We are committed to protecting and respecting your privacy. We will:
The payware company providing the product or service to you will be responsible for processing your personal data for that product or service. This payware company is known as the ‘controller’ of your personal data.
A business account is a partner’s profile definition in payware systems. It holds configurational information for your transactions and visualization preferences alongside any other related data required for the proper payware services operations.
A business account could be only one of the following types:
Each account type has additional and specific Terms and Conditions (as applicable).
We will collect your personal data when you use:
We may also collect your personal data from other people or companies. We explain how this can happen in more detail at What personal data do you collect about me? section below.
When we say, ‘personal data’, we mean information which:
Data protection laws do not apply to information about legal entities (for example, limited liability companies). However, they do apply to people. When we provide payware Business products, we process personal data of the individuals authorized to set the account up and give us instructions about the account. We may also process personal data about other employees and customers of the company that receives payware Business products.
If more than one person is authorized to give instructions on a payware Business account, references in this notice to ‘you’ and ‘your’ will mean any, or all, of those people. When we refer to a ‘company’, we mean the company that holds the payware Business account.
This notice explains what personal data we collect, how we use it, and your rights if you want to change how we use your personal data. This notice only applies to personal data. It does not apply to company information.
If you are a customer of a company that holds a payware Business account, or one of its employees who uses the company’s payware Business account, but are not authorized to give us instructions, we do not process personal data about you as a ‘controller’. The company that holds the payware Business account is the ‘controller’ of your personal data. You should contact the company that holds the payware Business account for information about how it processes your personal data.
We may provide this notice in languages other than English. If there are any discrepancies between other language versions and the English language version, the English language version is authoritative.
If you have concerns about how we use your personal data, you can contact dpo@payware.eu.
The types of personal data we collect depend on how you use payware Business. When you use payware Business, you can be:
If you are a:
The table below explains what personal data we collect and use about you:
| Type of personal data | Details |
|---|---|
Information you give us We will collect the following information: Where you, or your company, give us personal data about other people, you are responsible for ensuring that they understand how we will process their personal data.| | We collect information you provide when you:
|
Information about how you use payware Business | When you use payware Business, we get information about:
|
Information collected from your use of our products and services | Whenever you use our website or the payware Business APIs, we collect the following information:
|
| Information from your employer | When a company that holds a payware Business account nominates you as an Account Owner, your employer will give us information about you. Typically, this will include your name and business contact details. In some cases, it may also include your employment status. |
Information from others This includes information about late payments, information to help us check your identity, information about you and information relating to your transactions. We have explained more in the Do you run credit checks on me? section below. | We collect personal data from third parties, such as credit reference agencies, financial or credit institutions, official registers and databases, as well as fraud prevention agencies and partners who help us to provide our services. |
| Information from websites or social media | We may collect information about you if you make it publicly available on websites, social media websites or apps. We only do this as part of our payware Business KYB checks. |
| Information from publicly available source | We collect, or may ask you to provide, personal data from publicly available sources, such as media stories, online registers or directories, and websites for enhanced due diligence checks, security searches and KYB purposes. |
We must have a legal basis (a valid legal reason) for using your personal data. Our legal basis will be one of the following:
We need certain personal data to provide our services and cannot provide them without this personal data.
In some cases, we have a legal responsibility to collect and store your personal data (for example, under anti-money laundering laws we must hold certain information about our customers).
We sometimes collect and use your personal data because we have a legitimate interest in using it and this is reasonable when balanced against your right to privacy.
Where we process your personal data, or your sensitive personal data (sometimes known as special category personal data), to adhere to government regulations or guidance.
Where you’ve agreed to us collecting your personal data, or your sensitive personal data, for example when you have ticked a box to indicate that you are happy for us to use your personal data in a certain way.
We explain more about how we use your personal data in the How do you use my personal data? section below.
Explore the ways in which we may use your personal data using this table:
| What we use your personal data for | Our legal basis for using your personal data |
|---|---|
| Providing our services
If you apply to use a **pay**ware Business product or service, we will use your personal data to check your identity (as part of our KYB process) and decide whether or not to approve your application. We use your personal data to:
|
|
| Protecting against fraud
We use your personal data to check your identity and to protect against fraud, keep to financial crime laws and to confirm that you are eligible to use our services. We also use it to help us better understand your company’s financial circumstances and manage fraud risks related to your payware Business account. |
|
| Marketing and providing new products and services that might interest you
We use your personal data to do the following:
Remember, you can ask us to stop sending you marketing information (the How do you use my personal data for marketing? section below explains how to do this). |
|
| To keep our services up and running
We use your personal data to manage our website and the payware Business services, (including troubleshooting, data analysis, testing, research, statistical and survey purposes), and to make sure that content is presented in the most effective way for you and your device. We also use your personal data to:
|
|
| Preparing anonymous statistical datasets
We prepare anonymous statistical datasets about our customers’ transactional patterns:
These datasets may be shared internally or externally with others, including non-payware companies. We produce these reports using information about you and other customers. The information used and shared in this way is never personal data and you will never be identifiable from it. Anonymous statistical data cannot be linked back to you as an individual. For example, some countries have laws that require us to report transactional statistics and how money enters or leaves each country. We will provide anonymized statistical information that explains the broad categories of merchants that payware Business customers in that country transact their money with. However, we will not provide any customer-level information. It will not be possible to identify any individual payware Business customer. |
|
| Improving our products and services
We use your personal data to help us develop and improve our current products and services. This allows us to continue to provide products and services that our customers want to use. |
|
| Meeting our legal obligations, enforcing our rights and other legal uses
We use your personal data:
You can find out more in the Do you share my personal data with anyone else? section below. Sometimes, we are legally required to ask you to provide information about other people. For example, we might ask you to explain:
Where you, or your company, give us personal data about other people, it is your responsibility to ensure they understand how we will process their personal data. |
|
| Helping you to provide services to your customers
We may provide payment processing services to you or your company. Where this happens, you, or your company, are responsible for deciding:
You, or your company, are the ‘controller’ of your customers’ personal data. Where we help you to provide services to your customers, we will set out our data protection obligations in our contract with you. |
|
Depending on the payware Business products or services you use, we may make automated decisions about you.
This means that we may use technology that can evaluate your personal circumstances and other factors to predict risks or outcomes. This is sometimes known as profiling. We do this for the efficient running of our services and to ensure decisions are fair, consistent, and based on the right information.
When we make an automated decision about you, you have the right to ask that it is manually reviewed by a person. You can find out more about this in the What are my rights? section below.
For example, we may make automated decisions about you that relate to:
Detecting fraud
Our legal basis is one or more of the following:
We will share your personal data with credit reference agencies, or other providers of credit information, to:
The personal data we share with, and receive from, credit reference agencies (or other providers of credit information) will vary depending on the country you live in.
Our legal basis is one or more of the following:
If you sign up to use payware Business account, and where national laws allow, we will assume you want us to contact you by post, push notification, email and SMS text message with information about payware products, services, offers and promotions. Where national laws require us to get your consent to send direct marketing messages, we will do so in advance. We may use the personal data we have collected about you in order to tailor our offers to you.
You can tell us you don't want to hear from us at any time. Just click on the unsubscribe links on any marketing message we send you.
We won’t pass your details on to any organizations outside payware for their marketing purposes without your permission. You can find out more in the Do you share my personal data with anyone else? section.
Our legal basis is:
If you are an employee or customer of a company that holds a payware Business account, the company, rather than payware, is responsible for helping you with your request.
If payware is responsible for helping with your request, we may not be able to agree to your request (for example, if we have a legitimate reason for not doing so or the right does not apply to the particular information, we hold about you).
| Your right | What it means |
|---|---|
| You have the right to be told about how we use your personal data. | We provide this privacy notice to explain how we use your personal data. |
You can ask us to correct your personal data if you think it's wrong. | You can have incomplete or inaccurate personal data corrected. Before we update your file, we may need to check the accuracy of the new personal data you have provided. |
You can ask us to delete your personal data. Only a Freelancer or Account Owner may ask us to delete payware Business account data. Just to let you know, we may not be able to agree to your request. As we must keep certain customer personal data even when you ask us to delete it (we've explained this in more detail below). We may not be able to delete your entire file because these regulatory responsibilities take priority. We will always let you know if we can't delete your personal data. | You can ask us to delete your personal data if:
|
| You can object to us processing your personal data for marketing purposes. | You can tell us to stop using your personal data, including profiling, for marketing. |
You can object to us processing other personal data (if we are using it for legitimate interests). However, if there is an overriding reason why we need to use your personal data, we will not accept your request. If you object to us using personal data which we need in order to provide our services, we may need to close your payware Business account as we won’t be able to provide the services. | If our legal basis for using your personal data is 'legitimate interests' and you disagree with us using it, you can object. |
You can ask us to restrict how we use your personal data. | You can ask us to suspend using your personal data if:
|
| You can ask us to transfer personal data to you or another company. | If we can, and are allowed to do so under regulatory requirements, we will provide your personal data in a structured, commonly used, machine-readable format. |
You can withdraw your permission. (Please note, it will have been lawful for us to use the personal data up to the point you withdraw your permission). | If you have given us any consent, we need to use your personal data, you can withdraw your consent at any time by sending an email to dpo@payware.eu. |
| You can ask us to carry out a human review of an automated decision we make about you. | If we make an automated decision about you that significantly affects you, you can ask us to carry out a manual review of this decision. |
Your ability to exercise these rights will depend on several factors. Sometimes, we won’t be able to agree to your request (for example, if we have a legitimate reason for not doing so or the right does not apply to the particular information, we hold about you).
If you are an employee or customer of the company that holds the payware Business account, please contact that company.
If you were authorized to set the payware Business account up or give us instructions about the account (for example, you are a Freelancer or Account Owner), you can send us an email at dpo@payware.eu.
For security reasons, we can’t deal with your request if we are not sure of your identity, so we may ask you for proof of your ID.
If a third-party exercise one of these rights on your behalf, we may need to ask for proof that a third-party has been validly authorized to act on your behalf.
When you exercise one of these rights, it may take us up to one month to implement your changes.
payware will usually not charge you a fee when you exercise your rights. However, we are allowed by law to charge a reasonable fee or refuse to act on your request if it is manifestly unfounded or excessive.
If you are unhappy with how we have handled your request, you can complain to a data protection authority. In the Republic of Bulgaria and the European Economic Area, this is the Commission of Personal Data Protection (website).
We share your personal data within the payware to:
Suppliers
The table below explains which suppliers we normally share your personal data with:
| Type of supplier | Why we share your personal data |
|---|---|
| Suppliers who provide us with IT, payment, and delivery services | To help us provide our services to you |
| Our banking and financial services partners and payments networks | To help us provide our services to you. This includes banking and lending partners, banking intermediaries and international payment service providers |
| Analytics providers and search information providers | To help us improve our website or the payware Business app |
| Customer service providers, survey providers and developers | To help us to provide our services to you |
| Communications services providers | To help us send you post, emails, push notifications and text messages |
Partners who help to provide our services
We may share your personal data with our partners to provide the company that holds the payware Business account with certain requested services.
We may share your personal data with our partners (through the payware Business APIs).
We‘ll only share your personal data in this way if the company that holds the payware Business account has asked for the relevant service or it is provided as part of our subscription plans.
From time to time, we may work with other partners to offer co-branded services or promotional offers, and we will share some of your personal data with those partners. We will always make sure you understand how we and our partners process your personal data for these purposes.
Credit reference agencies
As set out at the Do you run credit checks on me? section, if you apply for a payware Business account, we may share your personal data with credit reference agencies.
Acquiring partners
Where we provide payment services to you, or your company, we may share some of your, or your customers’, personal data with our third-party acquiring partners. This is necessary to provide you with the payment services you have requested.
Other third-parties
We may share your personal data with other third parties where this is necessary to facilitate you receiving services to your payware Business account.
For legal reasons
We also share your personal data with other financial institutions, government authorities, law enforcement authorities, tax authorities, companies, and fraud prevention agencies to check your identity, protect against fraud, keep to tax laws, anti-money laundering laws, or any other laws, and confirm that you are eligible to use our products and services.
If fraud is detected, you could be refused certain services, finance or employment by payware or others. We may also need to share your personal data with other third-party organizations or authorities:
Social media and advertising companies
When we use social media for marketing purposes, information about you, or your company, may be shared with our social media platform partners so they can check if you or your company also hold an account with them. If you do, we may ask the advertising partner, or social media provider, to:
An example of how we may use social media for marketing purposes is through Facebook’s ‘Custom Audience’ tool. Read more about these terms.
Our legal basis is:
You can contact us at any time, either through the payware Business app or by emailing dpo@payware.eu, if you don’t want us to share your personal data for advertising purposes.
Remember you can also manage your marketing preferences directly with any social media provider that you have an account with.
Where you ask us to share your personal data
Where you direct us to share your personal data with a third-party, we may do so. For example, you may authorize third parties to act on your behalf (such as a lawyer or accountant). We may need to ask for proof that a third-party has been validly authorized to act on your behalf.
As we provide an international service, we may need to transfer your personal data outside the European Economic Area (EEA) in order for us to provide our services.
We may send your personal data outside of EEA to:
If we transfer your personal data to another country that does not offer a standard of data protection equivalent to EEA, we will make sure that your personal data is sufficiently protected. For example, we will make sure that a contract with strict data protection safeguards is in place before we transfer your personal data. In some cases, you may be entitled to ask us for a copy of this contract.
If you would like more information, please contact us by sending an email to dpo@payware.eu.
We recognize the importance of protecting and managing your personal data. Any personal data we process will be treated with the utmost care and security. This section sets out some of the security measures we have in place**.**
We use a variety of physical and technical measures to:
Electronic data and databases are stored on secure computer systems with control over access to information using both physical and electronic means. Our staff receives data protection and information security training. We have detailed security and data protection policies which staff are required to follow when they handle your personal data**.**
While we take all reasonable steps to ensure that your personal data will be kept secure from unauthorized access, we cannot guarantee it will be secure during transmission by you to our website or other services. We use HTTPS (HTTP Secure), where the communication protocol is encrypted through Transport Layer Security for secure communication over networks, for all our APIs, web and transaction-processing services.
If you use a password for the payware business web portal or our website, you will need to keep this password confidential. Please do not share it with anyone.
When you use our public services, which includes our social network accounts and the payware Community forum, do not share any personal data that you don't want to be seen, collected, or used by other customers, as this personal data will become publicly available.
We will generally keep your personal data for six years after our business relationship with the company that holds the payware Business account ends or such period as may be required by applicable local laws.
We are required to keep your personal data for this long by anti-money laundering and e-money laws. We may keep your personal data for longer because of a potential or ongoing court claim or another legal reason.
If we change the way we use your personal data, we will update this notice and, if appropriate, let you know by email, through the payware business web portal or through our website.
We use cookies to analyze how you use our website. Please read our Cookies Policy for more information about cookies.
We also use pixels or web beacons in the direct marketing emails that we send to you. These pixels track whether our email was delivered and opened, and whether links within the email were clicked. They also allow us to collect information such as your IP address, browser, email client type and other similar details. We use this information to measure the performance of our email campaigns, and for analytics.