- our website “https://payhawk.com/” (the “Website”);
- the Payhawk mobile app;
- the Payhawk web app;
- when we contact you to promote our products and services.
Should you have any questions related to the present Policy or you would wish to exercise any of your privacy right, please address those queries to: firstname.lastname@example.org
PERSONAL INFORMATION PAYHAWK COLLECTS
When you interact with us, we collect certain personal information from you.
Example: When you apply at Payhawk, we may require you to verify your identity by providing us with an ID document (passport, driving license, ID card, etc.), as part of our KYC process.
At Payhawk we process the following categories of personal data related to you:
- contact data, such as first name, last name, e-mail address, phone number;
- data about your device (for ex. If you are using a computer or a mobile device);
- your Payhawk userID (this ID is assigned to you by our systems when you register for the first time on our website);
- your Payhawk card details: card number, cardholder, issuance date, expiry date, CVC code;
- your identification documents, such as your passport, your ID card, your driving license;
- your selfie image, when you are applying for a Payhawk account as part of our KYC process;
- data collected from your device, such as your IP address, your log-in information, version and type of your browser, version and type of your operational system; your mobile device operational system and version;
- information about your visit, such as your navigation through our platforms, your activity on our platforms (for ex. the pages you visit) and information about the length of your session;
- information about your transactions as a Payhawk Cardholder, such as payments into and out of your account, incl. the date, time, amount, currency, exchange rate, beneficiary details, details of the merchant or ATMs associated with the transaction (including merchants’ and ATMs’ locations), IP address of sender and receiver, sender's and receiver's name and registration information, the device used for the payment and the payment method used;
- when your employer has nominated you as a Payhawk Cardholder or account user, we shall collect from your employer your fist name, last name, phone number, e-mail address, your postcode, your city of residence and your country of residence;
- information about you, collected from publicly available sources, such as public registers, media and websites, as part of our KYC process;
- information about you, collected from recorded phone calls;
- information about you from social media (for ex. when you have applied at Payhawk and we are unable to verify your business nature, we could check your personal Linkedin profile, your personal Facebook profile or other social media profile to confirm that your business exists, as part of our KYC process);
HOW PAYHAWK USES YOUR PERSONAL INFORMATION
- To register and manage your Payhawk Account – whether you are the Company account Admin or account User, we shall process your personal data to be able to deliver the services under our Platform agreement.
Example: When you are appointed as the Company’s Payhawk account Admin, we will process your personal data, so that we are able to set your desired card limits.
- To register and manage your Payhawk physical cards – when your Company has ordered Payhawk physical cards, we shall process the personal data of the cardholders, so that we are able to register and deliver the requested cards.
Example: When your Company has appointed you as a Payhawk User, we will notify you by e-mail and send you an invitation to our Platform.
- To fulfill our Know Your Customer (“KYC”) obligations under the anti-money laundering legislation - we are obliged to comply with our obligations resulting from the AML and CFT regulations. In this respect, we must perform certain identification procedures to verify the identity of the representatives of the Company, the cardholders and the ultimate beneficial owners (“UBOs”) by following the steps of our KYC process. As part of our KYC process, we may also use external service providers to check and collect data via external sources of information, such as official registers, social media, public databases, etc.
Example: When you apply for a Payhawk account with us, we will use your personal information to verify your identity (as part of our KYC process).
- To monitor our transactions under the anti-money laundering legislation - under the AML and CFT regulations we are obligated to monitor your card and/or bank payments into and out of your Payhawk account to make sure they are not involved by any means in money laundering, financing of terrorism or bypassing imposed sanctions.
- To detect and prevent fraud – we will process your personal information to ensure that your card transactions and/or bank payment are not by any means involved in fraud.
*Example: If you have made multiple payment attempts to various merchants, we may require further confirmation to ensure that the payments are not fraudulent. *
- To ensure the effective and secure functioning of our Services – we will process your personal data for the maintenance and administration of our Services. This includes activities related to detection and prevention of malicious activities; detection and repair of technical or functionality related issues; prevention of unauthorized access to the Services; as well as improvement of the functioning and the quality of the Services.
Example: We will process your IP and other login information to verify that this is a legitimate traffic and to prevent malicious or fraudulent activities such as account compromise.
- To manage and respond to complaints, signals, requests, and queries – we will process your personal information, when you have submitted either of the above, so that we are able to resolve the issues that you are facing.
- To establish, exercise or defend our legal claims, rights and interests - we will process your personal data, so that we are able to protect and exercise our legal interests if a legal dispute has arisen. Your data may also be processed for exercise or defense of legal claims.
- To be able to collect any receivables payable to us - we will process your personal information to be able to collect our receivables in execution proceedings, as well as for debt collection (incl. via third parties such as debt collection companies) and debt assignment.
- To improve our services – we will process your personal information to improve our services and deliver the best customer experience.
*Example: We may record our phone calls with you, so that we can analyze where we can improve. *
- To perform our direct marketing activities – we will use your personal data to provide you with information about our products and services that you might be interested in. When you have contacted us at first and you have provided us with means of contacting you or if you have indicated interest, we may process the information provided by you for direct marketing activities, such as sending marketing communications, offers and other similar news and updates. In such a case, you clearly and distinctly will be given the opportunity to object, free of charge and in an easy manner, to such use of electronic contact details at the time of their collection and on the occasion of each message in case you have not initially refused such use. Also, if you do not want to receive communications from us, you can indicate your preference at any time by unsubscribing or by sending an email to: email@example.com.
HOW WE COLLECT YOUR PERSONAL INFORMATION
We will not collect any personal information, unless it has been voluntarily provided by you personally. However, in some specific cases, we may collect information about you from third party sources, such as providers, your Company or public and/or official registers, as part of our KYC process.
You are not allowed to enter third party personal information, including signing up third party (Users, Admins, employees, etc.,) without due authorization by such a third party. It is your sole responsibility to provide and guarantee that the processing activities performed by you and the provision of third party personal information are compliant with the requirements of the applicable privacy legislation.
HOW WE SECURE YOUR PERSONAL INFORMATION
Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential and are properly trained and authorized. We also take appropriate technical and organizational measures to protect your personal information against loss or other forms of unlawful processing.
WHO WE SHARE YOUR PERSONAL DATA WITH?
We may share your personal information with:
- The Company and other Company’s Users and Admins – The personal information stored into the Payhawk Account, such as the data about Admis, Users, Cardholders, requested Services, expenses and other details uploaded or generated within the Company’s Payhawk Account, are available to that Company and to other Company’s Users and Administrators who have access to the Payhawk Account as determined with their access permissions.
- **Issuers **– In the contexts of the acceptance, performance and termination of the Company’s agreement with the Issuers under their Cards Terms and Conditions, the provision of their services, the performance of our duties as Agent/Card Distributor of these Issuers and compliance with the AML and other regulatory requirements we exchange data with the Issuers.
- Where required by law – We may store and disclose any information that we believe is necessary to comply with applicable law or court order. In such cases we may disclose personal data to competent state and court authorities, auditors or other types of recipients provided by law.
- Where necessary for protection of the rights and legal interests of Payhawk or for rendering assistance to third parties for protecting their rights and legal interest – when your personal information is necessary to enforce or apply our Agreement, to protect our rights, property, or safety and/or to establish, exercise or defend a legal claim we may disclose your personal information to attorneys and legal consultants; bailiffs; notaries or persons performing similar public functions; competent authorities.
- Suppliers and subcontractors
* Some of our suppliers and service providers that we may share your personal data with act as Data Controllers and determine on their own or by virtue of the applicable law their own purposes to process personal data. For example, such providers are electronic communications service and network providers that are necessary for the Internet connection and communications between us, banks and other payment processing companies that we use to receive payments, postal services, etc. In such cases, we share personal data only to the extent that is necessary for the performance of the data processing purposes specified in this Policy and only as far as we have a respective legal basis for sharing that personal data.
In other cases, required by law - We might share your personal data in any other cases as required and to the extent permitted under applicable law.
HOW LONG WE STORE YOUR PERSONAL DATA
Payhawk applies the storage limitation principle, namely stores personal information in minimal volume and for a period no longer than the necessary for the purposes for which they are processed, ensuring that they are stored securely and in compliance with the applicable legislation.
YOUR PRIVACY RIGHTS
DISCLOSURE FOR NEVADA STATE RESIDENTS:
Nevada law (NRS 603A.340) requires each business to establish a designated request address where Nevada consumers can request from the business not to sell certain kinds of personal information that the business has collected or will collect about the consumer. A sale under Nevada law is the exchange of personal information for monetary consideration by the business to a third party for the third party to license or sell the personal information to other third parties. If you are a Nevada consumer and wish to submit a request relating to our compliance with Nevada law, please contact us as at firstname.lastname@example.org.
DISCLOSURE FOR CALIFORNIA RESIDENTS:
Notice of Collection
The CCPA (California Consumer Privacy Act of 2018) provides additional privacy rights and requires businesses collecting or disclosing personal information to provide notices and means to exercise consumer privacy rights. In the past 12 months, we have collected the following categories of personal information enumerated in the CCPA:
- Identifiers, including name, postal address, email address, and online identifiers (such as IP address);
- Customer records, including phone number, billing address, bank account and credit or debit card information;
- Characteristics of protected classifications under California or federal law, including gender;
- Commercial or transactions information, including records of products or services purchased, obtained, or considered;
- Internet activity, including browsing history, search history, and interactions with a website, email, application, or advertisement;
- Geolocation data;
- Employment and education information;
- Inferences drawn from the above information about your predicted characteristics and preferences.
For all the details related to the information we collect, please refer to the “PERSONAL INFORMATION PAYHAWK COLLECTS” section of this Policy. We do not sell information collected through the Service or Product.
Right to Know and Delete
You have the right to know certain details about our data practices in the past 12 months. In particular, you may request the following from us:
- The categories of personal information we have collected about you;
- The categories of sources from which the personal information was collected;
- The categories of personal information about you we disclosed for a business purpose or sold;
- The categories of third parties to whom the personal information was disclosed for a business purpose or sold;
- The business or commercial purpose for collecting or selling the personal information; and
- The specific pieces of personal information we have collected about you.
In addition, you have the right to delete the personal information we have collected from you.
To exercise any of these rights, please submit a request by sending us an email to email@example.com with "CCPA Request" in the subject line and specify which right you are seeking to exercise and the scope of the request. We will confirm receipt of your request within 10 days. If personal information about you has been processed by us as a service provider on behalf of a business customer, we will follow the procedure set out above. We may require specific information from you to help us verify your identity and process your request. If we are unable to verify your identity, we may deny your requests to know or delete.
CHANGES TO THIS POLICY