Policy version: 9 December 2024
Dextera Parte Limited (part of the Volentio Limited group) trading as Starboard Card (‘we’, ‘our’ or ‘us’) is a provider of the Starboard Card service available via our website (our “Website”) including at starboardcard.com and our mobile application (the “app”) as well as other products and services we make available (“the Service(s)”).
Transact Payments Malta Limited is the issuer of your card and is the data controller for the personal data which you provide to us for the provisioning and management of the corporate debit card service (“card service”) that forms part of the Starboard Card Services. Their privacy policy can be found in Annex 1.
We are the data controllers for personal data which you provide which is not related to the provision of the card service by Transact Payments Malta Limited.
Transact Payments Malta Limited is an e-money institution, authorised and regulated by the Malta Financial Services Authority. Transact Payments Malta Limited’s registered office address is Vault 14, Level 2, Valletta Waterfront, Floriana, FRN 1914, Malta and its registered company number is C91879.
We take your privacy very seriously. Please read this privacy policy carefully as it contains important information on who we are, how this policy applies, our relationship with you and how and why we collect, store, use and share any information that can directly or indirectly identify you (personal information). It also explains your rights in relation to your personal information and how to contact us, or the relevant regulator in the event you have a complaint.
We collect, use and are responsible for certain personal information about you. When we do so we are subject to the UK General Data Protection Regulation (UK GDPR). We are also subject to the EU General Data Protection Regulation (EU GDPR) in relation to services we offer to individuals in the European Economic Area (EEA).
When personal information is provided, we only process the personal data of individuals who have reached the age of majority under the national laws of their country/countries of citizenship and/or residence. If a child’s personal data is accidentally submitted to us, it will be deleted without undue delay. Please let us know if you, a person under the age of majority, have uploaded any personal information to the Service or our Website, we will erase it as soon as possible.
If you are aged under 18, we recommend that you speak to an adult that you trust if you have any difficulties reaching an informed decision regarding the activation of any use of your information or our treatment of your information.
To find out more, visit the sections below:
This privacy policy applies to the use of our Website and the Starboard Card service (“Services”).
This privacy policy applies to all individuals who provide personal information to us in relation to our Services for businesses (our “Clients”). In addition, this includes a person who signs up to and is using our Service at the request of our Clients, users who are given authority to create and approve user accounts on behalf of our Clients (known as ‘administrators’) and users who access and use our Service in the course of their employment/engagement with our Clients.
The Service may link to other apps, websites or services owned and operated by certain trusted third parties, for example to make additional products, information and services available to our Clients.
These other apps, websites or services may also gather information about you in accordance with their own separate privacy policies for their own purposes, including for example, to develop and improve their identity verification services designed to prevent and detect fraud.
For privacy information relating to these other apps, websites or services, please consult their privacy policies as appropriate.
We collect, use and are responsible for certain personal information about you to provide the Services to our Clients.
When we provide access to, use of, and collect and use your personal information to provide the Services to our Clients, we act as a service provider or processor as defined by UK GDPR and EU GDPR.
Where that is the case, we provide those services through a separate set of terms and conditions with our Clients. In those cases, our Client is the Controller of your personal information and you can refer to the Client with which you have an existing relationship for information about your privacy rights, retention, and how your personal information is used and shared.
In respect of your personal information that we process if we market to you, we are the controller of that personal information.
We may collect, use, store and transfer different kinds of personal data about you, including the following:
Identity Data: information to check and verify your identity, including first name, last name, title, date of birth.
Contact Data: includes your current residential address, previous addresses, email address and telephone numbers.
Financial Data: includes bank account details and to conduct source of funds checks using open banking data technology to access and analyse your financial and banking information.
Transaction Data: includes details about payments to and from you including dates, amounts and beneficiary details.
Technical Data: includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our Services.
Details of any information, feedback or other matters you give to us by phone, email, post or via social media.
Profile Data: includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
Usage Data: includes anonymous analytical data about how you use our Services.
Marketing and Communications Data: includes your preferences in receiving marketing from us and our third parties and your communication preferences.
Location Data: if you choose to give this to us.
Biometric Data: photograph or liveness video (see section below)
We collect personal data from you:
We will use the information that you provide during the setup process to:
Under data protection law, we can only use your information if we have a proper reason, e.g:
The personal information we collect may include data that may be considered biometric data in some jurisdictions.
We may process biometrics to verify whether provided facial images are likely to match depending on the service chosen by a particular Client. The processing of biometrics means extracting facial features from uploaded or recorded facial images on government-issued identity documents submitted by the User and comparing them.
We use third-party service providers for the purposes of processing Biometric Data, including collecting, exporting, storing and otherwise processing biometric data, including your personal information.
