introduction
TAP2 is committed to safeguarding the privacy and personal data of all our users, employees, partners, and third-party vendors. This Privacy and Data Protection Policy outlines our practices for collecting, processing, retaining, and securing personal data in compliance with the General Data Protection Regulation (GDPR), Data Protection Act 2018 (DPA), and other applicable laws.
This policy applies to all personal data collected through our platforms, including when users make purchases, subscribe to services, or interact with TAP2 for any other business purposes.
1. Data Collection and Processing
1.1. What Data We Collect
We collect and process two types of personal data:
1.2. Purpose of Data Processing
TAP2 processes personal data to:
1.3. Legal Basis for Processing
We collect and process data based on:
2. Data Retention and Deletion
2.1. Retention Periods
2.2. Data Deletion
Once the retention period is complete, personal data will be anonymized or securely deleted. Paper records containing confidential information are disposed of as confidential waste using cross-cut shredding and incineration.
3. Rights of Data Subjects
3.1. Data Access, Rectification, and Erasure
Users have the right to:
3.2. Data Portability and Objection
Users can request the transfer of their data to another service provider or object to data processing in specific circumstances, such as marketing activities.
3.3. Submitting a Request
All Data Subject Access Requests (DSARs) must be submitted to the Data Protection Officer at TAP2 via customerservice@tap-2.com. Requests will be processed within 30 days.
4. Data Security and Breach Response
4.1. Security Measures
TAP2 follows industry best practices and PCI-DSS standards to protect personal data. This includes using encryption technologies (e.g., SSL and AES-256) for sensitive information such as payment data.
4.2. Breach Response Plan
In the event of a data breach, TAP2 will promptly notify affected individuals and relevant regulatory bodies (e.g., the ICO) within the legally required timeframe. Regular security audits and vulnerability assessments are conducted to prevent breaches.
5. Data Transfers and Third-Party Processors
5.1. International Data Transfers
Where personal data is transferred outside the European Economic Area (EEA), TAP2 ensures adequate protection through Standard Contractual Clauses (SCCs) and Data Processing Agreements (DPAs). Third-party providers, including payment processors, must also adhere to these standards.
5.2. Third-Party Vendor Compliance
TAP2 works with third-party vendors who process personal data to deliver services (e.g., payment gateways, and shipping providers). TAP2 ensures that these vendors comply with GDPR and local privacy laws through explicit agreements.
6. Cookies and Tracking
6.1. Cookie Usage
TAP2 uses cookies to personalize user experiences, track browsing behaviour, and enable essential functionalities such as login persistence. Users must provide explicit consent for the use of non-essential cookies, and a clear opt-out mechanism is provided.
6.2. Do Not Track
TAP2 honours 'Do Not Track' signals received from browsers. No additional data collection will occur from users who have enabled this setting.
7. Employee Responsibilities and Training
7.1. Staff Training and Awareness
All employees handling personal data receive regular training on data protection responsibilities, GDPR requirements, and security protocols. This training is monitored for effectiveness, and non-compliance may result in disciplinary actions, including dismissal.
7.2. Accountability
Employees are responsible for ensuring the security and proper use of personal data. Any breaches or failure to comply with this policy can lead to disciplinary proceedings and, in severe cases, termination of employment.
8. Changes to This Policy
TAP2 reserves the right to amend this policy at any time. Material changes will be communicated to users promptly, and the latest version will always be available on our website.
Contact Information
For questions, requests, or complaints about this policy, please contact the Data Protection Officer at customerservice@tap-2.com, or write to us at:
TAP2 Ltd
Southmeads House
Brent Road
Berrow, Somerset
TA8 2JU, United Kingdom
With our innovative wearable devices, you can leave your wallet and phone behind. Embrace the payment evolution with TAP2. Fast, secure, and convenient contactless transactions. Tap and go – it’s that simple.
Contact Us