Legal
Pay.com Intro
Sub-Processors & Service Providers List
Policies
Privacy Policy
Cookie Policy
Report a Complaint
EU Compliance Declarations
Disclaimer
Pay.com Service Agreements
US ISO Service Agreement
EEA Gateway Service Agreement
Terms and Conditions
Pay.com Terms and Conditions
US Cross River Bank Service Agreement Terms
Licenses and Certification
US Pay.com US, Inc
EEA Paycomcy Limited
Privacy Policy
Home >Legal >Privacy Policy

Privacy Policy of Pay.com Group of companies

1. Introduction

We are committed to keeping your personal data safe and secure and handling it in accordance with our legal obligations. This privacy notice is applicable to visitors to our website, existing and prospective customers of Pay.com and suppliers of Pay.com. It sets out in detail the purposes for which we process your personal data, who we share it with, what rights you have in relation to that data and everything else we think is important for you to know.

2. Who’s in control of my personal data?

Pay.com is made up of different legal entities. This privacy notice is issued on behalf of the Pay.com Group so when we mention “Pay.com”, “we”, “us” or “our” in this privacy notice, we are referring to the relevant company in the Pay.com group responsible for processing your data. We will let you know which entity will be the controller for your data when you sign up for products or services with us. Paycomcy Limited is responsible for this website and, unless otherwise notified to you is the controller.

Pay.com entities:

Paycomcy Limited (Company No. HE 408974), a company incorporated under the laws of the Republic of Cyprus and whose registered office is at Andrea Kariolou 38, Agios Athanasios, Limassol, 4102, Cyprus

Pay Technologies (CY) Ltd, a limited liability company duly incorporated under the laws of the Republic of Cyprus, with registered office at Andrea Kariolou 38, Agios Athanasios, 4102, Limassol, Cyprus, with registration number HE 437492

Pay Technologies (UK) Limited, a company registered in England and Wales (registered number 10008044) whose registered office is at 7 Milner Street, London, England, SW3 2QA

Pay.Com US, Inc., a company registered in Delaware (number 6425328) whose registered office is at 8 The Green, Ste R, Dover, DE 19901, USA

Global Underwriting Technology Limited, a company registered in Israel (number 516736162) with offices at 30 Ibn Gabirol, Tel Aviv, 6407807, Israel

‍

3. How am I categorised when I interact with you?

The data which Pay.com collects concerning you, and how it is created, depends on your role in interacting with Pay.com.  You may be one or more of the following:

  • End Customer – when you transact with a business which uses Pay.com’s services (typically, an e-commerce vendor)

Businesses which use Pay.com’s services are referred to as “Business Users”.

  • Representative – when you act on behalf of a business which uses Pay.com’s services or whose products/services Pay.com uses; including owners of such a business
  • Visitor – when you visit the Pay.com website without logging in

4. What data do you collect?

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

Contact Data: includes address, email address and telephone numbers.

Identity Data: includes first name, maiden name, surname, username or similar identifier, marital status, title, date of birth, ID number, nationality, place of birth, tax registration number, role/position

KYC Information: if we need to verify your identity where you are a Representative, we will ask you to provide one or more of the following:

  • a copy of your identity card (such as a driving licence) or passport together with a photo of yourself;
  • proof of address (such as a utility bill or bank statement);
  • business information (such as a certificate of incorporation, memorandum & articles of association, share certificate, register of directors, authorised signatory list, position, and identification documents for shareholders, directors and authorised signatories); and/or
  • PEP declaration;

Technical Data: includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website, the Pay.com merchant platform or other Pay.com applications. This is done by using Javascript or Cookies. Please see our Cookies Policy for more information about how we use Cookies.

Usage Data: includes information about how you use our website, products and services.

Security Information: When you register for a Pay.com account you may be required to create a password and provide answers to security questions.

Payment Information: Where you are an End Customer, to enable you to make payments we collect details such as card details.