We may use your information to send you updates (by email, text message, telephone or post) about our Services, including exclusive offers, promotions or new services.
We have a legitimate interest in using your information for marketing purposes (see above How and why we use your information).
You have the right to object/opt out of receiving marketing communications at any time by:
We will always treat your information with the utmost respect and never sell OR share it with other organisations outside the Volentio Limited group for marketing purposes.
For more information on your right to object at any time to your information being used for marketing purposes, see ‘Your rights’ below.
We routinely share your information with:
Service providers we use to help us run our business or provide the services or functionalities in the app, (e.g. marketing agencies, hosting service providers of the systems that deliver the service or app’s functionalities and services, IT software and service providers, administrative service providers, and analytics and search engine providers).
We only allow the service providers to handle your information if we are satisfied, they take appropriate measures to protect your information. We also impose contractual obligations on service providers to ensure they can only use your information to provide services to us and to you.
We or the third parties mentioned above occasionally also need to share your information with:
Different retention periods apply for different types of your information, but we keep your information for as long as we have a contract with our Client or as we reasonably need it to fulfil the purposes for which the data was collected.
It is sometimes necessary for us to transfer your information to countries outside the UK or EEA. In those cases, we will comply with applicable UK and EEA laws designed to ensure the protection of your information.
We take measures to help protect your personal information when it is transferred from the EEA, Switzerland, or the United Kingdom (“UK”) to other countries. We may rely on European Commission adequacy decisions or UK adequacy regulations for certain countries or include standard contract clauses issued by the European Commission or by the UK Information Commissioner’s Office in our contracts.
In the event we cannot or choose not to continue to rely on either of those mechanisms at any time, we will not transfer your information outside the UK unless we can do so on the basis of an alternative mechanism or exception provided by UK data protection law.
If you would like further information about data transferred outside the UK, or the EEA please contact us OR our Data Protection Officer (see ‘How to contact us’ below).
A cookie is a small text file which is placed onto your device (e.g. computer, smartphone or other electronic device) when you use our website. We use cookies on our website. These help us recognise you and your device and store some information about your preferences or past actions.
For further information on cookies, when we will request your consent before placing them and how to disable them, please see our cookie policy.
You generally have the following rights, which you can usually exercise free of charge:
Access to a copy of your personal data: The right to be provided with a copy of your personal data.
Correction (also known as rectification): The right to require us to correct any mistakes in your personal data.
Erasure (also known as the right to be forgotten): The right to require us to delete your personal data in certain situations.
Restriction of use: The right to require us to restrict use of your personal data in certain circumstances, e.g. if you contest the accuracy of the data.
Data portability: The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations.
The right to object:
Not to be subject to decisions without human involvement: The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you. We do not make any such decisions based on data collected by our website.
The right to withdraw consents: If you have provided us with a consent to use your personal data you have a right to withdraw that consent easily at any time. You may withdraw consents by using our contact details in the ‘How to contact us’ below. Withdrawing a consent will not affect the lawfulness of our use of your personal data in reliance on that consent before it was withdrawn.
For further information on each of those rights, including the circumstances in which they do and do not apply, please contact us (see ‘How to contact us’ below). You may also find it helpful to refer to the guidance from the UK’s Information Commissioner on your rights under the UK GDPR.
If you would like to exercise any of those rights, please email, call or write to us—see below: ‘How to contact us’. When contacting us please:
If you are unhappy with our processing of your personal information you also have the right to lodge a complaint with the Information Commissioner.
The Information Commissioner can be contacted using the details at ico.org.uk/make-a-complaint or by telephone: 0303 123 1113.
We have appropriate security measures to prevent your information from being accidentally lost or used or accessed unlawfully. We limit access to your information to those who have a genuine business need to access it.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
We may change this privacy policy from time to time. When we make significant changes, we will take steps to inform you, for example via the app or by other means, such as email.
You can contact us and/or our Data Protection Officer by post, email or telephone if you have any questions about this privacy policy or the information we hold about you, to exercise a right under data protection law or to make a complaint.
Our contact details are shown below:
Address DEXTERA PARTE SUITE 1 NETWORK EAGLE LAB PORTLAND TERRACE SOUTHAMPTON SO14 7SJ
Email [email protected]
Telephone 0330 202 2000
This policy explains when and why we collect personal information about you, how we use it, the conditions under which we may disclose it to others and how we keep it secure.
TPML is committed to safeguarding the privacy of your information. By “your data”, “your personal data”, and “your information” we mean any personal data about you which you or third parties provide to us.
We may change this Policy from time to time so please check this page regularly to ensure that you’re happy with any changes.
