This Notice was last revised on 30/12/2019.
Please read this notice carefully to understand our policies and practices regarding your personal information and how we will treat it. For a short-form summary, please click here. California residents can find more specific information on the California Consumer Privacy Act (CCPA) and their rights in the “CCPA” section below. Contact Us details are provided at the end of the notice for feedback or any privacy enquiries you may have.
This notice applies to the companies that are part of the Paysafe Group, which use different trading names in different territories and the list of Paysafe companies that collect or process personal information according to this notice can be found at the end of this document. The reference to Paysafe (including “we”, “us” or “our”) includes those companies and all relevant group affiliates.
References to “you” in this notice are to the individual who is accessing or applying to use the Services (as defined below) either on your own account or on behalf of a business. This includes, in relation to a customer or prospective customer of Paysafe, any sole trader and any principals, including the managing and financial directors, any other directors and officers, shareholders, partners and beneficial owners of a customer, as well as any member of staff accessing or using the Services on behalf of a customer.
Together these are all referred to in this notice as “Services”.
INFORMATION WE MAY COLLECT FROM YOU
Personal and non-personal information
We collect and process personal and non-personal information relating to you.
Personal information is information that can be used to uniquely identify a single person, either directly or indirectly.
Paysafe also collects non-personal information, or may anonymise personal information in order to make it non-personal. Non-personal information is information that does not enable a specific individual to be identified, either directly or indirectly. Paysafe may collect, create, store, use, and disclose such non-personal information for any reasonable business purpose. For example, Paysafe may use aggregated transactional information for commercial purposes, such as trend analysis and the use of data analytics to obtain learnings and insight around payment transaction patterns and usage.
To the extent that Internet Protocol (IP) addresses (or similar identifiers) are clearly defined to be personal information under any local law, and where such local law is applicable to Services, we will manage such identifiers as personal information.
Please note that Paysafe provides services to both individual consumers and businesses and this privacy notice applies to both and should be read and interpreted accordingly.
COLLECTING YOUR INFORMATION
We collect the following information through the following means:
Information you give us: we receive and store any personal information (including financial information) you provide to us including when you (or your business) enquire for or make an application for the Services; register to use and/or use any Services; upload and/or store information with us using the Services; and when you communicate with us through email, SMS, a website or portal, or the telephone or other electronic means, e.g. in the context of contacting us about your account or transactions. Such information may reference or relate to you or your customers and includes:
Information we collect about you automatically: Paysafe receives and stores certain information automatically whenever you interact with Paysafe, whether or not you open an account or undertake a transaction with us; for example by way of “cookies” or similar technology. We also obtain certain information when your web browser accesses Services or advertisements and other content provided by or on behalf of Paysafe on other web sites, or when clicking on emails. Collecting this information enables us to better understand the visitors and customers who use and interact with Paysafe, where they come from, and how they use our services. We use this information for our analytics purposes and to improve the quality and relevance of our services for our visitors and customers. This information includes:
Information collected through our applications: if you download or use mobile or desktop applications provided by Paysafe, we may receive information about your location and your device or the service you are using (including where a payment transaction takes place). Some devices allow applications to access real-time location-based information (for example GPS). Our mobile and desktop apps may collect such information from your mobile device or your computer at any time while you download or use our apps, if your device has real-time location data access enabled. Where required, we will always seek to notify you if it is our intent to collect real-time location information and, also where required by law, obtain your consent. We may use such information for regulatory purposes, our own due diligence checks, fraud and risk management, to better understand transaction patterns and to optimise your experience.
Email and Other Communications: we may receive information about you and your use of Services when we communicate with each other, including when you open messages from us and from the use of electronic identifiers (sometimes known as “device fingerprints”), for example, Internet Protocol addresses or telephone numbers.
Information from Other Sources: we may receive information about you from other sources and add it to our account information, including when you apply to use the Services. For example, we work closely with, and receive information from, third parties like business partners, banks and other financial institutions, merchants, subcontractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, government lists and databases, social media sites (including posting made by or about you or us), credit reference and fraud prevention agencies. Credit reference and fraud prevention agency use is further explained below. We may also review public comments and opinions made on social networking sites (e.g. Facebook and Twitter) to better understand our customers and our provision and development of Services.
Information about other people: if you give us information about other people, you must have informed them in advance (for example, by giving them this privacy notice) and you must ensure you have the right to do so.
WHAT WE USE YOUR PERSONAL INFORMATION FOR
We may use and share the personal information we collect for the following purposes:
DISCLOSURE OF YOUR INFORMATION
We do not disclose information which could identify you personally, to anyone except as described in this notice, as permitted or required by law, and/or for the purposes described in this notice, including:
Except as necessary for the performance of its services and as described above/attached, Paysafe does not sell, rent, share or otherwise disclose personal information about its customers to third parties for their own third-party marketing use without meeting any necessary legal obligations (e.g. consent, opt-out, or as otherwise permitted by law). The California Consumer Privacy Act uses a very wide definition of data “sale” and California residents should read the “CCPA” section below in respect of data sale.
We may monitor or record telephone calls, emails, web chat or other communications with you for regulatory, security, quality assurance or training purposes. When visiting our offices, CCTV, access control systems and/or other monitoring systems may be in operation for security reasons and for health and safety and office management purposes.
WHERE WE STORE YOUR PERSONAL INFORMATION
We, our service providers, and other parties with whom we may share your personal information (as described above) may process your personal information in territories that are outside the European Economic Area (“EEA”) or otherwise outside of the territory in which you reside. It may also be processed by staff (ours or that of our suppliers) operating outside the EEA or the territory in which the personal information was collected. Such staff may be engaged in, among other things, the fulfilment of orders, the processing of payment details and support services in provision of the Services. These countries may have data protection standards that are different to (and, in some cases, lower than) those of the territory in which you reside.
In these circumstances, we will take appropriate steps to protect your personal information in accordance with this privacy notice and applicable data protection laws; including through the use of any appropriate safeguards required by law to ensure that any international data transfers are lawful. Paysafe generally uses “Model Clauses” as approved by the European Commission when contracting with third-party data recipients outside the EEA who are receiving data from within the EEA for the purpose of processing personal information transferred outside the EEA.
HOW WE KEEP YOUR PERSONAL INFORMATION SECURE
We have implemented technical, physical, and organisational/administrative measures designed to secure your personal information from accidental loss and from unauthorised access, use, alteration and disclosure. These measures include:
• Written information security program;
• Appointed a Chief Information Security Officer (‘CISO’) to oversee, implement and enforce the information security programme;
• Appointed a Chief Privacy Officer (‘CPO’) to oversee, implement and enforce the privacy programme;
• Continuous vulnerability assessment and monitoring;
• Having information security risk management policies and procedures in place;
• Having an established incident response plan;
• Access controls on information systems, designed to authenticate users and permit access only to authorised individuals;
• Restricting access to physical locations containing personal information only to authorised individuals;
• Securing all personal information, both in transit and at rest;
• Multifactor authentication for all staff accessing personal information;
• Maintaining audit trails relating to internal and external access to and modifications of personal information;
• Adopted secure development practices for in-house developed applications;
• Performing information security due diligence on third-party service providers;
• Performing security awareness training on a regular basis.
The safety and security of your information is also dependent upon you. If we have given you (or if you have chosen) a password or access code for access to certain parts of our website/portal or mobile applications and similar, you are responsible for keeping this password and/or access code confidential. You must not share your password and/or access code with anyone. You must ensure that there is no unauthorised use of your password and access code. Paysafe will act upon instructions and information received from any person that enters your user id and password and you understand that you are fully responsible for all use and any actions that may take place during the use of your account, unless otherwise mandated by law. You must promptly notify Paysafe of any information you have provided to us which has changed.
The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your information transmitted to our site, unless you are communicating with us through a secure channel that we have provided. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
HOW LONG WE RETAIN YOUR PERSONAL INFORMATION
The periods for which we retain your personal information are determined based on the nature and type of information, the Paysafe Service and the country in which they are provided as well as any applicable local legal or regulatory provisions. In general, once no longer needed for a legitimate business purpose or reason, your information will be deleted, or we may anonymise or aggregate it with other information to make it non-personal.
If you use the Services, we will retain your personal information as long as necessary to provide you with the services of your choice and any linked legitimate business purpose. That would generally mean we retain your personal information as long as you are our customer (or commence such an application) and for a period of time afterwards. This will also include the use and retention of your personal information when you commence completion of an application for Services, irrespective of whether you complete such application process or are accepted as a customer.
The retention period may also depend on the legal and regulatory requirements of the country where you are located. We will retain personal information as evidence of our dealings with you (including whether there were any or no financial transactions), to manage any queries or disputes, including to defend or initiate any legal claims. For example, we will retain your information for the time allowed by the local laws to start a legal claim (so called “statute of limitation”), or for as long as we are ordered pursuant to on an order from the courts, or by law enforcement agencies or our regulators; or as otherwise required or permitted by law (for example, the retention of KYC /Know Your Customer/ records under anti money laundering regulations or similar).
We can also continue marketing and sending you direct marketing, subject to local laws and where you have not objected to such marketing.
YOUR DATA PROTECTION RIGHTS
You have many rights that you may be able to exercise in relation to your personal information. These rights may apply under a number of different regulations, for example, the General Data Protection Regulation (GDPR) which is generally applicable to EEA residents, and the California Consumer Protection Act (CCPA) which is generally applicable to California residents. If you wish you can access, correct, or update your personal information. In certain circumstances, you can also ask us to delete your personal information, object to its processing or temporarily restrict its processing while exercising your other rights. In addition, you can request to transfer certain of your personal information to another service provider (so called, data portability). You may also have the right to “opt out” of certain uses of your personal information, including asking us to limit the sharing of your personal information with affiliated and non-affiliated third parties. Privacy laws continue to develop and if you think or are unsure as to whether any right may apply to you, please also contact us, so we can assess and advise.
To the extent that GDPR applies, when you give us consent to use your personal information, you can withdraw it any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent. For example, you can stop any marketing communication we send you by clicking on the “unsubscribe” or “opt-out” link in the communications you receive, or according to the instructions that we provide every time, but we will continue to send you operational or service messages in relation to your Services.
Please consider that, depending on the country from where you use Services, not all the above rights may be available to you. Also, there might be cases where these rights cannot be enforced: for example, you cannot object to us using your information when it is required by law, or to manage a complaint; similarly you cannot ask us to delete your information if you want to continue using our Services or where such information is necessary to record our contractual dealings, required by law (for example, the retention of anti-fraud or “know your customer” identify and verification requirements), or for the purpose of defending or asserting legal rights and legal actions.
You always have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. Also, you can commence a court action to claim compensation for damage or distress caused by our failure to comply with data protection legislation.
If you want to know more about your rights, or you want to exercise them, you can reach us at the details provided in the Contact Us section.
AUTOMATED DECISION MAKING
In some instances, our use of your personal information may result in automated decisions being taken (including profiling) that legally affect you or similarly significantly affect you.
Automated decisions mean that a decision concerning you is made automatically on the basis of a computer determination (using software algorithms), without our human review. For example, we use automated decisions to complete credit assessments on you when you apply to certain Services or to carry out anti-fraud checks, as explained in the section “What We Use Your Personal Information For”. We have implemented measures to safeguard the rights and interests of individuals whose personal information is subject to automated decision-making. In addition, if you are using the Services in the EEA, when we make an automated decision about you, you have the right to contest the decision, to express your point of view, and to require a human review of the decision. You can exercise this right by contacting us at the details below. Privacy laws continue to develop and if you think or are unsure as to whether such right may apply to you, please also contact us, so we can assess and advise.
LEGAL BASIS FOR PROCESSING
Paysafe will only process your personal information in compliance with the law. Such laws vary across different territories and further specific information is available on request. In general, Paysafe will either process:
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information for any specific processing activity, please contact us via the Contact Us section below.
DO NOT TRACK
Some web browsers may send out “do not track” signals. However, there is no industry standard currently in place as to what websites and other online services should do on receipt of such signals. Should such a standard be developed, we will re-visit our policy, but currently we take no action on receipt of such signals.
CHANGES TO OUR PRIVACY NOTICE
We may, from time to time, change our privacy notice. If we make material changes to how we treat your information, we will notify you through a notice on this website/portal. The date the privacy notice was last modified is stated on this notice. Please ensure you periodically visit our website/portal and this privacy notice to check for any changes. However, if we are required by law to give you advance notice of any changes to this privacy notice and/or seek your consent to changes in our uses of your personal information, then we will do so.
LINKS TO THIRD PARTY SITES
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow such a link, please note that these websites have their own privacy and cookies policies and Paysafe does not accept any responsibility or liability for these third-party websites.
This notice is global in scope, but is not intended to override any legal rights or prohibitions in any territory where such rights or prohibitions prevail. In such event, the rights and obligations set out in this notice will apply, subject only to amendment under any applicable local law having precedence.
The companies of the Paysafe Group that are based outside the EEA have elected as their EU representative the following entity: Paysafe Bulgaria EOOD, 90, Tsarigradsko shose blvd, Sofia, 1784, Bulgaria. You can reach the EU representative using the contact details provided under the Contact Us section below.
To the extent required under The European Union (Withdrawal) Act 2018 or other legislation in respect of “Brexit” the companies of the Paysafe Group that are based outside the United Kingdom have elected as their UK representative the following entity: Skrill Holdings Limited, 25 Canada Square, London, England, E14 5LQ, United Kingdom. You can reach the UK representative using the contact details provided under the Contact Us section below.
All comments, queries and requests relating to our use of your information are welcomed. If you wish to exercise any of your rights or receive further information as to the applicable Paysafe group companies to which this notice applies, you should write to the address below, marked FAO Privacy Department or contact us.
Paysafe’s Group Data Protection Officer is as stated below and can be contacted via the Contact us link above or at the address below:
Mr Derek A Wynne
Paysafe, Floor 27, 25 Canada Square, London, E14 5LQ
California Consumer Privacy Act (CCPA)
If you are a California resident and use our consumer Services, you may have certain rights under the California Consumer Privacy Act (CCPA) which are described below.
WHAT INFORMATION WE COLLECT
In the past 12 months, we collected the following personal information:
We collect this personal information to underwrite and set up your account and for the purpose of providing our Services to you.
SHARING YOUR PERSONAL INFORMATION WITH THIRD PARTIES
In the past 12 months, we shared with third parties any of the information described above for our business purposes, e.g. with our affiliates or in relation to using a service provider to assist us in providing Services to you. The categories of such service providers are described in the Disclosure of Your Information section.
You can switch ‘on’ or ‘off’ your cookie usage in the online consent dashboard available via the ‘Cookie Settings’ link on all our websites and portals.
YOUR CCPA PRIVACY RIGHTS
You have rights that you can exercise in relation to your personal information. In particular:
You may authorize a person to act on your behalf in relation to exercising these rights but we may need to take certain steps to verify the request made is legitimate, i.e. that it is indeed coming from you and that it is made on your behalf. For example, we may require your signed permission demonstrating that you have authorized the agent to submit the request on your behalf.
Please note that where we use and disclose personal information for purposes related to security, fraud detection and other similar purposes, some of your rights may be limited. As such, please consider that there might be cases where your request cannot be fulfilled. For example, as permitted by the CCPA, it is possible that we may not comply with a request to delete your personal information if we need that information for the purpose of detecting security incidents, or protecting against malicious, deceptive, fraudulent or illegal activities, where such information is necessary to record our contractual dealings or your transactions or where required or otherwise permitted by law.
If you want to know more about your rights, or you want to exercise them, you can reach us at the details provided in the Contact Us section.
California residents may also call us at +1 855 719 2087 (toll free number, available 9AM-7PM EST) or via the Contact us details provided above.
List of entities processing personal information
The Paysafe Group comprises Paysafe Group Holdings Limited, together with its subsidiaries. Below is a list of Paysafe Group entities that process personal information within the scope of Paysafe Group’s Global Privacy Notice: