Privacy Notice

Maxpay respects privacy of its customers, business partners, their officers and other representatives, as well as visitors to Maxpay website who may choose to provide personal data to us.

The current Privacy Notice depicts your privacy rights in terms of gathering, use, storing, sharing, and protecting your personal data.

Please read this Privacy Notice carefully before registering, accessing, or using Maxpay products or services.

You should read and understand this Privacy Notice because it constitutes the core of our obligations to you when you use Maxpay website and access Maxpay products or services on behalf of your organisation or when you provide your personal data to us.

You acknowledge that you have carefully read and understood this Privacy Notice by registering, accessing, or using Maxpay products or services.

Terms used in this Privacy Notice shall have the following meaning:

“Maxpay” means Maxpay Limited, a legal entity registered in Malta with registration number C 66555 whose registered office is at Suite 1, Level 2, Fort Business Centre, Triq L-Intornjatur, Zone 1, Central Business District, Birkirkara CBD 1050. “Maxpay” also covers affiliates and subsidiaries of Maxpay Limited. For the purposes of this Privacy Notice “we”, “our” and “us” shall refer to Maxpay.

Our contacts

dpo@maxpay.com

support@maxpay.com

https://maxpay.com/contact/

“Maxpay Platform” means internet-based software, API and other technologies allowing to obtain Maxpay products or services.

“Maxpay Services” means software and a service to process online credit and debit card payments, obtain and send payments through alternative payment methods as gateway service provider and to fight fraud with help of our anti-fraud solution.

“Maxpay Site” refers to Maxpay website www.maxpay.com, including all its content and subdomains (e.g. Blog).

“You”, “your” and “yours” shall refer to any user of Maxpay Site, Maxpay Platform or Maxpay Services. For the purpose of clarity, if you are acting on behalf of your organisation (merchant) that uses Maxpay Services, this Privacy Notice shall apply to you as the officer or other representative of such organisation.

“Client” means an individual who purchases goods or services from your organisation.

“Personal data” is used to depict information that can be linked to a specific person and thus be used to identify that very person. Information that has been made anonymous is not considered to be personal data.

Roles and responsibilities

Maxpay as data controller

You should be aware that when we collect personal data of officers or other representatives of your organisation, we act as data controller, therefore we are subject to controller’s rights and obligations under applicable data protection laws, rules and regulations.

Maxpay also acts as data controller when we process personal data of Maxpay Site visitors in the form of cookies and other similar technologies. We process personal data of Maxpay Site visitors for the website experience improvement, management of our advertising campaign and monitoring conversion results.

Maxpay as data processor

By providing your organisation with Maxpay Services we act as data processor and your organisation acts as data controller in the meaning given by General Data Protection Regulation (GDPR). In this case we process data of your organisation only to provide it and its Clients with Maxpay Services and only on the relevant documented instructions. Your organisation, as data controller, shall comply with all applicable data protection laws, rules and regulations. Privacy notice of your organisation shall duly disclose its data practices, including using third-party service providers for gateway services and / or detection and prevention of fraud.

When your organisation acts as data controller it shall have a valid legal basis including prior consent from its Clients to collect, use and process their personal data by Maxpay, including consent to transfer personal data to the third countries. If your organisation discloses personal data without its Client’s proper consent or other legal basis, it is responsible for that unauthorized disclosure.

As a data controller, to the extent that your organisation processes Client’s personal data, it may be required under privacy laws to honor requests for data access, portability, correction, deletion, and objections to processing. In case data subject directly contact us with a request to exercise his individual rights under GDPR or with another claim on data protection, we will direct such data subject to your organisation as data controller. Nevertheless, we will assist it by providing all necessary information or by other means envisaged by applicable law.

What data we collect and how we use your data

When you visit Maxpay Site or use Maxpay Services on behalf of your organisation, we gather information provided by your computer, mobile phone, or other viewports. This info includes your IP-address, user name, referrer details, device details (“Technical information”). We process this information in order to protect users’ data and accounts inside Maxpay system, as well as to improve services and user experience.