Transact Payments Malta Limited (“TPML”, “we”, “our” or “us”) is the issuer of your card and is the Data Controller for the personal data which you provide to us to enable us to issue and maintain the card services. TPML is an e-money institution, authorised and regulated by the Malta Financial Services Authority. Our registered office address is Vault 14, Level 2, Valletta Waterfront, Floriana, FRN 1914, Malta and our registered company number is C91879.
Dextera Parte Limited is the Program Manager for your card program and is the Data Controller for any personal data which you provide which is not related to our provision of the card services. Dextera Parte Limited is incorporated and registered in England and Wales with company number 13922571 and registered office of Suite 2a1, Northside House, Mount Pleasant, Barnet, England, EN4 9EB.
We collect information from you when you apply online or via a mobile application for a payments card which is issued by us. We also collect information when you use your card to make transactions. We may also process information from Program Manager, other third-party payment partners and service providers. We also obtain information from third parties (such as fraud prevention agencies) who may check your personal data against any information listed on an Electoral Register and/or other databases. When we process your personal data, we rely on legal bases in accordance with data protection law and this privacy policy. For more information see: On what legal basis do we process your personal data?
Your provision of your personal data and our processing of that data is necessary for each of us to carry out our obligations under the contract (known as the Cardholder Agreement or Cardholder Terms & Conditions or similar) which we enter into when you sign up for our payment services. At times, the processing may be necessary so that we can take certain steps, or at your request, prior to entering into that contract, such as verifying your details or eligibility for the payment services. If you fail to provide the personal data which we request, we cannot enter into a contract to provide payment services to you or will take steps to terminate any contract which we have entered into with you.
We may also process your personal data to comply with our legal or regulatory obligations.
We, or a third party, may have a legitimate interest to process your personal data, for example:
When you apply for a card, we, or our partners or service providers, collect the following information from you: full name, physical address, email address, mobile phone number, phone number, date of birth, gender, login details, IP address, identity and address verification documents.
When you use your card to make transactions, we store that transactional and financial information. This includes the date, amount, currency, card number, card name, account balances and name of the merchant, creditor or supplier (for example a supermarket or retailer). We also collect information relating to the payments which are made to/from your account. If we are required by law to process additional personal data (for example, if we suspect that there may be fraud related to the use of your card or the payment services linked to it), we will also process that extra personal data.
We use your personal data to:
When we use third party service partners, we have a contract in place that requires them to keep your information secure and confidential. We may receive and pass your information to the following categories of entity:
To deliver services to you, it is sometimes necessary for us to share your personal information outside the European Economic Area (EEA), e.g.:
These transfers are subject to special rules under European and Malta data protection law.
These non-EEA countries do not have the same data protection laws as Malta and EEA. We will, however, ensure the transfer complies with data protection law and all personal information will be secure. We will send your data to countries where the European Commission has made an adequacy decision, meaning that it has ruled that the legislative framework in the country provides an adequate level of data protection for your personal information. You can find out more about this here.
Where we send your data to a country where the European Commission has not made an adequacy decision, our standard practice is to use standard data protection contract clauses that have been approved by the European Commission. To obtain a copy of those clauses, please go to the European Commission’s website.
If you would like further information, please contact our Data Protection Officer on the details below.
We will store your information for a period of five years after our business relationship ends in order that we can comply with our obligations under applicable legislation such as anti-money laundering and anti-fraud regulations. If any applicable legislation or changes to this require us to retain your data for a longer or shorter period of time, we shall retain it for that period. We will not retain your data for longer than is necessary.
You have certain rights regarding the personal data which we process:
We recognise the importance of protecting and managing your personal data. Any personal data we process will be treated with appropriate care and security.
These are some of the security measures we have in place:
While we take all reasonable steps to ensure that your personal data will be kept secure from unauthorised access, we cannot guarantee it will be secure during transmission by you to the applicable mobile app, website or other services over the internet. However, once we receive your information, we make appropriate efforts to ensure its security on our systems.
We hope that our Data Protection Officer can resolve any query or concern you may raise about our use of your personal information.
The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in Malta is the Office of the Information and Data Protection Commissioner. Their contact details are as follows:
IDPC, Floor 2, Airways House, Triq il-Kbira, Tas-Sliema, SLM1549, Malta. (+356) 23287100 / [email protected]
Our website may contain links to other websites. This privacy policy applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website.
##Changes to our Privacy Policy
We keep our Privacy Policy under review and we regularly update it to keep up with business demands and privacy regulation. We will inform you about any such changes. This Privacy Policy was last updated on 16th October 2024.
If you have any questions about our Privacy Policy or the personal information which we hold about you or, please send an email to our Data Protection Officer at [email protected].