HyperPay privacy-policy

HyperPay provides services which help businesses thrive in the digital economy. These services include payment processing and optimization, tools to manage and reduce fraud, and identity verification solutions to merchants who use Shopify to power their stores. This Privacy Policy describes how personal information is collected, used, and shared when you install or use the App in connection with your Shopify-supported store.

Personal Information the App Collects

When you install the App, we are automatically able to access certain types of information from your Shopify account:

write_payment_gateways
Configures the payments gateway to work on the merchant's store
write_payment_sessions
To handle payments workflow: Resolve,Reject, Capture and Refund

Additionally, we collect the following types of personal information from you and/or your customers once you have installed the App:

Store owner
Name, E-mail address, phone number and physical address
Individuals who use hyperpay as payment option on your store
Name, E-mail address, phone number and physical address, IP address and credit card information

We collect personal information directly from the relevant individual, through your Shopify account, or by filling the payment form in our website.“Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps. “Web beacons,” “tags,” and “pixels” are electronic files used to record information about how you browse the Site.

How Do We Use Your Personal Information?

A Merchant Representative: you represent the businesses and prospective businesses that we support.
A Merchant Customers : you are an individual customer who purchases goods and services from our Merchants.
A Website User: you are a visitor to our website, including utilising our sandbox environment.

This notice applies where HyperPay act as a data controller, but we may sometimes operate as a data processor for Merchant Customer data where we carry out instructions and process data on a Merchant’s behalf. In these instances, you should refer to the privacy notice of the Merchant for details regarding how they process your information.

Merchant Representatives:

Data we collect	Where we collect it
Contact information: your name, job title, email address, phone number, personal or business postal address	Where you provide it to us by enquiring about, or registering for, our services From certain trusted third parties, for example those with whom you may have shared your data, and companies which aggregate business contact information
Sensitive information: proof of address, copy of a personal identification card or passport, financial information and other information as required to validate your identity and background	Where you provide it to us directly in the course of registering a Merchant for our services From certain trusted third parties, for example those with whom you may have shared your data, including companies which provide information on company directors and shareholding

Merchant Customers:

Data we collect	Where we collect it
Contact information: your name, email address, phone number, personal or business postal address	Where you make a purchase through a Merchant that uses HyperPay to process payments.
Cardholder information: your payment card details and billing address	Where you make a purchase through a Merchant that uses HyperPay to process payments.
Transaction information: information relating to a purchase, including currency, amount, and the identity of the Merchant	Where you make a purchase through a Merchant that uses HyperPay to process payments.
Technical information: your IP address.	Where you make a purchase through a Merchant that uses HyperPay to process payments.
Sensitive information: your payment card details.	Where you make a purchase through a Merchant that uses HyperPay to process payments.

Please note that where you are a Merchant Customer you should also consult the privacy notice of the Merchant from whom you are making a purchase to understand how they may process and share your personal data.

Website Users:

Data we collect

Where we collect it

Technical information: IP address.

We use server logs and other technologies, to collect this information.

Contact information: your name, email address, phone number, personal or business postal address

Where you provide it to us directly by filling payment forms

The purposes for which we process personal data and our lawful basis for doing so

Merchant Representatives

Purposes for which we process data	Our lawful basis
We use your contact information to facilitate and enable our relationship with you as a prospective, new or existing merchant	We process this information based on our legitimate interest in contacting you to in the course of offering or providing relevant products and services to you
We use your verification information, in order to validate your identity, fulfill our regulatory obligations, and conduct due diligence in the form of Know Your Customer (“KYC”) or Know Your Business (“KYB”) checks	We process this information where it is necessary to comply with a legal obligation We also process this information where it is in our legitimate interests to do so to detect and prevent fraud and money laundering
We use your contact information and verification information to comply with our legal and regulatory obligations	We process this information where it is necessary to comply with a legal obligation
We anonymize and aggregate your information and process it to ensure the security, stability, performance and development of our services	We process this information where it is in our legitimate interests to do so to securely and effectively maintain and develop our products and services

Merchant Customers

Purposes for which we process data	Our lawful basis
We use your contact, cardholder, transaction, technical and verification information to process payments and otherwise provide our services to you	We process this information where it is in our legitimate interests to do so to securely and effectively deliver our services
We use your contact, cardholder, transaction, technical and verification information to detect and prevent fraudulent activity, financial crime and any other illegal or unauthorized use of HyperPay services	We process this information where it is necessary to comply with a legal obligation We also process this information where it is in our legitimate interests to do so to detect and prevent fraud and money laundering
We use your contact, cardholder, transaction, technical and verification information to comply with our legal and regulatory obligations	We process this information where it is necessary to comply with a legal obligation
We use your contact, and audio visual and biometric information to validate your identity (when using HyperPay’s Identity Verification Services)	We process this information where it is necessary for the performance of a contract We only process biometric information with your explicit consent
We anonymize and aggregate your information and process it to ensure the security, stability, performance and development of our services	We process this information where it is in our legitimate interests to do so to securely and effectively maintain and develop our products and services

Website Users

Purposes for which we process data	Our lawful basis
We use your technical information to perform data analytics to improve and optimize our website, products, services, customer relationships and experiences	We process this information where it is in our legitimate interests to do so to securely and effectively maintain and develop our website
We use your technical information to administer and protect our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)	We process this information where it is in our legitimate interests to do so to protect and secure our website
We use your contact information to respond to you where you make an enquiry on our website	We process this information where it is in our legitimate interests to do so in responding to your enquiries

Automated decision making and profiling

In the course of providing our services, we may make decisions using your data which are partially or wholly automated to help make our decisions and services secure and efficient.

We use automated decision-making in the following circumstances:

-Fraud detection: Where you are a Merchant Customer and you initiate a transaction with a Merchant that uses our fraud detection services, your information may be processed by HyperPay for the purposes of fraud detection and prevention. In some cases, this may lead to an automated decision for a transaction to be declined or for further information to be requested from you in order to proceed. We perform this activity where we have a legal obligation to do so to protect you and our Merchants, and to otherwise ensure the security of our services. Any such automated decision will be based on your contact, cardholder, transaction, and technical information, as further outlined in the What personal data do we collect section of this notice.

-Identity verification: Where you are a Merchant Representative or Merchant Customer and we ask you to provide identity information to sign up to one of our services, or you use our product, the information you provide may be subject to partially or wholly automated decisions as to whether we are able to verify your identity. In the event we are unable to effectively verify your identity, this could have the impact of delaying or denying you access to a product or service operated by HyperPay or one of our Merchants. We perform this activity to ensure we comply with our own legal obligations, or on our Merchants’ behalf where they use our product. What personal data do we collect section of this notice.

You have a right to object to any automated decisions we have made and request that any such decisions are reviewed by a human. For information on how to exercise this right please see Your Choices and Rights.

Your choices and rights

You have rights and choices over the way your information is used by us:

Right to opt-out of direct marketing communications: This enables you to opt-out of receiving marketing communications from us. You can do this at any time by clicking on the ‘unsubscribe’ link included in any email marketing material we send to you, or by informing us by emailing info@hyperpay.com

Right to request access to your personal data: This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. In some cases, you have a right to receive a copy of this information in a reusable format and have it transmitted to another organisation

Right to request correction of the personal data we hold about you: This enables you to have any incomplete or inaccurate data we hold about you corrected

Right to request erasure of your personal data: This enables you to ask us to delete or remove your personal data. Please note that in some cases, for example if we need to retain your data to comply with legal obligations, we may be unable to comply with such requests

Right to object to processing of your personal data: In certain circumstances you can object to our processing of your personal data for example when we rely on legitimate interests to process your personal data

Request restriction of processing of your personal data: This enables you to ask us to suspend the processing of your personal data in certain scenarios

Withdrawal of consent: You can withdraw consent at any time where we are relying on consent to process your personal data

Right to object to automated individual decision-making and profiling: This includes the right to request human intervention where we have relied on automated decision making or profiling.

If you object to the processing of your personal data, or if you have provided your consent to processing and you later choose to withdraw it, we will respect that choice in accordance with our legal obligations. However, this could mean that we cannot provide certain products or services to you or we cannot perform the actions necessary to achieve the purposes described (see The purposes for which we process your personal data).

‍

International data transfers

HyperPay is a global business and in the provision of our services personal data may be transferred to third-party service providers located in a different country than your home country. We will implement appropriate measures to ensure that your personal data remains protected and secure when it is transferred, and we will only transfer your personal data in accordance with applicable laws and regulations. Where data is transferred from the UK or EEA to a third country that is not deemed by the EU Commission or UK Secretary of State to have adequate protections in place, we rely on the EU Standard Contractual Clauses (SCCs) or contractual clauses approved by the ICO (such as the UK Addendum to the EU SCCs) respectively, to transfer your data to that third country and ensure it remains secure. We also carry out transfer impact assessments before transferring your personal data, to assess the level of risk to you and your rights and protections in that third country.

You can find the EU SCCs here and the UK Addendum to the EU SCCs here. Please Contact us if you would like to know more about how we transfer your personal data overseas.

‍

How we protect your personal data

HyperPay is committed to building a secure and trusted environment for businesses and their communities to thrive in the digital economy. Whilst we cannot guarantee your personal data will be 100% secure, we put in place appropriate measures to secure personal data from being accidentally lost, used, accessed, altered or disclosed in an unauthorized manner. We continually review the security measures we have in place to ensure they are appropriate.

We are PCI DSS (Payment Card Industry Data Security Standard) Level (SAQ A) compliant, which is the highest standard set by the payment card industry to ensure that cardholder data is processed, stored, and transmitted in a secure environment. HyperPay’s systems are also ISO27001 certified.

When deciding how long to keep your personal data, we think about how much and what kind of personal data we have, how sensitive it is, the risk of unauthorized use or disclosure, why we are using your personal data, and if there is another way to achieve these purposes, as well as what the laws and regulations tell us. We will only retain your personal data for as long as reasonably necessary to fulfil the following purposes:

-to comply with any legal, accounting, tax and reporting requirements

-to deliver and develop our products and services securely and effectively

-to perform analysis and undertake internal research

Once the data is no longer required for these purposes, we securely erase it.

‍

Contact us & updates to this notice

If you have any questions about this notice, including any requests to exercise your legal rights, please contact our Data Protection Officer (DPO) using the details set out below.

Email address: info@hyperpay.com