EDD information: Where you are a Representative, sometimes we need to ask you for information to verify the source of your funds or wealth, or to conduct enhanced due diligence in accordance with our legal requirements (EDD Information). This will depend on the situation and we will make it clear to you at the time what information we require from you.

Marketing and Communications Data: includes your preferences in receiving marketing from us and other third parties and your communication preferences

Voluntary Information: We will collect any other personal data that you voluntarily provide to us if you communicate with us, for example by corresponding with us (by phone, email, post or social media) or by taking part in competitions, promotions or surveys.

Criminal convictions data: Where you are a Representative, to the extent permitted by applicable laws we may be required to collect and process information about criminal convictions and offences you for the purposes of preventing money laundering or terrorist financing. 

We may also collect, use and share “Aggregated Data” such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

5. How is my Personal Data Collected?

We use different methods to collect data from and about you including through:

Direct interactions. You may give us your personal data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:

  • apply for, or use our products or services;
  • submit forms on our website;
  • subscribe to newsletter;
  • request marketing to be sent to you;
  • enter a competition, promotion or survey; or
  • give us feedback or contact us.

Automated technologies or interactions. As you interact with our website or merchant portal, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. Please see our cookie policy for further details.

Third parties or publicly available sources. We will receive personal data about you from various third parties and public sources as set out below.

6. What do you use my personal data for?

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal obligation.

Each section below describes specific scenarios that we will use your personal data for.

Providing Pay.com services to your or your business

  • For example, we use your personal data to set up and administer your accounts. We also use your personal data to enable you to log into your account and use Pay.com applications and features.
  • We use your Identity Data, Contact Data and Technical Data to contact you with transactional and service messages (including by push notifications), to provide you with information such as password reminders or to let you know if Pay.com is experiencing technical issues.
  • Where you are an End Customer, we use your Payment Information to carry out your instructions to allow you to make and receive payments through Pay.com.

Identity verification and due diligence

  • We use your personal data to comply with our legal and regulatory obligations. This includes verifying your identity; conducting anti-money laundering checks; transaction monitoring; sanctions and politically exposed persons screening; fraud prevention, detection and reporting; and cooperating with external investigations where required.
  • If you fail one of our identity verification or screening checks as set out above, we may not be able to open an account for you or continue providing services to you or your business.

Corresponding with you

  • We use your personal data to enable us to respond to your queries, complaints or comments and to make sure that these are appropriately dealt with. We also use this information to enable you to participate in any competitions or promotions that you enter and to collate responses to surveys that you have responded to.

Analysing and improving Pay.com

  • We use your personal data to help us improve and develop our business, website, products and services. This helps us to make sure that we are providing you with the best possible service.

Marketing and promotional offers from us

  • We may use your personal data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).
  • We will obtain your consent in a way that is compliant with data protection laws, either by asking you for your express consent, or by obtaining an implied consent where you are an existing customer and we are marketing our own similar products and services to you.
  • We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising

Third-party marketing

  • We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.

Opting out

  • You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time.
  • Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us which we need to use for another reason as set out above.

Managing risks and enforcing our rights

  • We use your personal data to manage and enforce our rights, terms of use or any other contracts with you (and/or your business), including to manage any circumstances where payments are disputed; to investigate and resolve complaints; or to recover debts owed to us.
  • We also use your personal data to manage and mitigate our credit risks, financial exposure and terms of business. 

Prevention and detection of illicit activity

  • We use your personal data to prevent and/or detect financial crime, terrorism and other illicit (e.g. criminal, unlawful or illegitimate) activities to comply with our legal and regulatory obligations, manage our risk exposure and protect our business, customers and the integrity of the financial system.

Compliance with applicable laws and regulations

  • Where required we will use your personal data to comply with applicable laws and regulations, requests from law enforcement bodies and regulatory authorities and tax reporting obligations.
  • Where required we will also use your personal data to establish, exercise or defend legal claims, or to protect your vital interests or those of other persons, for example to help those authorities or other organisations in the fight against crime and terrorism.

7. What is your legal basis for using my personal data?

Data protection law says that we have to tell you the "legal basis" that we rely on to process your personal data for the purposes that we have notified to you. 

7.1 End Customers

7.1(a) Processing purpose

To provide our Services to Business Users, including to process online payment transactions or in-person checkout, to calculate applicable sales tax, to invoice and bill, and to calculate their revenue.

If you are an End Customer, when you make payments to, send shopping cart reminders, get refunds from, begin a purchase or otherwise transact with a Business User through Pay.com’s services or a Pay.com -provided device, Pay.com will receive your transaction information. Depending on how the Business User has integrated our services, we may receive this information directly from you, the Business User or another service provider to you or the Business User.

7.1(a) Categories of personal data

Transaction Information. Your name, email, billing and/or shipping address, payment method information (such as credit or debit card number), merchant, purchase amount, date of purchase, and in some cases, some information about what you have purchased, phone number and tax-related ID. The payment method information that we collect will depend upon the payment method that you choose to use from the list of available payment methods offered by the Business User as part of the “checkout” process for your purchase. We may also receive your transaction history with the Business User.

Transaction-Related Information / Purchase Interests. Information typed into a checkout field that is not ultimately submitted to the Business User.

7.1(a) Legal bases

Our legitimate interests in providing the Pay.com service, including processing payments, implementing fraud thresholds chosen by the Business User, and in verifying payment methods.

7.1(b) Processing purpose 

Verification Information - Information about you being the person who is authorized to use a payment method. 

7.1(b) Legal bases

Our financial and regulatory obligations. 

7.1(c) Processing purpose

We will use Personal Data about your identity, including information that you provide, to perform verification services for our own purposes and for Business Users that you are doing business with and to reduce fraud and enhance security.

7.1(c) Categories of personal data

We will use information from our service providers and our Services.

7.1(c) Legal bases

Our legitimate interests in detecting, monitoring and preventing fraud and unauthorized payment transactions 

7.1(d) Processing purpose

We use personal data of End Customers to detect and prevent fraud for Business Users, including to detect fraudulent payment cards. In providing such services, we may provide Business Users that have requested such services with limited personal data about End Customers so that the Business Users can assess the fraud risk associated with an attempted transaction by its End Customer. 

7.1(d) Categories of personal data

Transaction information. This includes: name, email address, billing and shipping address, payment method information (such as credit or debit card number), merchant, purchase amount, date of purchase, and in some cases, some information about what you have purchased, email address, phone number and tax-related ID.

This includes web browsing information, usage data, referring URLs, location, cookies data, device data and identifiers, and IP address.

7.1(d) Legal bases

Our legitimate interests in detecting, monitoring and preventing fraud and unauthorized payment transactions.

7.1(e) Processing purpose

Compliance and Harm Prevention -  We share personal data as we believe necessary: (i) to comply with applicable law, (ii) to comply with rules imposed by payment method in connection with use of that payment method; (iii) to enforce our contractual rights; (iv) to secure or protect the Services, rights, privacy, safety and property of Pay.com, you or others, including against other malicious or fraudulent activity and security incidents; and (v) to respond to valid legal process requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include authorities outside your country of residence.

7.1(e) Categories of personal data

Any personal data we process.

7.1(e) Legal bases

Our legal obligations where disclosures are necessary to comply with our legal obligations.

Our legitimate interest in keeping Pay.com secure, preventing a breach of the law, harm or crime, enforcing or defending legal rights, claims, or obligations, facilitating the collection of taxes and prevention of fraud or preventing loss or damage.‍

‍
7.2 Representatives

7.2(a) Processing purpose

Reduce fraud and enhance security. We will use personal data about your identity, including information that you provide, to perform verification services.

7.2(a) Categories of personal data

Onboarding and verification information that you choose to share for these purposes, which may include your government ID, photo and live image.

7.2(a) Legal bases

Our legal obligations in respect of our financial and regulatory obligations. We process Personal Data to verify the identity of the Representatives of our Business Users in order to comply with fraud monitoring, prevention and detection obligations, laws associated with the identification and reporting of illegal and illicit activity, such as AML (Anti-Money Laundering) and KYC (Know-Your-Customer) obligations, and financial reporting obligations.

7.2(b) Processing purpose

Advertising. We may use and share Representative Personal Data with others so that we may advertise and market our products and services to you, including through interest-based advertising subject to any consent requirements under applicable law.

7.2(b) Categories of personal data

Contact information including: name, email address, work phone number, and job title.

Connection data such as IP address, and web behavior (page visited, length on page, etc.)

7.2(b) Legal bases

Consent

7.2(c) Processing purpose

Communications. We may send you email marketing communications about Pay.com products and services, invite you to participate in our events or surveys, or otherwise communicate with you for marketing purposes, provided that we do so in accordance with applicable law, including any consent or opt-out requirements.

7.2(c) Categories of personal data

Contact information such as your name, email address, phone number.

7.2(c) Legal bases

Consent

7.3 Visitors

7.3(a) Processing purpose

Communications. We use any contact information that you provide to us to respond to any inquiries or requests for information you made; and if you have asked about us or our services, to send you marketing emails by either asking for your consent or providing you an opt out in any messages we send.

7.3(a) Categories of personal data

Contact information such as your name, email address, phone number.

Information you have provided to us, such as the products you are interested in.

7.3(a) Legal bases

Consent

Our legitimate interests in responding to inquiries, sending service notices and providing customer support.

7.3(b) Processing purpose

Advertising. When you visit www.pay.com, we (and our service providers) may use Personal Data collected from you and your device to target advertisements for Stripe Services to you on our Sites and other sites you visit (“interest-based advertising”).

7.3(b) Categories of personal data

Information collected from cookies such as your device, browser ID, and pages on our website which you have visited.

7.3(b) Legal bases

Consent

Our legitimate interest in undertaking marketing activities to offer you products or services that may be of interest to you.

8. Special categories of personal data

Some types of personal data are designated as special categories of personal data in data protection laws. This means that they are more sensitive types of personal data and we therefore need to take additional steps to protect this data. This includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data).  We do not currently collect special category personal data from website users, customers, prospective customers, or suppliers of Pay.com.

9. What happens if I don't provide you with my data?

We need the majority of the information we collect from you to perform our contract with you and/or to comply with legal obligations. This means that if you refuse to provide us with any of the information that we ask for, it is likely that we will be unable to provide our services to you.

10. With whom do you share my personal data?

Pay.com is a group of companies. We share personal data with our group companies in the UK, the EEA and Israel to provide customer support services, software development and IT services.  The European Commission has declared that Israel provides equivalent protection to personal data to that provided by the EEA.

Pay.com complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.  Pay.com has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Pay.com has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/

We share personal data with third parties in the following circumstances:

  • with providers within our banking and payment network to enable you to upload funds, make and receive payments and withdraw funds; these providers include banks, acquirers, alternative payment providers and account information service providers,
  • with banks, credit institutions and other financial institutions outside our banking and payment network (where allowed under any terms of use or other contract) who may process payments and who are not operating under our control nor for whose actions or omissions we have liability. These include the account provider where the sender or recipient (and their businesses, respectively) of a payment maintain their account(s), alternative payment schemes and any other financial institutions
  • where we provide services through third parties such as banks and other organisations, we may be required to disclose your information (including any KYC Information and EDD Information) with such organisations in order to assist their regulatory obligations or risk assessments.
  • with third party service providers who provide a range of services to us to enable us to run our business; this includes our IT and hosting providers, cloud storage providers, email platforms, contact relationship management system, customer service support, suppliers who provide screening and transaction monitoring services, credit reference agencies (to carry out credit checks and/or identity checks), URL monitoring providers, marketing firms, and our notification/communication providers;
  • fraud prevention agencies where we are required to share personal data to comply with our legal or regulatory obligations or to prevent and/or detect financial crime or other illicit activity;
  • competent law enforcement bodies, regulatory, government agencies, courts or other third parties such as but not limited to, the police, the financial supervisory authorities, the tax and social security agencies, as well as courts, where we believe disclosure is necessary (i) as a matter of applicable law or regulation, or (ii) to exercise, establish or defend our legal rights.
  • other third parties, such as the police or HMRC, in response to ad hoc data sharing requests. In these circumstances we will only share personal data if we are satisfied that we are legally allowed to do so and the sharing of data is justified.
  • third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
  • with our auditors, advisors, legal representatives and similar agents in connection with the advisory services they provide to us for legitimate business purposes and under contractual prohibition of using the personal data for any other purpose.
  • part of your personal data may be tokenized and be provided to alternative payment methods and/or other payment service providers in use.
  • with your permission, your information may also be used for other purposes for which you give your specific permission.

Pay.Com US, Inc. remains liable if a third party to whom it transfers your data processes personal data in a manner inconsistent with the Privacy Shield principles, unless the Pay.Com US, Inc.  proves that it is not responsible for the event giving rise to the damage.

Pay.Com US, Inc. is being subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

‍

11. How long do you keep my personal data for?

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

By law we have to keep basic information about our customers for six years after they cease being customers for tax purposes.

In some circumstances you can ask us to delete your data. See below for further information.

In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

12. What rights do I have?

You have a number of rights under data protection law. These rights and how you can exercise them are set out in this section. We may need to ask you for proof of your identity before we can respond to a request to exercise any of the rights in this section and we may need to ask you for more information, for example to help us to locate the personal data that your request relates to.

If you want to exercise any of these rights, or would like any more information about them, please contact [email protected]

A right to access your information

You have a right to ask us to send you a copy of all the personal data that we hold about you (subject to some exceptions).

‍

A right to an electronic copy of your information

You can also ask us to send you the mandatory account information that we hold about you in a common electronic format, or to ask us to transfer that data to a third party if you want us to and if it is technically feasible for us to do so.

A right to object to us processing your information

You have a right to object to us processing any personal data that we process where we are relying on legitimate interests as the legal basis of our processing (as set out in section 7 above). Your objection must be based on grounds that relate to your particular situation.

If you make a request to exercise your right to object, if we have compelling legitimate grounds to carry on processing your personal data, we will be able to continue to do so. Otherwise, we will cease processing your personal data.

A right to ask us not to market to you

You can ask us not to send you direct marketing. You can do this by following the "unsubscribe" instructions in any marketing emails.

A right to have inaccurate data corrected

You have a right to ask us to correct inaccurate data that we hold about you. If we are satisfied that the new data you have provided is accurate, we will correct your personal data as soon as possible.

A right to have your data erased

You have a right to ask us to delete your personal data in certain circumstances, for example if we have processed your data unlawfully or if we no longer need the data for the purposes set out in this privacy notice.

A right to have processing of your data restricted

You can ask us to restrict processing of your personal data in some circumstances, for example if you think the personal data is inaccurate and we need to verify its accuracy, or if we no longer need the data but you require us to keep it so that you can exercise your own legal rights. Restricting your personal data means that we only store your personal data and don't carry out any further processing on it unless you consent or we need to process the data to exercise a legal claim or to protect a third party or the public.

A right to opt out/ withdraw consent as applicable

13. Contact us

If you have any questions or concerns about this privacy notice and/or our processing of your personal data, you can contact us by using the contact form on our website or by using the following details:

Email: [email protected] 

UK address: Pay Technologies (UK) Limited, 7 Milner Street, London, England, SW3 2QA

EEA address:  Paycomcy Limited, Andrea Kariolou 38, Agios Athanasios, Limassol, 4102, Cyprus

US address:  Pay.Com US, Inc., 8 The Green, Ste R, Dover, DE 19901, USA

14. Complaints

We work hard to ensure that we protect our customers' personal data in accordance with our legal obligations. If you are unhappy with how you think we have processed your personal data, please contact us using the details above and we will do our best to resolve your complaint.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Pay.com commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF. 

You may invoke arbitration in respect of claims made against Pay.Com US, Inc. regarding matters set out in this privacy notice by delivering notice to Pay.Com US, Inc. and following the procedures and subject to conditions set forth in Annex I of the EU-U.S. DPF Principles.

15. Changes to this privacy notice

We may make changes to this privacy notice from time to time. Any changes we make will be posted on this page. The “Last updated” legend at the top of this privacy notice indicates when this privacy notice was last revised. Any changes are effective on the date we post them. We may also notify you by email if significant changes are made.

16. Miscellaneous information

No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond

We try to respond to all legitimate requests as soon as we can, and in any event within one month of receiving your request and any necessary proof of identity or further information. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Third-party links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and we are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

17. United States - California

If you are a consumer located in California, we process your personal information in accordance with California law (e.g. the "CCPA").

Your Rights and Choices

As a California consumer and subject to certain limitations under the CCPA, you have choices regarding our use and disclosure of your personal information.Please note these California-specific rights:

Exercising the right to know: You have a right to request additional information about the categories of  personal information collected, sold, disclosed, or shared; purposes for which this personal information was collected, sold, or shared; categories of sources of personal information; and categories of third parties with whom we disclosed or shared this personal information.

Exercising the right to opt-out from a sale: We do not sell “Personal Information” as defined by the CCPA and have not done so in the past 12 months. Learn more.

Exercising the right to limit the use or sharing of Sensitive Personal Information: we do not sell or share Sensitive Personal Information as defined by the CCPA and have not done so in the past 12 months. Learn more about our collection and use of Sensitive Personal Information here.

Right to opt-out of sharing of cross-context behavioral advertising. 

To submit a request to exercise any of the rights described above, please contact us using the methods described in the Contact Us section  13 above. We will verify your request by asking you to send it from the email address associated with your account or requiring you to provide information necessary to verify your identity, including name, address, transaction history, photo identification, and other information associated with your account.

You may designate, in writing or through a power of attorney, an authorized agent to make requests on your behalf to exercise your rights under the CCPA. Your agent may submit a request on your behalf by contacting us using the methods described in the Contact Us section  13 above. We may still require you to directly verify your identity and confirm that you provided the authorized agent permission to submit the request.

Sale of personal information

Pay.com does not sell personal information. As such, Pay.com does not sell personal information of minors under 16 years of age. For California residents, the California Consumer Privacy Act (“CCPA”) defines “selling” personal information to include providing it to a third party in exchange for money or valuable consideration.

Disclosure to third parties

For Shine the Light law (Cal. Civ Code § 1798.83) purposes, pay.com does not share personal data of California customers to third parties for their direct marketing purposes, as defined by this law.

The table below discloses the categories of personal information about California consumers that we collect and disclose for a business purpose.

17(a) Category of personal information collected

Identifiers (for example, a device identifier)

17(a) To whom the information may be disclosed

We may disclose the data, pursuant to applicable law, to: service enablers (like service providers and financial partners servicing the financial product), the Business User you do business with, an entity engaged in a business transfer/merger, law enforcement, courts, governments and regulatory agencies.

17(b) Category of personal information collected

Characteristics of protected classifications under California or federal law (for example, gender and age noted in ID documents that you submit so that Pay.com can verify your identity on behalf of a Business User

17(b) To whom the information may be disclosed

We may disclose the data, pursuant to applicable law, to: service enablers (like service providers and financial partners servicing the financial product), the Business User, an entity engaged in a business transfer/merger, law enforcement, courts, governments and regulatory agencies.

