Last updated: February 12, 2020
Thank you for using PayMongo!
Please read this Policy carefully. By clicking the applicable button or checkbox to indicate your acceptance to this Policy and our Terms, or otherwise by creating an Account and using the Service, you represent and agree that you have read, understand, and agree to be bound by both this Policy and our Terms as binding agreements.
We may update this Policy from time to time. If you continue using the Service after we make any changes to this Policy, you accept and agree to be bound by those changes. The most updated version of this Policy will always be posted on the Service, so we encourage you to check the Policy periodically. In certain situations, we may notify you about material changes to the Policy. You are responsible for ensuring we have an up-to-date, active, and deliverable email address on file for you, and you agree that your use of the Service will be subject to any updated Policy posted on the Service, whether or not you receive notice of such changes.
This Policy applies to personal information we collect on the Service. It does not apply to any non-personal information or any information collected by any third party. As used in this Policy, “personal information” means information that can be used to identify any natural person either directly or indirectly.
Moreover, if you are a Customer, we may collect Customer Data either directly from you or from the user using our Payment Processing Services.
2. Personal Information We Collect
2.1 Personal Information You Voluntarily Provide to PayMongo
When you register for an Account, we require that you provide us with certain personal information about you. This includes, but is not limited to, your first and last name, e-mail address, and the name of your business. As part of the account registration and verification process, we may also ask you for certain other information, such as your phone number and your business’s tax identification number, as well as documents that include personal information about you. These documents include, but are not limited to, government-issued identification including identification containing photo and signature, bank statements, proof of income, documentation verifying the legal existence of your business and its beneficial owners and principals, bank statements and related banking information, and other financial documents to verify your identity and assess the risk associated with your business. Even if you access and use the Service without registering for an Account, you may choose to provide us with certain personal information about you (for example, you may want to sign up for our newsletters or RSVP for events). The collection of this information is necessary to provide the functionality of the Service and/or to comply with applicable laws and regulations related to the Service’s product offerings.
If you are a Customer, when you make a payment through a user’s website or application in relation to a Transaction, we will receive certain Customer Data. Customer Data may include:
- First and last name;
- Physical and/or mailing address;
- Financial information, including but not limited to credit or debit card numbers or bank account information;
- Email address; and
- Phone number.
The collection of this Customer Data is necessary to provide the functionality of the Service (mainly, to process the Transaction) and/or to comply with applicable laws and regulations related to the Service’s product offerings. We may use Customer Data for the following purposes: (i) providing and improving the Services; (ii) internal usage, including but not limited to, data analytics and metrics so long as such Customer Data has been anonymized and aggregated with other customer data; (iii) complying with applicable legal requirements and assisting law enforcement agencies by responding to requests for the disclosure of information in accordance with applicable law; and (iv) any other purpose for which consent has been provided by the Customer.
2.2 Personal Information We Collect Automatically
We collect certain information about you automatically as you access and use the Service and may similarly collect information from Customers. This includes:
- Device information, such as a unique device identifier; and
- Location information, such as your IP address or geo-location.
This information does not identify you directly but may nevertheless be considered personal information.
2.3 How We Use Personal Information
We use the personal information that we collect to make the Service available to our users, to comply with our legal obligations under anti-money laundering and related laws, to market and promote the Service, to improve the Service, and to protect our legal rights.
Examples of the ways in which we may use your personal information include:
- Allowing you to register for an Account and use the Payment Processing Services;
- Verifying your identity in compliance with our obligations under applicable law;
- Identifying fraudulent or illegal activity;
- Providing you with information, products or services that you request from us;
- Carrying out our obligations and enforcing our rights arising from any contracts entered into between you and us, including for billing and collection;
- Notifying you about changes to the Service, such as updates to this Policy; and,
- Understanding how our users interact with the Service to improve the Service and our product offerings.
In addition to the above, if you choose to opt in to receive marketing and promotional communications from us, we may use your personal information to contact you about our products. If you no longer want to receive marketing-related emails from us, you may opt-out via the unsubscribe link included in such emails, or by whatever other means we allow you to unsubscribe. We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt-out of receiving marketing-related emails from us, we may still send you important administrative messages that are required to provide you with our Services.
We may also use your personal information for any other purposes with your consent.
