Privacy Statement

SIA Payspace is committed to respecting and protecting your privacy. We comply with the European Data Protection regulation (EU 2016/679) and the local laws applicable in the various countries in which we operate.

This Privacy Statement applies to all personal data you provide to us. In this document we will tell you in detail how we collect, process & share your personal information and explain your rights regarding it.

Who we are

SIA Payspace is a global payment service provider with its headquarters in Riga, Latvia. Through our proprietary fully integrated payment platform, Payspace offers international e-commerce merchants its global payment services.

SIA Payspace controls the collection and processing of any personal data that you provide to us in relation to this website and payment platform. Where services are provided to you by other entities within Payspace, the entity providing the service will be responsible for your personal data. This notice applies to all such entities.

In respect of data protection related questions, to exercise your rights or file a complaint, please contact our Data Privacy team if you have an enquiry or question.

Your personal data – what is it?

Personal data relates to a living individual who can clearly be identified from that data, in particular your name, address, phone number, e-mail address, credit or bank card number, information on special care. Identification can be made by the information alone or in conjunction with any other information otherwise in the data controller’s possession or likely to come into such possession.

Personal data we collect

The personal data that we collect, and how we collect it, depends upon how you interact with us. Categories of personal data that we collect include:

  • Contact information such as name, email address and telephone number
  • Biographical information such as job title, employer, photograph and video or audio content including you
  • Marketing, communication preferences and related information such as buying preferences, feedback and survey responses
  • Billing and financial information such as billing address, bank account and payment information
  • Services information such as details of services that we have purchased from you or services you purchased from us or through our online services

Personal data we collect from you

We collect personal data directly from you as follows:

  • When you sign up to receive news services, use a toolkit or register for one of our online services, we will ask you provide your contact and other relevant information, as well as your communication preferences.
  • When you register to attend one of our events, we will ask you to provide your contact, guest and other relevant information including buying preferences.
  • When you use our website or one of our online services we collect information about your visit and how you interact with our website or one of our online services.
  • When a client uses one of our online services, we will ask for the information that we need to provide those services; this information includes contact details, billing information, information necessary to conduct pre-clearance checks and information relevant to the services we provide. Information provided by a client may include personal data that relates to persons whose information is relevant to the instruction; for example, when we advise on a business transaction or a regulatory investigation or represent a client in a financial or legal dispute.
  • If you visit one of our offices, we may collect information that we need in order to identify you and complete necessary security checks. We may also collect your image using office video-surveillance system.

If you provide information to us about another person, you must ensure that you comply with any legal obligations that may apply to your provision of the information to us, and to allow us, where necessary, to share that information with our service providers.

Information we collect from third-parties

Most of the personal data that we collect about you will be information that you provide to us voluntarily. In some circumstances we may also receive information from:

  • other our company entities
  • our clients, when we handle personal data on their behalf
  • regulatory bodies
  • credit reference agencies
  • other companies providing services to us, like, for instance, scoring antifraud services as Maxmind, Ethoca etc

Some of these third-party sources may include publicly available sources of information.

We will also receive information about you from Google Analytics, a web analytics service provided by Google, Inc. (“Google”) whose servers are in the United States of America. Google Analytics uses cookies to help us analyze how users use our site.

Data we collect automatically

When you visit one of our websites, we automatically collect, store and use technical information about your equipment and interaction with our website. This information is sent from your computer to us using a variety of cookies.

See the Cookies section below for more information.

How we use your personal data

We will only use your personal data fairly and where we have a lawful reason to do so.

We are allowed to use your personal data if we have your consent or another legally permitted reason applies. These include to fulfil a contract with you, when we have a legal duty to comply with, or when it is in our legitimate business interest to use your personal data. We can only rely on our legitimate business interest, if it is fair and reasonable to do so.

Our use of your personal data depends on how and where you interact with us.

We will only process special category data where the processing is necessary for the purposes of providing our client with advice regarding obligations or an individual with advice regarding their rights in the field of employment or social security; or where it is necessary to do so in order to establish, exercise or defend legal claims.

Processing your data

We treat your personal data with respect and do not share it with third parties except as described below.

  • We may disclose your personal data to other Payspace entities for the purpose of our internal business processes (such as administration, processing and billing) and for the purpose of providing online services.
  • We may disclose personal data to third party law firms for the purpose of obtaining foreign legal advice.
  • We may share personal data our service providers including security check and antifraud scoring services
  • We may share personal information when necessary with law enforcement and regulatory authorities
  • We may also share your personal data when you have consented to us doing so.

We will only transfer your personal data outside of the European region under the following circumstances:

where the transfer is to a country or other territory which has been assessed by the European Commission (or an equivalent UK body) as ensuring an adequate level of protection for personal data
with your consent or on the basis that the transfer is compliant with the GDPR and other applicable laws.

To provide our services to customers, except above mentioned, we also need to process special categories of personal data (sensitive personal data), e.g. cardholder data.

Cardholder data includes the primary account number (PAN) along with any of the following data types: cardholder name, expiration date or service code. A service code is a three- or four-digit number on cards that use a magnetic-stripe. The service code specifies acceptance requirements and limitations for a magnetic-stripe-read transaction.

All the mentioned information is stored, processed or transmitted in accordance with Payment Card Industry Data Security Standards (PCI DSS) requirements.

To process your sensitive personal data, we will need to obtain your specific consent, otherwise, we may not be able to provide you with the requested service(s). The transfer of your sensitive personal data to third parties, even outside the European Economic Area may also be required during the provision of the services requested from us based on mandatory legal provisions.

How we protect your personal data

We protect your personal data and implement appropriate technical and organizational security measures to protect it against any unauthorized or unlawful processing and against any accidental loss, destruction, or damage.

We have robust information security management systems in place to protect your personal data, having been certified in accordance with the PCI DSS standard*.

We take appropriate technical and organizational measures to ensure the protection of your personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular but not limited to where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.

We pay special attention to the safe transmission of the personal and financial data. This data is transmitted from your computer to our servers through encrypted channels with the support of the state-of-the-art Secure Socket Layer (SSL) technology.

* The Payment Card Industry (PCI) Data Security Standard (DSS) is an information security standard developed to enhance cardholder data security for organizations that store, process or transmit credit card data. Its primary purpose is to reduce vulnerability of cardholder information and prevent credit card fraud by increasing controls where cardholder data is stored, processed, or transmitted. Organizations that maintain a cardholder environment data include retailers, retail branches on any business in any industry, online payment services, banks that issue credit cards, and service providers that offer online cloud services for payment processing.

Legal basis of data processing

The legal basis of data processing activities indicated in point a)-e) of Section 5 of this Privacy Notice lies in Subsection (a) Paragraph (1) of Article 5 of Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (hereinafter the “ Freedom of information Act”), i.e. based on your consent, and commencing from 25 May 2018 also Article 6 (1) (b) of the General Data Protection Regulation (Regulation No. 2016/679 of the European Parliament and of the Council) (“ GDPR”), i.e. such processing activities are necessary for the performance of contract or in order to take steps at the request of data subject to entering into a contract.

The legal basis of data processing activities indicated in point f)-g) of Section 5 of this Privacy Notice lies in Subsection (a) Paragraph (1) of Article 5 and Subsection (a) Paragraph (2) of Article 5 of the Freedom of information Act, i.e. based on your consent, and commencing from 25 May 2018 also Article 6 (1) (a) and Article 9 (2) (a) of the GDPR, i.e. such processing activities will be based on your consent.

The legal basis of data processing activity indicated in point h-i) of Section 5 of this Privacy Notice lies in Subsection (a) Paragraph (5) of Article 6 of the Freedom of information Act, i.e. based on your consent, and commencing from 25 May 2018 also Article 6 (1) (f) of the GDPR, i.e. such processing activity will be based on Payspace’s the legitimate interest. If the legal basis is the legitimate interest of PaySpace, we will carefully consider your interests and fundamental rights and freedoms, and whether these overrides such legitimate interests (balancing test).

The legal basis of data processing activity indicated in point j) of Section 5 of this Privacy Notice lies in Subsection (b) Paragraph (1) of Article 5 and Subsection (a) Paragraph (5) of Article 6 of the Freedom of information Act, i.e. based on your consent, and commencing from 25 May 2018 also Article 6 (1) (c) of the GDPR, i.e. such processing activity is necessary for compliance with legal obligation(s).

Keeping your personal data

We do not keep your personal data for any longer than is necessary to fulfil the purpose for which we collected it, or to comply with any financial, legal, regulatory or reporting obligations or to assert or defend against financial or legal claims.

We keep your personal data for no longer than reasonably necessary: for a period of 1 years from the fulfillment of the agreement concluded with us in order to comply with applicable data retention laws.

Your rights regarding your personal data

You have certain rights regarding how we use and keep your personal data. These are:

  • you can require us, to update or correct any inaccurate personal data, or to complete any incomplete personal data, concerning you. If you do, we will take reasonable steps to check the accuracy of and correct the information. Please let us know if any of your information changes so that we can keep it accurate and up to date;
  • you can require us to stop processing your information for marketing purposes; if you withdraw your consent, we may not be able to provide certain products or services to you; and
  • you have the right to object to our use of your personal data more generally.

You may also have the right, in certain circumstances to:

  • be provided with a copy of any personal data that we hold about you, with certain related information. There are exceptions to this right; for example, where information is legally privileged or if providing you with the information would reveal personal data about another person
  • to require us, without undue delay, to delete your personal data
  • to “restrict our use of your information, so that it can only continue subject to restrictions; and
  • to require personal data which you have provided to us and which are processed by using automated means, based on your consent or the performance of a contract with you, to be provided to you in machine readable format so that they can be “ported” to a replacement service provider.

You can exercise the above rights, where applicable by contacting the Data Privacy team. We will require you to provide satisfactory proof of your identity in order to ensure that your rights are respected and protected. This is to ensure that your personal data is disclosed only to you.

Cookies

When you use our website or any other online services, cookies are stored by your browser on your device. Please note that if you disable cookies our website or any other online services may not function properly on your browser. Our aim is to ensure that our website offers visitors and customers what they are looking for and provides them with the most relevant communication. In order to achieve this goal, we may store and use your data, building usage profiles for market research, for quality improvements of our website and our services, for service developments, to improve the performance of the website, to measure the success of our advertising campaigns or to tailor services to your needs.

Until you log in to you PaySpace, the use of such data for the purposes described in the preceding sentence will be in pseudonymized form. That means we will replace your name and other features which may identify you with another identifier in order to make it impossible to identify you as a person and we will not bundle such usage profiles with other data we store about you.

Once you are logged in your Payspace account, the use of such data for the purposes described in the preceding sentence will be personalized and connected to you.
You are entitled to object against the use of your data for building usage profiles as described above at any time.

The use of your personal data for marketing purposes

We send you newsletters on actual bargains and special offers if you have requested such communication from us by subscribing to such services, or if you provided us with your details. We will not contact you electronically for marketing purposes unless you have expressly indicated your consent by ticking relevant tick boxes on the data entry form in which you entered your contact information.

Third parties liability

Payspace is not responsible for third parties’ use of your data, where such use is permitted for their own purposes. In such cases these third parties also be considered data controllers, please consult their privacy policies for further information.

Updates to this Privacy Statement and notifications

We may change this Privacy Statement from time to time to reflect new services, changes in our Personal Data practices or relevant laws. Any changes are effective when we post the revised Privacy Statement. We may provide you with disclosures and alerts regarding the Privacy Statement or personal data collected by posting them on our website.

How to Contact Us

Please contact us with any questions or comments about this Policy, your Personal Data, our use and disclosure practices, or your consent choices by email at [email protected].
If you have any concerns or complaints about this Policy or your Personal Data, you may contact Data Privacy team.

This Privacy Statement is effective from 7 May 2018.