1. Personal data we collect
The personal data may be collected in different ways, when: you visit one of our websites, request information about our services, fill-in online contact forms, participate to promotions, apply for a merchant account with us through our sites, conduct a transaction on one of our merchants’ websites or application through our payment page, contact us by e-mail, respond to our emails, telephones, questionnaires or surveys. We also may receive information from other sources, such as our merchants, partners, financial service providers, identity verification services and publicly available sources.
Whenever we use your personal data, we will have a legal basis to do this. For example, you have asked us to provide with information about our services, you have asked us to provide to you our services, we have a legal obligation to do so or a legitimate interest in using your personal data, and/or the processing is necessary for the performance of a task carried out in the public interest.
The personal data that we may collect includes: merchant personal data, such as name, address, telephone number, e-mail address, ID/Passport details regarding merchant’s legal representatives, shareholders, ultimate beneficial owners that are natural persons (such data is collected before entering in a contractual relationship with us and during such relationship); or customer personal data, such as customer name, contact details and transaction data (such data may be collected through the payment page or when making a transaction or received from the merchant from whom you buy goods or services).
2. How we use information we collect
We use information we collect about you to provide you with information about our services, to offer you our services, to detect and prevent fraud, to promote, analyse and improve our products and services or to notify you about changes to our products and services.
These are examples of how we may use personal data: (i) process payment transactions and provide our services; (ii) verify identity for fraud and risk mitigation or compliance purposes; (iii) evaluate an application from a prospective merchant to use our services; (iii) manage risk, or to detect, prevent, and/or mitigate fraud or other potentially illegal or prohibited activities; (iv) respond to inquiries and provide customer support (for example in relation to chargebacks or returns); (v) for audits, regulatory purposes, and compliance with industry standards; (vi) to send newsletters, marketing communications to you; or (vii) to develop new products and to improve or modify our services.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data, like: public interest, legal obligation (necessary for compliance with a legal or regulatory obligation), performance of a contract (necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering into a contract) when you gave us your consent to do so or our legitimate interest.
3. Disclosure of information
Generally, we collect, store and process personal data on servers located in the European Union. We might share your personal data with our partners and contractors, including: (i) affiliated entities that we control or are under common control, to provide our services; (ii) services providers who enable us to provide the services, with things like payment processing (such as, financial institutions, alternative payment method operators, processors, acquiring banks), website hosting, information technology and related infrastructure, customer service providers, advertising agencies, email delivery, fraud prevention and risk mitigation; (iii) alternative payment method schemes to provide our services under their rules and regulations; and (iv) our merchants, as necessary to process transactions or provide the services (for example transaction information about the purchases made by customers through our services). We may also disclose your personal data to third parties if we are under a duty to disclose or share your personal data in order to comply with a legal obligation or a court order.
4. Cross-Border transfer
The personal data that we collect from you, and which is shared with the third parties mentioned above, may be transferred to and processed in a destination outside of the European Economic Area (EEA). It may also be processed by staff operating outside the EEA who work for us or one of our suppliers. In these circumstances, your personal information will only be transferred on one of the following bases: (i) the country that we send the data is approved by the European Commission as providing an adequate level of protection for personal information; or (ii) the recipient has agreed with us standard contractual clauses approved by the European Commission, obliging the recipient to safeguard the personal information; or (iii) there exists another situation where the transfer is permitted under applicable data protection legislation (for example, where a third-party recipient of personal data in the United States has registered for the EU-US Privacy Shield).
We maintain appropriate administrative, technical and physical safeguards to protect personal information against accidental or unlawful destruction, accidental loss, alteration, unauthorized disclosure or access, use, and all other unlawful forms of processing of the personal data in our possession. The security of your Personal Information is important to us, but remember that no method of transmission over the Internet, or method of electronic storage, is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security. If any information under our control is compromised as a result of a breach of security, we will take reasonable steps to investigate the situation and, where appropriate, notify those individuals whose information may have been compromised and take other steps, in accordance with any applicable laws and regulations.
6. Data retention period
7. Third party websites
Our websites may, from time to time, contain links to and from the websites of third parties. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these third party websites.
When you access our websites or use our services, we or our authorised services providers may place small data files on your computer or other device. These data files may be cookies, pixel tags or “flash cookies” (collectively “cookies”). The cookies set may obtain information about you, your computer or device, your use of our website and your general internet usage. These technologies help to make it easier for you to log on and use the websites, to recognize you as a customer, provide feedback to us as to which parts of the website you visit, so we can assess the effectiveness of the site and provide a better, faster, and safer experience, advertising purposes, measure promotional effectiveness, help ensure that your account security is not compromised, mitigate risk and prevent fraud.
The types of cookies that we use generally fall into one of four usage categories:
Strictly Necessary cookies
These cookies are essential and are required for the operation of our website. They enable you to navigate around the website and use its features. They include, for example, cookies that enable users to log into secure areas of our websites.
These cookies collect information about how you use the website, including which pages you go to most often and if you get error messages from certain pages. This assists us to improve the way in which our website works, for example, by ensuring that you can find what you are looking for easily.
These cookies allow a website to remember your preferences (for example, your choice of language or region). They are used to recognize you when you return to our website.
These cookies record your visit to our website, the individual pages visited and the links followed. These cookies are used to tailor marketing to you and your interests. Information collected by tracking cookies is commonly used to target online advertising. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign.
We may use third parties, such as advertising networks and exchanges, to allow us to serve you advertisements. These third-party ad networks and exchange providers may use third-party cookies, web beacons, or similar technologies to collect information about your visit to our site and elsewhere on the Internet. The information that these third parties collect may be used to provide you with more relevant advertising on our sites or elsewhere on the web. Third party cookies are covered by the third-parties’ privacy policies.
(i) Pixel tags, also known as Web Beacons and clear GIFs, may be used in connection with some Services to, among other things, track the actions of website users (such as email recipients), measure the success of our marketing campaigns and compile statistics about usage of the Services and response rates.
(iii) Flash Cookies – we may use Adobe Flash and other technologies to, among other things, collect and store information about your use of the Services. If you want to block or control flash cookies, you can adjust your settings.
Cookie management and control
Cookies can normally be disabled or deleted from the cookie folder of your browser. You may be able to configure your browser not to accept cookies, although please note that this may affect your ability to use the services we provide and affect the website’s functionality.
9. Your choices and rights
If you no longer want to receive marketing-related emails from us, you may opt-out via the unsubscribe link included in such emails. We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt-out of receiving marketing-related emails from us, we may still send you important administrative messages that are required to provide you with our services.
Generally, you have certain rights under the applicable data protection legislation in respect to your personal datal such as the right of access, right to rectification, right to restriction, right to opposition, erasure, right to data portability, or right to make a complaint to the national competent authority.
If you would like to ask us about your rights or to review, correct, or update personal data that you have previously disclosed to us, you may do so by signing in to your merchant account or by contacting us at: firstname.lastname@example.org.
If emailing us your request, please make clear in the email what personal data would like to have changed. Note that we may have to review your identity and full details of your request, before we process any request. We will try to comply with your request as soon as reasonably practicable.
10. Data processor
We might process personal data about the customers when acting as the merchant’s services provider. Our merchants are responsible for making sure that the customer’s privacy rights are respected, including ensuring appropriate disclosures about third party data collection and use. To the extent that we are acting as a merchant’s data processor, we will process personal data in accordance with the terms of our agreement with the merchant, the merchant’s lawful instructions and applicable data protection legislation and rules.
12. Contact us