Note that we also gather information about your activities on Maxpay Platform or Maxpay merchant portal and process your user ID, login, email, phone number, locale, timezone for the access to merchant portal functionality (“Access information”).

Cookies. When you visit Maxpay Site or Maxpay Platform, a small cookie file might be placed on your computer or mobile device. For the purpose of clarity, only necessary cookies used to ensure proper operation of Maxpay Site are always active. To install performance and / or marketing cookies on your device we will ask for your explicit consent. We analyze data from cookies and use it to improve quality of our services, track your activities with Maxpay, keep your account safe. Learn more about cookies and other similar technologies that we use from our Cookie Policy, which is integrated in and shall be read in conjunction with this Privacy Notice.

In case you access your Maxpay account or use any of Maxpay Services on behalf of your organisation as its officer or other representative, the following type of data might be gathered:

  • Contact information including your name, phone number, e-mail, address, utility bills information (used to maintain permanent communication with you, to send you legal and information notices, to restore access to your account in Maxpay system, to avoid account duplicates, to conduct fraud prevention in the course of merchant onboarding and its business activity, to arrange signing of the merchant contract and perform obligations thereunder, including processing of payments, to assist with opening of the merchant account in connection with Maxpay Services, to conduct risk management on various stages of using Maxpay Services);
  • Financial information including your full bank account number, e-wallet ID, bank statement information (used for bank and AML compliance purposes in the course of signing merchant contract, performance of the obligations thereunder, for the assistance with the opening of the merchant account in connection with Maxpay Services, for the fraud prevention in the course of merchant’s business activity);
  • Exhaustive personal information including your ID information (used for bank and AML compliance purposes in the course of signing merchant contract, performance of the obligations thereunder, for the assistance with the opening of the merchant account in connection with Maxpay Services, for the fraud prevention in the course of merchant’s business activity).

Pay attention that we do not collect any extra data but only the information that is necessary for the purpose of providing Maxpay Services.

Maxpay Site and Services collect your personal data and activities with the system in order to safeguard you from scam, fraud, and misuse of any private data you might share. If your working station or mobile device has any malware, the system can notice that and take applicable measures.

You should be aware that the main goal of gathering your personal data is to deliver effective, scalable, smooth, and personalized Maxpay experience. Hence, personal data we process might be used to:

  • Ensure maximum Maxpay user experience;
  • Process transactions and issue relevant notifications in the most comprehensive manner;
  • Settle disputes, levy charges, and resolve occurring problems;
  • Prevent Clients of your organisation from becoming a subject to illegal activities and potential fraud;
  • Improve quality of services, solutions, and incentives Maxpay offers on a daily basis;
  • Provide target-oriented services based on your experience with the company;
  • Being able to contact you in case of emergency via one of the means available;
  • Make sure information you provide is accurate, in case discrepancies occur.

Your personal data is not used for any additional purposes not mentioned in this Privacy Notice, Cookie Policy integrated herein or the contract between Maxpay and your organisation.

How we protect your data

We warrant and represent that Maxpay has implemented the technical and organisational security measures and technological development to ensure an appropriate level of security of personal data. Your data is protected by the means of physical, technical, and administrative resources to lower the risks of loss, misusage, unauthorized entry, disclosure, or alteration by a third party. To keep your data safe we apply data encryption protection and authorization control system, just to name a few.

Maxpay is PCI DSS 1 V 3.2 certified. It means that when we act as data processor in relation to personal data of the Clients of your organisation in the course of providing Maxpay Services, we maintain all required technology, methods and business processes to protect cardholder data, and also use such technology and methods as regards the security of your personal data.

We monitor our systems 24x7 and our staff is always ready to respond to your notifications and queries within a short time.

Maxpay warrants and represents that:

  • Your data will not be disclosed to any unauthorized third parties;
  • Your data will not be disclosed to advertisers without your preliminary consent;
  • We do not use data to communicate with the Clients of your organisation;
  • We will not claim ownership of your data;
  • We will not disclose your identifying information to other Maxpay users or other unauthorized third parties;
  • We respect your privacy and your personal data will be protected, as well as personal data of the Clients of your organisation;
  • We keep your data and any information provided by you in confidence in accordance with the terms and conditions set in a separate contract between Maxpay and your organisation;
  • We will use your data only as described in this Privacy Notice, our Cookie Policy or contract between Maxpay and your organisation and will maintain appropriate administrative, technical and organizational measures to protect personal data;
  • We will notify you promptly of any suspected or actual breach of the security of your data or data of the Clients of your organisation;
  • We do not use data of the Clients of your organisation in any manner other than instructed to us in writing;
  • We will assist your organisation in ensuring compliance with the duties under GDPR;
  • We impose on our sub-contractors the same data protection obligations as set out in the contract between Maxpay and your organisation.

We will notify you of any personal data breaches (including any unauthorized or accidental access) without undue delay after becoming aware of a personal data breach.

We will immediately inform you if, in our opinion, your organisation infringes GDPR protection provisions. Your organisation shall ensure the security of data it transfers to Maxpay. Your organisation assumes full liability for failures to meet the GDPR in cases when it is envisaged by this Privacy Notice or GDPR.

To ensure security of your data and data of the Clients of your organisation, you shall also maintain the confidentiality of your password from Maxpay account. You are recommended to sign out of the Maxpay account when you have finished work with it. In any case responsibility for any loss of passwords and misuse of Maxpay account by third parties lays with you and your organisation.

How we share your data

Maxpay warrants that it will not share or disclose your personal data or data of the Clients of your organisation to any third party, except as specified in this Privacy Notice, our Cookie Policy, the contract between Maxpay and your organisation or where there is a legal requirement for data transfer.

You should be aware that if you provide your consent to third party-cookies, this data will be transferred to respective service providers, as detailed in our Cookie Policy integrated herein.

Maxpay shall also have the right to disclose the data to Maxpay contractors who may use such information only for the limited purposes of providing Maxpay Services to your organisation and of ensuring your maximum user experience with Maxpay. For the purpose of clarity, Maxpay cooperation with its contractors is based on the service agreements that contain data protection section. All the contractors are required to be in compliance with the data collection and processing regulations, as well as to keep all your information confidential.

How merchants share data to us

If your organisation transfers to us any personal data of its Clients, officers, representatives or any other natural persons, it shall be obliged to obtain prior consent or have other legal grounds for the collection, retention, use and processing of data and for transferring it to Maxpay.

How long we retain your data

We store your data for as long as it is reasonably necessary for the limited purpose of providing Maxpay Services and complying with the applicable laws and regulations, in particular:

Access, Contact, Financial, and Exhaustive personal information – for at least five (5) years from the day of termination of the relationship with Maxpay;

Technical information – logs are stored for one (1) year from the date of log creation;

Cookies – retention varies based on the type of cookie and is detailed in our Cookie Policy.

Notwithstanding above please note that if you contact our support team and provide your data (i.e. name, e-mail) the relevant data shall have the following retention period for the client support purpose: automatically archives tickets 120 days after they are marked closed; time of deletion - ticket data 40 days; user data 40 days.

Please also note that we will protect confidentiality of the personal data during the entire retention period and will not actively process the personal data if such processing is not necessary anymore.

Your rights as data subject

When we act as data controller, you have the following rights for personal data that we have about you:

The right to access any personal data that Maxpay processes about you. You can also obtain a copy of the personal data we retain about you.

You can ask us to erase or delete all or some of your personal data (e.g. if it is no longer necessary to provide Maxpay Services). Nevertheless, we may be obliged to store your data longer for the purpose of compliance with the Card Schemes Rules, for taxation, accounting and other purposes envisaged by applicable law. Considering that fraudsters may use such opportunity we have to properly authenticate you before we fulfil your request to delete or erase data.

