Legal

Privacy Policy

Last updated: 20 February 2026

1. Introduction and Who We Are

Welcome to CrestPay (accessible at crest-pay.com). We respect your privacy and are committed to protecting your personal data. This privacy notice will inform you as to how we look after your personal data when you visit our website (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you.

CrestPay operates as an independent commercial introducer. We act as a “Data Controller” for the data collected on this website. However, our primary business purpose is to introduce you to our designated payment processing partner, COALESCE CORPORATION LIMITED (Company Number: SC842510).

If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact us:

  • Email: compliance@crest-pay.com

2. The Data We Collect About You

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). Because we serve B2B clients, we collect both personal and business-related data. We may collect, use, store, and transfer different kinds of data about you, grouped as follows:

  • Identity Data: Includes first name, last name, username or similar identifier, and title.
  • Contact Data: Includes billing address, business trading address, email address, and telephone numbers.
  • Business Data: Includes company name, legal entity structure, website URL, industry sector, and estimated monthly card turnover or payment processing volumes.
  • Technical Data: Includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
  • Usage Data: Includes information about how you use our website, products, and services.
  • Marketing and Communications Data: Includes your preferences in receiving marketing from us and our third parties and your communication preferences.

3. How We Collect Your Data

We use different methods to collect data from and about you, including through:

  • Direct interactions: You may give us your Identity, Contact, and Business Data by filling in forms or by corresponding with us by post, phone, email, or otherwise. This includes personal data you provide when you request a quotation or submit an inquiry on our site.
  • Automated technologies or interactions: As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions, and patterns. We collect this personal data by using cookies, server logs, Meta Pixels, and other similar technologies.

4. How We Use Your Data and The “Introducer” Clause

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

The Introducer Disclosure: The core function of CrestPay is to act as a broker/introducer. By submitting an inquiry, requesting a quote, or filling out a contact form on crest-pay.com, you explicitly acknowledge and agree that we will share your Identity, Contact, and Business Data with our trusted third-party partner, COALESCE CORPORATION LIMITED (SC842510). We do this under the lawful basis of fulfilling a contract (or taking steps at your request prior to entering into a contract) and legitimate interest.

COALESCE CORPORATION LIMITED will use this data to contact you directly via phone or email to discuss your payment processing requirements, provide quotations, and offer merchant services. Once your data is passed to them, they will act as an independent Data Controller of your information, and their respective privacy policy will apply to their processing of your data.

5. Disclosures of Your Personal Data

Other than COALESCE CORPORATION LIMITED, we may share your personal data with:

  • Service providers acting as processors who provide IT and system administration services (e.g., website hosting, CRM software).
  • Professional advisers acting as processors or joint controllers, including lawyers, bankers, auditors, and insurers based in the United Kingdom.
  • HM Revenue & Customs, regulators, and other authorities based in the United Kingdom who require reporting of processing activities in certain circumstances.

6. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties (like COALESCE CORPORATION LIMITED) who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

7. Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements. Typically, inquiry data is retained for 12 months after it has been securely passed to our partner, to ensure auditing and commission tracking can be completed.

8. Your Legal Rights

Under the UK General Data Protection Regulation (UK GDPR), you have rights under data protection laws in relation to your personal data, including the right to:

  • Request access to your personal data (commonly known as a “data subject access request”).
  • Request correction of the personal data that we hold about you.
  • Request erasure of your personal data (the right to be forgotten).
  • Object to processing of your personal data where we are relying on a legitimate interest.
  • Request restriction of processing of your personal data.
  • Request the transfer of your personal data to you or to a third party.
  • Withdraw consent at any time where we are relying on consent to process your personal data.

If you wish to exercise any of the rights set out above, please contact us. You also have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO.