Privacy & Cookies Policy
Welcome to GR8PAY!
GR8PAY and its affiliates (collectively “GR8PAY”, “we” and “us”) respect your privacy. We offer services that enable platforms and merchants to run businesses, and to safely conduct online payment transactions.
GR8PAY obtains Personal Data about you from various sources to provide our Services and to manage our Sites. “You” may be a visitor to our website, a user of one or more of our Services (“User” or “GR8PAY User”), or a customer of a User (“Customer”). If you are a Customer, GR8PAY will generally not collect your Personal Data directly from you. Your agreement with the relevant GR8PAY User should explain how the GR8PAY User shares your Personal Data with GR8PAY, and if you have questions about this sharing, then you should direct those questions to the GR8PAY User.
Personal Data We Collect
Personal Data that we collect about you
Personal Data is any information that relates to an identified or identifiable individual. The Personal Data that you provide directly to us through our Sites and Services will be apparent from the context in which you provide the data. In particular:
- When you register for a GR8PAY account we collect your full name, email address, and account log-in credentials.
- When you fill-in our online form to contact our sales team, we collect your full name, work email, country, and anything else you tell us about your project, needs and timeline.
- When you use the “Remember Me” feature of GR8PAY Checkout, we collect your email address, payment card number, CVC code and expiration date.
When you respond to GR8PAY emails or surveys we collect your email address, name and any other information you choose to include in the body of your email or responses. If you contact us by phone, we will collect the phone number you use to call GR8PAY. If you contact us by phone as a GR8PAY User, we may collect additional information in order to verify your identity.
- If you are a GR8PAY User, you will provide your contact details, such as name, postal address, telephone number, and email address. As part of your business relationship with us, we may also receive financial and personal information about you, such as your date of birth and government identifiers associated with you and your organization (such as your social security number, tax number, or Employer Identification Number).
- If you are a Customer of a GR8PAY User, when you make payments or conduct transactions through a GR8PAY User’s website or application or device we provide, we will receive your transaction information. Depending on how the GR8PAY User implements our Services, we may receive this information directly from you, or from the GR8PAY User or third parties. The information that we collect will include purchase amount, date of purchase, and payment method. Different payment methods may require the collection of different categories of information. The GR8PAY User will determine the payment methods that it enables you to use, and the payment method information that we collect will depend upon the payment method that you choose to use from the list of available payment methods that are offered to you by the GR8PAY User. When you make a transaction, we may also receive your name, email, billing or shipping address and in some cases your transaction history to authenticate you.
When we conduct fraud monitoring, prevention, detection, and financial compliance activities or provide such services to our Users, we will receive Personal Data from you (and your device) and about you through our Service and from our business partners, financial service providers, identity verification services, and publicly available sources (e.g., name, address, phone number, country), as necessary to confirm your identity and prevent fraud. Our fraud monitoring, detection and prevention services may collect Personal Data about you and use technology to help us assess the risk associated with an attempted transaction by you with a GR8PAY User.
How We Use Personal Data
Our products and services
We rely upon a number of legal grounds to ensure that our use of your Personal Data is compliant with applicable law. We use Personal Data to facilitate the business relationships we have with our Users, to comply with our financial regulatory and other legal obligations, and to pursue our legitimate business interests. We also use Personal Data to complete payment transactions and to provide payment-related services to our Users.
Marketing and events-related communications
We may send you email marketing communications about GR8PAY products and services, invite you to participate in our events or surveys, or otherwise communicate with you for marketing purposes, provided that we do so in accordance with the consent requirements that are imposed by applicable law. For example, when we collect your business contact details through our participation at trade shows or other events, we may use the information to follow-up with you regarding an event, send you information that you have requested on our products and services and, with your permission, include you on our marketing information campaigns.
We do not use, share, rent or sell the Personal Data of our Users’ Customers for interest-based advertising. We do not sell or rent the Personal Data of our Users, their Customers or our Site visitors.
How We Disclose Personal Data
GR8PAY does not sell or rent Personal Data to marketers or unaffiliated third parties. We share your Personal Data with trusted entities, as outlined below.
We share Personal Data with other GR8PAY entities in order to provide our Services and for internal administration purposes. This includes the monitoring of transactional values for Pay2Code. Pay2Code is a subsidiary of GR8PAY, all data is owned by GR8PAY and shared to provide developers a commission payment based on the transactional values of GR8PAY clients that they have introduced to GR8PAY.
We share Personal Data with a limited number of our service providers. We have service providers that provide services on our behalf, such as identity verification services, website hosting, data analysis, information technology and related infrastructure, customer service, email delivery, and auditing services. These service providers may need to access Personal Data to perform their services. We authorize such service providers to use or disclose the Personal Data only as necessary to perform services on our behalf or comply with legal requirements. We require such service providers to contractually commit to protect the security and confidentiality of Personal Data they process on our behalf. Our service providers are predominantly located in the European Union and the United States of America.
We share Personal Data with third party business partners when this is necessary to provide our Services to our Users. For example, and not solely Pay2Code.
Our Users and third parties authorized by our Users
Compliance and harm prevention
We share Personal Data as we believe necessary: (i) to comply with applicable law, or payment method rules; (ii) to enforce our contractual rights; (iii) to protect the rights, privacy, safety and property of GR8PAY, you or others; and (iv) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include authorities outside your country of residence.