You can ask us to change, update or fix your data in certain cases, particularly if it’s inaccurate.

You can also ask us to stop using all or some of your personal data or to limit our use of it.

If we process your data based on your consent, you have the right to withdraw your consent at any time.

If you are not satisfied with how Maxpay handles your personal data or wish to raise a complaint regarding the processing of your personal data, please contact our Data Protection Office at dpo@maxpay.com.

You may also contact us using the contact information above to make the request or ask us about your rights.

You shall also have the right to complain on us to the local data protection authority in Malta. Contact details of the Information and Data Protection Commissioner you can find under the following link: https://idpc.org.mt/

How you can access or change your personal data

Note you can review, update, and edit your personal information at any time. Simply log in to your account in Maxpay system and change profile settings at once. If the type of data you want to update or edit is not visible or editable in your profile settings, you can contact us and request to update or edit relevant data.

You can also close your account using Maxpay Site and have the right to delete your personal data by contacting us. However, personal information of your account may be used further in order to track any unpaid fees, unresolved disputes, prevent from scam, or be used for any other activity if such required by law.

If your personal data was transferred to third-parties data processors they will be notified of any editing or deletion of your personal data.

Cross-border transfers

For the purpose of ensuring your target-oriented and support experience with Maxpay and for providing your organisation with Maxpay Services we engage third-party service providers outside the EU. We share your information with Maxpay contractors in Ukraine that provide services to us, including billing, payment processing, customer support, marketing, security and performance monitoring, maintaining or servicing accounts, processing or fulfilling orders and transactions, verifying customer information, and data processing. We also share your information with Maxpay service provider in the USA when you contact our support team through the form or chat on Maxpay Site. In addition, we may transfer your data to the USA if you give us your consent to third-party cookies, as detailed in our Cookie Policy.

Data protection law of third countries may be different from the EU data protection laws and not guaranty adequate level of security, in particular there is currently no adequacy decision by the European Commission as for Ukraine and USA. In this connection, before we transfer your data outside the EU, we shall take the necessary steps to ensure that any such transfers comply with applicable data protection laws and that your personal data will be given adequate protection as required by relevant data privacy laws and Maxpay internal policies.

We use European Commission-approved Standard Contractual Clauses as a legal mechanism for data transfers from the EU. These clauses are contractual commitments for transferring personal data, binding them to protect the privacy and security of the data. The last edition of the Standard Contractual Clauses that Maxpay is signing with its third-party providers from outside the EU is available under the following link:

https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32021D0914&from=EN

You shall have the right to request from us a list of service providers thereto we transfer your data outside the EU.

When your organisation acts as data controller it shall inform its Clients about risks of cross-border transfers and obtain their consent for that.

Automated decision-making

You should be aware that we do not make automated decisions regarding you based on your personal data. All decisions regarding you using your personal data are made manually. In addition, please note that Maxpay does not make automated profiling based on your data. At the same time, such profiling can be made by our third-party service providers specified in the Cookie Policy thereto we transfer your data if you provide your consent to third-party cookies.

How may this Privacy Notice be changed

We can make amendments to this Privacy Notice at any time by the means of publishing a revised edition on the Site. You will be notified of any substantial changes. The revised version will be in effect immediately and be noted by updated date to the end of this Privacy Notice. You are entitled to terminate the agreement with Maxpay if you do not agree on any changes. By continuing using Maxpay Services, you accept the changes.

Data breaches

We ensure you that we have all necessary technologies and methods to prevent, detect and investigate a personal data breach. In case of any data breach we will endeavor our best efforts to send a notification of becoming aware of the breach as soon as possible. If your Personal Data was transferred to third-parties data processors they will be notified of data breach as well.

Pease feel free to contact our Data Protection Officer at dpo@maxpay.com to:

  • request access to information that Maxpay has about you;
  • correct any information that Maxpay has about you;
  • delete information that Maxpay has about you;
  • ask any other questions or concerns.

Privacy Notice last modified on December 22, 2021