WCL WORLD CONNECT Ltd (“PAYEXPERT”, “we”, “our” or “us”) understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of all of our partners and users of our acquiring and payment processing services and visitors of our website www.payexpertcyprus.com www.pay-expert.eu (the “Website”) and will only collect and use personal data in ways that are described here, and in ways that are consistent with our obligations and your rights under the law.
WCL WORLD CONNECT Ltd is a company registered in Cyprus under the Cyprus company laws, with registration number HE429345 Registered address Ouranias 10 Strovolos 2058 Nicosia Cyprus. Operational address Tempon 30 Egkomi 2408 Nicosia Cyprus. Provided collection of documents and handling onboarding procedures in relation to processing services to the merchants and merchant account opening.
Paynt UAB is a company registered in Lithuania with a company number 303227757. It is located at Gedimino av. 9, Vilnius, LT-01103, Lithuania.. Paynt UAB provides payment processing services to the merchants.
Paynt SIA is a company registered in Latvia with a company number 40103821385. It is located at Ernesta Birznieka-Upisa iela 21, Riga, Latvia LV-1011. Paynt SIA provides technical support of the Website and provides outsourcing services to Paynt UAB and its affiliates.
Paydoo Limited is a company registered in the UK with a company number 10643467. It is located at Hotley Bottom Farm, Hotley Bottom Lane, Prestwood, Buckinghamshire, United Kingdom, HP16 9PL. Paydoo Limited provides outsourcing services to Paynt UAB and its affiliates.
According to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (the “GDPR”), personal data is any information relating to an identified or identifiable natural person (data subject). An identifiable natural person is one who can be identified, directly or indirectly, e.g., by reference to an identifier such as a name, an identification number, location data, an online identifier, etc.
We obtain personal data about you from various sources. You may be: a visitor to our Website; a person (or representative of a person) that has entered into (or in a process of entering into) the merchant processing agreement with us; a person whose transaction we have processed under agreement with one of our merchants; a recipient of our newsletters, invitations or other marketing communications; a person that contacted us (or asked us to contact you) with questions, queries, requests, comments, complaints or other communications.
WCL and Paynt may act both as a data controller or a data processor depending on the circumstances. The GDPR defines the data controller as an entity which alone or jointly with others determines the purposes and means of the processing of personal data. The data processor is an entity which processes personal data on behalf or under the instructions of the controller.
WCL and Paynt is a data controller when it determines the purposes and means of the processing taking place.
Paynt is a data processor when it is directed by the merchant to process payments, and Paynt receives instructions about processing of the transaction of the cardholder.
1.1. When we collect personal data from you
We may collect from you different types of personal data from various sources. We collect information about you when:
When we collect your personal data, it is collected for specific, explicit, and legitimate purposes and will be processed only to fulfill those purposes. WCL and Paynt only collects that personal data which is adequate, relevant, and limited to what is necessary for us to fulfill those purposes. If WCL and Paynt intends to use your personal data for any new purposes not previously identified to you and which are incompatible with the original purposes, you will be notified of those new purposes before that intended use and, where applicable, provided the means by which you may restrict our use of your personal data for those new purposes. The types of personal data we collect, use and store depends on the nature of your relationship with us and/or the merchant.
1.2. When you are a visitor of our website
When you browse our Website, we process your IP address, Google Analytics ID, internet browser and device type, location data and your use of our Website and the app, including which pages you visited, how you got to our Website, the time and length of your visit and your language preferences. We use this data for our legitimate interests of: making sure our Website works properly, including debugging, to be able to deliver you content and for DDOS mitigation on our Website; improving our Website and to perform statistical analyses for optimizing our Website; providing you with personal offers tailored to your needs and tailoring what we show you to your preferences, with your prior consent; contacting you with offers about our products and services, if we have your consent for this and subject to limitations under the laws of your home jurisdiction. We collect this data using cookies and similar techniques, including tags/beacons and java scripts. We only place these tracking/targeting cookies with your prior consent. More information about these techniques can be found in our Cookies Policy. We keep your data for as long as we reasonably need it for the purposes listed above – please view our Cookies Policy. We use plugins on our Website from social media networks and embedded video players which can be found on our Website. If you click on them, these plugins are activated and automatically transmit data to the plugin provider. We do not have any influence over which data these social media networks and embedded video players collect from you and we are also not aware of the extent of their data processing. If you would like more information about their data processing, this can be found in the respective privacy policies on the websites of these social media networks and embedded video players.
