Privacy Policy

CorporatePay is committed to protecting your personal information and privacy when you use our products and services. Our privacy policy explains how we will do this and how we will use any personal information you provide to us.

Data Collected

CorporatePay collects the details provided by you on registration, together with information we learn about you from your use of our services and your visits to our web site and other sites accessible from them. We also collect (on behalf of the bank that issued your prepaid card) information about any transactions you undertake.

When you apply for a product or service from us (or one of our partners), you will be asked for personal information that is needed to process your application. The information that you provide will only be used for the purposes described at the time of your application and as outlined in our terms and conditions that apply to the relevant card product or service. We will also collect, store and process your personal information on our computers to;(a) personalise aspects of our overall service to you; or (b) communicate with you; or (c) learn from the way you use and manage your account(s), for example from the transactions you make and from the payments which are made to your account.

To make sure we follow your instructions correctly and to improve our service to you through training of our staff, we may monitor or record telephone calls.

Data Usage

We will use your personal information to manage your prepaid card account(s), to provide our services, and for assessment and analysis (including identity verification, behaviour scoring, and market and product analysis), and to develop and improve our services to you.

We will not disclose any of your personal information to any third party outside of CorporatePay except:

  • to fraud prevention agencies and other organisations who may use the information to prevent fraud and money laundering;
  • to our suppliers or service providers that process data on our behalf;
  • to the bank that issued your prepaid card (and is a member of the card scheme);
  • to persons acting as our agents (and our partners who sell our prepaid cards) under a strict code of confidentiality;
  • to anyone to whom we transfer or may transfer our rights and duties under our prepaid card terms and conditions with you;
  • as required by law or regulation;
  • to your employer, where the card has been provided to you for use in the course of your employment
  • for such purposes that you have given us consent to do so

As part of our checks to prevent fraud and money laundering, personal information that you provide may be disclosed to a credit reference or fraud prevention agency, who may keep a record of that information. This check is done to confirm your identity, a credit check is not performed and your credit rating will be unaffected

If we transfer your information to a third party in another country outside the European Union, we will make sure that the third party agrees to apply the same levels of protection as we are required to apply to personal information held and processed in the UK and to use your information only for the purpose of providing the service to us.

If you do not want to receive marketing information about our products and services, please update your preferences via our website or contact us through one of the methods listed on this site. You will however still receive operational and administrative messages related to the service you have applied for and any enhancements or changes to this service.

We may also use and disclose information in aggregate (so that no individual customers are identified) for marketing and strategic development purposes.

Data Protection Principles

The firm that issued your prepaid card is the data controller of personal data collected relating to the use of your prepaid card. CorporatePay Limited operates your prepaid card (and processes your personal data) on the firm's behalf. If you applied for a prepaid card from one of our partner's they may also process data on the firm's or our behalf. The partner will be the data controller of the personal data it collects for marketing purposes. If another company is the data controller, this will be made clear when you provide your personal information. CorporatePay Limited complies with the principles of the Data Protection Act 1998 and the Privacy and Electronic Communications (EC Directive) Regulations 2003. We are registered with the Information Commissioner's Office.

The eight principles relating to the processing of personal information are:

  • Fairly and lawfully processed
  • Processed for a limited purpose
  • Adequate, relevant & not excessive
  • Accurate and up to date
  • Not kept longer than is necessary
  • Processed in line with your rights
  • Secure
  • Not transferred to countries without adequate protection

We will always follow these principles. The Information Commissioner regulates compliance with the Data Protection Act. See details at end of contact page.

You have a right to access the personal data that is held about you. To obtain a copy of the personal information we hold about you, please write to us at the address listed on the contact us section of this website enclosing your postal details and a cheque for £10 payable to us.

You have a right to ask us to correct any inaccuracies in your personal information (which is free).

Data Security

We take the security of your personal data very seriously.

Your Username and Password

On registering an account with us, you will have a username and passcode which must be used in order to access our services including certain restricted parts of the website. Your username and password are used by us to identify you and so are very important. You are responsible for all services accessed by anyone using your username and password. As soon as you become aware or suspect someone else is using your username and password you should notify us immediately.

What you should do:

  • Never reveal your passcode (or password) to anyone or write it down.
  • Do not use a passcode that could be easily guessed by someone else.
  • Change your passcode immediately if you suspect someone else could know it.
  • Log off any website when you have completed your transaction.
  • Keep your PC updated with current anti-virus software and the latest browser versions.
  • Do not send us any confidential account information via email.
  • Treat emails you receive with caution. Remember we will never ask you to disclose your personal or account information to us by email. In particular we will never ask you to disclose your card PIN number to us.

We recommend that you regularly visit the website to keep up to date with tips to protect yourself from the latest scams.

Phishing emails

You may receive an email claiming to be from us, or from the bank that issued your card with a link to what appears to be our or the bank’s website, where you are prompted to enter your personal and account details. We are in no way involved with this email, and the website does not belong to us or our partners.

We will never send emails to its customers requesting login, security or any other confidential information. Do not reply to any such emails or disclose any personal information in these websites. If you think you have received a fraudulent email that looks like it is from us or the bank, forward us the entire email including the header and footer and then delete it from your email account.

Website Security
  • Our systems operate on 128-bit secure encryption. Look for the yellow padlock symbol in your browser status bar. All forms and online account pages, i.e. those pages that show your information, use 128-bit encryption. Encryption makes your information unreadable to anyone who might intercept it.
  • The latest web browsers (e.g. Internet Explorer 6, Netscape 6, Opera 5) support 128-bit encryption. Browsers older than this support lower levels of encryption (40-bit or 56-bit) but they still remain extremely secure.
  • A team of independent security experts regularly tests our website and security processes
  • Your session will time out after a period of inactivity
  • Your log-in account will be locked out after six failed access attempts for a period of time. Further repeated failed attempts in this period will lock out your account permanently. You will need to call us to reset your account.
  • We will verify your identity before disclosing confidential information over the telephone or re-setting your password.

You should note that ordinary email is not secure. Please do not send us any confidential information via email. We will only use email to send you account information such as your account balance and limited transaction information or special offers if you have given your consent for us to do so. We will not use email to send other confidential personal information to you.


"Cookies" are small pieces of information sent by a web server to a web browser, which enables the server to collect information from the browser. You can find out more about the way cookies work on We use cookies for a number of purposes, for instance to enable us to simplify the logging on process for registered users, to help ensure the security and authenticity of registered users, to provide the mechanisms for online account management and to enable traffic monitoring.

We use both our own and our partner companies’ cookies to support these activities. We don’t use cookies to track peoples Internet usage after leaving our sites and we don’t store personal information in them that others could read and understand. We will not sell or distribute cookie information without your prior consent.

Most browsers allow you to turn off the cookie function. If you want to know how to do this please look at the help menu on your browser. However if you do not accept incoming cookies then the performance of our website on your system may not be to the full standard or our website may not serve you at all.

By returning or submitting your card application form with your personal information to us, you consent to our processing your personal data, including sensitive personal data, and to the transfer of your information to countries which do not provide the same level of data protection as the UK if necessary for the above purposes. If we do make such a transfer, we will put a contract in place to ensure your information is protected.

When you give us information about another person, you confirm that they have appointed you to act for them, to consent to the processing of their personal data, including sensitive personal data and to the transfer of their information abroad and to receive on their behalf any data protection notices.

Notification of changes

From time to time, we may make changes to the Privacy Policy. This may be in relation to changes in the law, best practice or changes in our services. We will inform you using the latest email contact details we have for you of any change.


Please use the current details within the Contact Us section of our website.

General information about data protection may be found at: Information Commissioner's website: