- companies and organisations that assist us in processing transactions you make (including
but not limited to payment processing service providers) and in providing services that you
have requested;
- companies and organisations that run and manage the card program;
- identity verification agencies to undertake required verification, regulatory and fraud
prevention checks;
- payment card manufacturers;
- information security services organisations, web application hosting providers, network
backup service providers and software/platform developers;
- document destruction providers;
- anyone to whom we lawfully transfer or may transfer our rights and duties under this
agreement;
- any third party as a result of any restructure, sale or acquisition of TPL or any associated
entity, provided that any recipient uses your information for the same purposes as it was
originally supplied to us and/or used by us.
- regulatory and law enforcement authorities, whether they are outside or inside of the EEA,
where the law requires us to do so.
Sending personal data overseas
To deliver services to you, it is sometimes necessary for us to share your personal information
outside the European Economic Area (EEA), e.g.:
with service providers located outside the EEA;
if you are based outside the EEA;
where there is an international dimension to the services we are providing to you.
These transfers are subject to special rules under European and Gibraltar data protection law.
These non-EEA countries do not have the same data protection laws as Gibraltar and EEA. We
will, however, ensure the transfer complies with data protection law and all personal
information will be secure. We will send your data to countries where the European
Commission has made an adequacy decision, meaning that it has ruled that the legislative
framework in the country provides an adequate level of data protection for your personal
information. You can find out more about this here.
Where we send your data to a country where the European Commission has not made an
adequacy decision, our standard practice is to use standard data protection contract clauses
that have been approved by the European Commission. To obtain a copy of those clauses,
please go to the European Commission’s website.
We transfer your data to the United States of America. Please go to the Privacy Shield website
in order to find out more about the EU Commission-approved safeguards in place for that
data transfer.