Privacy policy

1. Introduction

This privacy policy explains our privacy practices here at SMD Webtech Limited., a company incorporated in England & Wales having its registered office at #71-75, Shelton Street, Convent Garden, WC2H 9JQ, London with company number 13293172.

Please read this privacy policy carefully as it contains important information on who we are and how and why we collect, store, use and share any information relating to you (your personal data) in connection with your use of our website. the GetVirtualCard platform, and any services provided by us. It also explains your rights in relation to your personal data and how to contact us or a relevant regulator in the event you have a complaint.

GetVirtualCard is a data processor for the purpose of providing the GetVirtualCard Platform and Service. Either the Customer or the Payment Service Provider is the data controller.

GetVirtualCard is the data controller for any data collected via the GetVirtualCard website.

Given the nature of our website, we do not expect to collect the personal data of anyone under 18 years old. If you are aware that any personal data of anyone under 18 years old has been shared with our website, please let us know so that we can delete that data.

If you have any questions about how we protect or use your data, please email us at

2. What this policy applies to

This privacy policy relates to your use of our website, the GetVirtualCard platform, and any services we provide to you. The privacy policy does not apply to any information gathered by any service provider, card services provider or other third party you link to through the website or GetVirtualCard platform which will be processed by them in accordance with their privacy policies.

3. Personal data we may collect about you and how we collect it

The personal data we collect

The personal data we collect about you depends on the activities carried out through our website and or the GetVirtualCard platform. We may collect and use the following personal data about you which we have grouped together as follows:

  • Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
  • Contact Data includes billing address, delivery address, email address and telephone numbers.
  • Financial Data includes bank account and payment card details.
  • Transaction Data includes [details about payments to and from you and other details of products and services you have purchased from us.
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
  • Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
  • Usage Data includes information about how you use our website, the GetVirtualCard platform and services.
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

We also collect, use, and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter with you (for example, to provide you with a GetVirtualCard account). In this case, we may have to cancel service you have with us, but we will notify you if this is the case at the time.

How is your personal data collected?

We use different methods to collect data from and about you including through:

  • Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by phone, email or otherwise. This includes personal data you provide when you:
  • Register to use our services;
  • create a GetVirtualCard account;
  • request marketing to be sent to you;
  • report a problem to us;
  • enter a competition, promotion or survey; or
  • give us feedback or contact us.
  • Automated technologies or interactions. As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies.
  • Third parties or publicly available sources. We will receive personal data about you from various third parties and public sources as set out below:
  • Contact and Profile Data from your employer where they have contracted with us for our services;
  • Contact Financial and Transaction Data form banks, technical, and payment service providers;
  • Identity and Contact Data from publicly available sources [such as Companies House and the Electoral Register based inside the UK;
  • Identity, Contact, and Financial Data from credit reference agencies;
  • Identity, Contact, and Technical Data from advertising networks and analytics providers.

4. Uses made of the information

We use your information when the law allows us to in the following ways: (a) to carry out our obligations relating to your contracts with us and to provide you with the information, products and services that you request from us; ‍ (b) to comply with any applicable legal and/or regulatory requirements; ‍ (c) where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests

Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us

Purposes for which we will use your personal data

We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground, we are relying on to process your personal data where more than one ground has been set out Purpose/Acivities such as dentity,Contacts,Profile,Marketing and Communication,Usage and Technical.


We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.

Promotional offers from us

We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).

You will receive marketing communications from us if you have requested information from us or purchased services from us and you have not opted out of receiving that marketing.

Third-party marketing

We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.

Opting out

You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time.

Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of [a product/service purchase service experience or other transactions].

5. Disclosure of your information

We may share your personal data with selected third parties where we have a lawful basis to do so including: ‍ (a) companies within our group of companies, located in or outside of the United Kingdom and European Union, for the supply of our Services; ‍ (b) affiliates, business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you including employers who subscribe to our services, service providers who offer their products through the GetVirtualCard platform and ; ‍ (c) analytics and search engine providers that assist us in the improvement and optimisation of our site. ‍ (d) fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance, or employment. Such decisions may be part of an automated process. Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights.

(e) affiliates, business partners, suppliers and sub-contractors who may be in a position to offer related services to you and you have consented to be contacted by them. ‍

We may disclose your personal information to third parties: ‍ (a) in order to provide our Services to you, in which case we may share your personal data with other companies of our group or with our business partners, located in or outside of the European Union; ‍ (b) in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets; ‍ (c) if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms and conditions which regulate the relationship between you and us and other applicable agreements; or to protect the rights, property, or safety of GetVirtualCard , our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction; ‍ (d) to assist us in conducting or co-operating in investigations of fraud or other illegal activity where we believe it is reasonable and appropriate to do so; ‍ (e) to prevent and detect fraud or crime; ‍ (f) in response to a subpoena, warrant, court order, or as otherwise required by law; ‍ (g) to assess financial and insurance risks;

(h) to recover debt or in relation to your insolvency; and ‍ (i) to develop customer relationships, services and systems.

6. International transfers

Many of our external third parties are based outside the UK so their processing of your personal data will involve a transfer of data outside the UK.

Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data.
  • Where we use certain service providers, we may use specific contracts approved for use in the UK which give personal data the same protection it has in the UK.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK

7. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

8. Data retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by contacting us.

9. Your Rights

You generally have the following rights, which you can usually exercise free of charge:

Access to a copy of your personal data - The right to be provided with a copy of your personal data

Correction (also known as rectification) - The right to require us to correct any mistakes in your personal data

Erasure (also known as the right to be forgotten) - The right to require us to delete your personal data—in certain situations

Restriction of use - The right to require us to restrict use of your personal data in certain circumstances, eg if you contest the accuracy of the data

Data portability - The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations

To object to use

The right to object:

- At any time to your personal data being used for direct marketing (including profiling)

- In certain other situations to our continued use of your personal data, eg where we use your personal data for our legitimate interests unless there are compelling legitimate grounds for the processing to continue or the processing is required for the establishment, exercise or defence of legal claims

Not to be subject to decisions without human involvement - The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you. We do not make any such decisions based on data collected by our website

The right to withdraw consents - If you have provided us with a consent to use your personal data you have a right to withdraw that consent easily at any time. You may withdraw consents by contacting us. Withdrawing a consent will not affect the lawfulness of our use of your personal data in reliance on that consent before it was withdrawn

10. Changes to our privacy policy

Any changes we may make to our privacy policy will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.

11 . Contact

Questions, comments, and requests regarding this privacy policy are welcomed and should be addressed to

12. How to complain

Please contact us if you have any queries or concerns about our use of your personal data. We hope we will be able to resolve any issues you may have.

Email to us: