Blog

7 October, 2022

Spain

Copy Link

PayRetailers SL., (PayRetailers), with their address at Avenida Diagonal number 682 floor 1, 08034 city of Barcelona, Spain, is responsible for the use and protection of your personal data, and in accordance with the General Data Protection Regulation (EU) 2016/679 and the Organic Law 3/2018, we inform you:

When you are acting on behalf of a business entity, we will refer to you as a representative.

When you do business with a business entity but do not do business directly with PayRetailers, we refer to you as the end user.

When you act as a service provider for PayRetailers, we will refer to you as a provider.

Consent

At the time of accepting this Privacy Policy, you expressly consent to use your personal data for the exclusive purposes defined in this document.

In the use of your supplied data, storage is included, this being understood as conservation in a registry or in a data bank, by its own means or provided by third parties; and treatment, this being understood as any automated or non-automated operation that allows the collection, storage, recording, organisation, elaboration, selection, extraction, confrontation, interconnection, dissociation, communication, assignment, transfer, transmission or cancellation of personal data.

Statement

It is stated that in order to comply with this privacy statement, you must be of legal age and certify that the information you provide is accurate and truthful at the time you accept it. In case of requesting a modification, we ask you to inform us as soon as possible in accordance with the procedure set forth below.

Nowhere on the Platform do we knowingly collect personal data or information from anyone under the age of 18.

What personal data will we use, how do we obtain it and for what purposes?

  1. Representative

PayRetailers, in its capacity as data controller, will collect the following information through the PayRetailers website, by email and by any other means that we make available to you:

    • Personal identification and contact data: Full name, nationality, email, current personal identification, tax identification number and/or equivalent, telephone, employment data, among others of the same category.
    • Sensitive personal data will not be collected.

The personal data we collect from you will be used for the following primary purposes, which are necessary for the service you request:

      • Account creation on the PayRetailers website
      • Onboarding process, including the review and approval of the Compliance team based on the internal policies of PayRetailers
      • Generate the necessary documentation for the commercial relationship
      • Provide you with the contracted services
      • Take steps to keep your personal data and legal documentation of your company up to date
      • Make clarifications to prevent money laundering, detect fraud or illicit activity against your person or PayRetailers
      • Conduct legal reviews and due diligence
      • Communicate with you in order to fulfil our obligations under the Terms of Service
      • Perform all kinds of analysis to improve the services offered by PayRetailers
      • Marketing, advertising, or commercial prospecting purposes regarding the services we offer, our own or those of third parties
      • Carry out service surveys, with the aim of evaluating and improving the quality of the products and services we offer
      • Comply with the legal obligations in charge of PayRetailers

2. End user

PayRetailers provides its services to commercial entities, which directly or indirectly provide us with the personal data of end users in relation to the entities’ own commercial activities. When we act as a data processor, we process personal data in accordance with the terms and conditions of our agreement with said entity.

Business entities are responsible for ensuring the privacy rights of their end users, including ensuring proper disclosure of data collection and processing that occurs in connection with the services. If you are an end user, please consult the privacy policy of the business entity for information on the processing of your data.

The personal data that the business entity provides to us directly or indirectly from you, through our programming interface, email or by the means that the business entity designates, includes the following:

      • Personal identification data: Full name, email, telephone, address, official identification, among others of the same category.
      • Transaction data: date, amount, payment method, the country where it was made, status, among others of the same category.
      • Sensitive personal data is not sent.

The personal data that is sent to us in our capacity as data processor will be used for the following purposes:

      • Verify and confirm your identity
      • Transaction processing
      • Make clarifications to prevent money laundering, detect fraud or illicit activity against your person or PayRetailers
      • Address complaints, claims and suggestions sent to PayRetailers
      • Comply with the legal obligations in charge of PayRetailers

We will not send commercial communications without your consent.

