Please read this notice carefully to understand our policies and practices regarding your personal information and how we will treat it. For a short-form summary, please click here. California residents can find more specific information on the California Consumer Privacy Act (CCPA) and their rights in the “CCPA” section below. Contact Us;
- To prevent and/or detect fraud, financial crime, manage risk and to better protect ourselves, our customers and the integrity of the financial system, it may be necessary to process and disclose sensitive personal information (sometimes known as special category personal data) including biometric data to third parties who help us in managing such risks, including identity verification. This may include software and services we use to verify your identity/age by determining whether a selfie you take matches the photo in your ID;
- During the identification process we may use a facial recognition process to compare your selfie with your uploaded ID document. During this process biometric data is generated by creating a digital map of your face in order to better compare your ID photo and your selfie picture. This helps to reduce fraud and is therefore in the substantial public interest. But any biometric information generated is immediately deleted following a match. Paysafe itself does not generally store or retain biometric data because such information is generally generated using secure third-party anti-fraud systems. If your biometric information is stored, retained, or used directly by Paysafe in any way, you will be notified at the point of collection. If you want to know more about our policies and processes in respect of your biometric data, or indeed our use of any other sensitive or special category personal data, you can reach us at the details provided in the Contact Us;
- Fraud prevention agencies as described above, including Action Fraud, Financial Fraud Action and the Financial Fraud Bureau and other organisations who assist us in managing fraud and business risk;
- Where we provide services through third parties such as Banks and other organisations, we may be required to disclose your information (including any ‘know your customer’ and ‘source of wealth’ information) with such organisations in order to assist their own regulatory obligations or risk assessments;
- Third Party Service Providers, including suppliers who assist us with the provision of Services, including processing orders, fulfilling orders, processing payments, managing credit, security, sector and fraud risk, identity verification, and marketing, market research and survey activities carried out on behalf of Paysafe. Occasionally, we may utilise the services of third-party providers to assist with the provision of services that might require the use of your personal information, including for the purposes of live data testing and to which suitable security arrangements will be implemented;
- To third parties who do not act under our instructions as a service provider (but will be subject to their own legal obligations to keep data secure), in order to facilitate provision of the Services. For example, banks and organisations who facilitate the trading of your stocks, crypto currencies and other financial instruments;
- In order to prevent and/or detect fraud, financial crime, manage risk and to better protect ourselves and our customers, it may be necessary to process and disclose sensitive personal information (sometimes known as special category personal data) including biometric data to third parties who help us in managing such risks, including identity verification;
- Where we are required or permitted to do so by law, Paysafe may be required by law to pass information about you to regulatory authorities and law enforcement bodies worldwide, or we may otherwise determine that it is appropriate or necessary to do so. Such disclosures may also include requests from governmental or public authorities, or with commercial organisations with whom you may have had dealings and who are seeking to mitigate fraud or credit risk, or non-compliance with terms of business, or for the purposes of litigation or legal process, national security or where we deem it in the national or public interest or otherwise lawful to do so. Paysafe will not ordinarily challenge the serving of court or similar orders requiring disclosure;
- Business transfers. Paysafe may buy or sell business units or affiliates. In such circumstances, we may transfer or receive customer information as a business asset. Without limiting the foregoing, if our business enters into a joint venture with or is sold to or merged with another business entity, your information may be disclosed to our new business partners or owners. In these circumstances we will inform the recipient that your information should be treated in accordance with the standards described in this notice; and
- With your permission, your information may also be used for other purposes for which you give your specific permission.
Except as necessary for the performance of its services and as described above/attached, Paysafe does not sell, rent, share or otherwise disclose personal information about its customers to third parties for their own third-party marketing use without meeting any necessary legal obligations (e.g. consent, opt-out, or as otherwise permitted by law). The California Consumer Privacy Act uses a very wide definition of data “sale” and California residents should read the “CCPA” section below in respect of data sale.
We may monitor or record telephone calls, emails, web chat or other communications with you for regulatory, security, quality assurance or training purposes. When visiting our offices, CCTV, access control systems and/or other monitoring systems may be in operation for security reasons and for health and safety and office management purposes.
WHERE WE STORE YOUR PERSONAL INFORMATION
We, our service providers, and other parties with whom we may share your personal information (as described above) may process your personal information in territories that are outside the European Economic Area (“EEA”) or otherwise outside of the territory in which you reside. It may also be processed by staff (ours or that of our suppliers) operating outside the EEA or the territory in which the personal information was collected. Such staff may be engaged in, among other things, the fulfilment of orders, the processing of payment details and support services in provision of the Services. These countries may have data protection standards that are different to (and, in some cases, lower than) those of the territory in which you reside.
In these circumstances, we will take appropriate steps to protect your personal information in accordance with this privacy notice and applicable data protection laws; including through the use of any appropriate safeguards required by law to ensure that any international data transfers are lawful. Paysafe generally uses “Model Clauses” as approved by the European Commission when contracting with third-party data recipients outside the EEA who are receiving data from within the EEA for the purpose of processing personal information transferred outside the EEA.
HOW WE KEEP YOUR PERSONAL INFORMATION SECURE
We have implemented technical, physical, and organisational/administrative measures designed to secure your personal information from accidental loss and from unauthorised access, use, alteration and disclosure. These measures include:
- Written information security program;
- Appointed a Chief Information Security Officer (‘CISO’) to oversee, implement and enforce the information security programme;
- Appointed a Chief Privacy Officer (‘CPO’) to oversee, implement and enforce the privacy programme;
- Continuous vulnerability assessment and monitoring;
- Having information security risk management policies and procedures in place;
- Having an established incident response plan;
- Access controls on information systems, designed to authenticate users and permit access only to authorised individuals;
- Restricting access to physical locations containing personal information only to authorised individuals;
- Securing all personal information, both in transit and at rest;
- Multifactor authentication for all staff accessing personal information;
- Maintaining audit trails relating to internal and external access to and modifications of personal information;
- Adopted secure development practices for in-house developed applications;
- Performing information security due diligence on third-party service providers;
- Performing security awareness training on a regular basis.
The safety and security of your information is also dependent upon you. If we have given you (or if you have chosen) a password or access code for access to certain parts of our website/portal or mobile applications and similar, you are responsible for keeping this password and/or access code confidential. You must not share your password and/or access code with anyone. You must ensure that there is no unauthorised use of your password and access code. Paysafe will act upon instructions and information received from any person that enters your user id and password and you understand that you are fully responsible for all use and any actions that may take place during the use of your account, unless otherwise mandated by law. You must promptly notify Paysafe of any information you have provided to us which has changed.
The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your information transmitted to our site, unless you are communicating with us through a secure channel that we have provided. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
HOW LONG WE RETAIN YOUR PERSONAL INFORMATION
The periods for which we retain your personal information are determined based on the nature and type of information, the Paysafe Service and the country in which they are provided as well as any applicable local legal or regulatory provisions. In general, once no longer needed for a legitimate business purpose or reason, your information will be deleted, or we may anonymise or aggregate it with other information to make it non-personal.
If you use the Services, we will retain your personal information as long as necessary to provide you with the services of your choice and any linked legitimate business purpose. That would generally mean we retain your personal information as long as you are our customer (or commence such an application) and for a period of time afterwards. This will also include the use and retention of your personal information when you commence completion of an application for Services, irrespective of whether you complete such application process or are accepted as a customer.
The retention period may also depend on the legal and regulatory requirements of the country where you are located. We will retain personal information as evidence of our dealings with you (including whether there were any or no financial transactions), to manage any queries or disputes, including to defend or initiate any legal claims. For example, we will retain your information for the time allowed by the local laws to start a legal claim (so called “statute of limitation”), or for as long as we are ordered pursuant to on an order from the courts, or by law enforcement agencies or our regulators; or as otherwise required or permitted by law (for example, the retention of KYC /Know Your Customer/ records under anti money laundering regulations or similar).
We can also continue marketing and sending you direct marketing, subject to local laws and where you have not objected to such marketing.
YOUR DATA PROTECTION RIGHTS
You have many rights that you may be able to exercise in relation to your personal information. These rights may apply under a number of different regulations, for example, the General Data Protection Regulation (GDPR) which is generally applicable to EEA residents, and the California Consumer Protection Act (CCPA) which is generally applicable to California residents. If you wish you can access, correct, or update your personal information. In certain circumstances, you can also ask us to delete your personal information, object to its processing or temporarily restrict its processing while exercising your other rights. In addition, you can request to transfer certain of your personal information to another service provider (so called, data portability). You may also have the right to “opt out” of certain uses of your personal information, including asking us to limit the sharing of your personal information with affiliated and non-affiliated third parties. Privacy laws continue to develop and if you think or are unsure as to whether any right may apply to you, please also Contact Us section.
AUTOMATED DECISION MAKING
In some instances, our use of your personal information may result in automated decisions being taken (including profiling) that legally affect you or similarly significantly affect you.
Automated decisions mean that a decision concerning you is made automatically on the basis of a computer determination (using software algorithms), without our human review. For example, we use automated decisions to complete credit assessments on you when you apply to certain Services or to carry out anti-fraud checks, as explained in the section “What We Use Your Personal Information For”. We have implemented measures to safeguard the rights and interests of individuals whose personal information is subject to automated decision-making. In addition, if you are using the Services in the EEA, when we make an automated decision about you, you have the right to contest the decision, to express your point of view, and to require a human review of the decision. You can exercise this right by contacting us at the details below. Privacy laws continue to develop and if you think or are unsure as to whether such right may apply to you, please also contact us, so we can assess and advise.
LEGAL BASIS FOR PROCESSING
Paysafe will only process your personal information in compliance with the law. Such laws vary across different territories and further specific information is available on request. In general, Paysafe will either process:
- On the basis of your consent, for example to send you marketing messages about products and services in accordance with your interests and preferences, where such consent is required by law;
- Where necessary for the performance of, or entry into, any contract we have with you, for example, in order to provide you with the Services you have subscribed – in that context, we need that information because otherwise we would not be able to provide the Services to you. For example, if we are required to verify your identity and you do not supply us with the relevant information, we may be unable to open an account for you;
- Where Paysafe has a legitimate interest to process data, subject to such processing not overriding your own rights and freedoms in objecting to such processing. For example, to keep you informed about your use of the Services, improve and develop the Services, conduct online advertising or other marketing activities, as well as manage and enforce any claim;
- Where Paysafe has a legal obligation to collect, use and/or disclose your personal information or otherwise needs your personal information to protect your vital interests or those of another person. For example, when necessary to comply with the rules imposed by our or other applicable regulators; or
- Exceptionally, we may share your information with a third party when necessary in the public interest, for example, when law enforcement agencies or other third parties with whom you may have had dealings request information to investigate a crime or otherwise a breach of third-party terms of business.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information for any specific processing activity, please contact us via the Cookie Notice for details on how we collect, use, or disclose information in respect of cookies. Otherwise, please Contact Us section below.
To the extent required under The European Union (Withdrawal) Act 2018 or other legislation in respect of “Brexit” the companies of the Paysafe Group that are based outside the United Kingdom have elected as their UK representative the following entity: Skrill Holdings Limited, 25 Canada Square, London, England, E14 5LQ, United Kingdom. You can reach the UK representative using the contact details provided under the Contact Us.
Paysafe’s Group Data Protection Officer is as stated below and can be contacted via the Cookie Notice, but including history of visiting and interacting with our Services, IP address, browser type, browser language and other information collected automatically;
- Geolocation data to the extent we need to verify your location for regulatory or anti-fraud purposes depending on the Services provided and your use of them (for example, some laws may require us to identify your location if the use of any Services involves gambling);
- Commercial information, such as information about your banking relationships, including account numbers, debit and credit card numbers, account balances, and the length of time you have maintained those accounts.
We collect this personal information to underwrite and set up your account and for the purpose of providing our Services to you.
SHARING YOUR PERSONAL INFORMATION WITH THIRD PARTIES
In the past 12 months, we shared with third parties any of the information described above for our business purposes, e.g. with our affiliates or in relation to using a service provider to assist us in providing Services to you. The categories of such service providers are described in the Disclosure of Your Information section.
You can switch ‘on’ or ‘off’ your cookie usage in the online consent dashboard consent dashboard available via the ‘Cookie Settings’ link on all our websites and portals.
YOUR CCPA PRIVACY RIGHTS
You have rights that you can exercise in relation to your personal information. In particular:
- Right to access: you may ask for information about the categories of personal information we have collected about you, the categories of sources from which your personal information has been collected, the business or commercial purpose for collecting or selling your personal information, as well as the categories of third parties with whom we may share or to whom we sell your personal information and the categories of personal information that have been provided to such third parties. You may also ask us for a copy of the specific pieces of personal information we have collected about you in a machine-readable format;
- Right to deletion: you have the right to request the deletion of your personal information;
- To the extent we sell your personal information you have the right to ask us to stop selling personal information about you to third parties or you can switch “off” your cookie settings here (which will have the same effect as opting out of sale of your personal information);
- Right to nondiscrimination: you have the right not to be discriminated against because you have exercised any of your consumer’s rights listed above. In other words, we shall not provide a different quality of services to you because you have chosen to exercise one of your rights.
You may authorize a person to act on your behalf in relation to exercising these rights but we may need to take certain steps to verify the request made is legitimate, i.e. that it is indeed coming from you and that it is made on your behalf. For example, we may require your signed permission demonstrating that you have authorized the agent to submit the request on your behalf.
Please note that where we use and disclose personal information for purposes related to security, fraud detection and other similar purposes, some of your rights may be limited. As such, please consider that there might be cases where your request cannot be fulfilled. For example, as permitted by the CCPA, it is possible that we may not comply with a request to delete your personal information if we need that information for the purpose of detecting security incidents, or protecting against malicious, deceptive, fraudulent or illegal activities, where such information is necessary to record our contractual dealings or your transactions or where required or otherwise permitted by law.
If you want to know more about your rights, or you want to exercise them, you can reach us at the details provided in the Contact Us details provided above.
This Notice was last revised on 30/12/2019.
List of entities processing personal information
The Paysafe Group comprises Paysafe Group Holdings Limited, together with its subsidiaries. Below is a list of Paysafe Group entities that process personal information within the scope of Paysafe Group’s Global Privacy Notice:
- cpt Dienstleistungen GmbH (Germany)
- EcomAccess Inc (Canada)
- Flagship Merchant Service LLC (USA, Delaware)
- Global Merchant Advisors LLC (USA, Delaware)
- IA Digital Marketing Inc. (Canada)
- Income Access Limited (UK)
- iPayment Inc (USA, Delaware)
- Leaders Merchant Services LLC (USA, Delaware)
- MAC Limited (Gibraltar)
- NBS Acquisition LLC (USA, Delaware)
- NT Services Limited (Alberta, Canada)
- Optimal Payments Services Inc (USA, Delaware)
- Pays Services India LLP (India)
- Pays Services Italy S.r.l (Italy)
- PAYS Services UK Limited (UK)
- Paysafe Bulgaria EOOD (Bulgaria)
- Paysafe Capital LLC (USA, Delaware)
- Paysafe Financial Services (Canada) Inc (Canada)
- Paysafe Financial Services Limited (UK)
- Paysafe Group Holdings Limited (UK)
- Paysafe Group Limited (Isle of Man)
- Paysafe Holdings (US) Corp. (USA, Delaware)
- Paysafe Holdings UK Limited (UK)
- Paysafe Loans LLC (USA, Delaware)
- Paysafe Merchant Services Corp. (USA, Delaware)
- Paysafe Merchant Services Inc. / Services aux commerçants Paysafe Inc. (Canada)
- Paysafe Partners LP (USA, Delaware)
- Paysafe Payment Processing Solutions LLC (USA, Delaware)
- Paysafe Payment Solutions Limited (Ireland)
- Paysafe Prepaid Services Limited – Gibraltar Branch (Gibraltar)
- Paysafe Prepaid Services Limited (Ireland)
- Paysafe Processing Limited (UK)
- Paysafe RT LLC (USA, Delaware)
- Paysafe Services (Canada) Inc. / Services Paysafe (Canada) Inc. (Canada)
- Paysafe Services (US) Corp. (USA, Delaware)
- Paysafe Services Lending LLC (USA, Delaware)
- Paysafe Technologies Inc. / Technologies Paysafe Inc. (Canada)
- Paysafe Technology Services Austria GmbH (Austria)
- paysafecard Ön Ödeme Servisleri Ltd. Sti. (Turkey)
- com Argentina S.R.L. (Argentina)
- com Deutschland (Zweigniederlassung der Prepaid Services Company Ltd) (Germany)
- com MENA DMCC (UAE)
- com Mexico S.A. de C.V.(Mexico)
- com Schweiz GmbH (Switzerland)
- com USA Inc (USA)
- com Wertkarten GmbH (Austria)
- com Wertkarten UK (UK)
- com Wertkarten Vertriebs GmbH (Austria)
- Petroleum Card Services LLC (USA, Delaware)
- Prepaid Services Company Limited (UK)
- Sentinel Bidco Ltd (UK)
- Skrill Limited (UK)
- Skrill New York, Inc (USA)
- Skrill Services GmbH (Germany)
- Skrill USA Inc (USA)