Privacy policy

Doinpay (“we”, “our” or “us”), acts as a payment aggregator facilitating payment processing (“Doinpay Service”) for our customers (the “merchants”). During this payment processing, PayerMax will need personal information to process specific transactions. This Doinpay Privacy Policy describes how we collect, use, store and disclose personal information.

Doinpay may process personal information of the following categories of individuals in the provision of Doinpay Services: (a) individuals employed or associated with merchants, such as representatives, suppliers or end-users; (b) vendors or business partners or individuals employed or associated with such organisations that assist us in the provision of Doinpay Service; and (c) visitors that log on or use our website https://www.Doinpay.com/. We collectively refer to the individuals listed above as “you” in this Privacy Policy. We process the personal information of end-users of merchants on behalf of the merchants. We are not responsible for and have no control over the privacy or security practices of the merchants, which may differ from those explained in this Privacy Policy. If your personal information has been submitted to us by or on behalf of the merchants and you wish to exercise any rights you may have under applicable data protection laws, please inquire with them directly. Your use of Doinpay Service is governed by the Doinpay Terms of Service, which describes in more detail the Doinpay Service covered by this Privacy Policy. Capitalized terms not defined in this Doinpay Privacy Policy shall have the meaning ascribed to them in the Doinpay Terms of Service. Information we collect and how we use it Sources of information We process personal information that you provide to us in a number of ways, including: • When you make or receive a payment from the merchants who using Doinpay Service • When you make an inquiry about our Doinpay Service or otherwise interact on our website • When you interact with us by telephone, email and other electronic communication • When you attend an event with us or a third party we are working with or sign up to receive publications from us • When we onboard you as a merchant and interact regarding our service • When you provide services to us or seek to provide such services We may also process your personal information from third-party sources as necessary for the provision of Doinpay Service. We may obtain this information from your organisation, from public sources or third parties, depending on the relevant circumstances. For example, we may obtain certain personal information about you from: • Third-party licensed payment provider or bank, such as your transaction information, as necessary to provide Doinpay Service; or • third parties, such as government agencies, information service providers, or from publicly available records to carry out due diligence and other legally required compliance checks, such as those related to knowing your customer (KYC), anti-money laundering (AML) and Specially Designated Lists. Type of personal information When you use our website or when we interact with you to provide Doinpay Service or to receive services from you as a vendor, the personal information we receive, collect and process may include: • Contact information, such as your name, email, phone number, billing address. In addition to the information listed above, we may collect information about the transaction from you depending on which payment method you choose to make or receive a payment, including: • Bank card information such as the name on the card, card type, card number, card verification value, and expiration date, or the information about the account you open with other licensed payment channels to process the payment; • Identification information, such as your ID number or tax number, Customer ID generated by merchants to verify the process the transactions or conduct anti-money laundering and/or fraud prevention checks; • Transaction information, such as amount and time of transaction, currency and language you used; We collect the following personal information from your device when you use Doinpay Service to carry out data analysis for advertising, and to protect you from fraud, phishing or other misconduct: • IP address, app version, system version and type, device model, system language, network type, carrier, android ID, Mac address, IMEI, advertising identifier number and browser system. You may provide your personal information to us voluntarily. However, there are circumstances in which we may not be able to assist you, or an organization with which you are associated, unless you provide us with your personal information. For example, your personal information may be required for legally required compliance checks, for security and other reasons to allow you to access Doinpay Service. In these cases, without the relevant personal information, we may be unable to assist you, and we would inform you that this is the case. We do not knowingly collect personal information from or about children under the age of 18. If you are under 18, please do not use Doinpay Service or send any personal information about yourself to us. If we learn that we have collected personal information from a child under 18, we will delete that information as soon as possible. If you believe that a child under 18 may have provided us personal information, please contact as using details provided in section 8 below. Legal justification for our use of your personal information We may process your personal information in connection with any of the purposes set out above on one or more of the following legal grounds: • To perform our obligations under a contract with you or your organization; • To comply with our legal obligations, as well as to keep records of our compliance processes or tax records; • To pursue our legitimate interests, or those of a third-party recipient of your personal information, provided that those interests are not overridden by your interests or fundamental rights and freedoms. Specifically, we have legitimate interests in promoting and marketing our services to existing and potential customers, in maintaining customer accounts for efficient operation of our business, in keeping our information, trade