1.3. When you participate in our marketing activities
1.4. When you contact us or ask us to contact you
When you contact us or ask us to contact you regarding questions, queries, (support) requests, comments or complaints, fill out an application to become a merchant or a partner, we collect the information that you decide to provide us, including without limitations your name, company, contact details, the reason you are contacting us, verification that you are not a robot and other information we need to be of further assistance to you and/or communicate with you. We use this data: to answer your (or of the legal entity that you represent) question, comment or complaint; to respond to your (or of the legal entity that you represent) queries and (support) requests; to assess your (or of the legal entity that you represent) application to become a merchant or partner; to establish or perform our contract with you (or the legal entity that you represent); for our legitimate interests in following up with you (or the legal entity that you represent); for managing our internal administration, for training purposes; for conducting marketing research so we can improve our products and services and to be able to provide more relevant information about our products and services. We will only keep your data for as long as we reasonably need it for the purposes listed above which will be at least two years.
1.5. When you have an agreement with us
If you a person (or representative of a person) which has entered into (or in a process of entering into) the merchant processing agreement with us, we will need to confirm your identity as part of our Know-Your-Client (KYC) procedure and collect certain documents for due diligence procedures, to establish and perform business relationships with the merchant for managing our internal administration and for complying with our other legal obligations. We will ask you to provide your identification document, bank account information, extract from the commercial register, and we may also collect information from third parties for mentioned purposes. As well as we may also collect financial and additional personal information about you, such as your tax number. We also collect data about your use of our products and services and your access to our platform, including your login details, and the questions, queries, comments and complaints you send us in relation to our business relationship. We may use third party identification and verification services in order to assist us to verify your identity and the documents provided to us. We processes your personal information for the following purposes: to provide the services and support under the agreement between us and the merchant; to improve our products and services; comply with applicable laws and regulations; to conduct analysis for statistical, strategic and scientific purposes; to protect our platform, systems and services from misuse, fraud, financial crimes or other unauthorized or illegal activity including the prevention, investigation and detection of fraud on the basis of legitimate interest; and for reporting and training purposes. We can also use your (company) e-mail address for: keeping you updated about our products and services; making you offers of similar products and services you have already purchased from us; or inviting you to events. We will keep information relating to our business relationship until 8 years after the end of the merchant’s business relationships with us. Data we have collected in relation to our legal obligation to verify our merchants will be kept by us for as long as we are legally obligated to, which is generally 8 years after end of business relationships or rejection of an application to establish the business relationships.
1.6. When we process your transactions
If you engage in payment transactions with a merchant via our services or products, we will receive your payment transaction information. We may receive this information directly from you, from the merchant or from the payment scheme. The information that we collect depends upon the payment method that you choose to use – we may collect your card number (which we encrypt in accordance with PCI DSS standards), the expiry date (month and year) of your credit card, your bank account details, the amount of the transaction and the currency in which the transaction is done, the date, time and location of the transaction and the category of transaction and identification data of our merchant. We may also collect: your name, e-mail address, billing address, phone number. We process your data: to comply with our legal obligations as a financial institution; for our legitimate interest of protecting our legal rights, for example in connection with legal claims; when we have a legal obligation to process your information; to provide the service pursuant to the agreements with our customers and the specific payment schemes; to comply with applicable laws and regulations; to conduct analysis for statistical, strategic and scientific purposes; and to protect our platform, systems and services from misuse, fraud, financial crimes or other unauthorized or illegal activity. We keep the data we collect in order to perform the transaction in accordance with applicable laws up to 8 years after conclusion of the relevant transaction, to meet our fiscal, corporate and other statutory obligations. The retention terms above can be longer if we are required to keep data longer because of applicable law or to administer our business. If we need to keep any information longer for our legitimate interest of protecting our legal rights, we will keep the necessary information for this purpose until the relevant claim is finally settled.
