PayU’s Privacy Statement

Welcome to PayU. PayU and its businesses adhere to a set of core PayU privacy principles. 

These principles apply to all persons and organisations whose personal information (also referred to as personal data) we hold. We focus, in particular, on the following core principles:

  • To be transparent and to educate: You should understand what personal information is collected, for what purposes and to understand how we apply our privacy principles.  To view our full privacy statement, please click here.
  • To empower the individual: PayU wants you to be in control of your personal information and to make your own choices about your personal information.
  • To protect and keep your information secure: As a payments and financial services business, ensuring your personal information is kept safe and secure is one of our main business values. PayU works together to maintain your trust and we take responsibility to ensure that appropriate security standards are implemented and your personal information is protected.
  • To only collect and retain the personal information we need: PayU collects personal information to perform its services for you. We work to have controls in place to avoid collecting identifiable data beyond what we need.
  • To respect local law: PayU has a global presence, with local privacy expertise. To view the local applicable privacy statements (or privacy terms in our terms and conditions) for our local PayU business, please click here and select the country from the list.

The PayU privacy principles are global standards that we use to measure our commitment to data privacy legislation and to develop our services and products.

If you have any questions or want to report a privacy concern you can contact us at: privacy@payu.com

 

Full PayU Privacy Statement

WHO IS PAYU AND HOW DOES THIS PRIVACY STATEMENT WORK?

The purpose of this privacy statement is to give you information on how PayU collects and processes your personal information when you use our Website, software applications (“Apps”) and/or payment platforms (“Platforms”). This includes any personal information that you provide to PayU through this Website when you submit personal information via our business enquiry form so that PayU may contact you to explain our service offering to you.

PayU and its businesses are part of a group which is made up of a number of local operating entities in a number of markets across the world. “PayU”, “us” or “our” in this privacy statement refers to the PayU entity that is responsible for processing your personal information.

Read this privacy statement and the additional information (including the additional information provided by the local PayU businesses) we provide you with thoroughly. If you have any questions, please contact us.

If you wish to view the details of each local PayU business responsible for processing your personal information and the local applicable privacy policy (or statement) or privacy terms in our merchant service terms, click here and select the country from the list. There are also very specific privacy notices depending on the product or service we offer to you in each country. 

 

WHAT IS PERSONAL INFORMATION AND WHAT PERSONAL INFORMATION DO WE COLLECT ABOUT YOU?

Personal Information is any information that identifies you as an individual (data subject) directly or indirectly. In certain countries where PayU operates, the protection of personal information also extends to legal persons (juristic persons) and this will be identified in such country’s local privacy policy or statement. Personal Information does not include information or data where you cannot be identified from (for example, anonymised).

We may collect, use, process, store, or transfer personal information such as:

  • Identity Data: This data includes, for instance, your full name(s), your government-issued identity number, and your date of birth. This data is often needed so we can verify your identity in order to offer our services to you.
  • Contact Data: This is data that is used to contact you, such as your telephone number, address, email, and billing details.
  • Financial Data: This data includes your bank account number and its ownership, and when you are a consumer who uses one of our consumer services, such as e-Wallet or lending services (depending on the PayU business product offering), your payment card details;
  • Payments Data (or Transactional Data): This data includes information relating to a payment when you as a merchant (using one or more of our payment processing services) or as a customer, are using our products or services;  
  • Usage and Technical Data: This data includes, for instance the content and pages that you access on the Website, App or Platform, and the dates and times that you visit the Website, App or Platform, paths taken, and the time spent on sites and pages within the Website, App or Platform.
  • Marketing and Communications Data: This is includes both a record of your decision to subscribe or to withdraw from receiving marketing materials from us or from our third parties.

We may also collect, use and share non-personal information or anonymised data such as statistical or demographic data.

As a principle, we do not collect any Special Categories of Personal Information about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). If we do collect Special Categories of Personal Information, we will ensure compliance with applicable law.

To the extent that this Website includes links to third-party websites, plug-ins and applications (including cookies and widgets by third party advertisers), it is important that you understand that by clicking on those links or enabling those connections you may allow third parties to collect or share data about you. PayU does not control these third-party websites and we are not responsible for their privacy statements. Please consult such third parties’ own privacy statements.

HOW DO WE COLLECT YOUR PERSONAL INFORMATION?

We collect data, including your personal information, so that we can provide our services and products to you. We only collect as much personal information as we need.

Where we are required to collect your personal information by law, or need it to honour our terms and conditions (contracts), we will not be able to authorise and approve your application to receive our product or service unless and until we have received the requested personal information and may be forced to cancel or suspend a product or service until such time it is received. We will notify you if this happens.

We collect information in different ways on our Website, such as when you directly give us your personal information. This includes when:

  • You submit your details to us on our Website so that we can contact you about our services and products;
  • You apply for our products or services directly to us or to our appointed suppliers (such as marketplaces);
  • You enter a competition, promotion or survey subject to applicable law;
  • You request marketing material to be sent to you; or
  • You send us a support request through our support desk.

We collect data using various technologies when you access and browse our Website. This is Usage and Technical Data. If you want to know more about how we collect personal information, including our use of cookies, from our Website, click here for information. 

We obtain personal information through third parties or if publicly available, such as:

  • Profile Data from social platforms and networks when you give us permission to do so and  only if applicable;
  • Technical Data for example, for the purposes of conducting fraud and risk assessments;  
  • External Third Parties who have entered into contracts with us to assist us with our business operations and provided that such service providers adhere to our data protection requirements; 
  • Identity Data and Contact Data from publicly available sources in accordance with  applicable laws; and
  • Internal Third Parties from specific third parties, such as audit support and information technology.

THE PURPOSES FOR WHICH WE USE YOUR PERSONAL INFORMATION

We collect your personal information:

  • To conduct requisite “Know your Customer” and risk assessment procedures in order to authenticate and authorise your use of our products or services depending on if you are a Merchant or Customer (payer) and your choice of service or product. The type of Data required is Identity Data, Contact Data and Financial Data. This is necessary in order for PayU to assess your application under contract and necessary for our legal obligations.
  • To process payment transactions made through our Platforms. The types of Personal Information and the legal ground depend on the specific payment methods available by PayU. Please click here and the select the country of choice to find out the specific details of the payment methods available in your country and the purposes for the use of personal information as it corresponds to the payment method.
  • To protect our business and to ensure compliance with the law and the requirements of financial institutions. The types of personal information may include Identity Data and Transactional Data. Specific explanations are set out below:
    • To authenticate and validate payments to mitigate and protect against identity theft or fraud. To do this, some of your personal and non-personal information, may be collected by PayU directly or delivered to PayU by the Merchants, and PayU will use this personal information to enter into the PayU fraud systems available for this validation and will remain there for future reference and cross-reference of information required to validate the  payments. 
    • To consult and report your personal information and behaviour on monetary obligations to legitimately constituted credit, financial, commercial or service risk centres, or to other financial institutions, in accordance with the law.
    • To verify your identity and compare your information to verify accuracy.
    • To save your data if you exert your right of refusal on purchases made or that the same are the subject of dispute or chargeback, in order to share the information of the transaction and, if required, your personal information, with financial institutions for resolving disputes.
  • To manage our relationship with you. This includes notifying you of changes to our contracts or of this Privacy Statement, or to ask you to provide information on how we can improve or develop new services or products.
  • To provide you with service assistance and problem solutions or to contact you or to send you notifications related specifically to the services we offer you – such as failures and system updates.
  • To enable us to effectively communicate with you – for example to send you emails to inform you about your product or service with us, update you on applicable security and fraud monitoring alerts, or notices to you if there is any interruption of services or important notices about improvement of our products.
  • To use your personal information in transactional or monitoring reports as part of our performance of our contract.
  • To use data analytics to improve our Website, products or services, and user experiences.

WHAT ARE LAWFUL GROUNDS THAT WE RELY ON TO PROCESS YOUR PERSONAL INFORMATION?

  • Where it is necessary to process your personal information in connection with the performance of a contract that we have with you (as a Merchant, a Customer or as a payer on a Merchant’s payment page)
  • Where it is necessary for our legitimate interests or the legitimate interests of a third party which requires us to put in place appropriate privacy measures to ensure that our legitimate interests are not outweighed by impacts on your interests, fundamental rights or freedoms.  Where we take this approach, it is our policy to document the assessment we have made and the privacy measures that are in place to that these can be reviewed upon request; 
  • Where we use your personal information to comply with our legal obligations – for example, ensuring that we use your personal information to comply with anti-bribery and anti-money laundering requirements;  
  • If none of the previous legal grounds apply, we may seek your explicit consent for specific forms of processing of your personal information, which you may decline or revoke at any time.

WHO DO WE DISCLOSE YOUR PERSONAL INFORMATION TO OR SHARE IT WITH?