3. Provider

PayRetailers will collect by email and by any other means that we make available to you, the following information:

      • Personal identification and contact data: Full name, nationality, email, official identification, telephone, employment data, among others of the same category.
      • Sensitive personal data will not be collected

We will use the personal data that we collect from you for the following primary purposes, which are necessary to formalise the contractual relationship:

      • Verify and confirm your identity
      • Onboarding process, including the review and approval of the Compliance team based on the internal policies of PayRetailers
      • Generate the necessary documentation for the commercial relationship
      • Manage the corresponding payments
      • Perform legal reviews and due diligence
      • Comply with the legal obligations in charge of PayRetailers

Legal basis of the treatment

For the treatment of personal data, PayRetailers starts from the following legal bases:

      • Contractual and pre-contractual business relationships. We process personal data in order to formalise business relationships with potential business entities and to fulfil the respective contractual obligations we have with such entities.
      • Legitimate Business Interests. In accordance with the applicable legislation, we process the data for the purpose of complying with the legal obligations of PayRetailers, such as the prevention and clarification of fraud, as well as the provision of our services to said entities.
      • Consent. Based on the consent you provide us to process your personal data as a representative of a business entity.

How long do we store your personal data?

We will keep your data only for the period strictly necessary for the respective purposes of the treatment or during the legal period, as the case may be.

To whom do we transfer your data?

PayRetailers shares your data with other entities of the PayRetailers corporate group that operate under the same standards, processes and/or internal policies under which PayRetailers operates, for the comprehensive fulfilment of the services we offer.

Likewise, PayRetailers shares data, through referrals, to persons who are in charge or sub-processors of the treatment, such as service providers or business partners with whom PayRetailers has a legal relationship. PayRetailers verifies that such service providers or business partners comply with the same data protection standards as PayRetailers.

We inform you that PayRetailers does not transfer data to third parties, except in exceptional cases and that do not require your consent, provided for in the applicable legislation, such is the case of those necessary or legally required to safeguard a public interest, or for the prosecution or administration of justice.

International data transfer

Your personal data may be stored outside the European Union by our suppliers or service providers or by companies of the PayRetailers Group for the purposes described in this privacy policy.

Your personal data eventually transferred to other countries will be treated with the same level of protection, in compliance with the guarantees required by applicable law and under PayRetailers security policies.

How can you exercise your privacy rights?

You have the right to request confirmation of the existence of processing of personal data (information); have access to your data, requesting the availability of a copy of the personal data you have provided us (access); correction of incomplete, inaccurate or out-of-date data (rectification); the revocation, at any time, of your previously granted consent for data processing as well as information on the possibility that you do not give your consent for certain data processing and the consequences of not consenting (revocation); anonymisation, blocking or deletion of data that is unnecessary, excessive or processed in violation of the GDPR (suppression); oppose the use of your personal data for specific purposes (opposition); limit the processing of your data (limitation); the portability of your personal data to another provider of services or products (portability), as well as information about the public and private entities with which we share data.

To exercise any of the rights mentioned above, you must send a request to the email address [email protected] , which must comply with the following requirements and documents:

      • Full name of the data subject
      • Copy of the document proving your identity on both sides;
      • In the event that the data subject appears through a legal representative, the latter must also show, by the same means, the documents that prove the legal representation (simple power of attorney signed by the data subject, the proxy and two witnesses, accompanied by a copy of the identifications of the agent and the two witnesses);
      • Clear and precise description of the personal data with respect to which one seeks to exercise any of the rights.

Requests will be dealt with within the terms provided in Regulation (EU) 2016/679 and Organic Law 3/2018, through our data protection delegate, which can be contacted for questions or clarifications through the email address privacy @payretailers.com

Security of personal data

PayRetailers maintains technical and organisational security measures in place to prevent the loss, theft, modification and/or unauthorised access to your personal data, such as access controls, minimisation of the number of people who access the data, implementation of cybersecurity tools such as firewalls, antivirus, among others.

We are PCI DSS certified (Payment cards Industry Data Security Standard) to ensure that credit card data is processed, stored, or transmitted in a secure environment.

Likewise, our website has a Secure Sockets Layer (SSL) security certificate, which encrypts the information you enter to maintain its confidentiality.

¿How can you find out about changes to this privacy policy?

This privacy policy may undergo modifications, changes or updates derived from new legal requirements of:

-our own needs for the products or services we offer

-of our privacy practices

-changes in our business model or other causes.

The procedure through which notifications about changes or updates will be carried out will be through an informative note on our website, by email or any other technological means available at the time.

Last update: October 2022