Privacy Policy

Version 1.1

Last update: 3 September 2025

At Ontime, we are committed to protecting and respecting your privacy.

Our Approach to Privacy

This privacy policy sets out how we collect, store, process, transfer, share and use data that identifies or is associated with you ("personal information") when you use our website at www.ontime.co (or any other website operated by Ontime), use our services, enter into a commercial relationship with us or otherwise interact with us.

Where you use our services (in particular, to allow you to receive payments from your employer in order to pay third party billers), this privacy policy should be read alongside our terms and conditions.

About Us

Ontime is the trading name of Ontime Payments Limited (company no. 15474033) ("Ontime", "we", "our", or "us"). Ontime is the data controller of the personal information we hold about you.

Our registered and postal address is Spaces, 60 St. Martin's Lane, London, WC2N 4JS, United Kingdom.

We are registered as a data controller with the Information Commissioner’s Office under data protection registration number ZB684820.

Personal information we collect about you and how we use it

The table at the Annex sets out the categories of personal information we collect about you and how we use that information. The table also lists the legal basis which we rely on to process the personal information.

More generally, we:

collect personal information provided by your third-party biller, such as your name, date of birth, postal address, email address, mobile number, national insurance number and product reference to check your availability to use Ontime services;
collect personal information about you from third parties billers to which you owe payments (see (a) above), social networks, our advertising and marketing partners, research agencies (or their respective partners) (e.g. to test the services or for market research purposes) and our other partners where we carry out joint business activities; and
may also collect certain personal information automatically, including in relation to how you access and use our services, technical information regarding the device you use to access our website and the way in which you interact with our marketing (such as whether you open these). We may also automatically record telephone calls when you contact our customer services team by phone.

We use the information we collect about you to correspond with you, perform our agreements with you, carry out marketing activities and our day-to-day business activities and operations.

We may link or combine the personal information we collect about you and the information we collect automatically. This allows us to provide you with a personalised experience regardless of how you interact with us.

You may also provide us with personal information, such as your contact details, when interacting with Ontime generally by email, over the phone, at online and physical events or in the course of your and/or business activities.

We will indicate to you where the provision of certain personal information is required in order for us to provide you certain services. If you choose not to provide such personal information, we may not be able to provide the services you have requested.

Special categories of personal information

We do not generally seek to collect sensitive (or “special category”) personal information (which are racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a person, data concerning health or data concerning a natural person’s sex life or sexual orientation). However, we may process special categories of personal information where you have voluntarily chosen to submit that information to us (e.g. by email) and we will store such information in accordance with our data retention practices (see the [Data Retention section](#section-data-retention) below).

Anonymous data

We may anonymise and aggregate any of the personal information we collect about you (so that it does not directly identify you). We may use anonymised information for purposes that include testing our systems, research, data analysis, improving our service, promoting our service and developing new products and features. We may also share such anonymised information with others.

Data retention

We will store the personal information we collect about you for no longer than necessary for the purposes set out in the Annex in accordance with our legal obligations and legitimate business interests.

To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, as well as the applicable legal, regulatory, tax, accounting or other requirements.

Recipients of personal information

We may share your personal information with the following categories of recipients (as required in accordance with the uses set out in the Annex):

Third party biller: we will need to share your personal information (including your bill / loan / salary payment / repayment details) with the suppliers or lenders (or similar providers) to which you owe payments (and to which you have agreed to pay through your Ontime account).
Your employer (or payroll provider) as is needed to provide our services to you. For example, we need to share your national insurance number with the payroll provider to check your eligibility as an employee and to ensure this information matches with eligible employee records.
Service providers: we may share your personal information with third party vendors and other service providers that perform services for us or on our behalf, which may include providing mailing, marketing, advertising, fraud prevention, web hosting, payment gateway or analytics services.
Professional advisors: we may share your personal information with our lawyers, accountants, insurers and other professional advisors to the extent we need to (for example, to defend ourselves against legal claims).
Business partners: we may share your personal information (such as contact details) with our business partners where this is necessary in the normal course of our business.
Purchasers and third parties in connection with a business transaction: your personal information may be disclosed to third parties in connection with a transaction, such as a merger, sale of assets or shares, reorganisation, financing, change of control or acquisition of all or a portion of our business.
Research agencies (or their respective partners): if you have agreed to participate in a research group, user testing, collaboration exercise, questionnaire regarding the service, focus group or similar-type project in respect of the service, we may share certain information of yours with the research agency or our business partner (and/or their respective partner as appropriate) that requires your information as part of that project.
Law enforcement, regulators and other parties for legal reasons: we may share your personal information with third parties as required by law or if we reasonably believe that such action is necessary to
1. comply with the law and the reasonable requests of law enforcement;
2. detect and investigate illegal activities, unlawful activity and / or breaches of agreements; and / or
3. exercise or protect the rights, property, or personal safety of Ontime, its customers or others.
Other members of the Ontime group: (to the extent applicable) we may share your personal information with our group affiliates (for example, where they provide services on our behalf) or where such sharing is otherwise necessary in accordance with the uses set out in the Annex.

Marketing and Advertising

From time to time we may contact you with information about our services. We may also send you information regarding our other products and services we may offer from time to time, updates, offers, discounts and similar marketing (including related products and services of our partners such as third party billers, financial planning or fraud protection) which we believe you may be interested in.

Most marketing messages we send will be by email. For some marketing messages, we may use personal information we collect about you to help us determine the most relevant marketing information to share with you.

We will only send you marketing messages if you have given us your consent to do so, unless consent is not required under applicable law. Where you provide consent, you can withdraw your consent at any time, but without affecting the lawfulness of our processing based on consent before its withdrawal. In any case, you have the right to opt out of receiving electronic marketing communications from us by clicking on the ‘unsubscribe’ link at the bottom of our marketing communications.

Storing and transferring your personal information

Security. We implement appropriate technical and organisational measures to protect your personal information against accidental or unlawful destruction, loss, alteration or damage. All personal information we collect will be stored on our secure servers. We will never send you unsolicited emails or contact you by phone requesting your account ID, password, bank account details or national identification numbers.

International Transfers of your Personal Information. The personal information we collect may be transferred to and stored in countries outside of the UK where our third party service providers have operations. These international transfers of your personal information will be made pursuant to appropriate safeguards, such as adequacy decisions or standard data protection clauses adopted by the UK government. If you wish to enquire further about the safeguards used, please contact us using the details set out at the end of this privacy policy.

Your rights in respect of your personal information

In accordance with applicable privacy law, you have the following rights in respect of your personal information that we hold:

Right of access. You have the right to obtain access to your personal information.
Right of portability. You have the right, in certain circumstances, to receive a copy of the personal information you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your personal data to another data controller.
Right to rectification. You have the right to obtain rectification of any inaccurate or incomplete personal information we hold about you without undue delay.
Right to erasure. You have the right, in some circumstances, to require us to erase your personal information without undue delay if the continued processing of that personal information is not lawful or justified.
Right to restriction. You have the right, in some circumstances, to require us to limit the purposes for which we process your personal information if the continued processing of the personal information in this way is not justified, such as where the accuracy of the personal information is contested by you.
Right to withdraw consent. If you have provided consent to any processing of your personal information, you have a right to withdraw that consent, but without affecting the lawfulness of our processing based on consent before its withdrawal.

You also have a right to object to any processing based on our legitimate interests in certain circumstances. You can also object to our direct marketing activities for any reason by clicking the “unsubscribe” link set out in any marketing communication you receive.

Please note that the above rights are not absolute and we may be entitled to refuse requests, wholly or partly, where exceptions under the applicable law apply.

If you wish to exercise one of these rights, please contact us using the contact details at the end of this privacy policy.

You also have the right to lodge a complaint to your national data protection authority. If you are in the UK, information on how to contact the Information Commissioner is available at ICO website. We would of course prefer that you contact us first if you have any complaints or concerns regarding how we have used your personal information.

Cookies and similar technologies

Our website uses cookies and similar technologies to distinguish you from other users of our website. Please refer to our Cookie Policy for more information as to the way in which we use cookies on our website.

Links to third party sites

Our website, terms and policies may, from time to time, contain links to and from third party websites, including those of our business partners, advertisers, news publications and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for their policies. Please check the individual policies before you submit any information to the relevant data controller.

Changes to this policy

We may update this privacy policy from time to time and so you should review this page periodically. When we change this privacy policy in a material way, we will update the "last modified" date at the end of this privacy policy. Changes to this privacy policy are effective when they are posted on this page.

Notice to You

If we need to provide you with information about something, whether for legal, marketing or other business-related purposes, we will select what we believe is the best way to get in contact with you. We will usually do this through email or by placing a notice on our website (or both). The fact that we may send notices to you will not stop you from being able to opt out of certain types of contact as described in this privacy policy.

Contacting Us

If you have any questions, comments and requests regarding this privacy policy, you can contact us using one of the following methods:

By post:
FAO Chief Operating Officer
Spaces, 60 St. Martin's Lane, London, WC2N 4JS, United Kingdom

By email:
privacy@ontime.co

Annex - Personal information we collect

CATEGORY OF PERSONAL DATA	PURPOSE OF PROCESSING	LAWFULL BASIS FOR PROCESSING
Contact details (including first name, last name, email address and, where appropriate, home address), account preferences (including marketing and communication preferences) and customer unique ID.	To send you marketing and promotional content.	Consent or, where consent is not required under applicable law, it is in our legitimate interests to market relevant products and services in order to promote and grow our business.
	To send you information regarding changes to our policies, other terms and other administrative information such as reminders, technical notices, updates and security alerts.	It is in our legitimate interests to ensure that any changes to our policies, terms and other such technical updates are communicated to you.
	To contact you to help us with market research.	It is in our legitimate interests to request your feedback, or invite you to participate in a research (or similar) project in order to improve our services, better understand the needs of our customers, enhance the user experience and grow our brand.
Contact details and customer unique ID.	To provide you with information and materials that you request from us. To respond to your queries.	It is in our legitimate interests to respond to your queries and provide any information and materials requested in order to generate and develop business.
Contact details and customer unique ID.	To communicate with you as needed in relation to our services to you.	Such processing is necessary for the performance of our contract with you or in order to take steps at your request prior to entering into a contract.
Contact details, customer billing information (including customer bill / loan unique identifier and payment status and amounts), incentive offer details (see below) and customer unique ID.	To communicate customer and payment data with the third party biller in order to pay the relevant amount due to the biller.	Such processing is necessary for the performance of our contract with you or in order to take steps at your request prior to entering into a contract. Otherwise, such processing is in our legitimate interests to provide our services to you.
Contact details, employer / payroll provider details, national insurance number and customer unique ID.	To check your eligibility as an employee and in relation to payroll. To store data points of the depositor of funds (i.e. employer / payroll provider) for future validation of payments received. To ensure the appropriate amounts are deducted for the purpose of collecting the funds to pay the third party biller(s). To help ascertain the end of employment.	Such processing is necessary for the performance of our contract with you or in order to take steps at your request prior to entering into a contract.
Contact details, customer billing information, employer / payroll provider details, salary details and customer unique ID.	To provide our services, including administering and processing of transactions to pay the third party biller(s) and to ensure you are paid the remainder of your salary, and to process data which is ancillary to those services.	Such processing is necessary for the performance of our contract with you or in order to take steps at your request prior to entering into a contract.
Contact details, incentive offer details (e.g. cashback or discount) and customer unique ID.	In the event you are offered with incentives (such as lower priced APRs on credit or cashback), to present the incentive and to facilitate the necessary transactions.	Such processing is necessary for the performance of our contract with you or in order to take steps at your request prior to entering into a contract.
Vulnerable customer information (including material reduction in salary paid, biller data of impairment of account and (where applicable) information provided directly by you) and customer unique ID.	To provide the necessary support and inform the relevant third party biller(s) regarding the vulnerability.	It is in our legitimate interests to guide our customers as appropriate and to support third party biller(s) as is needed to support customers.
Technical information (including IP address, browser type, internet service provider, device identifier, your login information, time zone setting, browser plug-in types and versions, preferred language, activities, operating system and platform, and geographical location); and usage data (including clickstream to, through and from the website, pages you viewed and searched for, page response times, length of visits to certain pages, referral source/exit pages, page interaction information (such as scrolling, clicks and mouse-overs), date and time pages are accessed, and website navigation and search terms used).	To administer our website including resolving technical issues, troubleshooting, data analysis, testing, research, statistical and survey purposes. To improve our website to ensure that content is presented in the most effective manner for you and your computer, mobile device or other item of hardware through which you access our website. To help create and maintain a trusted and safe environment on our website. To ensure that you are provided with marketing and advertising that is in line with your preferences.	Consent (to the extent required under applicable laws). Where consent is not required, such processing will be carried out on the basis of our legitimate interests to improve our website and services, provide a safe and secure environment for our customers, resolve issues for customers and develop and grow our brand.
Contact details, account preferences, technical information and usage data, customer unique ID and any other data as required for the project.	If you have agreed to participate in a research group, user testing, collaboration exercise, questionnaire regarding our services, focus group or similar-type project in respect of our services, we may use certain information of yours and where relevant share it with the research agency or our business partner (and/or their respective partner as appropriate) for the purposes of that project. Such purposes may include (but are not limited to): analysis of data (e.g. output or feedback) for the purposes of the project determining whether you have participated in accordance with our rules or terms (or the rules or terms of the relevant third party)	It is in our legitimate interests (and the legitimate interests of the third party conducting the research) to ensure the project is conducted appropriately and successfully and, ultimately, to improve our services, better understand the needs of our customers, enhance the customer experience, inform our marketing strategy, gather feedback and/or develop and grow our brand.
Contact details (including name and phone number), telephone recordings	To record your calls with our customer services team to comply with applicable laws or otherwise as permitted by law.	Compliance with a legal obligation. Otherwise, to pursue our legitimate interests to establish the existence of facts relevant to the business (e.g. to keep a record of instructions given over the phone) and to monitor that our training and quality standards are being maintained.
If you are representing a business, work contact details such as your name, surname, email address, telephone number, job title, mailing address/place of work.	To enter into a business relationship with you and to manage our ongoing business relationship with you.	Such processing is in our and your legitimate interests to enter into, and manage, a business relationship with you and ensure the organisation you represent is provided with our services in accordance with our contract with that organisation.
Any and all personal data mentioned above.	Compliance with any legal and / or regulatory requirements.	Compliance with a legal obligation.
Any and all personal data mentioned above.	To exercise or protect the rights, property, or personal safety of Ontime, its customers, staff or others	To pursue our legitimate interests in protecting the rights, property, or personal safety of Ontime, its customers, staff or others (including for the purpose of establishing, exercising or defending our legal rights).

Current version

Download

Previous version

Download