Maxpay respects privacy of its customers, business partners, their officers and other representatives, as well as visitors to Maxpay website who may choose to provide personal data to us.
The current Privacy Notice depicts your privacy rights in terms of gathering, use, storing, sharing, and protecting your personal data.
Please read this Privacy Notice carefully before registering, accessing, or using Maxpay products or services.
You should read and understand this Privacy Notice because it constitutes the core of our obligations to you when you use Maxpay website and access Maxpay products or services on behalf of your organisation or when you provide your personal data to us.
You acknowledge that you have carefully read and understood this Privacy Notice by registering, accessing, or using Maxpay products or services.
Terms used in this Privacy Notice shall have the following meaning:
“Maxpay” means Maxpay Limited, a legal entity registered in Malta with registration number C 66555 whose registered office is at Suite 1, Level 2, Fort Business Centre, Triq L-Intornjatur, Zone 1, Central Business District, Birkirkara CBD 1050. “Maxpay” also covers affiliates and subsidiaries of Maxpay Limited. For the purposes of this Privacy Notice “we”, “our” and “us” shall refer to Maxpay.
“Maxpay Platform” means internet-based software, API and other technologies allowing to obtain Maxpay products or services.
“Maxpay Services” means software and a service to process online credit and debit card payments, obtain and send payments through alternative payment methods as gateway service provider and to fight fraud with help of our anti-fraud solution.
“Maxpay Site” refers to Maxpay website www.maxpay.com, including all its content and subdomains (e.g. Blog).
“You”, “your” and “yours” shall refer to any user of Maxpay Site, Maxpay Platform or Maxpay Services. For the purpose of clarity, if you are acting on behalf of your organisation (merchant) that uses Maxpay Services, this Privacy Notice shall apply to you as the officer or other representative of such organisation.
“Client” means an individual who purchases goods or services from your organisation.
“Personal data” is used to depict information that can be linked to a specific person and thus be used to identify that very person. Information that has been made anonymous is not considered to be personal data.
Maxpay as data controller
You should be aware that when we collect personal data of officers or other representatives of your organisation, we act as data controller, therefore we are subject to controller’s rights and obligations under applicable data protection laws, rules and regulations.
Maxpay also acts as data controller when we process personal data of Maxpay Site visitors in the form of cookies and other similar technologies. We process personal data of Maxpay Site visitors for the website experience improvement, management of our advertising campaign and monitoring conversion results.
Maxpay as data processor
By providing your organisation with Maxpay Services we act as data processor and your organisation acts as data controller in the meaning given by General Data Protection Regulation (GDPR). In this case we process data of your organisation only to provide it and its Clients with Maxpay Services and only on the relevant documented instructions. Your organisation, as data controller, shall comply with all applicable data protection laws, rules and regulations. Privacy notice of your organisation shall duly disclose its data practices, including using third-party service providers for gateway services and / or detection and prevention of fraud.
When your organisation acts as data controller it shall have a valid legal basis including prior consent from its Clients to collect, use and process their personal data by Maxpay, including consent to transfer personal data to the third countries. If your organisation discloses personal data without its Client’s proper consent or other legal basis, it is responsible for that unauthorized disclosure.
As a data controller, to the extent that your organisation processes Client’s personal data, it may be required under privacy laws to honor requests for data access, portability, correction, deletion, and objections to processing. In case data subject directly contact us with a request to exercise his individual rights under GDPR or with another claim on data protection, we will direct such data subject to your organisation as data controller. Nevertheless, we will assist it by providing all necessary information or by other means envisaged by applicable law.
When you visit Maxpay Site or use Maxpay Services on behalf of your organisation, we gather information provided by your computer, mobile phone, or other viewports. This info includes your IP-address, user name, referrer details, device details (“Technical information”). We process this information in order to protect users’ data and accounts inside Maxpay system, as well as to improve services and user experience.
Note that we also gather information about your activities on Maxpay Platform or Maxpay merchant portal and process your user ID, login, email, phone number, locale, timezone for the access to merchant portal functionality (“Access information”).
In case you access your Maxpay account or use any of Maxpay Services on behalf of your organisation as its officer or other representative, the following type of data might be gathered:
Pay attention that we do not collect any extra data but only the information that is necessary for the purpose of providing Maxpay Services.
Maxpay Site and Services collect your personal data and activities with the system in order to safeguard you from scam, fraud, and misuse of any private data you might share. If your working station or mobile device has any malware, the system can notice that and take applicable measures.
You should be aware that the main goal of gathering your personal data is to deliver effective, scalable, smooth, and personalized Maxpay experience. Hence, personal data we process might be used to:
Our legal basis for collecting and using personal data depends on the type of personal information collected and the specific context in which we collect it.
We process your personal data on the basis of our legitimate interests provided that such processing shall not outweigh your rights and freedoms. We rely on this legal basis when we carry out procedures which are the part of our Services or which are transparent, expectable and are the stable business practice. For example, to:
We will also process your data on the basis of our legitimate interest where the processing of personal data is strictly necessary and proportionate for the purposes of ensuring network and information security.
Please note that in most cases, if you do not provide the requested information, Maxpay will not be able to provide the requested service to your organisation, e.g. our support cannot reach you in case of emergency without collecting your contact details.
If we process your information based on our legitimate interests as explained above, you can object to this processing in certain circumstances. In such cases, we will cease processing your information unless we have compelling legitimate grounds to continue processing or where it is needed for legal reasons.
We are entitled to process your data on the basis of legal obligation where it is necessary for compliance with a legal or regulatory obligation that we are subject to, including without limitation regulations on prevention of the money laundering and funding of terrorism and other fraud and crime prevention laws and regulations (including Regulation 13 of the Prevention of Money Laundering and Funding of Terrorism Regulations (S.L. 373.01), Article 40 EU Directive No 648/2012). On this basis we may process your contact information (email, phone number, address), details of your ID, financial information such as bank account number or e-wallet ID. We are processing your data in order to conduct risk management on various stages of using Maxpay Services and to conduct fraud prevention in the course of merchant onboarding and its business activity.
Please note that where you are acting on behalf of your organisation in order for it to use Maxpay Services, you will need to provide us with the above information. Otherwise, we may not be able to provide the requested service to your organisation.
We can request from you a consent for data processing when we are required to do so by law or when we do not have another legal basis for processing of your data. Where we rely on your consent to process your personal data, you have the right to withdraw or decline consent at any time.
We do not rely on consent in common cases, because the right to withdraw a consent can be used for fraudulent activity. This would jeopardize the financial stability of Maxpay, reliability and integrity of Maxpay Services, thereby harming all legitimate parties in the payment process.
We warrant and represent that Maxpay has implemented the technical and organisational security measures and technological development to ensure an appropriate level of security of personal data. Your data is protected by the means of physical, technical, and administrative resources to lower the risks of loss, misusage, unauthorized entry, disclosure, or alteration by a third party. To keep your data safe we apply data encryption protection and authorization control system, just to name a few.
Maxpay is PCI DSS 1 V 3.2 certified. It means that when we act as data processor in relation to personal data of the Clients of your organisation in the course of providing Maxpay Services, we maintain all required technology, methods and business processes to protect cardholder data, and also use such technology and methods as regards the security of your personal data.
We monitor our systems 24x7 and our staff is always ready to respond to your notifications and queries within a short time.
Maxpay warrants and represents that:
We will notify you of any personal data breaches (including any unauthorized or accidental access) without undue delay after becoming aware of a personal data breach.
We will immediately inform you if, in our opinion, your organisation infringes GDPR protection provisions. Your organisation shall ensure the security of data it transfers to Maxpay. Your organisation assumes full liability for failures to meet the GDPR in cases when it is envisaged by this Privacy Notice or GDPR.
To ensure security of your data and data of the Clients of your organisation, you shall also maintain the confidentiality of your password from Maxpay account. You are recommended to sign out of the Maxpay account when you have finished work with it. In any case responsibility for any loss of passwords and misuse of Maxpay account by third parties lays with you and your organisation.
Maxpay shall also have the right to disclose the data to Maxpay contractors who may use such information only for the limited purposes of providing Maxpay Services to your organisation and of ensuring your maximum user experience with Maxpay. For the purpose of clarity, Maxpay cooperation with its contractors is based on the service agreements that contain data protection section. All the contractors are required to be in compliance with the data collection and processing regulations, as well as to keep all your information confidential.
