Privacy Policy

Effective: February 2026

1. Important information and who we are

This privacy policy explains how Ensembl Payments Ltd (“Ensembl”, “we”, “us” or “our”) collects, uses and protects personal data when you use the Ensembl Payments platform, website and related services.

Ensembl is a UK-based payment orchestration platform built for funeral directors. We provide secure invoicing, payment collection and reconciliation tools designed specifically for the funeral profession.

Controller

Ensembl Payments Ltd

Company number: 16987053

Registered office address: 277 Ladybank Road, Mickleover, Derby, England, DE3 0RS

Ensembl Payments Ltd is the data controller for personal data relating to:

  • Funeral directors and their staff who use our platform

  • Visitors to our website

  • Business contacts and prospective customers

When processing payment data on behalf of funeral directors, including data relating to families or payers, Ensembl acts as a data processor. In those cases, the funeral director remains the data controller and determines how and why that personal data is processed.

If you have any questions about this privacy policy or how your personal data is used, you can contact us at privacy@ensemblpayments.com.

2. The personal data we collect

Personal data means any information that can be used to identify you directly or indirectly.

Depending on how you interact with Ensembl, we may collect, use and process the following categories of personal data.

Merchant and user account data

  • Name

  • Email address

  • Job title or role

  • Organisation name

  • Account ID and login credentials

  • IP address and authentication data

Payment and transaction data

  • Payer name

  • Email address

  • Telephone number if provided

  • Billing address if provided

  • Payment amount

  • Transaction ID and payment reference

  • Policy, case or arrangement reference number

  • Partial payment identifiers provided by our payment processor

Ensembl does not store or process full card numbers or full bank account details. All card and bank payments are processed securely by regulated third-party payment providers.

Technical and usage data

  • IP address

  • Browser type and version

  • Device type and operating system

  • Log-in timestamps

  • Platform activity and audit logs

  • Pages viewed and features used

Communications data

  • Support enquiries

  • Emails and messages sent to our team

  • Feedback and survey responses

We may also generate aggregated and anonymised data that does not identify any individual. This is used to monitor performance, improve the platform and understand usage patterns.

3. How your personal data is collected

We collect personal data in the following ways.

Information you provide to us

You provide personal data when you:

  • Create an account

  • Enter payment or invoice information into the platform

  • Submit payer details for payment processing

  • Contact our support team

  • Request a demo or commercial information

Funeral directors are responsible for ensuring they have the appropriate legal basis to share payer information with Ensembl for processing.

Automated collection

When you use the Ensembl platform or website, we automatically collect technical and usage data through:

  • Secure server logs

  • Authentication systems

  • Cookies and similar technologies where required by law

  • Event tracking within the platform

This data helps us:

  • Secure accounts

  • Prevent fraud and misuse

  • Monitor system performance

  • Maintain audit trails

  • Improve reliability and user experience

Third-party sources

We receive limited personal data from trusted third parties including:

  • Payment service providers, who confirm successful or failed transactions and provide transaction references

  • Banking partners for payout processing

  • Security and fraud prevention providers

  • Analytics providers, where data is aggregated

We do not buy personal data from data brokers or scrape personal data from public sources.

4. How we use your personal data

UK data protection law requires us to have a lawful basis for using your personal data. We rely on the following legal bases:

  • Performance of a contract

  • Legitimate interests

  • Legal obligation

  • Consent, where required

Below explains how and why we use personal data.

To provide and manage the Ensembl platform

  • Create and manage merchant accounts

  • Process payments on behalf of funeral directors

  • Generate invoices and payment links

  • Provide reporting and reconciliation tools

Lawful basis: Performance of a contract with funeral directors and legitimate interests in operating the platform.

To process transactions and payouts

  • Facilitate secure payment processing

  • Communicate payment confirmations

  • Manage payout cycles

  • Maintain transaction records

Lawful basis: Performance of a contract and legal obligation for financial record keeping.

To communicate with users

  • Respond to support enquiries

  • Send service updates

  • Notify users of security or platform changes

Lawful basis: Performance of a contract and legitimate interests.

To secure and improve the platform

  • Prevent fraud and misuse

  • Monitor system performance

  • Maintain audit logs

  • Improve features and usability

Lawful basis: Legitimate interests in protecting and improving our services.

Marketing communications

We may send information about Ensembl services to funeral directors or business contacts where permitted by law. You can opt out at any time.

We do not market to families or payers whose data is processed on behalf of funeral directors.

We do not sell personal data and we do not allow third parties to use Ensembl data for their own marketing purposes.

Identity verification and payment processing

To provide regulated payment services, Ensembl Payments Ltd works with authorised payment processing partners, including Ryft.

Where required to onboard a business or enable payment processing, we may collect and share personal data for the purposes of identity verification and regulatory compliance, including Know Your Business (KYB) and Know Your Customer (KYC) checks.

This may include:

  • Name, date of birth and contact details

  • Residential address

  • Business information

  • Ownership and director information

  • Identity documents such as passports or driving licences

  • Information required for anti-money laundering, sanctions screening and fraud prevention

This information is shared securely with our regulated payment processing partner for the purposes of:

  • Verifying identity

  • Meeting anti-money laundering and financial crime regulations

  • Enabling payment processing and settlement

  • Ongoing regulatory monitoring where required

The legal bases for this processing are:

  • Performance of a contract

  • Compliance with a legal obligation

  • Legitimate interests in preventing fraud and financial crime

Ryft operates as an independent data controller in respect of the regulatory and compliance processing it carries out. You should review Ryft’s own privacy policy for further details on how it processes personal data.

We only share the minimum information necessary and ensure appropriate contractual and security safeguards are in place.

5. Disclosures of your personal data

We only share personal data where necessary to operate Ensembl, provide our services or comply with legal obligations.

We may share personal data with:

  • Payment service providers who process card and bank payments

  • Banking partners who facilitate payouts

  • Cloud hosting providers

  • SMS or communication service providers

  • Security and fraud prevention providers

  • Professional advisers such as accountants, auditors or legal advisers

  • Regulators or law enforcement where required by law

All third parties who process personal data on our behalf are required to implement appropriate security measures and comply with data protection law.

We do not sell personal data.

If Ensembl Payments Ltd is sold, merged or restructured, personal data may be transferred as part of that transaction. Any new owner will be required to continue processing personal data in accordance with this privacy policy.

6. International transfers

Ensembl is operated from the United Kingdom.

Some of our service providers may process personal data outside the UK. Where this occurs, we ensure that appropriate safeguards are in place to protect personal data.

These safeguards may include:

  • Transfers to countries recognised by the UK as providing an adequate level of data protection

  • Use of approved international data transfer agreements or standard contractual clauses

We take steps to ensure that personal data receives an appropriate level of protection wherever it is processed.

7. Data security

We implement appropriate technical and organisational measures to protect personal data against accidental loss, unauthorised access, misuse, alteration or disclosure.

These measures include:

  • Encryption of data in transit

  • Secure hosting environments

  • Role-based access controls

  • Authentication and access management

  • Transaction monitoring and audit logging

  • Regular review of security practices

Payment data is processed by regulated payment service providers in accordance with applicable payment industry standards. Ensembl does not store full card numbers or full bank account details.

Access to personal data is limited to employees, contractors and service providers who need it to perform their role and who are subject to confidentiality obligations.

We maintain procedures to detect, investigate and respond to suspected personal data breaches. Where required by law, we will notify affected parties and the relevant regulator.

8. Data retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including providing services, complying with legal obligations and resolving disputes.

In general:

  • Account and billing records are retained for up to six years after account closure to meet UK tax and accounting requirements

  • Transaction and payment records are retained in accordance with financial record keeping obligations

  • Audit logs are retained for security and compliance purposes

  • Communications data is retained for as long as reasonably necessary to manage support and contractual relationships

Where data is deleted, it may remain in secure backup systems for a limited period as part of disaster recovery processes.

We may anonymise data so that it can no longer be associated with an individual. Anonymised data may be retained for analytical and service improvement purposes without time limit.

9. Your legal rights

Under UK data protection law, individuals have rights in relation to their personal data. These include the right to:

  • Request access to the personal data we hold about you

  • Request correction of inaccurate or incomplete data

  • Request deletion of your personal data in certain circumstances

  • Object to processing based on legitimate interests

  • Object to direct marketing at any time

  • Request restriction of processing in certain situations

  • Request transfer of your data to you or another provider

  • Withdraw consent where we rely on consent

If we process personal data on behalf of a funeral director as a data processor, requests relating to that data should normally be directed to the funeral director as the data controller. We will assist them in responding where required.

To exercise your rights, please contact us at privacy@ensemblpayments.com.

You will not usually have to pay a fee to exercise your rights. We may request information to verify your identity before responding.

We aim to respond to valid requests within one month.

10. Contact details

If you have any questions about this privacy policy, how we use personal data, or if you wish to exercise your data protection rights, you can contact us using the details below.

Email: privacy@ensemblpayments.com

Legal entity: Ensembl Payments Ltd

Company number: 16987053

Registered office address: 277 Ladybank Road, Mickleover, Derby, England, DE3 0RS

We may also provide additional contact details on our website for support or account-related enquiries.

11. Complaints

You have the right to lodge a complaint with the Information Commissioner’s Office if you believe we have not handled your personal data in accordance with data protection law.

Information Commissioner’s Office

Website: www.ico.org.uk

We would, however, appreciate the opportunity to address your concerns first, so please contact us directly before approaching the ICO.

12. Changes to this privacy policy

We keep this privacy policy under regular review and may update it from time to time to reflect changes in law, regulation, technology or how Ensembl operates.

When we make material changes, we will update the Effective date at the top of this policy and, where appropriate, notify users through the platform or by email.

It is important that the personal data we hold about you is accurate and up to date. Please inform us if your details change.

13. Third-party links

The Ensembl website or platform may contain links to third-party websites or services.

If you follow a link to a third-party site, that provider will process your personal data under their own privacy policy. We do not control those websites and are not responsible for their privacy practices.

You should review the privacy policies of any third-party websites before providing them with personal data.