1. Introduction – Who we are
2. What Personal Data we process?
3. What are the purposes of processing?
4. What is our legal basis for processing?
5. With whom do we share your Personal Data?
6. International transfers of Personal Data.
7. How long do we retain your Personal Data?
8. How do we secure Personal Data?
9. What are your rights with respect to your Personal Data?
10. Personal Data associated with minors.
11. Updates to this Privacy Policy.
12. Contact information
13. Country-specific notices
This Privacy Policy is issued on behalf of the Payhawk Group, as defined below, therefore where we use the terms “Payhawk” “we”, “us”, we are referring to the relevant Payhawk Group company responsible for processing your Personal Data, depending on your location and the Services you receive from Payhawk. In this Privacy Policy, we describe what we do with your data when you: (a) use our website (https://payhawk.com, “Website”); (b) obtain services or products from us in accordance with our General Terms & Conditions (“Framework Agreement”); or (c) communicate or otherwise interact with us. When using our services under the Framework Agreement, this Privacy Policy should be read in conjunction with those terms , which provide additional information on the Payhawk Services. Capitalized terms which are not defined herein, shall have the meaning ascribed to them in the Framework Agreement.
The Payhawk Group is comprised of the following entities:
Payhawk Limited, duly registered under company registration number 11747263, registered office address at Chancery House, 53-64 Chancery Lane, London WC2A 1QS.
Payhawk Inc., a C Corporation, established in Delaware, USA, having its principal office located at Herald Square: 106 West 32nd St, Floor 2, New York, NY 10001.
Payhawk Financial Services Limited, registered under company registration number 14060082, having its registered address at Chancery House, 53-64 Chancery Lane, London WC2A 1QS. Payhawk Financial Services Limited is authorised and supervised by the Financial Conduct Authority as an electronic money institution under firm reference number 987096 (“PFSL”).
Payhawk Financial Services UAB, registered under company registration number 306068630, having its registered office address at Gedimino pr. 20, LT-01103 Vilnius, holding an electronic money institution licence No. 95, supervised by the Bank of Lithuania (“PFS UAB”).
Payhawk EOOD, under Unique Identification Code 205220011, having its registered office at 47A Tsarigradsko shose Blvd., fl. 2, Polygraphia Office Center, Sofia, Bulgaria.
Payhawk DAC with register number 715719, and registered address at 2nd floor, Palmerston House, Denzille Lane, Dublin, D02 WD37, Ireland.
Unless otherwise specifically referenced, the terms “Payhawk”, “we” or “us” will refer to the applicable Payhawk Group entity responsible for processing your Personal Data, depending on your location and the Services you receive from Payhawk, according to the specification below:
United Kingdom – When processing Personal Data of data subjects who are in the United Kingdom or in connection with Payhawk Limited, Payhawk Financial Services Limited, Payhawk DAC or Payhawk EOOD’s services, Payhawk Limited, Payhawk Financial Services Limited, Payhawk DAC or Payhawk EOOD, as applicable, will act as a data controller (as this terms is defined in the applicable law), when it determines the purpose and means of processing of Personal Data.
EU/EEA – When processing Personal Data of data subjects who are in the European Union or in connection with PFS UAB or Payhawk EOOD’s services, PFS UAB or Payhawk EOOD, as applicable will act as a data controller, when it determines the purpose and means of processing of Personal Data.
California, USA – When processing Personal Data of data subjects or consumers who are in California or in connection with Payhawk Inc.'s services, Payhawk Inc. will act as a "Business", as this term is defined in the California Consumer Privacy Act of 2018 and the regulations adopted thereunder, Cal. Civ. Code §§ 1798.100 et. seq. and 11 C.C.R §§7000 et. seq. ("CCPA").
This Privacy Policy will help you understand what types of information we collect, how we use it, and what choices you have. We encourage you to read this Privacy Policy carefully and use it to make informed decisions. By using the Payhawk Services (as defined in the Framework Agreement) and the Website you agree to the terms of this Privacy Policy and your continued use of these Services constitutes your ongoing agreement to the Privacy Policy.
For the purposes of this Privacy Policy, “Personal Data” is information that identifies an individual or may, with reasonable effort, identify an individual. Please note that we may also collect information that cannot be associated with a specific individual. However, if such information is combined with Personal Data, we will treat the combined information as Personal Data.
The scope of the collection and processing of Personal Data by Payhawk is dependent on the nature of your relationship with Payhawk , as further detailed below.
Website visitors – when you interact with our Website, we will collect the following types of Personal Data:
Device data - We collect specific types of connection details and information with regard to your device, software or hardware that may identify you. Such information includes your IP address.
Contact or Registration information – Our Website provides various options to communicate with Payhawk. This could include, for example, registration to a webinar, booking a demo, reaching out to Payhawk support and so on.
If you decide to communicate with Payhawk in any of the options suggested on the Website, we will collect the following:
Job applicants – if you choose to apply for a job at Payhawk, in addition to the Personal Data collected from a Website visitor, as described above, we will also collect additional Personal Data which you may choose to include in your CV or cover letter, such as previous work experience, certifications, references and so on. This is further detailed in the Privacy Notice for job applicants, which we provide when you apply for a role at Payhawk.
Please note that you may also communicate with us through our social media pages or profiles. We will process Personal Data that you share with us on social media pages in accordance with the provisions of this Privacy Policy. We recommend that you will also review the privacy policy of any applicable social media platform in order to understand the privacy practices of the platform.
Users of the Payhawk Services – Personal Data will be collected and processed from Users of the Services in accordance with their specific role vis-à-vis the Payhawk Services. For all Users, we will collect and process the following information:
For all Users:
If a Card was issued to the User:
For Users acting as legal representatives of Payhawk customers, for individuals acting as ultimate beneficial owners of Payhawk customers or potential customers, we process information related to legal obligations of anti money laundering, know your customer and additional regulations. Such information includes:
We may use and share the Personal Data we collect for the following purposes:
We do not rent or sell any Personal Data. We may share Personal Data with the following categories of recipients:
We note that all voluntary sharing of Personal Data as described above is only done in accordance with an applicable contractual engagement, which imposes the required obligations and undertakings related to Personal Data protection.
Since Payhawk operates globally, it may be necessary to transfer data, including Personal Data, to jurisdictions other than your own, including outside of the UK or the European Economic Area. In these instances, we will ensure that the transfer aligns with the applicable data protection requirements, including without limitation, a transfer to such countries as approved by the European Commission as providing an adequate level of data protection, entering into legal agreements ensuring an adequate level of data protection or reliance on other acceptable and recognizable legal mechanisms allowing for such a transfer.
We retain Personal Data for as long as needed to provide our Payhawk Services and to comply with our legal obligations, resolve disputes and enforce our agreements (unless we are instructed otherwise). Retention periods will be determined to take into account the type of information that is collected and the purpose for which it is collected, bearing in mind the requirements applicable to the situation and the need to destroy outdated, unused information at the earliest reasonable time. Under applicable regulations, we may keep records containing Users' Personal Data, compliance related data, communications and anything else as required by applicable laws and regulations.
We may rectify, replenish or remove incomplete or inaccurate information, at any time and at our own discretion.
We take appropriate security measures in order to maintain the required security of the Personal Data and ensure its confidentiality, integrity and availability, and to protect it against unauthorised or unlawful processing, and to mitigate the risk of loss, accidental alteration, unauthorised disclosure or access. Technical and organizational security measures may include encryption and pseudonymization of data, logging, access restrictions, keeping backup copies, giving instructions to our employees, entering confidentiality agreements, and monitoring. We protect Personal Data that is sent through our Website in transit by appropriate encryption. However, we can only secure areas in our control. We also require our processors to take appropriate security measures. However, security risks can never be excluded completely and residual risks are unavoidable. We keep a non-exhaustive list of our security measures, available at https://payhawk.com/security.
Under certain circumstances, depending on your jurisdiction, you may have rights under data protection laws in relation to the Personal Data we process about you:
If you wish to exercise any of the above-mentioned rights or raise any concern, please contact our DPO at dpo@payhawk.com or use the postal addresses mentioned at the bottom of this Privacy Policy. We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
If you are located in the EEA or the United Kingdom, you also have the right to lodge a complaint with the competent data protection supervisory authority in your country. You can find a list of authorities in the EEA here: https://edpb.europa.eu/about-edpb/board/members_en. You can reach the UK supervisory authority here: https://ico.org.uk/global/contact-us/.
Please note that these rights are not absolute and may be subject to our own legitimate interests and regulatory requirements.
Our Service is not intended for minors below the age of 16 years or otherwise below the legal age for providing consent that is not subject to authorization by the holder of parental responsibility, in accordance with the laws in the jurisdiction your reside (“Age of Consent”), and we will not knowingly collect Personal Data from children. If we become aware that a user is under the Age of Consent, we will remove their information from our files. We reserve the right to request proof of age at any stage so that we can verify that minors or unauthorised individuals are not using the Service.
We may revise this Privacy Policy from time to time, in our sole discretion, and the most current version will always be posted on our Website (as reflected in the "Last Updated" heading). We encourage you to review this Privacy Policy regularly for any changes.
EU
Payhawk Financial Services UAB, Lithuanian company, with company number 306068630 and registered address at Lvivo st 25, Vilnius, Lithuania (“PFS UAB”).
Payhawk EOOD, under Unique Identification Code 205220011, having its registered office at 47A Tsarigradsko shose Blvd., fl. 2, Polygraphia Office Center, Sofia, Bulgaria.
Payhawk DAC with register number 715719, and registered address at 2nd floor, Palmerston House, Denzille Lane, Dublin, D02 WD37, Ireland.
UK
Payhawk Limited, duly registered under company registration number 11747263, registered office address at Chancery House, 53-64 Chancery Lane, London, United Kingdom, WC2A 1QS.
Payhawk Financial Services Limited, a private limited company, duly registered under company registration number 14060082, registered office address at Chancery House, 53-64 Chancery Lane, London, United Kingdom, WC2A 1QS.
USA
Payhawk Inc., a Corporation, established in Delaware, USA, whose principal office is located at Herald Square: 106 West 32nd St, Floor 2, New York, NY 10001.
California Consumer Privacy Act (CCPA) - applies solely to residents of the State of California.
In the 12 preceding months, we have collected and/or disclosed the following categories of Personal Data:
Category of Personal Data Collected | Personal Data Collected | Categories of recipients to whom Personal Data was disclosed |
---|---|---|
Identifiers | Full name, email address, social media identifiers, username, IP address, telephone number, debit or credit card number, passport or other government or state ID card number | Affiliated companies, Service providers |
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). | Name, address, telephone number, passport number, driver’s license or state identification card number, education, employment, social security number, employment history, credit card number, debit card number, or any other financial information. Some personal information included in this category may overlap with other categories. | Affiliated companies, Service providers |
Biometric information | Name, address telephone number, passport number, driver’s license or state identification card number, recording of live video transmission, selfie photo. | Affiliated companies, Service providers |
Internet or Other Electronic Network Activity Information | Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. | Affiliated companies, Service providers |
Sources of Personal Data
In the 12 preceding months, we have collected the above-mentioned categories of Personal Data from the following categories of sources:
Specific rights for California consumers
If you reside in California and are subject to the provisions of the applicable California data protection laws, specifically the CCPA, you may also have the right to opt out of the sale of Personal Data - You may direct us not to “sell” or “share” certain Personal Data or use your Personal Data for targeted advertising as these terms are defined in state privacy laws.
You can designate an authorised agent to make a request under the CCPA on your behalf if:
If you use an authorised agent to submit a request to exercise your right to know or your right to request deletion, please mail a certified copy of your written declaration authorizing the authorised agent to act on your behalf using the contact information below.
If you provide an authorised agent with power of attorney pursuant to Probate Code sections 4000 to 4465, it may not be necessary to perform these steps and we will respond to any request from such authorised agent in accordance with the CCPA.
Non-Discrimination
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
If you wish to exercise any of the above-mentioned rights or raise any concern, please contact our DPO at dpo@payhawk.com. We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Please note that these rights are not absolute and may be subject to our own legitimate interests and regulatory requirements.
United Kingdom
Payhawk Limited is registered with the UK Information Commissioner’s Office under number ZB300790.
Payhawk Financial Services Limited is registered with the UK Information Commissioner’s Office under number ZB371873.