1.7. Other situations
If necessary, we can also process any of your information above for our legitimate interest of protecting our legal rights, for example in connection with legal claims, and when we have a legal obligation to process your information. We may also transfer your data in the event of a company reorganization, merger, or sale. The retention terms above can be longer if we are required to keep data longer on the basis of applicable law or to administer our business. If we need to keep any information longer for our legitimate interest of protecting our legal rights, we will keep the necessary information for this purpose until the relevant claim is finally settled.
2.1. Contractual and pre-contractual business relationships
We use personal data for the purpose of entering into business relationships with prospective Paynt merchants or partners, and to perform the contractual obligations under the concluded agreements.
2.2. Legal obligations
PAYNT as a regulated financial institution collects and store your personal data in order to comply with laws and regulations, for example, under anti-money laundering laws.
If you provided us with a consent, for example, when you have ticked a box to indicate you agree for us to use your personal data in a certain way.
2.4. Legitimate Interests
Where allowed under applicable laws and regulations, we rely on our legitimate business interests to collect, use and process your personal data, or share it with third parties. In such case, we balance our legitimate interests against the interests and rights of the individuals whose personal data we collect, use and process.
3.1. Provision of services and contractual obligations
When you apply to use our services or to become our partner, you will submit to us an application providing your personal data which we will use to check your identity (as part of our KYC or Know-Your-Partner (KYP) process) and decide whether to approve your application, to conclude (and perform under) an agreement.
Our legal basis is one or more of the following:
3.2. Fraud detection and prevention, risk management
We use your personal data to carry out risk analysis, fraud prevention and risk management. For example, we verify your identity in order to protect against fraud and confirm that you are eligible to use our services or provide your services to us.
Our legal basis is one or more of the following:
3.3. Our legal obligations and rights
In the specific cases, to perform our legal obligations we may share your personal data with third parties, for example, we may share your personal data with fraud-prevention agencies. As well as we may need to share your personal data in relation to legal claims or to help detect or prevent crime.
Our legal basis is one or more of the following:
3.4. Marketing communication
We may use your personal data to:
Where required by the applicable laws, we will ask for prior consent to receive the above-mentioned information. You may unsubscribe or opt-out of further communication by changing preferences of marketing communications in merchant Data Account settings or by sending an email to [email protected] [email protected].
Our legal basis is one or more of the following:
4.1. Right to access your personal data
You can ask us to provide confirmation as to whether your personal data are being processed, and, where that is the case, a copy of your data if you would like to know what your personal data we process and the purpose of processing.
4.2. Right to be informed
4.3. Right to rectification
You can ask us to correct inaccurate or incomplete information about yourself. Before we update your data, we may need to check the accuracy of the new personal data you have provided by contacting you.
4.4. Right to erasure
You can ask us to delete your personal data, for example, when we no longer have a lawful ground to use data or you gave us a consent to use your personal data and you have now withdrawn that consent.
4.5. Right to restrict or object the processing
You have the right to ask us to stop the processing, for example, if you believe we use your data unlawfully or your personal data is inaccurate. You may also object to our processing where you believe there are circumstances that would make such processing unlawful. You can always object to us using your personal data for direct marketing.
4.6. Right to data portability
You can ask us to transfer personal data to you or another company. If we can, and are allowed to do so under the applicable laws and regulations, we will provide your personal data in a structured, commonly used and machine-readable format.
4.7. Right to challenge an automated decision
You can challenge an automated decision made by us if this decision produces legal effects or similarly significantly affects you. In this case, you can ask us to carry out a human review instead of an automated decision we made about you.
4.8. Right to withdraw consent
Where you have provided a consent for us to use your personal data, you can withdraw your consent at any time. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
4.9. Right to lodge a complaint
If you believe that your right to personal data protection has been violated, you should lodge a complaint with your national supervisory data protection authority, for example: https://www.dataprotection.gov.cy/dataprotection/dataprotection.nsf/page1i_en/page1i_en?opendocument
To exercise any of your rights set out in the previous section, you can send us an e-mail [email protected] . Usually, we will not charge you a fee when you exercise your rights. However, where your requests manifestly unfounded or excessive, in particular because of their repetitive character, we have legal rights either: (a) to charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; or (b) to refuse to act on the request.
6.1. WCL and Paynt Group
We may share your personal data within our affiliated and subsidiary companies in order to provide you with our services and for our administration purposes.
6.2. Service providers and business partners
We may share your personal data with service providers and our business partners in order to provide you with certain services and to perform contracts we enter into with you or them.
On the contractual basis we authorize such service providers and business partners to use or disclose the personal data only to perform services on behalf of Paynt and to comply with legal requirements. Therefore, such service providers are contractually obliged to protect the personal data they process on our behalf. Mostly our service providers are located in the European Union (“EU”) and European Economic Area (“EEA”). If we transfer your data to service providers outside the EEA, it will be performed in accordance with the regulatory enactments being in force in the EU in the area of data protection.
We may disclose your personal data to the authorities, for example, to courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include authorities outside your country of residence under certain circumstances (if you have requested us to provide necessary information or we are required to do so by law). For example, we may provide your personal data to a government authority under anti-money laundering and counter terrorist financing legislation.
Our retention periods for personal data are based on business needs and local legal requirements. We retain personal data for as long as is necessary for the processing purpose(s) for which the information was collected, and any other permissible, related purpose. For example, we may retain the information you provided to us as long as necessary to provide you with the services you requested through our Website and until the time limit for claims which may arise from those services has expired, or to comply with regulatory requirements regarding the retention of such data. So, if we use your personal data for more than one purpose, we will retain it until the purpose with the latest period expires; but we will stop using it for the purpose(s) with a shorter period once that period expires.
When personal data is no longer needed, we either irreversibly anonymize the data (and we may further retain and use the anonymized information) or securely destroy the data.
Your personal data may be transferred outside the EU and EEA under certain circumstances, for example, when personal data is transferred to, or stored in, or accessed by our employees or service providers in a destinations outside the EU or EEA, or a merchant outside the EU or EEA transfers data to our affiliated or subsidiary company, or vice versa. We ensure that the transfer of personal data outside the EEA is on the basis of either: (a) an adequacy decision of the European Commission, or (b) appropriate or suitable safeguards as required by applicable laws or regulations.
The European Commission has adopted the decision approving the UK as having an adequate level of data protection. For example, we can transfer your personal data to or from the UK without the need to obtain any further authorization.
In cases there is no decision of the European Commission approving the adequate level of data protection in certain country, we may adopt appropriate safeguards which include the use of standard data protection clauses approved by the European Commission. Where the basis of a transfer is appropriate or suitable safeguards, we are responsible for ensuring the merchant can have access to such appropriate or suitable safeguards.
If you conclude an agreement with us on provision of services, and if allowed by applicable laws, we will assume you want us to contact you by e-mail with information about our or cooperation partners’ products and services, offers and promotions. Where required by the applicable laws, we will ask for prior consent to receive marketing information. At any time, you may unsubscribe or opt-out of further communication by adjusting preferences on our platform or by sending an e-mail to [email protected] [email protected]. As well as you can use the unsubscribe link provided in any marketing message we send you.
We will not share your information to any organizations outside our affiliated and subsidiary companies for their marketing purposes without your consent. We do not sell your personal data.