secrets and confidential data safe and secure, in handling complaints and claims to protect our business; or • Based on your consent to process your personal information in that manner. Information we share We will only share your personal information with third parties in the following circumstances: • A merchant. If we have collected your personal information in the course of providing Doinpay Service to that merchant, and where permitted by law to others for the purpose of providing Doinpay Service. For example, when you make a purchase or transaction with that merchant, we make certain personal information about you available to the merchant you purchase from or transact with; • Licensed payment service provider. We may exchange certain personal information about you to enable the provision of Doinpay Service, such as your transaction information with the licensed payment service provider or bank as necessary to provide Doinpay Service; • Third parties providing services for AML/KYC checks, credit risk reduction, and other fraud and crime prevention purposes, or similar services, including financial institutions, credit reference agencies, and regulatory bodies with whom such personal information is shared; • Courts, law enforcement authorities, regulators, government officials or other competent authorities where it is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim, including in order to protect the legitimate rights and interests of you and others. Such disclosures may be necessary for us to comply with mandates from FATF and local AML/CFT requirements. We may provide your Customer ID, contact information, and any other transaction information to competent authorities; • Service providers which we engage to process personal information for any of the purposes listed above on our behalf and in accordance with our instructions only, such as licensed payment service providers, cloud storage providers; and/or • Prospective sellers or buyers of any of our business or assets to which we might assign or novate any of our rights and obligations; in such case we may disclose your personal information to the prospective seller or buyer of such business or assets. Any information you provide directly to a third-party merchant, website or application is not covered by this Doinpay Privacy Policy. We are not responsible for the privacy or security practices of merchants or other third parties with whom you choose to share your personal information directly. We encourage you to review the privacy policies of any third party to whom you choose to share your personal information directly. The personal information we collect may be transferred to and stored outside of the country you use Doinpay Service for the purposes specified in this Privacy Policy. For example, we store all of our data, including personal information, with AWS in Singapore. Any international transfers of your personal information will be made according to appropriate safeguards under the applicable laws and regulations. If you wish to enquire further about these safeguards used, please contact us using the details set out in section 8 of this Privacy Policy. We may transfer your personal information outside of the country where you use Doinpay Service, and where we do so we will protect personal information as required by applicable laws. How long do we keep your personal information? Your personal information will be retained only for as long as necessary for the purposes for which the information was collected, except where necessary to meet our legal obligations (for example, in relation to KYC/AML requirements) or to establish, exercise or defend potential legal claims or to pursue our legitimate interests. Your rights Your rights will depend on the laws which apply to you and us, but you may have: • the right to obtain access to your personal information, • to have your personal information we hold rectified or deleted, • to restrict our processing of that information, • to object to our processing of personal information, • to have your personal information transferred to you or another organisation, and • to lodge a complaint with a relevant data protection authority. Where you have provided us with consent for the processing, you may be able to withdraw it. Please note that even after you have chosen to withdraw your consent, we may be able to continue to process your personal information to the extent required or otherwise permitted by law, in particular in connection with exercising and defending our legal rights or meeting our legal and regulatory obligations. To withdraw your consent or to exercise any of the rights above, if they are applicable, you should use our contact details set out in section 8 below. We must ensure that your personal information we hold is accurate and up to date, where relevant. Therefore, please advise us of any changes to your information by emailing us. Security We are concerned about safeguarding the confidentiality of your information. We employ administrative, physical and electronic measures designed to protect your Information from unauthorized access and use. Please be aware that no security measures that we take to protect your information are absolutely guaranteed to avoid unauthorized access or use of your information which is impenetrable. Sensitive Information We ask that you not send us, and you not disclose, any sensitive personal information (e.g., information related to your e-wallet password, credit or debit card password, racial or ethnic origin, political opinions, religion or other beliefs, health, sexual orientation, criminal background or membership in past organizations, including trade union memberships) through Doinpay to us, unless such information is required by us for legal compliance checks, such as KYC/AML. Contacting Us If you have any questions, complaints or comments about this Doinpay Privacy Policy or our privacy practices, or to report any violations of the Doinpay Privacy Policy, please contact us at: dpo@Doinpay.com. Changes to This Privacy Policy We may revise this Doinpay Privacy Policy from time to time to reflect any changes to the way how we process your personal information or changing legal requirements. The most current version of the policy will govern our