right to Erasure: You have the right to request that we delete your personal data in certain circumstances – for example, if the data is no longer necessary for the purposes for which it was collected, or if you withdraw consent and we have no other legal basis to continue processing. This is sometimes called the «right to be forgotten». We will review such requests and, if the criteria are met, will delete or anonymise your data. Please note, this right is not absolute – sometimes we may have to retain certain information if required by law or if we have compelling legitimate grounds to keep it (for instance, we may retain information to comply with anti-money laundering regulations or to defend a legal claim).
  • Right to Restrict Processing: You have the right to ask us to limit or suspend the processing of your personal data in certain circumstances. This might apply if you contest the accuracy of the data (for a period enabling us to verify it), or if you object to processing (pending our assessment of that objection), or if processing is unlawful but you prefer restriction to deletion. If processing is restricted, we can still store your data but will not use it further until the restriction is lifted (unless for legal claims or protection of rights).
  • Right to Data Portability: For personal data that you have provided to us, and which we process by automated means based on your consent or for the performance of a contract, you have the right to request a copy in a commonly used machine-readable format (for example, CSV). You also have the right to request that we transmit that data directly to another service provider if it’s technically feasible. This right facilitates moving your business or account information to another provider. (In practice, this right may be more relevant to data like your profile or transaction history, rather than documents we have created.)
  • Right to Object: You have the right to object to our processing of your personal data in certain situations:
    • Direct Marketing: You can object at any time to the processing of your personal data for direct marketing purposes. If you object, we will stop using your data for marketing immediately. (As noted, we only send marketing with consent or as allowed by law, but you always have the option to opt out.)
    • Legitimate Interests: If we are processing your data based on our legitimate interests (or those of a third party), you can object if you feel it impacts your fundamental rights and freedoms. We will then reconsider our grounds for processing your data. We will stop processing unless we can demonstrate compelling legitimate grounds that override your rights or if we need to continue processing for legal reasons. For example, if you object to certain analytics cookies, we would turn them off unless we have an overriding need that is permitted by law.
  • Right to Withdraw Consent: Where we rely on your consent to process personal data (for example, for sending marketing emails or for using certain cookies), you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of any processing we conducted based on consent before its withdrawal. If you withdraw consent for marketing, we will cease sending you marketing communications. If you withdraw consent for optional cookies, we will stop processing your data through those cookies.
  • Rights related to Automated Decision-Making: You have the right not to be subject to a decision based solely on automated processing (without human involvement) that produces legal effects or similarly significant effects on you, unless it is necessary for entering into or performing a contract, is authorised by law, or you have given your explicit consent. As of the Effective Date of this Policy, NOTAPAY UK LTD does not use your personal data in this way (we do not perform any fully automated decision-making or profiling that has significant effects). If that changes in the future, we will update this Policy and ensure any such processing complies with the law, including providing you the right to human review of any significant automated decision.
  • Right to Complain: If you have a concern or complaint about how we handle your personal data, we hope you will contact us first so we can address it. However, you also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO), which is the UK supervisory authority for data protection issues. The ICO’s website is ico.org.uk, and they can be contacted by phone at +44 303 123 1113. If you are located outside the UK, you may have the right to complain to your local data protection authority as well. For example, if you are in the European Union, you can contact the data protection authority in the country where you live or work. Exercising your right to complain will not affect any other legal rights or remedies you have.

Exercising Your Rights

You can exercise any of your rights by contacting us (see Contact Us below for details). Typically, we will need you to provide enough information to verify your identity before we fulfill your request (this is to protect your data from unauthorised access). For example, we might ask you to confirm some details we already have on file, or require a form of ID if necessary.

We will respond to valid requests as soon as possible, generally within one month. If your request is complex or if we have received numerous requests, we are allowed to extend this period by up to two further months, but we will inform you within the first month if an extension is needed and explain why.

In principle, we handle rights requests free of charge. However, if a request is manifestly unfounded or excessive (for example, repetitive requests with no reasonable purpose), we may either charge a reasonable fee to cover administrative costs or refuse to act on the request (as permitted by law). We will of course inform you if this situation arises and why.

Please note that some rights are subject to certain exemptions or limitations under law. If we cannot fulfill a particular request in whole or in part, we will explain the reasons (unless we’re legally prevented from doing so).

Data Security

NOTAPAY UK LTD takes the security of your personal data seriously. We implement appropriate technical and organisational measures to protect your information against unauthorised access, loss, theft, or alteration. These measures include, for example:

  • Ensuring our Website uses encryption (HTTPS) to secure data in transit between your browser and our site.
  • Maintaining up-to-date security software and firewalls to protect our IT infrastructure.
  • Restricting access to personal data on a need-to-know basis – only staff or contractors who require information to perform their duties will have access, and they are subject to confidentiality obligations.
  • Storing personal data on secure servers and using reputable cloud service providers with robust security practices. Where applicable, we pseudonymise or encrypt sensitive information at rest.
  • Regularly reviewing our information collection, storage, and processing practices to prevent unauthorised access or misuse. We also provide training to our team on data protection best practices.

Despite our efforts, please be aware that no method of transmission over the internet, or method of electronic storage, is completely secure. We cannot guarantee absolute security of your data. You should also take care with your own information security. For instance, do not send us sensitive personal information via unencrypted email, and ensure that any passwords or access credentials you use are kept confidential.

In the unlikely event of a data breach that could pose a risk to your rights and freedoms, we will notify you and the relevant authorities (such as the ICO) as required by law.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or data processing practices. When we make an important change, we will update the «Effective Date» at the top of the Policy. If changes are significant, we may also notify you directly (for example, by email if you are a client or by a notification on our Website).