Your Rights and Choices
You have choices regarding our use and disclosure of your Personal Data:
Opting out of receiving electronic communications from us
If you no longer want to receive marketing-related emails from us, you may opt-out via the unsubscribe link included in such emails. We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt-out of receiving marketing-related emails from us, we may still send you important administrative messages that are required to provide you with our Services.
How you can see or change your account Personal Data
If You would like to review, correct, or update Personal Data that You have previously disclosed to us, You may do so by signing in to your GR8PAY account or by contacting firstname.lastname@example.org
Your data protection rights
Depending on your location and subject to applicable law, you may have the following rights with regard to the Personal Data we control about you:
- The right to request confirmation of whether GR8PAY processes Personal Data relating to you, and if so, to request a copy of that Personal Data;
- The right to request that GR8PAY rectifies or updates your Personal Data that is inaccurate, incomplete or outdated;
- The right to request that GR8PAY erase your Personal Data in certain circumstances provided by law;
- The right to request that GR8PAY restrict the use of your Personal Data in certain circumstances, such as while GR8PAY considers another request that you have submitted (including a request that GR8PAY make an update to your Personal Data); and
- The right to request that we export to another company, where technically feasible, your Personal Data that we hold in order to provide Services to you.
Where the processing of your Personal Data is based on your previously given consent, you have the right to withdraw your consent at any time. You may also have the right to object to the processing of your Personal Data on grounds relating to your particular situation.
Process for exercising data protection rights
In order to exercise your data protection rights, you may contact GR8PAY as described in the Contact us section below. We take each request seriously. We will comply with your request to the extent required by applicable law. We will not be able to respond to a request if we no longer hold your Personal Data. If you feel that you have not received a satisfactory response from us, you may consult with the data protection authority in your country.
For your protection, we may need to verify your identity before responding to your request, such as verifying that the email address from which you send the request matches your email address that we have on file. If we no longer need to process Personal Data about you in order to provide our Services or our Sites, we will not maintain, acquire or process additional information in order to identify you for the purpose of responding to your request.
If you are a Customer of a GR8PAY User, please direct your requests directly to the User. For example, if you are making, or have made, a purchase from a merchant using GR8PAY as a payment processor, and you have a request that is related to the payment information that you provided as part of the purchase transaction, then you should address your request directly to the merchant. We are unable to discuss financial transaction with anyone other than merchant clients and or development introduction partners.
Security and Retention
We make reasonable efforts to ensure a level of security appropriate to the risk associated with the processing of Personal Data. We maintain organizational, technical and administrative measures designed to protect Personal Data within our organization against unauthorized access, destruction, loss, alteration or misuse. Your Personal Data is only accessible to a limited number of personnel who need access to the information to perform their duties. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please contact us immediately.
We retain your Personal Data as long as we are providing the Services to you. We retain Personal Data after we cease providing Services directly or indirectly to you, even if you close your GR8PAY account or complete a transaction with a GR8PAY User, to the extent necessary to comply with our legal and regulatory obligations, and for the purpose of fraud monitoring, detection and prevention. We also retain Personal Data to comply with our tax, accounting, and financial reporting obligations, where we are required to retain the data by our contractual commitments to our financial partners, and where data retention is mandated by the payment methods that we support. Where we retain data, we do so in accordance with any limitation periods and records retention obligations that are imposed by applicable law.
International Data Transfers
If you are located in the European Economic Area (“EEA”), the UK or Switzerland, we comply with applicable laws to provide an adequate level of data protection for the transfer of your Personal Data to the US. GR8PAY Inc. is certified under the EU-U.S. and the Swiss-U.S. Privacy Shield Framework and adheres to the Privacy Shield Principles in connection with personal data transfers from the EEA, the UK and Switzerland.
Where applicable law requires us to ensure that an international data transfer is governed by a data transfer mechanism, we use one or more of the following mechanisms: EU Standard Contractual Clauses with a data recipient outside the EEA or the UK, verification that the recipient has implemented Binding Corporate Rules, or verification that the recipient adheres to the EU-US and Swiss-US Privacy Shield Framework.
Use by Minors
The Services are not directed to individuals under the age of thirteen (13), and we request that they not provide Personal Data through the Services.
Links To Other Websites
The Services may provide the ability to connect to other websites. These websites may operate independently from us and may have their own privacy notices or policies, which we strongly suggest you review. If any linked website is not owned or controlled by us, we are not responsible for its content, any use of the website or the privacy practices of the operator of the website.
Residents of the European Economic Area (EEA), the UK and Switzerland. The entity responsible for the collection and processing of Personal Data for residents of the EEA, the UK and Switzerland is GR8PAY Ltd., a company incorporated in England and with offices at Bowman House, Whitehill Lane, Swindon, SN4 7DB. To exercise your rights, the Data Protection Officer may be contacted via email@example.com
If you are a resident of the UK and the UK is no longer a Member State of the EU, you may direct your questions or concerns to the UK Information Commissioner’s Office.
If You have any issues then please contact us firstname.lastname@example.org
A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
Cookies that we use
Cookies used by our service providers
Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:
(a) https://support.google.com/chrome/answer/95647?hl=en (Chrome);
(d) https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer);
(e) https://support.apple.com/kb/PH21411 (Safari); and
4.2 Blocking all cookies will have a negative impact upon the usability of many websites.