On this page, we inform you about the types of data we collect when you visit our website (hereinafter Visitor), use our Merchant Admin Panel (hereinafter Merchant) or make a payment to an organisation affiliated with PAY. for which PAY. processes payments (hereinafter End User).
PAY. wants to inform you, as a Visitor, Merchant or End User of PAY., in a clear and transparent manner. We consider it our responsibility to protect your privacy.
In this privacy statement, we explain how we handle the processing of personal data. If you have any questions about our privacy statement, please contact us via email@example.com.
PAY. processes the personal data of Merchants and their representatives, as well as that of people who use PAY.’s services.
If you use PAY.’s services as a Merchant, we will process the following personal data:
Note: If you use PAY.’s services as a Merchant and decide to give your employees access to PAY.’s Admin Panel, you must inform them about the fact that you released personal data to PAY.
If you use PAY.’s services as an End User (meaning that you make a payment to a PAY. Merchant via PAY.'s platform), we will process the following personal data:
PAY. processes personal data because it is necessary to do so in order to provide our services. PAY. processes personal data for the following purposes:
PAY. does not record any personal data from it’s Merchants or End Users relating health, criminal matters, ethnicity, religious or political beliefs, unless absolutely necessary. A necessary example being if you make a payment to a pharmacy or to a political party. Information about your health or your political preference can be derived from this.
PAY. does conduct tests at warning systems such as the national reporting center for internet scams or websites, telephone numbers and e-mail addresses if they are negatively registered. We always keep a record of positive or negative reports in our system. This does not concern criminal data.
We request PAY. Merchants and End Users not to share any personal data with us, unless strictly necessary as described above. If you decide to share it with PAY, we will only process this data if this is necessary for our services.
Your personal data are carefully stored for no longer than necessary for the purpose for which they were processed, taking the legal retention period into account. At PAY., your personal data can only be accessed by employees who, given the nature of their function, must have access to these data. All PAY. employees have signed a confidentiality agreement. We do not share your personal data with third parties, unless this ties into the purpose for which you provided the data to us or to meet a legal obligation. Think of e.g. releasing your data to third parties in order to provide our payment services, such as offering payment-in-arrears methods for which the payment method in question needs your personal data to make payment in arrears possible. We may also share your data with the authorities in order to meet our legal obligation to do so. We will not sell or rent out your personal data.
In addition to the organisational measures that PAY. has taken to protect your personal data, i.e. your data are only accessible to PAY. employees who need such access due to the nature of their function, PAY. has also taken various technical measures to secure your data. Our data security measures are regularly assessed. PAY. has a PCI DSS Level 1 certification, among others. Since 2014, we are audited every year by a Qualified Security Assessor and an external accountant.
PAY. has adopted the position that it is a controller of the personal data of our Merchants under the provisions of the General Data Protection Regulation (GDPR), due to the fact that:
When it comes to processing transactions and therefore the personal data of End Users, PAY. is both a controller and a processor. PAY. has adopted this position due to the fact that:
As a controller:
As a processor:
For the cases in which PAY. acts as a processor of personal data, we have drawn up a processor agreement for our Merchants.
As a Merchant, Visitor or End User, you have the right to access, correct or delete your personal data that PAY. processes. PAY. will grant such requests as soon as we are able to verify your identity and determine that the request actually comes from you. Furthermore, we cannot grant your request if doing so would be in violation of PAY.’s legal obligations, e.g. pertaining to the retention period of data.
You can submit your request to firstname.lastname@example.org.
As a Merchant, you are responsible for your own data and the data you share with us for which PAY. acts as a processor. You must inform your customers of the fact that you use PAY. as a Payment Service Provider. You can do so in your own privacy statement. Your customers must accept both your general terms and conditions and your privacy statement.