This section should be read together with our main Privacy Statement, available at:

Our use of Microsoft Dynamics 365, Including Dynamics Customer Voice

We use Microsoft Dynamics 365, including Dynamics Customer Voice, to support our customer management, onboarding, due diligence, service delivery, and continuous improvement activities. This forms part of our standard operational processes and is fully aligned with allpay’s overarching approach to data protection as set out in our Privacy Statement.

What personal data we process in Dynamics 365 and Customer Voice

Depending on how you interact with us and the services we provide, we may process:

Identity and verification information

• Name, address, date of birth
• Identification documents and verification outcomes
• Information provided for Customer Due Diligence (CDD) and compliance with financial crime regulations

Contact and account information

• Email address, phone number, postal address
• Customer reference numbers, account details and service identifiers

Onboarding and CDD information

• Information obtained during identity checks
• Risk assessments and onboarding decisioning notes
• Records required under the Money Laundering Regulations or other regulatory obligations

Service, case and interaction information

• Communications with our teams
• Information relating to enquiries, issues, complaints or service requests
• Notes and records used to manage your account and support ongoing service delivery

Feedback and survey information

• Responses to Customer Voice surveys
• Voluntary information you choose to provide
• Metadata such as submission date or communication channel

System and technical information

• System‑generated IDs and audit logs
• Device and channel details where required for security and service monitoring

Why we use Dynamics 365 and Customer Voice

We use this platform to:

• Onboard customers and complete CDD/KYC checks
• Manage accounts, interactions and service delivery
• Meet legal and regulatory obligations (including financial crime prevention)
• Monitor and improve service quality and customer experience
• Record communications, decisions and actions for operational governance
• Collect feedback to support service improvements

These activities are part of allpay’s standard business operations, consistent with our main Privacy Statement.

Lawful basis for processing

Processing within Dynamics is conducted under one or more of the following lawful bases, in line with our Privacy Statement:

• Legal obligation – including CDD, financial crime checks and regulatory reporting
• Contract – to provide services and manage your account
• Legitimate interests – to operate, monitor and improve our services
• Consent – where we ask you to opt in (e.g. optional surveys)

How your data is stored and protected

Dynamics 365 and Customer Voice are hosted within Microsoft’s secure cloud environment within the EEA. Microsoft acts as a data processor for allpay and processes data only under our instructions and in compliance with UK data protection law.

Appropriate technical and organisational measures are in place, including encryption, access controls, audit logging and monitoring.

International transfers

Where information is stored or accessed outside the EEA we apply approved safeguards such as Standard Contractual Clauses or the UK International Data Transfer Agreement. Further detail can be found in our main Privacy Statement.

Retention

Data held in Dynamics is retained in line with allpay’s corporate retention schedules. Some information may be anonymised for trend analysis or reporting.

Your rights

Your rights and how to exercise them are described in our main Privacy Statement:
https://www.allpay.net/policies/privacy-statement/