Privacy Policy | Pay.com

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

Contact Data: includes address, email address and telephone numbers.

Identity Data: includes first name, maiden name, surname, username or similar identifier, marital status, title, date of birth, ID number, nationality, place of birth, tax registration number, role/position

KYC Information: if we need to verify your identity where you are a Representative, we will ask you to provide one or more of the following:

a copy of your identity card (such as a driving licence) or passport together with a photo of yourself;
proof of address (such as a utility bill or bank statement);
business information (such as a certificate of incorporation, memorandum & articles of association, share certificate, register of directors, authorised signatory list, position, and identification documents for shareholders, directors and authorised signatories); and/or
PEP declaration;

Technical Data: includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website, the Pay.com merchant platform or other Pay.com applications. This is done by using Javascript or Cookies. Please see our Cookies Policy for more information about how we use Cookies.

Usage Data: includes information about how you use our website, products and services.

Security Information: When you register for a Pay.com account you may be required to create a password and provide answers to security questions.

Payment Information: Where you are an End Customer, to enable you to make payments we collect details such as card details.

EDD information: Where you are a Representative, sometimes we need to ask you for information to verify the source of your funds or wealth, or to conduct enhanced due diligence in accordance with our legal requirements (EDD Information). This will depend on the situation and we will make it clear to you at the time what information we require from you.

Marketing and Communications Data: includes your preferences in receiving marketing from us and other third parties and your communication preferences

Voluntary Information: We will collect any other personal data that you voluntarily provide to us if you communicate with us, for example by corresponding with us (by phone, email, post or social media) or by taking part in competitions, promotions or surveys.

Criminal convictions data: Where you are a Representative, to the extent permitted by applicable laws we may be required to collect and process information about criminal convictions and offences you for the purposes of preventing money laundering or terrorist financing.

We may also collect, use and share “Aggregated Data” such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

Where we need to perform the contract we are about to enter into or have entered into with you.
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Where we need to comply with a legal obligation.

Each section below describes specific scenarios that we will use your personal data for.

Providing Pay.com services to your or your business

For example, we use your personal data to set up and administer your accounts. We also use your personal data to enable you to log into your account and use Pay.com applications and features.
We use your Identity Data, Contact Data and Technical Data to contact you with transactional and service messages (including by push notifications), to provide you with information such as password reminders or to let you know if Pay.com is experiencing technical issues.
Where you are an End Customer, we use your Payment Information to carry out your instructions to allow you to make and receive payments through Pay.com.

Identity verification and due diligence

We use your personal data to comply with our legal and regulatory obligations. This includes verifying your identity; conducting anti-money laundering checks; transaction monitoring; sanctions and politically exposed persons screening; fraud prevention, detection and reporting; and cooperating with external investigations where required.
If you fail one of our identity verification or screening checks as set out above, we may not be able to open an account for you or continue providing services to you or your business.

Corresponding with you

We use your personal data to enable us to respond to your queries, complaints or comments and to make sure that these are appropriately dealt with. We also use this information to enable you to participate in any competitions or promotions that you enter and to collate responses to surveys that you have responded to.

Analysing and improving Pay.com

We use your personal data to help us improve and develop our business, website, products and services. This helps us to make sure that we are providing you with the best possible service.

Marketing and promotional offers from us

We may use your personal data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).
We will obtain your consent in a way that is compliant with data protection laws, either by asking you for your express consent, or by obtaining an implied consent where you are an existing customer and we are marketing our own similar products and services to you.
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising

Third-party marketing

We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.

Opting out

You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time.
Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us which we need to use for another reason as set out above.

Managing risks and enforcing our rights

We use your personal data to manage and enforce our rights, terms of use or any other contracts with you (and/or your business), including to manage any circumstances where payments are disputed; to investigate and resolve complaints; or to recover debts owed to us.
We also use your personal data to manage and mitigate our credit risks, financial exposure and terms of business.

Prevention and detection of illicit activity

We use your personal data to prevent and/or detect financial crime, terrorism and other illicit (e.g. criminal, unlawful or illegitimate) activities to comply with our legal and regulatory obligations, manage our risk exposure and protect our business, customers and the integrity of the financial system.

