PXP Financial
Privacy Statement
PXP Financial including its group companies is committed to protecting your privacy.
We kindly invite you to read this Privacy Policy to inform you about how we are collecting, using, protecting, retaining and sharing personal data and how we and our group companies are committed to protecting privacy.
All your data collected either under your consent, or for the performance of a contract between you and us or collected on our website, transferred, processed and maintained is treated lawfully and for strict purposes. It is our responsibility to keep your information confidential and secure.
The terms used in this Privacy Policy have the same meanings as in our Terms and Conditions, unless otherwise defined in this Privacy Policy.
Who we are
We and our Group companies together with our Joint Controller are providing a complete, end-to-end payment service that helps businesses to securely accept payments online and on-premise globally.
PXP Financial Limited (hereinafter “PXP” or “Controller”) with registered office in Roydon Road, Stanstead Abbots, Hertfordshire SG12 8XL, UK is an omni-channel payment provider and holds an FCA license in the UK.
DaoPay GmbH (hereinafter “DaoPay“ or “Joint Controller”) with registered office in Hackhofergasse 5/14, 1190 Vienna, is an all-in-one payment processing provider licenced by the Austrian Financial Market Authority.
Joint Controllers
PXP Financial Limited and DaoPay GmbH have concluded a Joint Controller Agreement which sets out the duties of both Controllers in accordance with Art. 26 of the General Data Protection Regulation (GDPR) and the equivalent provisions of the applicable data protection laws.
Contact details of the Controller and the Joint Controller
PXP Financial Limited
The Corn Mill – Roydon Road, Stanstead Abbots,
Hertfordshire SG12 8XL, UK
Contact details of the data protection officer
Jakov-Lind-Straße 15, 1020 Vienna, Austria
Email: data.protection@pxpfinancial.com
DaoPay GmbH
Hackhofergasse 5/14, 1190 Vienna, Austria
Contact details of the data protection officer
Hackhofergasse 5/14, 1190 Vienna, Austria
Email: privacy@daopay.com
Personal Data
Personal data or personal information means any information relating to a natural person who can be identified, directly or indirectly (data subject).
How we collect Information
Personal data is usually provided to us by yourself, however, some information is collected automatically, by using cookies, and some information can be provided by third parties. All personal data, processed by us is treated as private and confidential.
How we use Your Information lawfully
Your personal data will only be processed for specific, explicit and legitimate purposes and in the context of lawfulness. In particular, personal data of data subjects will be processed under the circumstances as described below.
Purposes of the processing and legal grounds
Personal data shall be processed without your consent, by the Joint Controllers, for the following purposes:
Based on the legitimate interests of the Joint Controllers to establish and maintain optimal professional relationships with current and prospective customers, personal data shall be processed by the Joint Controllers for the following purposes:
With your consent by the Joint Controllers for the following purposes, whereby your consent to the use of the data is optional and therefore you may decide not to give your consent, or to withdraw it at any time:
How we use Artificial Intelligence (AI)
Artificial Intelligence (AI) has rapidly become a constant in daily life. Based on our responsibility, we are committed to protecting the confidentiality, integrity, and availability of company data and personal data. Our mission is to assess, control and mitigate those risks associated with AI applications and AI-powered tools. We are carrying out a risk assessment before integrating any AI supported technology.
Such risk assessment includes a screening taking into account
• sensitivity of the affected data
• reputation of the AI technology
• security of the technology
• privacy impact
• ethical aspects, transparency and accountability
We are committed using AI technology only for supporting our operational processes.
We confirm that we are not using AI technology that is based upon
• automated decision making
• requiring personal data
• infringing ethical aspects
We take all necessary measures to ensure that content produced by AI technology is of the highest possible quality.
Log Data
Whenever you use our service or visit our websites, we collect information that your browser sends to us that is called Log Data. This Log Data includes information such as your computer’s Internet Protocol (“IP”) address, browser version, pages of our service that you visit, the time and date of your visit, the time spent on those pages, and other statistics, Google Analytics ID, internet browser and device type, and your language preferences.
Contact Us Data
If you are one of our existing customers and you prefer to get in contact with us you can use the options provided on our “Contact Us page“. We also may contact you to provide you with information to our products and services.
If you are not one of our customers yet or when you share data with us at events or exhibitions these data include your company name, name, email address, telephone number and other business related information you give us. All this information is processed for our legitimate interest to contact you, to provide you with information in relation to our products and services. You always have the opportunity to opt out of receiving such information.
Links to Other Websites
Our service contains links to other sites. If you click on a third-party link, you will be directed to that site. Note that these external sites are not operated by us. Therefore, we strongly advise you to review the Privacy Policy of these websites. We have no control over and take no responsibility for, the content, privacy policies, or practices of any third-party sites or services.
How we obtain Your Consent
When we are requesting consent to process your Personal data, the following will apply to all means by which consent is obtained.
We will;
The following message(s) will be clearly presented to the individual when requesting consent to process personally identifiable information.
We will collect and store the information in this form for the following purposes:
Cookies
In the course of your visit to our website, your computer may be issued with cookies. Cookies are files containing a small amount of data that is commonly used as an anonymous unique identifier. These are sent to your browser from our website when you visit and are stored on your computer’s hard drive.
Our website uses these “cookies” to collect information and to improve our service. You have the option to either accept or refuse these cookies and know when a cookie is being sent to your computer. If you choose to refuse our cookies, some portions of our service will not be available any longer.
Cookies are commonly used on the Internet and do not harm your system. Cookies have a number of uses.
The cookies used on our website fall into three categories:
Functional: These cookies are used to enable core website functionality and do not contain any personal information.
Analytics: These cookies allow us to count page visits and traffic sources, so we can monitor and improve the performance of our website.
Advertising cookies: We partner with affiliate networks and other websites to help promote our business. If you use their websites or have come to our site via these affiliates, then their cookies will be sent through our website.
When you enter our websites for the first time, we provide you with an opportunity to accept or decline the usage of cookies. You can also delete and block cookies at any time from this site through your browser, but some features on this site will not function without cookies.
You can change the preferences or settings in your web browser to control cookies. In some cases, you can choose to accept cookies from the primary site but block them from third parties. In others, you can block cookies from specific advertisers, or clear out all cookies.
Social Media Buttons
On our website, we use plugins from social media such as LinkedIn, Instagram, YouTube and Twitter which you can recognize by their respective logos. These plugins do not store any of your personal data unless you click on the logos or videos. By clicking on these logos or videos, the respective plugins are activated and automatically transmit data to the plugin provider.
It is not in our influence what data these providers collect from you, or the extent to which they process data. For more information about the data processing by these providers, please refer to their privacy policies.
Any time you have the right to obtain transparent information about your personal data, its origin and the recipients as well as the purpose of the data processing. You also have the right to correct and transmit your data and, if necessary, to object to, restrict the processing of, or deleting of, your personal data.
If you want us to execute your rights as described above, you can request this here: Exercise Your Rights
Or you can send us an email to: data.protection@pxpfinancial.com
If you believe that the processing of your personal data violates the applicable data protection law or your rights are not satisfied accordingly, you may file a complaint with the competent supervisory authority.
How long do we keep Your Data
Your data are only kept as long as we reasonably need them for the purposes specified above. In the case of marketing purposes, we will keep your information for 2 years after collection.
When you as a customer will enter into an agreement with us, we need to collect information to establish a contract with you. Also this and additional information is needed to set up our products for you, to provide you with support, platform integration, onboarding and other services to perform our contractual obligations. We also need this information for our internal administration purposes.
Information provided by you include your name, your contact information, address, e-mail address, ID documentation, company and ownership related documentation and payment details
In order to our obligation to comply with national and international laws on fraud, money laundering and terrorist financing prevention, we need to carry out checks by processing the information you provided to us and additional business- or personal information including a copy of your identification document, name, address and utility bills of your legal representative and shareholders, your bank account number, information subject to correspondence, bank statements, your signature and your company registration.
This information is needed to identify our customers and their ultimate beneficial owners, the nature of their business, monitoring their behaviour and their transactions and detecting risks. The legal basis for processing is in compliance with our statutory license obligation.
Other Purposes
We process the information provided by you for the following purposes, on base of the performance of a contract between you and us, to comply with applicable legal obligations and to provide you with a good customer service
How long do we keep Your Data
We will keep your data collected during our business relationship for 7 years upon the end of your contract with us. In relation to our legal obligations our records are kept for the relevant legal retention periods.
PXP as an end-to-end payment provider help businesses to securely accept payments online and on-premise globally (acquiring services). Our acquiring license lets us collect and settle funds related to card payments made by you as the consumer of the products and services provided by the relevant merchant. We are connecting our merchants to relevant payment scheme, such as Mastercard, Visa, Diners or Discover directly and request them to authorize the transactions and send it to the consumer’s bank for approval. Upon approved transactions, payment can be effected to the merchant’s bank
By providing our acquiring services we are requested to process personal data from you as a consumer of the relevant merchant. Your data is processed by us as a controller in accordance with applicable data protection and security measures and your payment data is processed in accordance with PCI DSS standards.
Personal data that we process from you as the consumer may include your name, date of birth, e-mail address, phone number, address, your payer ID, username, ID document details, driving license number and state (for the US), IP- address.