use of your information. Please check back frequently to see any updates or changes. This Privacy Policy was last updated on the date provided at the top of this page. Supplemental Terms The following additional or amended terms shall apply to you if you are a user in the relevant jurisdiction specified below. Brazil Law No. 13,709/2018 (the Brazilian General Data Protection Law, aka “LGPD”) offers additional rights and regulations for individuals located in Brazil. Further to the information set out in sections 1, 5, 7, and 10 of this Privacy Policy, the following additional information applies to you if you are located in Brazil: Minor’s Personal Information: We do not knowingly collect personal information from or about children and adolescents under the age of 18. If you are under 18, please do not attempt to use Doinpay Service or send any personal information about yourself to us. If we learn that we have collected personal information from a child or adolescent under 18, we will delete that information as soon as possible. If you believe that a child or adolescent under 18 may have provided us personal information, please contact us. Data subject’s requests: Under Article 18 of the LGPD, you have the following rights as data subject: • confirmation of the existence of processing activities; • access to your personal information; • correction of incomplete, inaccurate, or outdated personal information; • anonymization, blocking or elimination of unnecessary or excessive personal information or of information processed in noncompliance with the LGPD; • portability of your personal information; • elimination of your personal information processed with your consent; • information of the public and private entities with which we shared your personal information; • information on the possibility of not providing consent and on the consequences of the denial; • revocation of consent; and • petition against us before the National Authority for Data Protection (“ANPD”). Indonesia If the Services are used or accessed from within Republic of Indonesia, then the following supplemental terms shall apply and override any conflicting provisions in the Privacy Policy: Consent from third parties. If you provide any personal data or information of third party individuals and/or parties, you represent and warrant that you have obtained the necessary consent to do so. Data sharing. We will not share your information with third parties for any purposes other than the provision of Doinpay Service specified herein, without your consent. Governing Language. These Privacy Policy are made in English and Indonesian language versions. In the event of any discrepancy between the English and Indonesian language versions, the English language version shall prevail. Parental or Guardian Consent. If you are under the age of 21, you hereby represent that you had the consent of your parent or legal guardian to use the Doinpay Service. Waiver. For the purpose of termination and/or dissolution and/or rescission of the Privacy Policy, we and you hereby waive the applicability of the provisions under Article 1266 of the Indonesian Civil Code, to the extent that the court order and/or decision would otherwise be required to validly terminate and/or dissolve and/or rescind the Privacy Policy. Philippines If the Services are used or accessed from within Philippines, then the following supplemental terms shall apply and override any conflicting provisions in the Privacy Policy: Clause 1 (Information we collect and how we use it), add: If you have provided us with personal information of third party individuals, you are required to obtain the individual's prior consent and you represent and warrant that you had or have their consent or are otherwise entitled to provide their personal information to us. By providing us with personal information of third party individual(s), you also warrant that the individual(s) is informed of and consents to the terms of this Privacy Policy. Clause 3 (Information we share), combine bullets 3 and 5 as follows: Service providers which we engage to process personal information for any of the purposes listed above on our behalf and in accordance with our instructions only, such as local licensed payment service providers, cloud storage providers as well as companies providing services for AML/KYC checks, credit risk reduction, and other fraud and crime prevention purposes, and companies providing similar services, including financial institutions, credit reference agencies, and regulatory bodies with whom such personal data is shared; and/or Clause 5 (Your rights) insert following clause: Where you have provided us with consent for the processing, you may be able to withdraw it. Please note that even after you have chosen to withdraw your consent, we may be able to continue to process your personal information to the extent required or otherwise permitted by law, in particular in connection with exercising and defending our legal rights or meeting our legal and regulatory obligations or for any of the purposes set out in this Privacy Policy where the processing of your personal information is not based on consent. South Korea If the Services are used or accessed from within South Korea, then the following supplemental terms shall apply and override any conflicting provisions in the Privacy Policy: After the purpose of processing of your personal information is achieved, your personal information will be transmitted to a separate database (or moved to a separate storage if your information is retained in a paper form) and retained for a certain period in accordance with Doinpay’s internal regulations and other applicable laws and regulations before it is destroyed. Your personal information relocated to a separated database will not be used for other purposes, unless it is required under the applicable laws and regulations. When destroying your personal information, we will take reasonable and technically feasible measures to make the personal information irrecoverable. For example, electronic files that contain personal information will permanently be deleted using a technical method that makes the files irrecoverable, and any other records, print-outs, documents or any other recording media will be shredded or incinerated.