Privacy Policy & Security

  1. About Us

    Prudent Pig Ltd (“Viarm”, “we”, “us”, or “our”) is a private limited company established under the laws of England and Wales, registered with the Companies House under number 13030110, with registered address located at 1st Floor, 239 Kensington High Street, London, W8 6SN

  2. About this privacy notice

    You must read this privacy notice carefully when accessing our website ( and using our services. This privacy notice is a binding legal agreement that oversees our relationship in regard to the data collection and processing practices. This notice does not apply to third-party websites, products or services.

    Viarm is committed to adequately protecting your personal data regardless of where it is processed and regardless of your location. We are committed to providing appropriate protection for your personal data when it is transferred internationally.

  3. Data Protection Officer

    If you have any questions about this privacy notice, including any requests to exercise your legal rights (which are discussed in detail under clause 12 below), please contact our DPO using the following details:

    Email: dpoemail

    Postal address:
    Prudent Pig Ltd, Data Protection Officer,
    1st Floor, 239 Kensington High Street London W8 6SN

  4. Data collection and types

    We collect personal data regarding our visitors, authorised representatives, and merchants. We also collect personal data of individuals on merchants’ behalf as they and their authorised representatives use our services. Such data is typically collected and generated through the merchant’s clients interaction with our services, through automatic means, directly from such merchant or merchant’s client, or from other third parties.

    Specifically, we collect the following categories of data (which, to the extent it relates to an identified or identifiable individual constitutes personal data):

    1. Personally identifiable data

      This information may include but is not limited to your name; address; e-mail address and phone number; financial and credit card information; government-issued identification documents; other personal information that you may need to provide in order to register with us and use our services. When we conduct fraud monitoring, prevention and detection activities, we may also receive personal data about data subjects from our business partners, financial service providers, identity verification services, and publicly available sources (e.g., name, address, phone number, country), as necessary to confirm your or your clients' identity and prevent fraud.

    2. Technical data

      This information is including the Internet Protocol (IP) address used to connect the computer to the Internet; unique device identifier; location; login information; browser type and version; time zone setting; browser plug-in types and versions; operating system and platform; the full Uniform Resource Locators (URL) clickstream to, through and from our website (including date and time); referrer URL; products and services you viewed or searched for; page response times; download errors; length of visits to certain pages; page interaction information (such as scrolling, clicks, and mouse-overs); and methods used to browse away from the page; and any phone number used to call our customer service number.

    3. Transaction data

      This information includes: date; time; amount; currencies used; exchange rate; details and location; IP address of sender and receiver; sender's and receiver's name and registration information; messages sent or received with the payment; device information used to facilitate the payment and the payment instrument used.

      If you are a card-holder or alternative payment method user making a payment to a merchant using our services to process your payment, we may, directly or through a merchant using our payment processing service, collect, store and process financial and transaction-related personal data about you and your transaction. This may include your billing address, delivery address, date of birth, purchase amount, date of purchase, payment method, credit or debit card number, bank account information and additional necessary information required to process your transaction.

      When required for compliance with applicable laws (including specifically anti-money laundering and counter-terrorism financing laws and regulations), we may verify your information and collect information from publicly available sources, credit reference or fraud prevention agencies or check data against government sanction lists, either directly, or using identity verification providers or due diligence and screening information providers.

    4. Special categories of personal data

      Previously known as sensitive personal data, it refers to the data about an individual which is more sensitive, so it requires more protection. This type of data could create more significant risks to person’s fundamental rights and freedoms, for example by putting them at risk of unlawful discrimination. The special categories include information about an individual includes: race; ethnic origin; politics; religion; trade union membership; genetics; biometrics (where used for ID purposes); health; sexual orientation. As a general rule, Viarm does not collect or process special categories of personal data. However, it is possible that we may hold special category data when it is included on documentation that you have given to us (for example ID document). When this is the case, we shall only process this information in strict accordance with the law.

  5. Legal basis for processing

    We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

    • Where we need to perform the contract we are about to enter into or have entered into with you.
    • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
    • Where we need to comply with a legal obligation, such as prevention of money laundering and terrorist financing.

    More particularly, the above bases can be outlined as follows:

    • Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract. As well, if you are a card-holder or alternative payment method user making a payment to a merchant using our services to process your payment we may process your data on the basis of the agreement that we have with the merchant. Kindly note that in such an instance, processing of your information will be primarily governed by the privacy notice of the merchant and Viarm will be acting as a data processor.
    • Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
    • Compliance with a legal obligation means processing your personal data where it is necessary for compliance with a legal obligation that we are subject to.
  6. How we use the data

    We use personal data as necessary for the performance of our services; to comply with applicable law; and to support our legitimate interests in maintaining and improving our services and operation of the platform, understanding how our services are used, optimizing our marketing and advertising activities, customer service and support operations, and protecting and securing our visitors, merchants, merchant’s clients, ourselves and our services.

    Specifically, we use Personal Data for the following purposes:

    • to carry out our obligations relating to your contract with us and to provide you with the information, products and services;
    • to comply with any applicable legal and/or regulatory requirements;
    • to notify you about changes to our services;
    • as part of our efforts to keep our services safe and secure;
    • to administer our services and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
    • to improve our services and to ensure that they are presented in the most effective manner;
    • to measure or understand the effectiveness of advertising we serve and to deliver relevant advertising to you;
    • to allow you to participate in interactive features of our services, when you choose to do so;
    • to provide you with information about other similar goods and services we offer;
    • to combine the information we receive from other sources with the information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).
  7. Data location and retention

    Given the global nature of our services, your personal data may be maintained, processed and stored by our authorized affiliates and third-party service providers in the United Kingdom and other jurisdictions, including the European Union, as necessary for the proper delivery of our services, or as may be required by law.