With regards to our obligations to provide the acquiring services we process additional data from you as the consumer including your card details encrypted in accordance with PCI DSS standards and the amount, currency, date, time and location of the performed transactions and ID and shop ID of the relevant merchant.
We process data only for the following legitimate purposes.
Sharing Your Information
Your information is not shared with third parties except for the following purposes.
For performing our acquiring services we need to share your information with third parties as payment schemes such as Mastercard or VISA
We also need to share your information with the merchant you were buying products or services. We may also share some of your information with competent authorities and/or regulators in case this is required to comply with our legal obligations.
Transfer of Data to Third-Parties
We employ third-party companies and individuals that may be located outside of the European Economic Area (EEA) due to the following reasons:
We want to inform our service users that these third parties have access to your personal information. The reason is to perform the tasks assigned to them on our behalf. However, they are obligated not to disclose or use the information for any other purpose.
Personal information will only be transferred in the following circumstances:
Group Companies
To fulfill some of our processes we must transfer your personal data to other parts of our group companies, which are located in other countries. We have assured that our group companies are in accordance with the requirements of the European Data Protection Regulation (EU 2016-679) and all other applicable data protection laws.
How long do we keep Your Data
We keep your data for as long as we reasonably need it for the legitimated purposes.
We will keep your data processed for 7 years upon the completion of relevant transactions and to comply with our legal retention periods under the obligations of the applicable laws.
Otherwise we will not share your information with any third party, unless we have your permission, where this is necessary in connection with the purposes above or with legal claims or when we have a legal obligation to do so.
Data Protection Rights
As a data subject, you have the right at any time to obtain information about your processed personal data, its origin and the recipient as well as the purpose of the processing and you are entitled to request a copy of your data. You also have the right to correct your data, to transmit your data to other organizations and, if necessary, to object to or restrict the processing of the data. You also have the right to deletion of your personal data, where we have asked for your consent to process these data, you can withdraw this consent at any time.
If you want us to execute your Data Protection Rights as described above, you can send us an email to: data.protection@pxpfinancial.com
Children’s Privacy
Under no circumstances we would collect or process personal identifiable information from or about children under 13 years of age.
Data Encryption and Technical Security Measures
To prevent illegal manipulation through a third person, the IP address of the logged-on computer will be requested and saved. In addition, all your personal data is protected from unauthorised access by a firewall – a computer that is fitted with complex security technology specifically designed to shield the company’s network from the Internet. We also use encryption and other security technologies to protect private information from unauthorized access. We ensure that information, personal data and data under our responsibility is properly backed up and that arrangements for recovery processes are in place. Additionally, the company uses reliable internal data protection mechanisms combined with a restrictive security system.
CCPA rights – Applicable to California Residents
We are providing this CCPA specific Privacy Notice that applies to individuals residing in California to supplement the information and disclosures contained in our Privacy Policy.
As a California resident, you have certain rights under CCPA. You also have the right to designate an authorized agent to exercise your CCPA rights on your behalf.
Right to know about Your Personal Information
you have the right to submit a request for information for the 12-month period preceding the date we receive your request regarding the:
a) categories of personal information collected by us;
If you are a California resident, and wish to request deletion of your personal information, please send an e-mail to: data.protection@pxpfinancial.com
We are required to fulfill these requests not more than twice within a 12-month period.
Right to Deletion
subject to certain exceptions such as our need to comply with legal obligations or process and complete transactions, etc you can request the deletion of personal information about you.
If you are a California resident, and wish to request deletion of your personal information, please send an e-mail to: data.protection@pxpfinancial.com
Right to Correct Inaccurate Personal Information
you have right to request correction of inaccurate personal information processed by us.
Verification
for access to, correction or deletion of personal information we are requested to reasonably verify your identity.
In the case we receive a request from an authorized agent on your behalf, we may require written proof and may take additional steps to verify your identity and the authorized agent’s identity.
Where we are unable to verify your identity we may decline a request to exercise the right to know and the right to deletion. In the case we are unable to fulfill your request, we will explain the reasons for declining to comply with your request.
Right to Equal Service
you have the right not to receive discriminatory treatment for exercising your CCPA rights.
Right to opt-out of sale of Your Personal Information
We do not disclose your personal information to others’ direct marketing purposes and we do not sell your personal information.
Contacting Us
If you have any questions about this Privacy Policy, do not hesitate to contact our Data Protection Officer at: data.protection@pxpfinancial.com
Changes to this Privacy Policy
We reserve the right to amend this Privacy Policy as necessary, for example due to technical developments or legal changes, or to update it in connection with the offer of new services or products. The updated Privacy Policy will be published on our website.
Version 4.0 of April 2024