  • Internal Third Parties – specific third parties within the group of companies to which PayU belongs, i.e.  Naspers Limited group of companies that provide support services and technical services.   
  • We may share your personal information to External Third Parties such as:
    • Personal Information, especially Transactional Data, with Merchants in accordance with our service agreements (also referred to as our terms and conditions or contracts).   
    • Authorized financial institutions and banking partners that we partner with to jointly create and offer products and services. Depending on the type of payment chosen by the Customer, payer or buyer, PayU will share the information with the financial institutions that validate and process each means of payment for corresponding approval, validation, and settlement. This means that your personal information may be collected for those purposes by financial issuing institutions for the means of payment, acquiring financial institutions, payment processing networks, franchises such as Visa, MasterCard, American Express and Diners Club. 
    • Credit bureaus to report Financial Data, as permitted by law.
    • Service providers under contract who assist us with our business operations.
    • Companies that we plan to merge with or if we are acquired by another entity. If such a combination occurs, we will require that the new combined entity follows this privacy statement with respect to your personal information.
    • When required by law enforcement, government officials, fraud detection agencies or other third parties and when we are compelled to do so by law (such as via a subpoena, court order or similar legal procedure).

PayU takes all reasonable organisational and technical measure to ensure that every third party involved in the processing of your personal information protection standards in accordance with the applicable laws and in accordance with the principles set out in this statement.

MARKETING

You will receive marketing communications from PayU if you have requested more information from us, provided your contact information to access content or have subscribed for services or products from PayU. You could also receive marketing communications if you have entered into a promotional campaign, offer of survey where you have provided PayU with contact details in order to partake in the promotional offer or survey.

In each case, we keep a register of  Marketing and Communications Data that is used by PayU and you will be entitled to opt out from receiving such marketing by clicking on the opt out or unsubscribe link provided in such PayU marketing communications. PayU may also use Marketing and Communications Data in order to improve and customize the content of our ads, promotions and advertising that may be of interest to you.

We will obtain your explicit consent before we share your personal information with any company outside the Naspers group of companies for marketing purposes.

COOKIES AND SIMILAR TECHNIQUES

PayU uses cookies, web beacons and similar techniques (“cookies”) when  you access our Website, App or Platform. We explain how we use cookies and the choices you have when it comes to our use of cookies. If you have any specific questions on the application of cookies for the use of cookies in a local PayU business website in accordance with local law, please click here.   

What are Cookies?
A cookie is small text file containing a string of alphanumeric characters (numbers and letters). These are sent from PayU or our partners web servers and end up stored on your browser or on your device.  We use different types of cookies:

  • Session cookies: These are temporary cookies that disappear when you close your browser or App.
  • Permanent or Persistent cookies: These are cookies that remain on your browser or App after you close your browser or App which can be removed manually. These may be used by your browser on subsequent visits to the Website, App and/or Platform until you delete them or they expire.
  • Pre-Cookies: These are cookies set by the website you visit.
  • Third-party: These are cookies set by a third-party website.
  • Web Beacon is an electronic image requests (called a “single-pixel gif” or “web beacon” request) that allow us to count page views and to access cookies. Any electronic image viewed as part of a web page (including an ad banner) can act as a web beacon. Web beacons are typically 1-by-1 pixel files (so small that you would likely not realize that they are there), but their presence can usually be seen within a browser by clicking on “View” and then on “Source.”  We may also include web beacons in HTML-formatted newsletters that we send to opt-in subscribers in order to count how many newsletters have been read.

Cookies all serve different purposes. These are:

  • Essential cookies: These are cookies we need to provide our services to you, and for the operation of our Website. They include, for example, cookies that enable you to log into secure areas of our Website, select our payment options or use our merchant portal.
  • Analytical/performance cookies:  These cookies help us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily, allow us to recognise and count the number of visitors and to see how visitors move around our Website or App when they are using it. These cookies help us improve your user experience.
  • Functionality cookies:  These are used to recognise you when you return to our Website. This enables us to personalise our content for you, and remember your preferences (for example, your choice of language or region).
  • Third-Party Cookies - Some of our business partners (e.g. advertisers or platform providers) use their own cookies on our Website and PayU has no access to or control over such cookies. Information collected by any cookie is governed by the privacy policy or statement of the company that created it, and not by PayU. These cookies are likely to be analytical/performance cookies or targeting cookies. This Statement covers the use of cookies by PayU only and does not cover the use of cookies by any third-party advertisers or partners on the Website.

Marketing Cookies
Targeting cookies: These cookies record your visit to our Website, the pages you have visited and the links you have followed. We will use this information to make our Website and the advertising displayed on it more relevant to your interests.

Analysis: Analysis cookies collect information about how users interact with our Website and give us lessons about overall interaction patterns rather than individual users' behaviours. This data helps us improve your experience on the Website.

How can you control PayU’s use of cookies?
Go to the settings of your browser or device to learn more about adjusting the settings for cookies. For example, you can choose to block all cookies, accept only first-party cookies, or delete cookies when you close your browser.

However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.

INTERNATIONAL DATA TRANSFERS

We are a global company with a global footprint. Your Personal Information may be processed either locally in the country where you work or reside, or in any other country where we or our approved third-party service providers operate, worldwide, depending on the needs of the business over the course of your tenure with us, to the extent we deem necessary and as permitted by law.

Should your Personal Information move outside the European Economic Area or another country that restricts the international transfer of information data, we use General Data Protection Regulation (GDPR), and locally-compliant mechanisms to require that the same level of data protection be applied in the country where the data is being processed.

DATA RETENTION

PayU may store your Personal Information for as long as required for the fulfilment of the purposes for which we collected it. The retention of personal information by PayU is determined by considering compliance with legal (contractual or statutory requirements), accounting and compliance reporting requirements.

PayU also takes into consideration the temporary limits established in the commercial or data privacy laws in the different countries in which PayU provides its services.

To find out about the retention periods for different aspects of your personal information you can contact us.

WHAT ARE YOUR DATA SUBJECT RIGHTS?

We ensure that you may exercise your rights in accordance with applicable law. 

For example, your rights as a data subject under the GDPR are:

  • The right to information and access to Personal Information (access rights): You have the right to access your Personal Information in many circumstances, generally within one month of your request.
  • The right to rectification: You can ask us to have inaccurate Personal Information fixed (changed).
  • The right to erasure: You can ask us to delete or erase Personal Information in certain circumstances (such as in accordance with local data retention legal obligations).
  • The right to withdraw consent: You can withdraw any consent to processing that you have given us and prevent further processing if there is no other legitimate ground upon which we can process your personal information.
  • The right to the restriction of processing: You can require certain Personal Information to be marked as restricted for processing in certain circumstances.
  • The right to data portability: You can ask us to transmit the Personal Information that you have provided to us to a third party.
  • The right to object to automated decision-making, including profiling.
  • The right to raise a complaint: You can raise a complaint about our processing with the data protection regulator or applicable authority in your country.   

If you wish you to exercise any of your rights, or to learn more about your rights in the European Union or in your country, please contact us

SECURITY: HOW WE PROTECT & STORE PERSONAL INFORMATION

PayU takes legal, technical and organizational measures that it considers necessary in order to maintain the security of your personal information, with due regard of the applicable obligations and exceptions under the legislation in force.

PayU follows the payments industry’s standards regarding the protection of personal information, including, among other measures, a firewall, Virtual Private Network ("VPN") and Transport Layer Security (TLS). Additionally, PayU is a certified entity under the PCI (Payment Card Industry Data Security Standard) standard.

PayU reviews its policy regarding the collection, storage and processing of your Personal Information, including physical security measures, to prevent adulteration, loss, query, use or fraudulent or unauthorized access to your personal information.

PayU has put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

MINORS

PayU does not voluntarily or actively collect, use or disclose personal information of minors, according to the minimum age equivalent in the relevant jurisdiction, without the prior consent of the parents or guardians of the minor.

The services of PayU are not intended or designed to attract minors.

If we learn that we collected the personal information of a minor according to the jurisdiction, without first receiving a verifiable parental consent, we will take steps to delete the information as soon as possible.

We encourage parents to stay informed about the Internet activities of their children, in order to ensure that no information is collected from a minor without parental consent.

CHANGES TO THE PRIVACY STATEMENT AND YOUR DUTY TO INFORM US OF CHANGES

This version was issued on 25 May 2018.  We will notify you of any changes to this privacy statement.  To view the local applicable privacy statements or privacy terms and any older versions of such statements, please click here and select the country from the list.

It is very important that any personal information PayU holds about you is up to date and correct.  

Please keep us informed if your personal information changes du.ring your relationship with us. You can do this by contacting us.

HOW TO CONTACT US

Our full details are:  MIH PayU BV, registration No: 52117839. This privacy policy is issued on behalf of MIH PayU BV as the controller and responsible for this Website.

PayU has appointed a data protection officer (DPO), Mrs Ulrika Dellrud. If you have any questions or want to report a privacy concern you can contact us at privacy@payu.com.

The details of each local privacy officer in the applicable countries are specified stated in the applicable privacy statement and can be viewed here.