We encourage you to review this Policy periodically to stay informed about how we are protecting your information. Your continued use of our Website or services after any updates take effect will constitute acknowledgment of the modified Policy.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how NOTAPAY UK LTD handles your personal data, please contact us. You can reach our data protection responsible person (or team) by:

  • Email: info@notapaysolutions.uk
  • Post: Data Protection Officer, NOTAPAY UK LTD, 17–21 George Street, Enterprise House, 2nd Floor, Croydon, CR0 1LA, United Kingdom

We will do our best to address your inquiry promptly and professionally.

Cookies Policy

This Cookies Policy explains how NOTAPAY UK LTD uses cookies and similar tracking technologies on our Website. It also describes your choices regarding these technologies. By using our Website, you can choose whether to allow non-essential cookies as described below.

What Are Cookies?

Cookies are small text files that are placed on your computer or device when you visit a website. They allow the website to recognise your device and store certain information about your preferences or past actions. Cookies can be «session» cookies (which last only while your browser is open and are deleted once you close it) or «persistent» cookies (which remain on your device for a set period or until you delete them).

We also may use similar technologies like web beacons (tiny graphics that monitor your site navigation) or local storage(which can store data in your browser). In this Policy, we refer to all these technologies collectively as «cookies».

How We Use Cookies

We use cookies to enhance your experience on our Website and to collect information about usage of our site. The types of cookies we use on notapaysolutions.uk include:

  • Strictly Necessary Cookies: These cookies are essential for the Website to function properly. They enable core features such as security, network management, and accessibility. For example, if our site has a login area or remembers your cookie preferences, necessary cookies would handle that. These cookies do not require your consent, as our Website cannot operate without them (or they are expressly requested by you, such as to remember items in a shopping cart).
  • Preference/Functional Cookies: These cookies allow the Website to remember choices you make and provide enhanced, more personal features. For instance, if our site offers a choice of language or remembers form information, functional cookies would store those preferences so you don’t have to re-enter them each time. While not strictly necessary, these cookies improve your experience. We may treat these as necessary in certain contexts (if the service expressly requires remembering a setting you asked for), or we might ask consent depending on guidance – but typically these run based on our legitimate interest in providing a user-friendly service.
  • Analytics/Performance Cookies: We use these cookies to collect information about how visitors use our Website, in order to improve it. For example, we may use Google Analytics cookies to see which pages are popular, how users navigate the site, and if any errors occur. The data collected (such as pages viewed, time spent, browser type, and referring page) is aggregated and not intended to identify you personally. These cookies are non-essential, which means we will only use them with your consent. If you allow analytics cookies, it helps us refine our Website and services; if you opt out, your experience won’t be significantly affected (but it will help us less in understanding user behaviour).
  • Advertising/Targeting Cookies: NOTAPAY UK LTD does not currently host third-party ads on our site, so we do not use advertising cookies for third-party marketing at this time. If in the future we engage in re-marketing or tailored advertising (for example, showing our ads on other platforms like Google or Facebook), we may use targeting cookies or pixels to track your browsing so that we can show you relevant ads. In any case, we would only deploy such cookies with your consent. These cookies would record your visit to our site, the pages you have visited, and the links you have followed, and might also note your device identifier or geolocation. This information would be used to make advertising more relevant to you and to measure the effectiveness of our ad campaigns. You would be able to opt in or out of such cookies via our cookie consent tool.

In addition to the above, we may sometimes embed content from other platforms (for example, a video from YouTube or a map from Google Maps). Those platforms may set their own cookies (known as third-party cookies) when their content is embedded on our site. We do not control these cookies, so we recommend you review the cookie policies of any third-party services we use.

Your Choices and Managing Cookies

Consent Banner: When you first visit our Website, you will see a cookie notice or banner that explains that we use cookies and gives you the option to allow or disable different categories of non-essential cookies. You can use this tool to opt in or out of analytics and other optional cookies. We will remember your preferences, and you can revisit your choices at any time by clicking on the «Cookie Settings» link on our Website (usually available in the site footer or settings menu).

Unless you opt in to non-essential cookies, we will not set them on your device. You can still use our Website without accepting optional cookies, although some features (like personalised content or site analytics) may not be available or as functional.

Browser Settings: In addition to our Website controls, you can manage cookies through your web browser settings. Most browsers allow you to:

  • See what cookies you have and delete them on a cookie-by-cookie basis.
  • Block third-party cookies (or cookies from specific sites).
  • Block all cookies (note: this may prevent many websites from working correctly, including ours).
  • Clear all cookies when you close your browser.

The method for doing so will depend on the browser you use. You can usually find guidance in your browser’s Help section or by visiting the browser developer’s website. For convenience:

  • In Google Chrome, you can go to Settings > Privacy and Security > Cookies and other site data.
  • In Firefox, go to Options > Privacy & Security > Cookies and Site Data.
  • In Safari, go to Preferences > Privacy.
  • In Microsoft Edge, go to Settings > Cookies and site permissions.

Keep in mind that if you disable cookies entirely, essential functions on our Website (and others) might not work properly. For example, if you block all cookies, your cookie preferences (paradoxically) cannot be stored, and you might be prompted about cookies every time you visit the site.

Do Not Track: Some browsers offer a «Do Not Track» (DNT) feature that signals to websites that you do not want to be tracked. There is currently no consensus in the industry on how to interpret DNT signals. At this time, our Website does not respond to DNT signals. We rely on the cookie consent tools described above for you to express your preferences.

Further Information

For more detailed information about cookies and how to manage or disable them, you can visit resources like AllAboutCookies.org or YourOnlineChoices.eu (which provides guidance on behavioural advertising and opting out).

If you have any questions about our use of cookies, you can also contact us at  info@notapaysolutions.uk for assistance.