PRIVACY

PXP Financial
Privacy Statement

General


PXP Financial including its group companies is committed to protecting your privacy.

We kindly invite you to read this Privacy Policy to inform you about how we are collecting, using, protecting, retaining and sharing personal data and how we and our group companies are committed to protecting privacy.

All your data collected either under your consent, or for the performance of a contract between you and us or collected on our website, transferred, processed and maintained is treated lawfully and for strict purposes. It is our responsibility to keep your information confidential and secure.

The terms used in this Privacy Policy have the same meanings as in our Terms and Conditions, unless otherwise defined in this Privacy Policy.

Who we are

We and our Group companies together with our Joint Controller are providing a complete, end-to-end payment service that helps businesses to securely accept payments online and on-premise globally.

PXP Financial Limited (hereinafter “PXP” or “Controller”) with registered office in Roydon Road, Stanstead Abbots, Hertfordshire SG12 8XL, UK is an omni-channel payment provider and holds an FCA license in the UK.

DaoPay GmbH (hereinafter “DaoPay“ or “Joint Controller”) with registered office in Hackhofergasse 5/14, 1190 Vienna, is an all-in-one payment processing provider licenced by the Austrian Financial Market Authority.

Joint Controllers

PXP Financial Limited and DaoPay GmbH have concluded a Joint Controller Agreement which sets out the duties of both Controllers in accordance with Art. 26 of the General Data Protection Regulation (GDPR) and the equivalent provisions of the applicable data protection laws.

Contact details of the Controller and the Joint Controller

PXP Financial Limited
The Corn Mill – Roydon Road, Stanstead Abbots,
Hertfordshire SG12 8XL, UK

Contact details of the data protection officer
Jakov-Lind-Straße 15, 1020 Vienna, Austria

Email: data.protection@pxpfinancial.com 

DaoPay GmbH

Hackhofergasse 5/14, 1190 Vienna, Austria

Contact details of the data protection officer
Hackhofergasse 5/14, 1190 Vienna, Austria

Email: privacy@daopay.com 

Personal Data

Personal data or personal information means any information relating to a natural person who can be identified, directly or indirectly (data subject).

How we collect Information

Personal data is usually provided to us by yourself, however, some information is collected automatically, by using cookies, and some information can be provided by third parties. All personal data, processed by us is treated as private and confidential.

How we use Your Information lawfully

Your personal data will only be processed for specific, explicit and legitimate purposes and in the context of lawfulness. In particular, personal data of data subjects will be processed under the circumstances as described below.

Purposes of the processing and legal grounds

Personal data shall be processed without your consent, by the Joint Controllers, for the following purposes:

  • Complying with specific pre-contractual or contractual obligations undertaken by us to our customers;
  • Complying with national or EU laws and regulations, or executing orders or instructions given to the Joint Controllers by judicial authorities, oversight authorities or professional bodies;
  • Exercising the rights of the Joint Controllers, specifically defending themselves in court proceedings.

Based on the legitimate interests of the Joint Controllers to establish and maintain optimal professional relationships with current and prospective customers, personal data shall be processed by the Joint Controllers for the following purposes:

  • Carrying out customer relationship management, develop with the ‘contacts’ of current and prospective customers, and any other persons/entities with whom the Joint Controllers‘ professionals have developed business relationships
  • Complying with the policies and procedures adopted by the Joint Controllers, to manage shared verification processes preliminary to the acceptance and correct performance of possible assignments and quality control processes

With your consent by the Joint Controllers for the following purposes, whereby your consent to the use of the data is optional and therefore you may decide not to give your consent, or to withdraw it at any time:

  • Sending you newsletters, publications and studies, survey results, market analyses or analyses of specific industries or businesses, and any other type of professional information material, as of specific interest to you, published by the Joint Controllers
  • Inviting you to events, meetings, workshops, congresses, professional trainings, as of specific interest to you, organised and managed by the Joint Controller
  • Inviting you to participate in surveys or questionnaires (also relating to customer satisfaction) in the interests or for the benefit of the Joint Controllers

 

How we use Artificial Intelligence (AI)

Artificial Intelligence (AI) has rapidly become a constant in daily life. Based on our responsibility, we are committed to protecting the confidentiality, integrity, and availability of company data and personal data. Our mission is to assess, control and mitigate those risks associated with AI applications and AI-powered tools. We are carrying out a risk assessment before integrating any AI supported technology.

Such risk assessment includes a screening taking into account

• sensitivity of the affected data
• reputation of the AI technology
• security of the technology
• privacy impact
• ethical aspects, transparency and accountability

We are committed using AI technology only for supporting our operational processes.

We confirm that we are not using AI technology that is based upon 
• automated decision making
• requiring personal data 
• infringing ethical aspects

We take all necessary measures to ensure that content produced by AI technology is of the highest possible quality.

