SIA Payspace is committed to respecting and protecting your privacy. We comply with the European Data Protection regulation (EU 2016/679) and the local laws applicable in the various countries in which we operate.
This Privacy Statement applies to all personal data you provide to us. In this document we will tell you in detail how we collect, process & share your personal information and explain your rights regarding it.
SIA Payspace is a global payment service provider with its headquarters in Riga, Latvia. Through our proprietary fully integrated payment platform, Payspace offers international e-commerce merchants its global payment services.
SIA Payspace controls the collection and processing of any personal data that you provide to us in relation to this website and payment platform. Where services are provided to you by other entities within Payspace, the entity providing the service will be responsible for your personal data. This notice applies to all such entities.
In respect of data protection related questions, to exercise your rights or file a complaint, please contact our Data Privacy team if you have an enquiry or question.
Personal data relates to a living individual who can clearly be identified from that data, in particular your name, address, phone number, e-mail address, credit or bank card number, information on special care. Identification can be made by the information alone or in conjunction with any other information otherwise in the data controller’s possession or likely to come into such possession.
The personal data that we collect, and how we collect it, depends upon how you interact with us. Categories of personal data that we collect include:
We collect personal data directly from you as follows:
If you provide information to us about another person, you must ensure that you comply with any legal obligations that may apply to your provision of the information to us, and to allow us, where necessary, to share that information with our service providers.
Most of the personal data that we collect about you will be information that you provide to us voluntarily. In some circumstances we may also receive information from:
Some of these third-party sources may include publicly available sources of information.
When you visit one of our websites, we automatically collect, store and use technical information about your equipment and interaction with our website. This information is sent from your computer to us using a variety of cookies.
See the Cookies section below for more information.
We will only use your personal data fairly and where we have a lawful reason to do so.
We are allowed to use your personal data if we have your consent or another legally permitted reason applies. These include to fulfil a contract with you, when we have a legal duty to comply with, or when it is in our legitimate business interest to use your personal data. We can only rely on our legitimate business interest, if it is fair and reasonable to do so.
Our use of your personal data depends on how and where you interact with us.
We will only process special category data where the processing is necessary for the purposes of providing our client with advice regarding obligations or an individual with advice regarding their rights in the field of employment or social security; or where it is necessary to do so in order to establish, exercise or defend legal claims.
We treat your personal data with respect and do not share it with third parties except as described below.
We will only transfer your personal data outside of the European region under the following circumstances:
where the transfer is to a country or other territory which has been assessed by the European Commission (or an equivalent UK body) as ensuring an adequate level of protection for personal data
with your consent or on the basis that the transfer is compliant with the GDPR and other applicable laws.
To provide our services to customers, except above mentioned, we also need to process special categories of personal data (sensitive personal data), e.g. cardholder data.
Cardholder data includes the primary account number (PAN) along with any of the following data types: cardholder name, expiration date or service code. A service code is a three- or four-digit number on cards that use a magnetic-stripe. The service code specifies acceptance requirements and limitations for a magnetic-stripe-read transaction.
All the mentioned information is stored, processed or transmitted in accordance with Payment Card Industry Data Security Standards (PCI DSS) requirements.
To process your sensitive personal data, we will need to obtain your specific consent, otherwise, we may not be able to provide you with the requested service(s). The transfer of your sensitive personal data to third parties, even outside the European Economic Area may also be required during the provision of the services requested from us based on mandatory legal provisions.
We protect your personal data and implement appropriate technical and organizational security measures to protect it against any unauthorized or unlawful processing and against any accidental loss, destruction, or damage.
We have robust information security management systems in place to protect your personal data, having been certified in accordance with the PCI DSS standard*.
We take appropriate technical and organizational measures to ensure the protection of your personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular but not limited to where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.
We pay special attention to the safe transmission of the personal and financial data. This data is transmitted from your computer to our servers through encrypted channels with the support of the state-of-the-art Secure Socket Layer (SSL) technology.
* The Payment Card Industry (PCI) Data Security Standard (DSS) is an information security standard developed to enhance cardholder data security for organizations that store, process or transmit credit card data. Its primary purpose is to reduce vulnerability of cardholder information and prevent credit card fraud by increasing controls where cardholder data is stored, processed, or transmitted. Organizations that maintain a cardholder environment data include retailers, retail branches on any business in any industry, online payment services, banks that issue credit cards, and service providers that offer online cloud services for payment processing.
The legal basis of data processing activities indicated in point a)-e) of Section 5 of this Privacy Notice lies in Subsection (a) Paragraph (1) of Article 5 of Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (hereinafter the “ Freedom of information Act”), i.e. based on your consent, and commencing from 25 May 2018 also Article 6 (1) (b) of the General Data Protection Regulation (Regulation No. 2016/679 of the European Parliament and of the Council) (“ GDPR”), i.e. such processing activities are necessary for the performance of contract or in order to take steps at the request of data subject to entering into a contract.
The legal basis of data processing activities indicated in point f)-g) of Section 5 of this Privacy Notice lies in Subsection (a) Paragraph (1) of Article 5 and Subsection (a) Paragraph (2) of Article 5 of the Freedom of information Act, i.e. based on your consent, and commencing from 25 May 2018 also Article 6 (1) (a) and Article 9 (2) (a) of the GDPR, i.e. such processing activities will be based on your consent.
The legal basis of data processing activity indicated in point h-i) of Section 5 of this Privacy Notice lies in Subsection (a) Paragraph (5) of Article 6 of the Freedom of information Act, i.e. based on your consent, and commencing from 25 May 2018 also Article 6 (1) (f) of the GDPR, i.e. such processing activity will be based on Payspace’s the legitimate interest. If the legal basis is the legitimate interest of PaySpace, we will carefully consider your interests and fundamental rights and freedoms, and whether these overrides such legitimate interests (balancing test).
The legal basis of data processing activity indicated in point j) of Section 5 of this Privacy Notice lies in Subsection (b) Paragraph (1) of Article 5 and Subsection (a) Paragraph (5) of Article 6 of the Freedom of information Act, i.e. based on your consent, and commencing from 25 May 2018 also Article 6 (1) (c) of the GDPR, i.e. such processing activity is necessary for compliance with legal obligation(s).
We do not keep your personal data for any longer than is necessary to fulfil the purpose for which we collected it, or to comply with any financial, legal, regulatory or reporting obligations or to assert or defend against financial or legal claims.
We keep your personal data for no longer than reasonably necessary: for a period of 1 years from the fulfillment of the agreement concluded with us in order to comply with applicable data retention laws.
You have certain rights regarding how we use and keep your personal data. These are:
You may also have the right, in certain circumstances to:
You can exercise the above rights, where applicable by contacting the Data Privacy team. We will require you to provide satisfactory proof of your identity in order to ensure that your rights are respected and protected. This is to ensure that your personal data is disclosed only to you.
When you use our website or any other online services, cookies are stored by your browser on your device. Please note that if you disable cookies our website or any other online services may not function properly on your browser. Our aim is to ensure that our website offers visitors and customers what they are looking for and provides them with the most relevant communication. In order to achieve this goal, we may store and use your data, building usage profiles for market research, for quality improvements of our website and our services, for service developments, to improve the performance of the website, to measure the success of our advertising campaigns or to tailor services to your needs.
Until you log in to you PaySpace, the use of such data for the purposes described in the preceding sentence will be in pseudonymized form. That means we will replace your name and other features which may identify you with another identifier in order to make it impossible to identify you as a person and we will not bundle such usage profiles with other data we store about you.
Once you are logged in your Payspace account, the use of such data for the purposes described in the preceding sentence will be personalized and connected to you.
You are entitled to object against the use of your data for building usage profiles as described above at any time.
We send you newsletters on actual bargains and special offers if you have requested such communication from us by subscribing to such services, or if you provided us with your details. We will not contact you electronically for marketing purposes unless you have expressly indicated your consent by ticking relevant tick boxes on the data entry form in which you entered your contact information.
Payspace is not responsible for third parties’ use of your data, where such use is permitted for their own purposes. In such cases these third parties also be considered data controllers, please consult their privacy policies for further information.
We may change this Privacy Statement from time to time to reflect new services, changes in our Personal Data practices or relevant laws. Any changes are effective when we post the revised Privacy Statement. We may provide you with disclosures and alerts regarding the Privacy Statement or personal data collected by posting them on our website.
Please contact us with any questions or comments about this Policy, your Personal Data, our use and disclosure practices, or your consent choices by email at [email protected].
If you have any concerns or complaints about this Policy or your Personal Data, you may contact Data Privacy team.
This Privacy Statement is effective from 7 May 2018.