If your organisation transfers to us any personal data of its Clients, officers, representatives or any other natural persons, it shall be obliged to obtain prior consent or have other legal grounds for the collection, retention, use and processing of data and for transferring it to Maxpay.
We store your data for as long as it is reasonably necessary for the limited purpose of providing Maxpay Services and complying with the applicable laws and regulations, in particular:
Access, Contact, Financial, and Exhaustive personal information – for at least five (5) years from the day of termination of the relationship with Maxpay;
Technical information – logs are stored for one (1) year from the date of log creation;
Notwithstanding above please note that if you contact our support team and provide your data (i.e. name, e-mail) the relevant data shall have the following retention period for the client support purpose: automatically archives tickets 120 days after they are marked closed; time of deletion - ticket data 40 days; user data 40 days.
Please also note that we will protect confidentiality of the personal data during the entire retention period and will not actively process the personal data if such processing is not necessary anymore.
When we act as data controller, you have the following rights for personal data that we have about you:
The right to access any personal data that Maxpay processes about you. You can also obtain a copy of the personal data we retain about you.
You can ask us to erase or delete all or some of your personal data (e.g. if it is no longer necessary to provide Maxpay Services). Nevertheless, we may be obliged to store your data longer for the purpose of compliance with the Card Schemes Rules, for taxation, accounting and other purposes envisaged by applicable law. Considering that fraudsters may use such opportunity we have to properly authenticate you before we fulfil your request to delete or erase data.
You can ask us to change, update or fix your data in certain cases, particularly if it’s inaccurate.
You can also ask us to stop using all or some of your personal data or to limit our use of it.
If we process your data based on your consent, you have the right to withdraw your consent at any time.
If you are not satisfied with how Maxpay handles your personal data or wish to raise a complaint regarding the processing of your personal data, please contact our Data Protection Office at firstname.lastname@example.org.
You may also contact us using the contact information above to make the request or ask us about your rights.
You shall also have the right to complain on us to the local data protection authority in Malta. Contact details of the Information and Data Protection Commissioner you can find under the following link: https://idpc.org.mt/
Note you can review, update, and edit your personal information at any time. Simply log in to your account in Maxpay system and change profile settings at once. If the type of data you want to update or edit is not visible or editable in your profile settings, you can contact us and request to update or edit relevant data.
You can also close your account using Maxpay Site and have the right to delete your personal data by contacting us. However, personal information of your account may be used further in order to track any unpaid fees, unresolved disputes, prevent from scam, or be used for any other activity if such required by law.
If your personal data was transferred to third-parties data processors they will be notified of any editing or deletion of your personal data.
Data protection law of third countries may be different from the EU data protection laws and not guaranty adequate level of security, in particular there is currently no adequacy decision by the European Commission as for Ukraine and USA. In this connection, before we transfer your data outside the EU, we shall take the necessary steps to ensure that any such transfers comply with applicable data protection laws and that your personal data will be given adequate protection as required by relevant data privacy laws and Maxpay internal policies.
We use European Commission-approved Standard Contractual Clauses as a legal mechanism for data transfers from the EU. These clauses are contractual commitments for transferring personal data, binding them to protect the privacy and security of the data. The last edition of the Standard Contractual Clauses that Maxpay is signing with its third-party providers from outside the EU is available under the following link:
You shall have the right to request from us a list of service providers thereto we transfer your data outside the EU.
When your organisation acts as data controller it shall inform its Clients about risks of cross-border transfers and obtain their consent for that.
We can make amendments to this Privacy Notice at any time by the means of publishing a revised edition on the Site. You will be notified of any substantial changes. The revised version will be in effect immediately and be noted by updated date to the end of this Privacy Notice. You are entitled to terminate the agreement with Maxpay if you do not agree on any changes. By continuing using Maxpay Services, you accept the changes.
We ensure you that we have all necessary technologies and methods to prevent, detect and investigate a personal data breach. In case of any data breach we will endeavor our best efforts to send a notification of becoming aware of the breach as soon as possible. If your Personal Data was transferred to third-parties data processors they will be notified of data breach as well.
Pease feel free to contact our Data Protection Officer at email@example.com to:
Privacy Notice last modified on December 22, 2021