17(c) Category of personal information collected

Commercial information (for example, the Business User may receive your transaction data) 

17(c) To whom the information may be disclosed

We may disclose the data, pursuant to applicable law, to: service enablers (like service providers and financial partners servicing the financial product), the Business User, an entity engaged in a business transfer/merger, law enforcement, courts, governments and regulatory agencies.

17(d) Category of personal information collected

Biometric information (for example, biometric identifiers from photo IDs used to confirm your identity) 

17(d) To whom the information may be disclosed

We may disclose the data, pursuant to applicable law, to: a service provider - i.e., Amazon Web Services ("AWS"), an entity engaged in a business transfer/merger, law enforcement, courts, governments and regulatory agencies.

17(e) Category of personal information collected

Online activity information (for example, information about devices and browsers across certain Business User sites that use Pay.com and IP addresses associated with those devices and browsers, and usage data)

17(e) To whom the information may be disclosed

We may disclose the data, pursuant to applicable law, to: service enablers (like service providers and financial partners servicing the financial product), the Business User, an entity engaged in a business transfer/merger, law enforcement, courts, governments and regulatory agencies.

17(f) Category of personal information collected

Geolocation Data (for example, IP addresses)

17(f) To whom the information may be disclosed

We may disclose the data, pursuant to applicable law, to: service enablers (like service providers and financial partners servicing the financial product), the Business User, an entity engaged in a business transfer/merger, law enforcement, courts, governments and regulatory agencies.

17(g) Category of personal information collected

Audiovisual (for example, visual, audio, or similar information, like photos you submit so that Stripe can verify your identity on behalf of your Business User

17(g) To whom the information may be disclosed

We may disclose the data, pursuant to applicable law, to: service providers, the Business User, an entity engaged in a business transfer/merger, law enforcement, courts, governments and regulatory agencies.

17(h) Category of personal information collected

Professional or Employment-Related Information

17(h) To whom the information may be disclosed

We may disclose the data, pursuant to applicable law, to: Service Providers, an entity engaged in a business transfer/merger, law enforcement, courts, governments and regulatory agencies.

17(i) Category of personal information collected

Categories of personal information described in Cal. Civ. Code 1798.80(e)(such as name, address, telephone number, credit card or debit card number)

17(i) To whom the information may be disclosed

We may disclose the data, pursuant to applicable law, to: service enablers (like service providers and financial partners servicing the financial product), the Business User, an entity engaged in a business transfer/merger, law enforcement, courts, governments and regulatory agencies.

Sensitive personal information

Pay.com only processes sensitive personal information for the purposes specified in section 7027(m) of the California Consumer Privacy Act Regulations, or without the purpose of inferring characteristics about a consumer:

  • Identification card, including driver’s license, passport, and social security (including any underlying sensitive information in the identity card, such as racial or ethnic origin):  Purposes include Identity verification, fraud prevention and security, to provide the services, and to comply with legal obligations.  
  • Biometric information:  Purposes include Identity verification, fraud prevention and security, and for other purposes consistent with your consent and applicable law, such as to improve our verification systems
  • Location data:  Purposes include Fraud detection and security, in furtherance of compliance with legal obligations, and to provide the services including to market our products.  
  • Account log-in, financial account in combination with any required security access code, password, or credentials allowing access to an account:  Purposes include To provide you the service that you requested from your Business User verify your account, facilitate the processing of your requested payments, provide customer support, comply with law, enforce our terms of services, and for other purposes consistent with your consent and applicable law.
Back to top
Payments.
Made. Simple.

Online payments

  • Online payments

Features

  • Payment methods
  • Global acquiring
  • Checkout
  • DashboardAuthentication
  • Payment request

Why Pay?

  • Collect payments
  • Optimize revenue

Developers

  • API ReferenceAPI Status

Partners

  • IntegrationsPay for agencies

Company

  • NewsroomCareersAboutBlogBrand assetsSitemap

Contact

  • Contact Sales

Legal

  • Privacy policy
  • Terms & conditions
  • Cookie policy
  • Report a complaint
Copyright © 2024 Pay.com - All rights reserved.