    While privacy laws may vary between jurisdictions, Viarm and its affiliates and third-party service providers are each committed to protecting personal data in accordance with this privacy notice and customary industry standards, regardless of any lesser legal requirements that may apply in their jurisdiction.

    We will retain your personal data for as long as is required in order to comply with our legal and contractual obligations, or to protect ourselves from any potential disputes (i.e. as required by laws applicable to log-keeping, records and bookkeeping, and to have proof and evidence concerning our relationship, should any legal issues arise following your discontinuance of use), in accordance with our data retention policy.

    Please note that except as required by applicable law (e.g. AML/CTF legislation obliges us to hold data about our clients for at least 5 years), we will not be obliged to retain your personal data for any particular period, and we are free to securely delete it for any reason and at any time, with or without notice to you. If you have any questions about our data retention policy, please contact us by the means of the following email: dpoemail.

  8. Data Sharing

    We may share your data with certain third parties when it is required to provide our services in the best possible manner while complying with our obligations or enhancing the user experience.

    1. Legal requirements

      We may disclose or allow government and law enforcement officials access to your personal data, in response to a subpoena, search warrant or court order (or similar requirement), or in compliance with applicable laws and regulations. Such disclosure or access may occur if we believe in good faith that we are legally compelled to do so, or that it is appropriate in connection with efforts to investigate, prevent, or take action regarding actual or suspected illegal activity, fraud, or other wrongdoing.

    2. Third-party service providers

      We may engage selected third party companies and individuals to perform services complementary to our own, namely – hosting, data analytics, consulting, support, marketing and advertising, data and cybersecurity, user engagement, instant messaging; as well as our business, financial, compliance and legal advisors. These third-party service providers may have access to your personal data, depending on each of their specific roles and purposes in facilitating and enhancing our services, and may only use it for such purposes.

    3. For the protection of rights and safety

      We may share your personal data with others if we believe in good faith that this will help protect the rights, property or personal safety of Viarm, any of the merchants, merchant’s clients, or any members of the general public.

      For the avoidance of doubt, Viarm may share your personal data in additional manners, such as pursuant to your explicit approval, if we are legally obligated to do so, or if we have successfully rendered such data non-personal and anonymous. We may transfer, share or otherwise use non-personal data at our sole discretion and without the need for further approval.

    4. List of parties with whom we share your information

      We do not present in an open access a list of all third parties we share your data with, as this would be dependent on your specific use of our services. However, if you would like further information about who we have shared your data with, or to be provided with a list specific to you, you can request this by writing to dpoemail

  9. We use small files (known as cookies) to distinguish you from other users, see how you use our site and products while providing you with the best experience. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our website, platform or app may become inaccessible or not function properly.

    Our website uses cookies. Cookies are small pieces of information assigned by a website uniquely to you and stored on your hard drive. They can be read only by the site that issued them. Cookies can't be used to deliver and run malicious software on your computer. Though some cookies can be used to record personal data and preferences, our site uses none of those. We only use cookies needed for proper website functioning.

  10. Communication and complaints

    We may contact you with important information regarding our services. For example, we may notify you (through any of the means available to us) of changes or updates to our services, terms of service, scheduled maintenance, billing issues, service changes, password-reset notices, etc. We may also send you notifications, messages and other updates.

    We may also contact you with promotional messages (such as newsletters, special offers and sales, new product announcements, etc.) or any other information we think you will find valuable. This will be done in order to notify you of any services or products that we reasonably believe would be of interest to you. We may provide such notices through any of contact means available to us (e.g. phone or e-mail), through the services, or through our marketing campaigns on any other sites.

    If you do not wish to receive such promotional communications, you may notify us at any time by sending an email to dpoemail, changing your communications preferences in your account, or by following the “unsubscribe”, “stop”, “opt-out” or “change e-mail preferences” instructions contained in the promotional communications you receive.

    In case you have any questions related to our data protection practices you may write to our Data Protection Officer by the means of the following email: dpoemail. This address is used to as well submit complaints which relate to the data protection. Furthermore, you have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues ( We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

  11. Data Security

    In order to protect your personal data held with us and our third party service providers, we use industry-standard physical, procedural and electronic security measures. However, please be aware that regardless of any security measures used, we cannot and do not guarantee the absolute protection and security of any personal data stored with us or with any third parties as described in this privacy notice.

  12. Data subject rights

    Under certain circumstances, you have rights under data protection laws in relation to your personal data. They can be summarised as follows:

    • Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

    • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you to be corrected, though we may need to verify the accuracy of the new data you provide to us.

    • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

    • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

    • Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:

      • If you want us to establish the data's accuracy.
      • Where our use of the data is unlawful but you do not want us to erase it.
      • Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
      • You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
    • Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

    • Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

    1. Specific considerations on the exercise of rights

      If you wish to exercise any of the rights set out above, contact our DPO at dpoemail

      You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

      We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

      We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

  13. Children’s Privacy

    We do not knowingly collect personal data from children and do not wish to do so. If we learn that a person under the age of 18 is using the services, we will prohibit and block such use and will make all efforts to promptly delete any personal data stored with us with regard to such child. If you believe that we might have any such data, please contact us by email at dpoemail.

  14. Changes to this privacy notice

    We may update and amend this privacy notice from time to time by posting an amended version on our website. The amended version will be effective as of the date it is so published. We will provide prior notice if we believe any substantial changes are involved via any of the communication means available to us. In such a case, the changes shall be deemed effective as from the date of the change indicated in such notice.

  15. Third-party websites

    While our services may contain links to other websites or services, we are not responsible for their privacy practices, and encourage you to pay attention when you leave our website for the website of such third parties and to read the privacy notices of each and every website you visit.