Privacy Policy
Privacy Policy
Effective Date: January 1, 2024
Last Updated: January 1, 2024
1. Introduction
Smilepayz ("we," "our," or "us") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our payment gateway services.
1.1 Our Commitment
We recognize the sensitive nature of financial data and are committed to maintaining the highest standards of data protection and privacy. This policy outlines our practices regarding the collection, use, and protection of your personal information in compliance with applicable data protection laws and regulations.
1.2 Scope
This Privacy Policy applies to all users of Smilepayz services, including merchants, customers, and visitors to our platform. By using our services, you acknowledge that you have read and understood this policy.
2. Information We Collect
2.1 Personal Identification Information (PII)
We collect the following personal identification information:
| Information Type | Examples | Purpose |
|---|---|---|
| Basic Information | Name, email address, phone number | Account creation and communication |
| Address Information | Physical address, billing address | Payment processing and verification |
| Business Information | Company name, business registration | Merchant account verification |
| Identity Documents | Government-issued ID, tax numbers | Compliance and verification |
2.2 Financial Information
Sensitive Data
Financial information is collected and processed with the highest level of security measures.
- Payment Method Details: Credit card numbers, bank account information
- Transaction Data: Payment amounts, transaction history, merchant details
- Billing Information: Invoice details, payment records
2.3 Technical and Operational Data
| Data Category | Examples | Collection Method |
|---|---|---|
| Device Information | IP address, device type, browser | Automatic collection |
| Usage Analytics | Page views, feature usage | Analytics tools |
| Security Logs | Login attempts, access patterns | Security monitoring |
| Performance Data | Response times, error logs | System monitoring |
3. How We Use Your Information
3.1 Primary Purposes
Payment Processing
- Process transactions and payments
- Verify payment method authenticity
- Prevent fraud and unauthorized transactions
Account Management
- Create and maintain user accounts
- Provide customer support
- Send important service notifications
Compliance and Security
- Comply with legal and regulatory requirements
- Implement security measures
- Conduct fraud prevention activities
3.2 Secondary Purposes
- Service Improvement: Analyze usage patterns to enhance our services
- Communication: Send relevant updates and marketing materials (with consent)
- Research and Development: Develop new features and services
4. Legal Basis for Data Processing
4.1 Contractual Necessity
We process your data to fulfill our contractual obligations when you use our services.
4.2 Legitimate Interest
We process data for our legitimate business interests, including:
- Fraud prevention and security
- Service improvement and development
- Compliance with legal obligations
4.3 Consent
We obtain explicit consent for:
- Marketing communications
- Non-essential data processing
- International data transfers
5. Data Sharing and Disclosure
5.1 Third-Party Service Providers
We may share your information with trusted third-party service providers:
| Service Provider | Purpose | Data Shared |
|---|---|---|
| Banking Partners | Payment processing | Transaction details, account information |
| Fraud Prevention | Security verification | Transaction patterns, device information |
| Cloud Services | Data storage | Encrypted personal and transaction data |
| Analytics Providers | Service improvement | Anonymized usage data |
5.2 Legal Requirements
We may disclose your information when required by law:
- Legal Proceedings: In response to court orders or legal processes
- Regulatory Compliance: To comply with financial regulations
- Security Investigations: To investigate security incidents or fraud
5.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the business transaction.
6. Data Security
6.1 Security Measures
We implement comprehensive security measures to protect your data:
Security Standards
Smilepayz maintains PCI DSS Level 1 compliance and implements industry-leading security practices.
Technical Security
- Encryption: AES-256 encryption for data at rest and in transit
- Access Controls: Multi-factor authentication and role-based access
- Network Security: Firewalls, intrusion detection, and DDoS protection
- Regular Audits: Third-party security assessments and penetration testing
Physical Security
- Data Centers: Secure, monitored facilities with 24/7 surveillance
- Access Controls: Biometric authentication and security protocols
- Environmental Controls: Climate control and fire suppression systems
Administrative Security
- Employee Training: Regular security awareness training
- Incident Response: Comprehensive incident response procedures
- Vendor Management: Strict security requirements for third-party vendors
6.2 Data Retention
| Data Type | Retention Period | Disposal Method |
|---|---|---|
| Transaction Data | 7 years | Secure deletion |
| Account Information | Active account + 3 years | Anonymization |
| Log Data | 2 years | Automated deletion |
| Marketing Data | Until consent withdrawal | Immediate deletion |
7. Your Rights and Choices
7.1 Data Subject Rights
You have the following rights regarding your personal data:
| Right | Description | How to Exercise |
|---|---|---|
| Access | Request a copy of your personal data | Contact our Data Protection Officer |
| Rectification | Correct inaccurate or incomplete data | Update through your account or contact us |
| Erasure | Request deletion of your personal data | Submit deletion request |
| Portability | Receive your data in a portable format | Request data export |
| Objection | Object to certain processing activities | Opt-out through account settings |
7.2 Opt-Out Options
- Marketing Communications: Unsubscribe from marketing emails
- Analytics: Opt-out of non-essential data collection
- Cookies: Manage cookie preferences through browser settings
8. International Data Transfers
8.1 Cross-Border Transfers
Your data may be transferred to and processed in countries other than your own. We ensure adequate protection through:
- Standard Contractual Clauses: EU-approved data transfer agreements
- Adequacy Decisions: Transfers to countries with adequate data protection
- Certification Schemes: Industry-recognized privacy certifications
8.2 Regional Compliance
We comply with regional data protection regulations:
- GDPR: European Union General Data Protection Regulation
- CCPA: California Consumer Privacy Act
- LGPD: Brazilian General Data Protection Law
- PDPA: Singapore Personal Data Protection Act
9. Children's Privacy
9.1 Age Restrictions
Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18.
9.2 Parental Rights
If you believe we have collected information from a child under 18, please contact us immediately for removal.
10. Changes to This Policy
10.1 Policy Updates
We may update this Privacy Policy from time to time. We will notify you of any material changes by:
- Email Notification: Sending notice to your registered email address
- Website Notice: Posting prominent notice on our website
- Account Notification: Displaying notice in your account dashboard
10.2 Effective Date
The effective date of any changes will be clearly indicated at the top of this policy.
11. Contact Information
11.1 Data Protection Officer
For privacy-related inquiries, please contact our Data Protection Officer:
Email: [email protected]
Address: [Company Address]
Phone: [Contact Number]
11.2 Regulatory Authorities
You have the right to lodge a complaint with your local data protection authority if you believe we have not addressed your concerns adequately.
12. Additional Information
12.1 Cookie Policy
For information about how we use cookies and similar technologies, please refer to our Cookie Policy.
12.2 Terms of Service
This Privacy Policy is part of our Terms of Service. By using our services, you agree to both documents.
This Privacy Policy is effective as of the date stated above and supersedes all previous versions.