 

Visitors and users of our websites, newsletter and marketing


Log Data

Whenever you use our service or visit our websites, we collect information that your browser sends to us that is called Log Data. This Log Data includes information such as your computer’s Internet Protocol (“IP”) address, browser version, pages of our service that you visit, the time and date of your visit, the time spent on those pages, and other statistics, Google Analytics ID, internet browser and device type, and your language preferences.

Contact Us Data

If you are one of our existing customers and you prefer to get in contact with us you can use the options provided on our “Contact Us page“. We also may contact you to provide you with information to our products and services.

If you are not one of our customers yet or when you share data with us at events or exhibitions these data include your company name, name, email address, telephone number and other business related information you give us. All this information is processed for our legitimate interest to contact you, to provide you with information in relation to our products and services. You always have the opportunity to opt out of receiving such information.

Links to Other Websites

Our service contains links to other sites. If you click on a third-party link, you will be directed to that site. Note that these external sites are not operated by us. Therefore, we strongly advise you to review the Privacy Policy of these websites. We have no control over and take no responsibility for, the content, privacy policies, or practices of any third-party sites or services.

How we obtain Your Consent

When we are requesting consent to process your Personal data, the following will apply to all means by which consent is obtained.

We will;

  • require a positive opt-in and will not use pre-ticked boxes or any other method of default consent.
  • present a very clear and specific statement of consent to the data subject.
  • keep consent requests separate from other terms and conditions.
  • not use vague or blanket consent but will be specific and granular in all statements of consent.
  • be clear and concise in all statements of consent.
  • name any 3rd party who will rely on the consent
  • make it easy for people to withdraw consent and tell them how, by means of an email on initial consent and on any further correspondence to the individual, by providing a link to withdraw consent.
  • keep evidence of consent, who, when, how, and what we told people.
  • review consent at least annually and on any changes to the process, content or use of gathering personal information. not make consent a precondition of service.

The following message(s) will be clearly presented to the individual when requesting consent to process personally identifiable information.

We will collect and store the information in this form for the following purposes:

  • to contact you once you have submitted a form on our website
  • to send you information which we think may be of interest to you
  • to send you marketing communications related to our products and services
  • to comply with regulations

Cookies

In the course of your visit to our website, your computer may be issued with cookies. Cookies are files containing a small amount of data that is commonly used as an anonymous unique identifier. These are sent to your browser from our website when you visit and are stored on your computer’s hard drive.

Our website uses these “cookies” to collect information and to improve our service. You have the option to either accept or refuse these cookies and know when a cookie is being sent to your computer. If you choose to refuse our cookies, some portions of our service will not be available any longer.

Cookies are commonly used on the Internet and do not harm your system. Cookies have a number of uses.

The cookies used on our website fall into three categories:

Functional: These cookies are used to enable core website functionality and do not contain any personal information.

Analytics: These cookies allow us to count page visits and traffic sources, so we can monitor and improve the performance of our website.

Advertising cookies: We partner with affiliate networks and other websites to help promote our business. If you use their websites or have come to our site via these affiliates, then their cookies will be sent through our website.

When you enter our websites for the first time, we provide you with an opportunity to accept or decline the usage of cookies. You can also delete and block cookies at any time from this site through your browser, but some features on this site will not function without cookies.

You can change the preferences or settings in your web browser to control cookies. In some cases, you can choose to accept cookies from the primary site but block them from third parties. In others, you can block cookies from specific advertisers, or clear out all cookies.



Social Media Buttons


On our website, we use plugins from social media such as LinkedIn, Instagram, YouTube and Twitter which you can recognize by their respective logos. These plugins do not store any of your personal data unless you click on the logos or videos. By clicking on these logos or videos, the respective plugins are activated and automatically transmit data to the plugin provider.

It is not in our influence what data these providers collect from you, or the extent to which they process data. For more information about the data processing by these providers, please refer to their privacy policies.

 

Your Rights


Any time you have the right to obtain transparent information about your personal data, its origin and the recipients as well as the purpose of the data processing. You also have the right to correct and transmit your data and, if necessary, to object to, restrict the processing of, or deleting of, your personal data.

If you want us to execute your rights as described above, you can request this here: Exercise Your Rights

Or you can send us an email to: data.protection@pxpfinancial.com 

If you believe that the processing of your personal data violates the applicable data protection law or your rights are not satisfied accordingly, you may file a complaint with the competent supervisory authority.

How long do we keep Your Data

Your data are only kept as long as we reasonably need them for the purposes specified above. In the case of marketing purposes, we will keep your information for 2 years after collection.

 

Customers


When you as a customer will enter into an agreement with us, we need to collect information to establish a contract with you. Also this and additional information is needed to set up our products for you, to provide you with support, platform integration, onboarding and other services to perform our contractual obligations. We also need this information for our internal administration purposes.

Information provided by you include your name, your contact information, address, e-mail address, ID documentation, company and ownership related documentation and payment details

In order to our obligation to comply with national and international laws on fraud, money laundering and terrorist financing prevention, we need to carry out checks by processing the information you provided to us and additional business- or personal information including a copy of your identification document, name, address and utility bills of your legal representative and shareholders, your bank account number, information subject to correspondence, bank statements, your signature and your company registration.

This information is needed to identify our customers and their ultimate beneficial owners, the nature of their business, monitoring their behaviour and their transactions and detecting risks. The legal basis for processing is in compliance with our statutory license obligation.

Other Purposes

We process the information provided by you for the following purposes, on base of the performance of a contract between you and us, to comply with applicable legal obligations and to provide you with a good customer service

  • to conclude and execute agreements with you and provide services to you.
  • to send administrative information to you, for example, information regarding our websites and changes to our Terms and Conditions.
  • to process consumer transactions on behalf of you
  • to complete and fulfill your order, have your order delivered to you, communicate with you regarding the service and provide you with related customer service.
  • to respond to your inquiries and fulfill your requests, such as to respond to your questions and comments.
  • to contact you when we have an obligation to do so.
  • to offer and facilitate the provision of services upon your request
  • to improve our service and developing new services.
  • to resolve conflicts, manage litigation, resolve issues, and provide you customer service (including troubleshooting in connection with customer issues).
  • to provide you with updates and announcements concerning our products, promotions, and programs and to send you invitations to participate in special programs (direct marketing). The personal data collected for direct marketing purposes may be processed only with the unambiguous active consent of you which clearly indicates that you agree with the processing of your personal data for direct marketing. You have a right to withhold your consent or withdraw previously given consent without any adverse effect.
  • to personalise your experience on the website by presenting products and offers tailored to you. The legal basis for data processing is our legitimate interest.
  • for our business purposes, such as analysing and managing our businesses, business mergers, and acquisitions, market research, audits, developing new products, enhancing our websites, identifying usage trends, determining the effectiveness of our promotional campaigns and gauging customer satisfaction.
  • as we believe to be necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain. The legal basis for processing is in compliance with a legal obligation.

How long do we keep Your Data

We will keep your data collected during our business relationship for 7 years upon the end of your contract with us. In relation to our legal obligations our records are kept for the relevant legal retention periods.

Acquiring Services and Transaction Processing of Consumers

 
PXP as an end-to-end payment provider help businesses to securely accept payments online and on-premise globally (acquiring services). Our acquiring license lets us collect and settle funds related to card payments made by you as the consumer of the products and services provided by the relevant merchant. We are connecting our merchants to relevant payment scheme, such as Mastercard, Visa, Diners or Discover directly and request them to authorize the transactions and send it to the consumer’s bank for approval. Upon approved transactions, payment can be effected to the merchant’s bank

By providing our acquiring services we are requested to process personal data from you as a consumer of the relevant merchant. Your data is processed by us as a controller in accordance with applicable data protection and security measures and your payment data is processed in accordance with PCI DSS standards.

Personal data that we process from you as the consumer may include your name, date of birth, e-mail address, phone number, address, your payer ID, username, ID document details, driving license number and state (for the US), IP- address.

With regards to our obligations to provide the acquiring services we process additional data from you as the consumer including your card details encrypted in accordance with PCI DSS standards and the amount, currency, date, time and location of the performed transactions and ID and shop ID of the relevant merchant.

We process data only for the following legitimate purposes.

  • where processing is necessary for the performance of a contract with our customers (the merchants) to deliver our products and services and our obligations with the payment schemes
  • where processing is necessary for compliance with our legal obligations as monitoring financial transactions for the purpose of preventing fraud, money laundering and terrorist financing
  • to investigate violations of any agreement or other legal provision applicable to our services or to enforce such legal instruments to protect our assets, services and rights

Sharing Your Information

Your information is not shared with third parties except for the following purposes.

For performing our acquiring services we need to share your information with third parties as payment schemes such as Mastercard or VISA

We also need to share your information with the merchant you were buying products or services. We may also share some of your information with competent authorities and/or regulators in case this is required to comply with our legal obligations.

Transfer of Data to Third-Parties

We employ third-party companies and individuals that may be located outside of the European Economic Area (EEA) due to the following reasons:

  • to facilitate our service
  • to provide the service on our behalf
  • to perform service-related services
  • to assist us in analysing how our service is used

We want to inform our service users that these third parties have access to your personal information. The reason is to perform the tasks assigned to them on our behalf. However, they are obligated not to disclose or use the information for any other purpose.

Personal information will only be transferred in the following circumstances:

  • To other companies that provide us services. We share Personal Data with other partners who perform services and functions on our behalf. These partners, for example, provide services to you as defined in our service contracts
  • To financial institutions with whom we work together to develop or provide a product or service
  • To other parties when you use their services, such as: to merchants, and service providers: We may disclose information to other participants in your transactions when you use the services. The information we share includes: person-related data required to complete the transaction
  • Personal Data needed by other transactional participants to resolve conflicts and to investigate and prevent fraud
  • Anonymised data and performance analytics that help better understand the use of our services and increase the satisfaction of our customers
  • To third parties for our business purposes or as permitted or required by law
  • To protect the essential interests of a person
  • To investigate violations of any User Agreement or other legal provision applicable to our services or to enforce such legal instruments to protect our assets, services and rights

Group Companies

To fulfill some of our processes we must transfer your personal data to other parts of our group companies, which are located in other countries. We have assured that our group companies are in accordance with the requirements of the European Data Protection Regulation (EU 2016-679) and all other applicable data protection laws.

How long do we keep Your Data

We keep your data for as long as we reasonably need it for the legitimated purposes.

We will keep your data processed for 7 years upon the completion of relevant transactions and to comply with our legal retention periods under the obligations of the applicable laws.

Otherwise we will not share your information with any third party, unless we have your permission, where this is necessary in connection with the purposes above or with legal claims or when we have a legal obligation to do so.

Data Protection Rights

As a data subject, you have the right at any time to obtain information about your processed personal data, its origin and the recipient as well as the purpose of the processing and you are entitled to request a copy of your data. You also have the right to correct your data, to transmit your data to other organizations and, if necessary, to object to or restrict the processing of the data. You also have the right to deletion of your personal data, where we have asked for your consent to process these data, you can withdraw this consent at any time.

If you want us to execute your Data Protection Rights as described above, you can send us an email to: data.protection@pxpfinancial.com 

Children’s Privacy

Under no circumstances we would collect or process personal identifiable information from or about children under 13 years of age.

Data Encryption and Technical Security Measures

To prevent illegal manipulation through a third person, the IP address of the logged-on computer will be requested and saved. In addition, all your personal data is protected from unauthorised access by a firewall – a computer that is fitted with complex security technology specifically designed to shield the company’s network from the Internet. We also use encryption and other security technologies to protect private information from unauthorized access. We ensure that information, personal data and data under our responsibility is properly backed up and that arrangements for recovery processes are in place. Additionally, the company uses reliable internal data protection mechanisms combined with a restrictive security system.

CCPA rights – Applicable to California Residents

We are providing this CCPA specific Privacy Notice that applies to individuals residing in California to supplement the information and disclosures contained in our Privacy Policy.

As a California resident, you have certain rights under CCPA. You also have the right to designate an authorized agent to exercise your CCPA rights on your behalf.

Right to know about Your Personal Information

you have the right to submit a request for information for the 12-month period preceding the date we receive your request regarding the:

a) categories of personal information collected by us;
b) the purposes for which these categories of personal information are collected by us;
c) categories of sources from which we collect personal information; and
d) personal information we have collected about you during the past twelve months.


If you are a California resident, and wish to request deletion of your personal information, please send an e-mail to: data.protection@pxpfinancial.com

We are required to fulfill these requests not more than twice within a 12-month period.

Right to Deletion

subject to certain exceptions such as our need to comply with legal obligations or process and complete transactions, etc you can request the deletion of personal information about you.

If you are a California resident, and wish to request deletion of your personal information, please send an e-mail to: data.protection@pxpfinancial.com

Right to Correct Inaccurate Personal Information

you have right to request correction of inaccurate personal information processed by us.

Verification

for access to, correction or deletion of personal information we are requested to reasonably verify your identity.

In the case we receive a request from an authorized agent on your behalf, we may require written proof and may take additional steps to verify your identity and the authorized agent’s identity.

Where we are unable to verify your identity we may decline a request to exercise the right to know and the right to deletion. In the case we are unable to fulfill your request, we will explain the reasons for declining to comply with your request.

Right to Equal Service

you have the right not to receive discriminatory treatment for exercising your CCPA rights.

Right to opt-out of sale of Your Personal Information

We do not disclose your personal information to others’ direct marketing purposes and we do not sell your personal information.

Contacting Us

If you have any questions about this Privacy Policy, do not hesitate to contact our Data Protection Officer at: data.protection@pxpfinancial.com 

Changes to this Privacy Policy

We reserve the right to amend this Privacy Policy as necessary, for example due to technical developments or legal changes, or to update it in connection with the offer of new services or products. The updated Privacy Policy will be published on our website.

Version 4.0 of April 2024