2.4 How We Share Personal Information
We may disclose or share personal information that we collect in the following circumstances:
- With our subsidiaries and affiliates (please refer to the List of Third Parties for the list thereof);
- With our contractors and vendors who support aspects of the Service and our business, including: services related to website hosting, data analysis, information technology and related infrastructure, bank account identity and authentication, helpdesk and support, user identity verification, and fraud prevention (please refer to List of Third Parties for the list of said contractors and vendors);
- With our banking partners, including Payment Method Providers and Acquirers, who enable the processing of Transactions via the Payment Processing Services (please refer to the List of Third Parties for the list thereof);
- With a buyer or other successor in the event of a merger, reorganization, dissolution or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about our users is among the assets transferred (in such event, we will provide notice to our users of such transfer);
- When we believe, in good faith, that disclosure is necessary to prevent physical harm or financial loss, to report suspected illegal activity, or to investigate violations of our Terms of Service or any other applicable policies; and
- With your express consent.
Any third-party entity to whom we disclose your personal information is contractually required to comply with confidentiality standards and establish adequate safeguards for data privacy, undertake to respect your right to privacy and comply with applicable laws. We also require that these third-party entities use information shared with them only for authorized purposes and follow our reasonable directions with respect to this information.
Additionally, we may share your personal information as required to comply with any subpoena, court order, similar legal process, including to respond to any government or regulatory request. To the extent permitted by law, we will notify you if we receive government requests about your data.
Finally, we may disclose anonymized, non-personal information about the Service and our users without restriction.
If you do not wish any of your personal information to be shared to any third party or for any of the indicated purposes, please contact us immediately.
2.5 Accessing and Correcting Your Information
You are solely responsible for ensuring that any personal information that you provide to us is accurate. You may be able to view and update certain personal information that we have about you by logging into your Account or by emailing address provided at the end of this Policy. Please note that we reserve the right to reject any changes you make to your personal information and to reject any requests to change your personal information submitted through inappropriate channels.
3. Data Security
We use commercially reasonable physical, technical, and administrative measures to secure your personal information from accidental loss and from unauthorized access, use, and disclosure. For example, we (i) have implemented a strict data security policy, (ii) restrict access to personal information to employees, contractors, and other service providers on a need-to-know basis, (iii) use industry-standard encryption technology to secure data, (iv) train our personnel on privacy issues and have appointed a data privacy officer, (v) review the privacy practices of new products and services that we integrate into our Service, and (vi) require our personnel to sign confidentiality agreements that extend to your personal information. However, the transmission of information via the Internet is not completely secure. As we cannot guarantee the security of information transmitted to or from us, we are not responsible for any unauthorized access to and disclosure of any information you send to or receive from us. Any transmission of personal information is at your own risk.
Please also keep in mind that the safety and security of your information also depends on you. You are responsible for keeping your account information, including your password, confidential. We ask you not to share your password with anyone. If you have reason to believe that your data is no longer secure, please contact us immediately at the email address, mailing address or telephone number listed at the end of this Policy.
4. Data Retention
We may retain your personal information for the longer of: (i) six (6) months after receipt of your request to delete your Account; (ii) the length of time required by law; (iii) the length of time required by our compliance program; or (iv) the length of time required by our banking partners, including Payment Method Providers and Acquirers. Please note that if you delete your Account, we may still retain your personal information as explained above. You may delete your Account through the Dashboard, or you may email the address provided at the end of this Policy.
5. Automated Data Collection Technologies
As you navigate through and interact with the Service, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions and patterns, as further described in this Policy.
5.1 Cookies and Analytics
Other Technologies. We may use other third-party services that automatically collect information about you to better understand how you use and interact with the Service. For example, we may use third-party vendors to provide us with services surrounding analytics, advertising, and cybersecurity. The information collected through this process by the third-party service providers does not enable us or them to identify your name, contact details or other personal information that directly identifies you unless you choose to provide these.
5.2 “Do Not Track” Signals
To the extent that we receive any Do-Not-Track signals, we will not comply with them.
6. Third-Party Services
Any third-party services integrated with the Service shall be subject to the policies and practices of such third parties, and we are not responsible for how they collect, use, and share your personal information. We encourage you to review the privacy practices and policies of such third parties. We make no guarantees about, and assume no responsibility for the information, services, or data privacy practices of third parties.
7. Contact Us
To ask questions or comment about this Policy and our privacy practices, contact us.