Privacy Notice

“Paysation Platform” means internet-based software, APIs, dashboards, merchant interfaces and other technologies made available by Paysation.

“Paysation Services” means payment infrastructure and related services provided by Paysation, including payment gateway services, acquiring support, payment orchestration, routing, recurring payment support, risk controls, fraud-prevention workflows, alerting, reporting and operational tools.

“Paysation Website” means https://paysation.com and its pages, content and subdomains.

“Merchant” means an organization that uses or evaluates Paysation Services.

“End-user” means an individual who purchases goods or services from a merchant or otherwise interacts with a merchant’s payment flow.

“Data” means information submitted to or processed through the Paysation Website, Paysation Platform, APIs, merchant interfaces, support channels or business communications, including personal data where applicable.

“Personal data” means information relating to an identified or identifiable natural person. Information that has been anonymized so that it can no longer identify a person is not personal data.

Paysation may act as a data controller when we collect and process personal data of website visitors, prospective customers, merchant representatives, partner representatives, supplier representatives, professional advisers and users of Paysation business communications or online interfaces.

Paysation may also act as a data controller when we process website and platform usage data, cookies and similar technologies, security logs, access information, contact data and information required for business administration, sales, support, security, compliance and legal purposes.

Where Paysation provides services to a merchant or partner and processes personal data on behalf of that organization, Paysation may act as a data processor or service provider. In that case, the merchant or partner acts as the data controller and is responsible for providing appropriate privacy notices, obtaining any required consents or other legal bases, and giving documented instructions for the processing of personal data.

When a merchant or partner acts as a data controller, it must comply with applicable data protection laws and must ensure that its own privacy notice properly explains its data practices, including the use of third-party payment, gateway, risk, fraud-prevention, alerting, reporting or infrastructure providers.

If a data subject contacts Paysation directly about personal data that we process on behalf of a merchant or partner, we may direct the request to the relevant merchant or partner and assist as required by applicable law and contractual obligations.

We may collect personal data directly from you when you submit a contact form, send us an email, request a demo, communicate with our team, attend meetings, provide information during onboarding, sign or negotiate agreements, use the Paysation Platform, or otherwise interact with Paysation.

We may collect business contact information, including your name, company name, job title, business email address, phone number, country, website, message content and other information you choose to provide.

We may collect business enquiry information, including information about your payment flows, acquiring needs, orchestration requirements, recurring payment setup, fraud-prevention needs, compliance requirements, transaction volumes, markets, website, business model and integration plans.

We may collect merchant onboarding and due diligence information where applicable, including company details, ownership or representative details, business model information, website details, supporting documentation, contractual information and information required to evaluate or manage a potential business relationship.

We may collect technical and usage information when you visit the Paysation Website or use Paysation online interfaces, including IP address, device type, browser type, operating system, referrer details, pages visited, time of visit, interaction data, logs and similar technical information.

We may collect access information when you use the Paysation Platform or merchant interfaces, including user ID, login, email address, phone number, locale, timezone, role, permissions, session information, authentication events and activity logs.

Where services are provided to a merchant, the merchant may submit or make available data relating to End-users or transactions. The categories of such data depend on the merchant’s configuration, integration, instructions and the services used.

We do not ask website visitors to submit payment card data through the public Paysation Website. Where payment processing services are provided, payment data is handled according to the relevant service agreements, technical integrations, security controls and applicable payment industry requirements.

Cookies and similar technologies may be used on the Paysation Website and platform interfaces. Necessary cookies may be used to operate the website and services. Analytics, performance or marketing cookies are used only where permitted by applicable law and, where required, based on consent. More information is available in our Cookie Policy.

We use personal data to provide, maintain, protect and improve the Paysation Website, Paysation Platform and Paysation Services.

In particular, personal data may be used for the following purposes:

• to respond to enquiries and communicate with you;
• to assess whether Paysation Services may be suitable for your organization;
• to provide, configure, operate, support and improve the Paysation Platform and Paysation Services;
• to provide access to platform, dashboard, merchant portal, API or support functionality;
• to perform merchant, partner, supplier and representative onboarding;
• to conduct due diligence, KYC, KYB, AML, sanctions, risk, fraud-prevention and compliance checks where applicable;
• to prepare, negotiate, sign and manage agreements with your organization;
• to provide operational, technical, account, legal, security and support communications;
• to monitor website, platform and service performance;
• to protect accounts, systems, data and services against misuse, fraud, unauthorized access, security incidents and unlawful activity;
• to manage financial transactions, invoices, reconciliation, reporting and payment-related operations where applicable;
• to comply with legal, regulatory, tax, accounting, audit, payment scheme, anti-fraud, anti-money laundering, sanctions and record-keeping obligations;
• to protect our rights, property, users, clients, partners, systems and services.

We do not use personal data for additional purposes that are incompatible with this Privacy Notice, our Cookie Policy, applicable contracts or applicable law.

Where EU, UK or similar data protection law applies, we process personal data on one or more of the following legal bases.

Contract. We process personal data where it is necessary to take steps before entering into a contract or to perform a contract with you or your organization. This may include providing access to the Paysation Platform, responding to account or service enquiries, supporting services requested by your organization, and fulfilling contractual obligations.

Legitimate interests. We process personal data where it is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. Legitimate interests may include operating and securing our website and services, responding to business enquiries, improving services, validating merchant or representative information, routing traffic efficiently, preventing fraud, maintaining network and information security, managing business relationships and supporting payment operations.

Legal obligation. We process personal data where it is necessary to comply with legal or regulatory obligations, including obligations relating to tax, accounting, audit, fraud prevention, anti-money laundering, sanctions, compliance, security, payment operations, legal claims, court orders and requests from competent authorities.

Consent. We may process personal data based on consent where required by law or where no other legal basis applies. This may include certain cookies, optional marketing communications or other processing where consent is required. Where processing is based on consent, you may withdraw consent at any time.

Paysation uses technical and organizational measures designed to protect personal data against loss, misuse, unauthorized access, disclosure, alteration or destruction.

These measures may include access controls, authorization controls, encryption where appropriate, secure hosting, logging, monitoring, internal policies, staff access restrictions, vendor controls, environment separation, incident response procedures and security review processes.

We monitor our systems and work to respond to security notifications, support requests and privacy-related enquiries within a reasonable time.

When Paysation acts as a data processor on behalf of a merchant or partner, our specific security, sub-processing, breach notification and assistance obligations are governed by the applicable agreement, Data Processing Agreement or other relevant contractual terms.

No method of transmission or storage is completely secure. We work to protect personal data, but we cannot guarantee absolute security of information transmitted over the internet.

Users of the Paysation Platform or merchant interfaces are responsible for maintaining the confidentiality of their passwords, credentials, API keys and access devices.

You should use strong passwords, protect your credentials, restrict access to authorized users, sign out after using shared or unmanaged devices, and notify Paysation promptly if you believe that an account, credential, integration key or access device has been compromised.

Responsibility for misuse caused by lost, shared or compromised credentials may lie with you and your organization, subject to the applicable agreement and law.

Paysation does not sell personal data.

We may share personal data where necessary to provide services, operate our business, comply with legal obligations, protect rights or support a business relationship.

We may share personal data with:

• companies, contractors and service providers that support our website, hosting, IT, analytics, communications, security, compliance, sales, operations and business administration;
• professional advisers, including lawyers, auditors, accountants, insurers and consultants;
• payment, acquiring, banking, compliance, fraud-prevention, infrastructure, technical, security and risk partners where necessary for a business relationship, service evaluation, onboarding process or service delivery;
• public authorities, regulators, law enforcement bodies, courts or other parties where disclosure is required by law or necessary to protect rights, safety, systems, services or legal interests;
• buyers, investors, lenders or professional advisers in connection with a business transaction, restructuring, financing, merger, acquisition or similar event.

Where service providers process personal data on our behalf, we use contractual and operational controls designed to limit their processing to authorized purposes and require appropriate confidentiality and security commitments.

If disclosure relates to personal data processed by Paysation on behalf of a merchant or partner, we will act according to the applicable agreement, documented instructions and legal requirements, unless prohibited by law.

If your organization transfers personal data to Paysation for processing on its behalf, your organization is responsible for having a valid legal basis for collecting, retaining, using, processing and transferring that data to Paysation.

Your organization is responsible for providing privacy notices to End-users and other data subjects, obtaining consents where required, honoring data subject rights and ensuring that the data submitted to Paysation is lawful, accurate and relevant to the services.

Your organization must ensure the security of the data it transfers to Paysation and must use the Paysation Services in accordance with applicable law, the relevant agreement, technical documentation and security requirements.

Where a data subject directly contacts Paysation with a request to exercise privacy rights in relation to data processed on behalf of your organization, we may direct that request to your organization and provide assistance as required by applicable law and contractual terms.

We retain personal data only for as long as reasonably necessary for the purposes described in this Privacy Notice, including service delivery, account management, business administration, legal compliance, security, audit, dispute handling, fraud prevention, payment operations and record keeping.

Retention periods vary depending on the type of data, the purpose of processing, applicable law, contractual requirements, payment industry requirements, security needs and the nature of the business relationship.

Contact, onboarding and representative information may be retained for the duration of the business relationship and for a period after termination where needed for legal, audit, compliance, tax, accounting, dispute, fraud-prevention or record-keeping purposes.

Financial, invoice, accounting and tax-related information may be retained for the period required by applicable accounting, tax, audit and financial regulations.

Access, technical, security and log information may be retained for as long as necessary to operate services, protect systems, investigate incidents, prevent misuse, comply with legal obligations and maintain security records.

Cookie retention varies depending on the type of cookie and is described in our Cookie Policy.

When personal data is no longer needed, we delete it, anonymize it or restrict access to it according to applicable policies, legal requirements and technical constraints.

Depending on your location and applicable law, you may have rights in relation to your personal data.

These rights may include:

• the right to access personal data that we process about you;
• the right to obtain a copy of your personal data;
• the right to correct inaccurate or incomplete personal data;
• the right to request deletion of personal data;
• the right to restrict processing in certain circumstances;
• the right to object to processing based on legitimate interests;
• the right to data portability, where applicable;
• the right to withdraw consent where processing is based on consent;
• the right to lodge a complaint with a competent data protection authority.

Some rights may be limited where data is processed on behalf of a merchant or partner, where retention is legally required, where data is needed for security or fraud-prevention purposes, or where data is required for legal claims, accounting, audit, payment operations or compliance obligations.

If you use the Paysation Platform and profile settings are available, you may be able to access or update certain account information directly through your account.

If the information you want to access, correct or delete is not available through account settings, or if you want to exercise another privacy right, contact us at [email protected].

We may need to verify your identity, authority or relationship with the relevant organization before responding to a request.

If your personal data was transferred to third-party processors or service providers and a correction or deletion request is valid and applicable, we will take reasonable steps to notify relevant recipients where required by law.

If we process your data based on consent, you may withdraw consent at any time. Withdrawal of consent does not affect processing carried out before consent was withdrawn.

Paysation may process and store personal data in countries other than the country where the data was originally collected.

Some of our service providers, partners or business operations may be located outside the European Economic Area, the United Kingdom or your country of residence.

Where personal data is transferred internationally, we use appropriate safeguards as required by applicable data protection law. These safeguards may include adequacy decisions, standard contractual clauses, contractual protections, security measures, due diligence of service providers and other lawful transfer mechanisms.

Data protection laws in third countries may differ from the laws of your country. Before transferring personal data internationally, we take steps designed to protect the data according to applicable legal and contractual requirements.

Where a merchant or partner acts as data controller, it is responsible for informing End-users and other data subjects about cross-border transfers and for ensuring a valid legal basis or appropriate safeguard for those transfers.

Paysation does not make decisions about website visitors based solely on automated processing that produce legal or similarly significant effects.

Paysation products and services may support automated rules, risk signals, payment routing, fraud-prevention workflows, transaction monitoring, alerting and operational decisioning tools for merchants and partners.

Where automated tools are used in connection with payment, fraud-prevention, compliance, security or operational services, their use is governed by the relevant service arrangements, documented instructions, customer configuration, applicable law and operational controls.

Customers remain responsible for how they configure and use decisioning tools in relation to their own users, End-users and transactions.

We may update this Privacy Notice from time to time to reflect changes in our business, website, platform, services, technologies, legal requirements, security measures or operational practices.

The updated version will be published on this page with a revised effective date.

If you are a user of the Paysation Platform or Paysation Services, we may provide notice of material changes where required by law or contract.

Continued use of the Paysation Website, Paysation Platform or Paysation Services after an update means the revised Privacy Notice applies from the date it becomes effective.

Paysation maintains measures designed to prevent, detect, investigate and respond to personal data breaches.

If Paysation becomes aware of a personal data incident that requires notification, we will assess the incident and take steps required by applicable law and contractual obligations.

Where Paysation processes personal data on behalf of a merchant or partner, breach notification, cooperation and assistance obligations are governed by the relevant service agreement, Data Processing Agreement or other applicable contractual terms.

Security concerns and privacy-related questions can be reported to [email protected].