Sub banner


GDPR – Keeping Your Data Secure

GDPR – Keeping Your Data Secure

by on May 26, 2023

In 2018 the Data Protection Act was introduced to control how your personal data is stored and used by organisations and businesses. It was the UK’s implementation of the General Data Protection Regulation (GDPR) and introduced ‘data protection principles’ to ensure that anyone storing or using your personal data has to follow strict rules. Here we look at what information we hold about you and how we go about keeping it secure.


GDPR Rules

Every company that holds the personal data of the people it deals with has to follow data protection principles. These are used to ensure that all the information held is used fairly, lawfully and transparently, and for the specific purpose that it was requested. It must also be used in a way that is relevant and its use is limited to only what is necessary. It must be accurate, kept up-to-date and stored for no longer than necessary. And finally it must be handled in an appropriately secure way to ensure that it is protected from unlawful access, loss, destruction or damage. 

Under the act you have clearly defined rights when it comes to finding out exactly what data organisations have about you, including being informed precisely how your data is used, being able to access your data, having incorrect data updated or erased, stopping it being processed, or objecting to how your data is used. 


How do we use your data?

When you sign up to either our Umbrella or Contract Industry Scheme we ask for a variety of personal information so that we can simply, speedily and accurately process your payment. This information will include your full name and address, bank details, as well as your National Insurance Number together with a range of personal details which, if compromised, could cause at best inconvenience, and at worst, loss of income. Last year one umbrella company was hacked and thousands of contractors’ details were compromised, resulting in delayed payments and much stress and anxiety. We’re determined not to let that happen. 

Since the introduction of GDPR regulations we’ve been committed to upholding the requirements and regulations when we process data on behalf of our contractors. We maintain our compliance by creating a data register and frequently perform a compliance audit, upgrading our procedures, changing our practices and strengthening our security on a regular basis. We’ve also appointed a Data Protection Officer whose role it is to ensure that our systems are enhanced, and upgraded our systems, and we’ve published a Privacy Policy which outlines exactly what we do with your data and how we secure it. 

The final layer in our defence against hackers is our partnership with Mitigo which provides cyber security protection for financial services companies whose data is sensitive due to the value the details hold. 

So, for example, when you register for one of our products we’ll keep a record of your personal information, and if you contact us either to ask a question or to report an issue, we’ll make a note of that too, to try and prevent the same problem happening in the future. We’ll keep a record of any transactions you carry out through your Contractor Portal and, through our Cookies Policy, we’ll identify which of our Blogs you read – analytics such as these are our way of understanding how well we’re doing in communicating effectively with you, and to learn if we can do better in the future. 

We also share your data with two other very important entities:

  • Your recruitment agent

  • HMRC

as well as closely vetted third parties such as business partners, analytics providers, search information providers, credit reference agencies and some technical payment and delivery services. One thing we can guarantee is that we’ll never sell your details to organisations that are not related to what we do – provide you with the best, compliant payment services we possibly can.



In the unlikely event that Payme was the victim of a data breach, we have established processes and procedures to identify, review and report well within the 72 hours that we’re legally required to inform you. Our tried and tested procedures mean that we’d do all we possibly could to inform and assist you, and help you with, for example, resetting your password and recovering any monies lost to you.

When you sign up for a Payme Umbrella or CIS we’ll talk you through exactly what information we need from you, as outlined here. If you have any further questions you can speak to one of our knowledgeable and helpful customer service team on 0333 200 0845. If you’d like to email us you can do so at, or you can fill in the contact form at the bottom of the page here.