Recently updated: May 1, 2020
NAYAX is committed to your right to privacy. Protecting our Users’ privacy is a core value of NAYAX, and we take precautions to ensure the protection of our Users’ personal data as well as to comply with applicable privacy and data protection legislation. We respect the fact that our Users’ personal data and original content are their own, and have implemented mechanisms to ensure you have control over your data and content. A reference to “NAYAX” “we,” “us” or the “Company” is a reference to NAYAX Ltd. and the relevant affiliate involved in the data processing activity.
- You are not required by law to provide us with any Personal Data (as defined below). Sharing Personal Data with us is entirely voluntary.
- Our Site and/or Services are intended for Users over the age of 16 or equivalent minimum age for providing consent to processing of Personal Data in the relevant jurisdiction. Children under such age are not permitted to register to or use the Services. If you are under such age you should cease to use the Services immediately.
- As an essential part of our business, we collect and process data regarding Consumers on behalf of Customer. In doing so, we may act as a “Data Processor” in respect of the information gathered and processed by us.
- You may be entitled to request to review, amend, erase or restrict the processing of your Personal Data, pursuant to applicable laws. Please note that in case you request to erase or restrict the processing of your Personal Data, your use of the Services may be restricted. You may be entitled to exercise additional rights under the CCPA, please refer to our User Rights Policy.
- We do not sell, trade, or rent Users’ Personal Data to third parties. We only share Personal Data with third parties in connection with the provision of the Services to our Users, or other limited circumstances specified herein.
- What is Personal Data, and what data is collected about me by NAYAX?
“Personal Data” or “Personal Information” (will be referred together as “Personal Data”), means any information which identifies or can be used to identify a natural person, including, but not limited to, first and last name, phone number, email address, online identifiers, IP address, billing information, information concerning households, devices etc.
“Non-Personal Data”, means non-identifiable aggregated data, such as technical data transmitted by the user’s device and aggregated use of the website. This data is not used to identify individuals.
Personal Data is only used for limited purposes, as specified below.
|Type of user and type of Data||Purposes of Processing||For EU persons – Legal Basis under the GDPR|
Customers onboarding and registration data
In order to provide Customers with the Services, or when a Customer registers to our Services, we collect information regarding the Customer and its users: Customer’s full name (in case the Customer is an individual), contact details of the Customer’s focal point person, address, phone number, financial information for billing purposes, and email address.
Additionally, In order to fulfill our legal obligations to prevent fraud and money laundering, we will obtain information for the purpose of “Know Your Client” (KYC) check. Such information includes, information regarding Customer or Customer’s shareholders (if the Customer is a legal entity that is not an individual), such information includes identification number (SSN, passport, I.D. number or driving license number), financial information (credit card number and banking information, date of birth, residence country, citizenship country, nationality, position, phone and mobile number, face snapshot and video, and copy of the identification document.
To onboard our Customers to our Services and sign-up registration;
To provide the Services to our Customers;
To identify authorized Users to access the Services, and in particular to the NAYAX Dashboard and perform activities;
To resolve any disputes, communicate with you regarding customer service and support issues, and to respond to questions or comments and help resolve any problems.
1. Necessity of processing for the purposes of the legitimate interests of NAYAX.
2. To perform the contract which the Customer is a party; or
3. In order to take steps at the request of the Customer prior to entering into a contract.
4. To fulfil our legal obligation.
Technical Information, Geolocation and Online Identifiers
We collect technical information transmitted by your device when using the NAYAX Dashboard via desktop application or our mobile application, this information include: type of the device used to access the Services, date and time stamp and language, preference approximate geolocation (i.e., country), and user’s actions such as page views, search queries, etc. Please note that if you use the NAYAX Dashboard via our mobile app we will collect your precise location.
In addition, when you access the Services, we collect your IP address (“Online Identifiers”). Note that, while the Online Identifiers are considered Personal Data in many jurisdictions (such as the EEA and in California), there are some jurisdictions in which such data sets is not considered as Personal Data. We treat the Online Identifiers as Personal Data, in accordance with applicable laws.
This information is collected automatically via your use of the NAYAX Dashboard.
To identify authorized users of Customer;
To access and use the Services, and in particular to the NAYAX Dashboard and perform activities.
To resolve any disputes, communicate with you regarding customer service and support issues, and to respond to questions or comments and help resolve any problems
Consumers use of the Services
Consumers using prepaid cards
When you pay with prepaid cards while using the Services, we may collect and process additional information about you, such as: your name, email address, and your phone number. If you are an employee using the Service in connection with your workplace (e.g. when your employer provides you with prepaid card), we may also receive additional information regarding you and your workplace, through your employer, such details may include your balance on your employment card/prepaid card.
e Receipt Consumers
In the event you registered to the eReceipt service, we will collect additional information about you, such as your email address, name, and address.
To provide you with the Services, and enable you to pay for goods and services offered by the Customers via our Services (i.e. Payment Solution such as the VPOS and other hardware means).
To provide our Customer with the Services they subscribed to, therefore we will share with our Customers information we collected from you.
To resolve any disputes, communicate with you regarding customer service and support issues, and to respond to questions or comments and help resolve any problems.
For eReceipt Users – in order to send you the receipt via email.
Contact Us Information
If you contact us for support, business or refund services via the “Contact Us” or “Support” features, we will collect certain information regarding you, such as your full name, your email, your phone number, your company (if applicable to you), country, the content of your massage, etc.
|To answer your queries and provide you with the services you requested from us.||
If you voluntarily subscribe to our newsletter through the Site (or otherwise agree to receive our updates and content), you may be requested to provide us with your email address, name of Company and country. You can unsubscribe at any time using the unsubscribe option within the body of the applicable email or by contacting us directly.
|We use this information solely to provide you with the content you have requested.||
When you visit our Site we log your IP address. We collect additional Online Identifies via cookies placed on your browser. Such information include, the type of the visitor’s operating systems, type of browser, access time and date, user’s click-stream, visitor’s actions on the Site, browsing data (e.g., directing URL’s), search queries, browser history, and approximate location.
|We collect this type of information for the purpose of operating, providing, maintaining, protecting, managing, customizing and improving our Site and Services and the way in which we offer them; enhancing your experience with the Site and Services; auditing and tracking usage statistics and traffic flow, and detecting fraud, security or technical issues in connection with the Site and Services.||
In addition, we may use certain Personal Data to prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts and any other misuse of the Site or the Services and to enforce the Terms and Conditions, as well as to protect the security or integrity of our databases, Site and the Services, and to take precautions against legal liability. Such processing is based on out legitimate interests.
Non-Personal Data, aggregate and statistical or otherwise anonymized data may be shared without limitation with third parties at our discretion. This information does not contain Personal Data and is used to develop content and services for our Users. Please note that we may also use Personal and non-Personal Data in connection with automatic analysis of our users’ behavior.
- Will NAYAX Share my Personal Data?
Non-Personal Data, aggregate and statistical or otherwise anonymized data may be shared without limitation with third parties at our discretion. This information does not contain any Personal Data and is used to develop content and services for our Users and clients.We share Personal Data only under the following limited circumstances:
- We share Personal Data about Customers and Consumers with certain acquirers and credit card clearing services, payment gateways and credit card processors for the purpose of processing credit cards or debit card payments with respect to our Services provided to Customers and their Consumers.
- All Users. NAYAX operates with multiple suppliers in various fields of activity with respect to the Site and Services. Such third parties assist NAYAX in operating the Site and Services, conducting our business, expanding our business or servicing you, and for personalizing your experience of the Services such as fraud prevention, cloud storage services, bill collection, marketing, cloud storage services, maintenance and technology services.
- With our affiliates and connected companies, such as subsidiaries
- To comply with a legal requirement, for the administration of justice, to protect your vital interests or the vital interests of others, to protect the security or integrity of our databases or the Services, to take precautions against legal liability.
- Will NAYAX transfer my Personal Data internationally?
- NAYAX is a global company with offices all over the world. Our databases are located currently in Germany, Israel and in the US]. Some of our processing activities are made in Israel. The European Commission has decided that Israel ensures an adequate level of privacy and data protection, therefore, in accordance with the GDPR, the transfer of Personal Data to Israel is lawful and does not require any specific authorization.
- Any future transfer of Personal Data outside the EU to a third country (other than Israel) shall be made in accordance with applicable law, including by providing adequate protections, or otherwise implementing appropriate safeguards to ensure the protection of our Users’ rights.
- Will I receive SPAM from NAYAX?We may send users of the Services or Users who provided us with their consent with information on new products, features, activities, services and periodic announcements or newsletters. You may opt-out any time from such communications by either: (i) using the “unsubscribe” feature available within the message; or (ii) sending us an email to: firstname.lastname@example.org asking to opt-out.
- Users rights with respect to Personal DataSubject to applicable law requirements, we will provide individuals (i.e., our Users) with the opportunity to exercise their rights regarding their Personal Data. Individuals’ principal rights under data protection and privacy laws may include (you may have some or all of these rights depending on your jurisdiction):
- the right to confirm whether or not we process your Personal Data;
- the right to access your Personal Data and being provided with a copy of the Personal Data that we hold.
- the right to rectification of your Personal Data;
- the right to erasure of your Personal Data.
- the right to restrict processing of your Personal Data.
- the right to object to processing of your Personal Data;
- the right to data portability.
- the right to complain to a supervisory authority (in the event that you are a European Economic Area (“EEA”) resident); and
- the right to withdraw consent.
Please review our Privacy Users Rights Policy regarding your rights under applicable law.
You may exercise any or all of your above rights in relation to your Personal Data by filling out the Data Subject Request Form (“DSR”) and send it to our privacy team at: email@example.com.
Please note that –
- We may request additional information from you when you contact us with a DSR in order to: (i) verify your identity; (ii) determine the applicable laws apply to you; (iii) and locate your data.
- It may take time to process requests in a way that is consistent with applicable privacy law.
- Persons under 16Our Site and the Services provided through it is a general audience Site which is not directed to persons under 16 years old. If a parent or guardian becomes aware that his or her child has provided us with Personal Data without their consent, he or she should contact us immediately. We do not knowingly collect or solicit Personal Data from people under 16 years old. If we become aware that a person under 16 years old has provided us with Personal Data, we will delete such data from our databases.
- How does NAYAX protect your data?We implement measures to reduce the risks of damage, loss of information and unauthorized access or use of information in accordance with the applicable law. We adopt appropriate and generally accepted data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your Personal Data. In particular, your payment information is secured in accordance with the PCI-DSS standard. However, these measures are unable to provide absolute information security. Therefore, although efforts are made to secure your personal information, it is not guaranteed and you cannot reasonably expect that the Service and its related databases will be immune from any wrongdoings, malfunctions, unauthorized interceptions or access, or other kinds of abuse and misuse.
- Data RetentionUnless you instruct us otherwise and subject to applicable laws, we retain the information we collect for as long as needed to provide our services and to comply with our legal obligations, resolve disputes and enforce our agreements if applicable.
- Do Not Track DisclosureOur website does not respond to Do Not Track signals. For more information about Do Not Track signals, please see: http://www.allaboutdnt.com.
types of PERSONAL information we COLLECT
Under the CCPA, “Personal Information” is defined as any information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household or device. The categories of Personal Information that we collect (and has collected within the last 12 months), are detailed in the table below.
Please note that, under the CCPA Personal Information does not include: publicly available information from government records and de-identified or aggregated consumer information, information excluded from the CCPA’s scope (e.g., health or medical information covered by applicable laws such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA)); and information covered by certain sector-specific privacy laws (e.g., the California Financial Information Privacy Act (FIPA)).
|A. Identifiers.||A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers.||Yes|
|B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).||
A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information,
Some personal information included in this category may overlap with other categories.
|C. Protected classification characteristics under California or federal law.||national origin, citizenship, religion or creed, marital status,).||Yes|
|D. Commercial information.||Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||Yes|
|E. Biometric information.||No|
|F. Internet or other similar network activity.||Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.||Yes|
|G. Geolocation data.||Physical location or movements.||Yes|
|H. Sensory data.||Audio, electronic, visual, thermal, olfactory, or similar information.||No|
|I. Professional or employment-related information.||Current or past job history or performance evaluations.||Yes|
|J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).||Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.||No|
|K. Inferences drawn from other personal information.||Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.||No|
HOW WE COLLECT INFORMATION
Depending on the nature of your interaction with us, we may collect the above detailed information from you, as follows: (i) directly from you, for example, when a Customer subscribe to our Services he will fill his/her Personal Information as part of the onboarding process; (ii) automatically when you use the NAYAX Dashboard via desktop or app; (iii) from third-party business partners such as analytics providers.
USE OF PERSONAL INFORMATION
We may use, or disclose the Personal Information we collect for one or more of the following business purposes:
- To fulfill or meet the reason you provided the information. For example, if you contact us with an inquiry and share your name and contact information, we will use that Personal Information to respond to your inquiry.
- To provide, support, personalize, and develop our Site and Services, as well as improve our Site and Services.
- For security and fraud detection purposes, and to maintain the safety, security, and integrity of our Site Services.
- For testing, research, analysis, and product development, including to develop and improve our Site and Services.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- As described to you when collecting your Personal Information or as otherwise set forth in the CCPA.
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding.
We will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
SHARING AND SELLING DATA
We may disclose your Personal Information to a third party for a business purpose. When we disclose Personal Information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except performing the contract.
We share your Personal Information with the following categories of third parties:
(i) We share your Personal Information with our service providers (such as: AWS our cloud storage services, Salesforce, Pardot and clearing service providers)
(ii) We share your Personal Information data aggregators (such as: Salesforce Analytics and Google Analytics)
(iii) We share your Personal Information to our Customers (when you purchase through their vending machines and pay through the NAYAX cashless Payment Solution).
DISCLOSURES OF PERSONAL INFORMATION FOR A BUSINESS PURPOSE OR FOR SELLING PURPOSES
In the preceding twelve (12) months, the Company has disclosed the following categories of Personal Information for a business purpose:
Category A: Identifiers.
Category B: Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
Category C: Protected classification characteristics under California or federal law.
Category D: Commercial information: Commercial Information.
Category E: Biometric information: Facial photos
Category F: Internet or other similar network activity.
Category G: Geolocation data.
SALES OF PERSONAL INFORMATION
In the preceding twelve (12) months Company has not sold Personal Information (“selling” under CCPA relates to any disclosure, transfer, and selling of Personal Information for monetary or other valuable consideration).
YOUR RIGHTS REGARDING YOUR PERSONAL INFORMATION
The CCPA provides consumers with specific rights regarding their Personal Information. Please review our User Rights Policy regarding your rights under applicable law.
You may exercise any or all of your above rights in relation to your Personal Information by filling out the DSR Form and send it to our privacy team at: firstname.lastname@example.org.
- CONTACT US
By sending our DPO email at: email@example.com
By regular mail at:
3 Arik Einstain St., Herzliya 4659071 Israel