Compliance with applicable laws and regulations

Where required we will use your personal data to comply with applicable laws and regulations, requests from law enforcement bodies and regulatory authorities and tax reporting obligations.
Where required we will also use your personal data to establish, exercise or defend legal claims, or to protect your vital interests or those of other persons, for example to help those authorities or other organisations in the fight against crime and terrorism.

Data protection law says that we have to tell you the "legal basis" that we rely on to process your personal data for the purposes that we have notified to you.

7.1 End Customers

7.1(a) Processing purpose

To provide our Services to Business Users, including to process online payment transactions or in-person checkout, to calculate applicable sales tax, to invoice and bill, and to calculate their revenue.

If you are an End Customer, when you make payments to, send shopping cart reminders, get refunds from, begin a purchase or otherwise transact with a Business User through Pay.com’s services or a Pay.com -provided device, Pay.com will receive your transaction information. Depending on how the Business User has integrated our services, we may receive this information directly from you, the Business User or another service provider to you or the Business User.

7.1(a) Categories of personal data

Transaction Information. Your name, email, billing and/or shipping address, payment method information (such as credit or debit card number), merchant, purchase amount, date of purchase, and in some cases, some information about what you have purchased, phone number and tax-related ID. The payment method information that we collect will depend upon the payment method that you choose to use from the list of available payment methods offered by the Business User as part of the “checkout” process for your purchase. We may also receive your transaction history with the Business User.

Transaction-Related Information / Purchase Interests. Information typed into a checkout field that is not ultimately submitted to the Business User.

7.1(a) Legal bases

Our legitimate interests in providing the Pay.com service, including processing payments, implementing fraud thresholds chosen by the Business User, and in verifying payment methods.

7.1(b) Processing purpose

Verification Information - Information about you being the person who is authorized to use a payment method.

7.1(b) Legal bases

Our financial and regulatory obligations.

7.1(c) Processing purpose

We will use Personal Data about your identity, including information that you provide, to perform verification services for our own purposes and for Business Users that you are doing business with and to reduce fraud and enhance security.

7.1(c) Categories of personal data

We will use information from our service providers and our Services.

7.1(c) Legal bases

Our legitimate interests in detecting, monitoring and preventing fraud and unauthorized payment transactions

7.1(d) Processing purpose

We use personal data of End Customers to detect and prevent fraud for Business Users, including to detect fraudulent payment cards. In providing such services, we may provide Business Users that have requested such services with limited personal data about End Customers so that the Business Users can assess the fraud risk associated with an attempted transaction by its End Customer.

7.1(d) Categories of personal data

Transaction information. This includes: name, email address, billing and shipping address, payment method information (such as credit or debit card number), merchant, purchase amount, date of purchase, and in some cases, some information about what you have purchased, email address, phone number and tax-related ID.

This includes web browsing information, usage data, referring URLs, location, cookies data, device data and identifiers, and IP address.

7.1(d) Legal bases

Our legitimate interests in detecting, monitoring and preventing fraud and unauthorized payment transactions.

7.1(e) Processing purpose

Compliance and Harm Prevention - We share personal data as we believe necessary: (i) to comply with applicable law, (ii) to comply with rules imposed by payment method in connection with use of that payment method; (iii) to enforce our contractual rights; (iv) to secure or protect the Services, rights, privacy, safety and property of Pay.com, you or others, including against other malicious or fraudulent activity and security incidents; and (v) to respond to valid legal process requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include authorities outside your country of residence.

7.1(e) Categories of personal data

Any personal data we process.

7.1(e) Legal bases

Our legal obligations where disclosures are necessary to comply with our legal obligations.

Our legitimate interest in keeping Pay.com secure, preventing a breach of the law, harm or crime, enforcing or defending legal rights, claims, or obligations, facilitating the collection of taxes and prevention of fraud or preventing loss or damage.‍

‍
7.2 Representatives

7.2(a) Processing purpose

Reduce fraud and enhance security. We will use personal data about your identity, including information that you provide, to perform verification services.

7.2(a) Categories of personal data

Onboarding and verification information that you choose to share for these purposes, which may include your government ID, photo and live image.

7.2(a) Legal bases

Our legal obligations in respect of our financial and regulatory obligations. We process Personal Data to verify the identity of the Representatives of our Business Users in order to comply with fraud monitoring, prevention and detection obligations, laws associated with the identification and reporting of illegal and illicit activity, such as AML (Anti-Money Laundering) and KYC (Know-Your-Customer) obligations, and financial reporting obligations.

7.2(b) Processing purpose

Advertising. We may use and share Representative Personal Data with others so that we may advertise and market our products and services to you, including through interest-based advertising subject to any consent requirements under applicable law.

7.2(b) Categories of personal data

Contact information including: name, email address, work phone number, and job title.

Connection data such as IP address, and web behavior (page visited, length on page, etc.)

7.2(b) Legal bases

Consent

7.2(c) Processing purpose

Communications. We may send you email marketing communications about Pay.com products and services, invite you to participate in our events or surveys, or otherwise communicate with you for marketing purposes, provided that we do so in accordance with applicable law, including any consent or opt-out requirements.

7.2(c) Categories of personal data

Contact information such as your name, email address, phone number.

7.2(c) Legal bases

Consent

7.3 Visitors

7.3(a) Processing purpose

Communications. We use any contact information that you provide to us to respond to any inquiries or requests for information you made; and if you have asked about us or our services, to send you marketing emails by either asking for your consent or providing you an opt out in any messages we send.

7.3(a) Categories of personal data

Contact information such as your name, email address, phone number.

Information you have provided to us, such as the products you are interested in.

7.3(a) Legal bases

Consent

Our legitimate interests in responding to inquiries, sending service notices and providing customer support.

7.3(b) Processing purpose

Advertising. When you visit www.pay.com, we (and our service providers) may use Personal Data collected from you and your device to target advertisements for Stripe Services to you on our Sites and other sites you visit (“interest-based advertising”).

7.3(b) Categories of personal data

Information collected from cookies such as your device, browser ID, and pages on our website which you have visited.

7.3(b) Legal bases

Consent

Our legitimate interest in undertaking marketing activities to offer you products or services that may be of interest to you.

Pay.com is a group of companies. We share personal data with our group companies in the UK, the EEA and Israel to provide customer support services, software development and IT services. The European Commission has declared that Israel provides equivalent protection to personal data to that provided by the EEA.

Pay.com complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Pay.com has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Pay.com has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/

We share personal data with third parties in the following circumstances:

with providers within our banking and payment network to enable you to upload funds, make and receive payments and withdraw funds; these providers include banks, acquirers, alternative payment providers and account information service providers,
with banks, credit institutions and other financial institutions outside our banking and payment network (where allowed under any terms of use or other contract) who may process payments and who are not operating under our control nor for whose actions or omissions we have liability. These include the account provider where the sender or recipient (and their businesses, respectively) of a payment maintain their account(s), alternative payment schemes and any other financial institutions
where we provide services through third parties such as banks and other organisations, we may be required to disclose your information (including any KYC Information and EDD Information) with such organisations in order to assist their regulatory obligations or risk assessments.
with third party service providers who provide a range of services to us to enable us to run our business; this includes our IT and hosting providers, cloud storage providers, email platforms, contact relationship management system, customer service support, suppliers who provide screening and transaction monitoring services, credit reference agencies (to carry out credit checks and/or identity checks), URL monitoring providers, marketing firms, and our notification/communication providers;
fraud prevention agencies where we are required to share personal data to comply with our legal or regulatory obligations or to prevent and/or detect financial crime or other illicit activity;
competent law enforcement bodies, regulatory, government agencies, courts or other third parties such as but not limited to, the police, the financial supervisory authorities, the tax and social security agencies, as well as courts, where we believe disclosure is necessary (i) as a matter of applicable law or regulation, or (ii) to exercise, establish or defend our legal rights.
other third parties, such as the police or HMRC, in response to ad hoc data sharing requests. In these circumstances we will only share personal data if we are satisfied that we are legally allowed to do so and the sharing of data is justified.
third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
with our auditors, advisors, legal representatives and similar agents in connection with the advisory services they provide to us for legitimate business purposes and under contractual prohibition of using the personal data for any other purpose.
with your permission, your information may also be used for other purposes for which you give your specific permission.

Pay.Com US, Inc. remains liable if a third party to whom it transfers your data processes personal data in a manner inconsistent with the Privacy Shield principles, unless the Pay.Com US, Inc. proves that it is not responsible for the event giving rise to the damage.

Pay.Com US, Inc. is being subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

‍

You have a number of rights under data protection law. These rights and how you can exercise them are set out in this section. We may need to ask you for proof of your identity before we can respond to a request to exercise any of the rights in this section and we may need to ask you for more information, for example to help us to locate the personal data that your request relates to.

If you want to exercise any of these rights, or would like any more information about them, please contact [email protected]

A right to access your information

You have a right to ask us to send you a copy of all the personal data that we hold about you (subject to some exceptions).

‍

A right to an electronic copy of your information

You can also ask us to send you the mandatory account information that we hold about you in a common electronic format, or to ask us to transfer that data to a third party if you want us to and if it is technically feasible for us to do so.

A right to object to us processing your information

You have a right to object to us processing any personal data that we process where we are relying on legitimate interests as the legal basis of our processing (as set out in section 7 above). Your objection must be based on grounds that relate to your particular situation.

If you make a request to exercise your right to object, if we have compelling legitimate grounds to carry on processing your personal data, we will be able to continue to do so. Otherwise, we will cease processing your personal data.

A right to ask us not to market to you

You can ask us not to send you direct marketing. You can do this by following the "unsubscribe" instructions in any marketing emails.

A right to have inaccurate data corrected

You have a right to ask us to correct inaccurate data that we hold about you. If we are satisfied that the new data you have provided is accurate, we will correct your personal data as soon as possible.

A right to have your data erased

You have a right to ask us to delete your personal data in certain circumstances, for example if we have processed your data unlawfully or if we no longer need the data for the purposes set out in this privacy notice.

A right to have processing of your data restricted

You can ask us to restrict processing of your personal data in some circumstances, for example if you think the personal data is inaccurate and we need to verify its accuracy, or if we no longer need the data but you require us to keep it so that you can exercise your own legal rights. Restricting your personal data means that we only store your personal data and don't carry out any further processing on it unless you consent or we need to process the data to exercise a legal claim or to protect a third party or the public.

A right to opt out/ withdraw consent as applicable

If you are a consumer located in California, we process your personal information in accordance with California law (e.g. the "CCPA").

Your Rights and Choices

As a California consumer and subject to certain limitations under the CCPA, you have choices regarding our use and disclosure of your personal information.Please note these California-specific rights:

Exercising the right to know: You have a right to request additional information about the categories of personal information collected, sold, disclosed, or shared; purposes for which this personal information was collected, sold, or shared; categories of sources of personal information; and categories of third parties with whom we disclosed or shared this personal information.

Exercising the right to opt-out from a sale: We do not sell “Personal Information” as defined by the CCPA and have not done so in the past 12 months. Learn more.

Exercising the right to limit the use or sharing of Sensitive Personal Information: we do not sell or share Sensitive Personal Information as defined by the CCPA and have not done so in the past 12 months. Learn more about our collection and use of Sensitive Personal Information here.

Right to opt-out of sharing of cross-context behavioral advertising.

To submit a request to exercise any of the rights described above, please contact us using the methods described in the Contact Us section 13 above. We will verify your request by asking you to send it from the email address associated with your account or requiring you to provide information necessary to verify your identity, including name, address, transaction history, photo identification, and other information associated with your account.

You may designate, in writing or through a power of attorney, an authorized agent to make requests on your behalf to exercise your rights under the CCPA. Your agent may submit a request on your behalf by contacting us using the methods described in the Contact Us section 13 above. We may still require you to directly verify your identity and confirm that you provided the authorized agent permission to submit the request.

Sale of personal information

Pay.com does not sell personal information. As such, Pay.com does not sell personal information of minors under 16 years of age. For California residents, the California Consumer Privacy Act (“CCPA”) defines “selling” personal information to include providing it to a third party in exchange for money or valuable consideration.

Disclosure to third parties

For Shine the Light law (Cal. Civ Code § 1798.83) purposes, pay.com does not share personal data of California customers to third parties for their direct marketing purposes, as defined by this law.

The table below discloses the categories of personal information about California consumers that we collect and disclose for a business purpose.

17(a) Category of personal information collected

Identifiers (for example, a device identifier)

17(a) To whom the information may be disclosed

We may disclose the data, pursuant to applicable law, to: service enablers (like service providers and financial partners servicing the financial product), the Business User you do business with, an entity engaged in a business transfer/merger, law enforcement, courts, governments and regulatory agencies.

17(b) Category of personal information collected

Characteristics of protected classifications under California or federal law (for example, gender and age noted in ID documents that you submit so that Pay.com can verify your identity on behalf of a Business User

17(b) To whom the information may be disclosed

We may disclose the data, pursuant to applicable law, to: service enablers (like service providers and financial partners servicing the financial product), the Business User, an entity engaged in a business transfer/merger, law enforcement, courts, governments and regulatory agencies.

17(c) Category of personal information collected

Commercial information (for example, the Business User may receive your transaction data)

17(c) To whom the information may be disclosed

We may disclose the data, pursuant to applicable law, to: service enablers (like service providers and financial partners servicing the financial product), the Business User, an entity engaged in a business transfer/merger, law enforcement, courts, governments and regulatory agencies.

17(d) Category of personal information collected

Biometric information (for example, biometric identifiers from photo IDs used to confirm your identity)

17(d) To whom the information may be disclosed

We may disclose the data, pursuant to applicable law, to: a service provider - i.e., Amazon Web Services ("AWS"), an entity engaged in a business transfer/merger, law enforcement, courts, governments and regulatory agencies.

17(e) Category of personal information collected

Online activity information (for example, information about devices and browsers across certain Business User sites that use Pay.com and IP addresses associated with those devices and browsers, and usage data)

17(e) To whom the information may be disclosed

We may disclose the data, pursuant to applicable law, to: service enablers (like service providers and financial partners servicing the financial product), the Business User, an entity engaged in a business transfer/merger, law enforcement, courts, governments and regulatory agencies.

17(f) Category of personal information collected

Geolocation Data (for example, IP addresses)

17(f) To whom the information may be disclosed

We may disclose the data, pursuant to applicable law, to: service enablers (like service providers and financial partners servicing the financial product), the Business User, an entity engaged in a business transfer/merger, law enforcement, courts, governments and regulatory agencies.

17(g) Category of personal information collected

Audiovisual (for example, visual, audio, or similar information, like photos you submit so that Stripe can verify your identity on behalf of your Business User

17(g) To whom the information may be disclosed

We may disclose the data, pursuant to applicable law, to: service providers, the Business User, an entity engaged in a business transfer/merger, law enforcement, courts, governments and regulatory agencies.

17(h) Category of personal information collected

Professional or Employment-Related Information

17(h) To whom the information may be disclosed

We may disclose the data, pursuant to applicable law, to: Service Providers, an entity engaged in a business transfer/merger, law enforcement, courts, governments and regulatory agencies.

17(i) Category of personal information collected

Categories of personal information described in Cal. Civ. Code 1798.80(e)(such as name, address, telephone number, credit card or debit card number)

17(i) To whom the information may be disclosed

We may disclose the data, pursuant to applicable law, to: service enablers (like service providers and financial partners servicing the financial product), the Business User, an entity engaged in a business transfer/merger, law enforcement, courts, governments and regulatory agencies.

Sensitive personal information

Pay.com only processes sensitive personal information for the purposes specified in section 7027(m) of the California Consumer Privacy Act Regulations, or without the purpose of inferring characteristics about a consumer:

Identification card, including driver’s license, passport, and social security (including any underlying sensitive information in the identity card, such as racial or ethnic origin): Purposes include Identity verification, fraud prevention and security, to provide the services, and to comply with legal obligations.
Biometric information: Purposes include Identity verification, fraud prevention and security, and for other purposes consistent with your consent and applicable law, such as to improve our verification systems
Location data: Purposes include Fraud detection and security, in furtherance of compliance with legal obligations, and to provide the services including to market our products.
Account log-in, financial account in combination with any required security access code, password, or credentials allowing access to an account: Purposes include To provide you the service that you requested from your Business User verify your account, facilitate the processing of your requested payments, provide customer support, comply with law, enforce our terms of services, and for other purposes consistent with your consent and applicable law.

Privacy Policy of Pay.com Group of companies

1. Introduction

2. Who’s in control of my personal data?

3. How am I categorised when I interact with you?

4. What data do you collect?

5. How is my Personal Data Collected?

6. What do you use my personal data for?

7. What is your legal basis for using my personal data?

8. Special categories of personal data

9. What happens if I don't provide you with my data?

10. With whom do you share my personal data?

11. How long do you keep my personal data for?

12. What rights do I have?

13. Contact us

14. Complaints

15. Changes to this privacy notice

16. Miscellaneous information

17. United States - California