The purpose of this privacy statement is to give you information on how PayU collects and processes your personal information when you use our Website, software applications (“Apps”) and/or payment platforms (“Platforms”).
The purpose of this Global Privacy Statement is to give you information on how the PayU organization collects and processes your personal information when you use our websites (“Websites”), software applications (“Apps”), payment processing platforms (“Platforms”), or our financial technology products or services we may offer you.
PayU and its businesses are part of a group made up of several local businesses in a number of markets across the world. “PayU”, “us” or “our” in this Privacy Statement refers to the PayU business that is responsible for processing your personal information. This means that while this Privacy Statement applies across our PayU organization, country terms that relate to our specific local businesses, products or services may exist. They are available to view here. In case of any differences between this Statement and the country terms, the country terms will prevail.
PayU belongs to the Prosus Group of companies i.e. Prosus N.V, a company registered with the Trade Registry for Amsterdam under 34099856 and its affiliates.
“Personal information” means any information relating to an identified or identifiable individual. Depending on who you are (e.g., a merchant, customer, cardholder, consumer, supplier or business partner) and how you interact with us (e.g., telephone, online or offline), we may collect, use, receive, store, analyze, combine, transfer or otherwise process different categories of personal information.
Below is a table reflecting the categories of personal information we may collect about you:
|Categories of Personal Information||Which includes such information as|
|Identity and account log- in information||Full name(s), title, identity number, and your date of birth.|
|Contact information||Telephone number(s), physical address, country, email, and chosen billing address.|
|Financial information||Bank account data, credit or debit card information.|
|Payments information (transactional information)||Personal account numbers, name on credit card, a merchant’s name and identifiers, the date and amount of the transaction and other information provided by you directly or by banks or merchants.|
|Usage and technical information||IP addresses, browser type and versions, operating systems, time zone setting, geolocation information, content and pages that you access on our Website(s), Apps or Platform, and the dates and times that you visit the Website, App or Platform, paths taken.|
|Credit and lending information||Financial information (e.g., credit score) and income information (e.g., employment contract).|
|Marketing and communications information||Communication with customer service support, behavioural data (for example, collected using cookies), information about promotions, surveys, promotional campaigns and records of your decision to subscribe or to withdraw from receiving marketing materials.|
We may also collect, use and/or share non-personal information or anonymized data such as statistical or demographic data.
As a principle, we do not collect any special categories of personal information about you (such as details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric information). However, we may collect sensitive categories of personal information in order to provide certain services or products to you, for example, our credit or lending services and in such cases, we will ensure that such personal information is used in compliance with applicable laws.
To the extent our Websites or Apps include links to third-party websites, plug-ins and applications (including cookies, tracking technologies and widgets by third party advertisers), it is important that you understand that by clicking on those links or enabling those connections, you may allow third parties to collect or share data about you. PayU does not have oversight of these third-party websites and we are not responsible for their processing of personal information.
How we collect personal information will depend on the following broader situations:
1. If we receive or collect it directly from you
We may collect personal information directly from you in different ways on our Websites, Apps, Platforms or product or service offerings. For example, you may give us your personal information when you:
2. If we collect personal information from third parties, or from publicly available sources
We obtain personal information through third parties or, if publicly available, where permitted under applicable law, including:
We process personal information only when we have a valid legal ground to do so. Most commonly, we use your personal information where:
We may seek your explicit consent where the applicable laws require us to do so. To know where and when explicit consent is required, please click here and select the applicable country.
There can be additional legal grounds for processing personal information in some countries. This depends on applicable law and the products and services offered to you.
1. To verify, authenticate and authorize your use of our products or services
To conduct ‘Know your Customer’ and risk assessments in order to authenticate and authorize your use of our products or services depending on if you are a merchant, consumer or customer, and your choice of service or product. The type of personal information typically required is Identity, Contact and Financial information. This is necessary in order for PayU to assess your application under contract and necessary for our legal obligations under certain laws.
2. To process payment transactions made through our Platforms
The types of personal information we require to provide a product or service and the legal ground depends on the specific payment methods made available by PayU in your country.
PayU offers multiple types of international and local payment methods, which are subject to product specific service terms (contracts) and legal obligations. For example, when PayU offers card payment processing as a payment’s aggregator on a Platform, PayU processes personal information received from merchants such as transaction details, and if payment is by card (cardholder details such as name on card) in order complete the payment by you to the merchant to purchase a product or service. PayU is often a processor of personal information on behalf of the merchant who is acting as controller (responsible party). In other cases, certain payment transactions require you to provide personal information directly to us onto our Platform in order for us to process a transaction – in that instance the purpose is to process the payment for you.
Please click here and the select the country of choice to find out the specific details of the payment methods available in your country.
3. To protect our business and to ensure compliance with the law
We process personal information to meet the requirements of applicable laws, regulations, standards, rules, codes and the requirements of financial institutions with which PayU must comply. This includes:
4. To manage our relationship with you
If you contact us or otherwise give us your Contact information (for example by registering, by completing an enquiry form on our Website/s, or by subscribing to receive support, and service status communications from us or security or fraud monitoring alerts), we may process your personal information:
5. To market our products and services and related services to you
We may use personal information to market our products and services and to notify you about events, offers, sponsorships, marketing programmes and similar marketing campaigns. For more information please see Marketing.
6. To conduct research and to develop and improve our products and services
We may use personal information that we collect:
We may share personal information with internal third parties, being third parties from the group of companies to which PayU belongs, i.e., the Prosus Group https://www.prosus.com/companies. We may disclose your personal information to those companies, to:
We may share your personal information with external third parties such as:
PayU takes all reasonable measures to ensure that every third party involved in the processing of your personal information has the required organizational and technical protections in place, including the required data processing and transfer agreements where this is necessary. When required under applicable law, we may provide you with a list of our sub-processors or suppliers upon request, by contacting us here.
You may receive marketing communications from PayU, for example, if you have:
The provision of such marketing activities is subject to the applicable laws of the country that the marketing and communication activity occurs. We keep a register of Marketing and communications personal information that is used by us. You are entitled to opt out from receiving such marketing by clicking on the opt out or unsubscribe link(s) provided in such PayU marketing communications.
Depending on the applicable laws in the PayU local business’ country, you may also be required to opt- in before receiving any marketing communications from PayU.
PayU may also use Marketing and communications personal information in order to improve and customize the content of our ads, promotions and advertising that may be of interest to you.
A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts.
Did you know? You can always check your cookie preferences by clicking on the blue and white shield in the left hand corner of the bottom of our websites. We display all our cookies in our cookie list that we drop globally on all our websites. Some of these cookies may not be dropped in the country where you are.
(Please note: The above tip may vary depending on your browser).
We are a global company with a global footprint.
Your personal information may be processed either locally in the country where you work or reside, or in any other country where we or our approved third-party service providers operate, worldwide, as permitted by law. Should your personal information move outside the European Union (EU) or the European Economic Area (EEA) or from another country that restricts transfers of personal information, we use the EU Commission’s standard contractual clauses (as may be amended from time to time) or other locally-compliant transfer mechanisms outside the EU/EEA, such as consent or local transfer agreements to ensure that an adequate or a same level of protection is applied to your personal information as the one afforded in the country of origin.
PayU may store your personal information for as long as required for the fulfilment of the purposes for which we collected it. The retention of personal information by PayU is determined by considering compliance with legal (contractual or statutory requirements), accounting and compliance reporting requirements. For this example, preventing fraud and to prevent anti-money laundering and combat anti-corruption and financing of terrorism.
PayU also takes into consideration the temporary limits established in the commercial or data privacy laws, as well as in other relevant laws, in the different countries in which PayU provides its services.
We ensure that you may exercise your individual privacy rights under applicable privacy and data protection laws. This means that PayU seeks to provide reasonable assistance to cater to requests from individuals regarding the processing of personal information and the right to access, delete, erase, amend and withdraw permission to the processing of personal information.
Depending on the applicable laws in your country, you may have certain rights under data protection law. For example, under the GDPR, you can exercise the following rights:
Please submit a request if you would like to exercise any of the above rights. These rights are limited in some situations, such as where we are legally required to process your personal information, and this may limit your ability to use some of our products and services.
If you have a question relating to the rights and choices available to you in your country outside of the EEA, you can click here to know more about this.
The security of your personal information is important to PayU. PayU takes legal, technical and organizational measures that it considers necessary in order to maintain the confidentiality and security of your personal information, with due regard to the applicable obligations and exceptions under the legislation in force.
In addition, PayU follows the payments industry standards regarding the protection of payment card information. Each local business is regularly audited to maintain the highest level of security certification with the Payments Card information Security Standard Council (PCI) in respect of protecting card data.
PayU regularly reviews its policies regarding the collection, storage and processing of your personal information, including physical security measures, to prevent alteration, loss, query, use or fraudulent or unauthorized access of your personal information.
PayU has put in place procedures to deal with personal information breach and will notify you and any applicable regulator or authority of a breach where we are legally required to do so.
PayU does not voluntarily or actively collect, use or disclose personal information of minors, according to the minimum age equivalent in the relevant jurisdiction, without the prior consent of the parents or guardians of the minor.
The services of PayU are not intended or designed to attract minors.
If we learn that we collected the personal information of a minor, without first receiving a verifiable parental consent, we will take steps to delete the information as soon as possible.
This Global Privacy Statement may change over time. The recent version of this Global Privacy Statement is published on this Website.
This version was issued on May 14, 2020 and last changed on December 18, 2020.
We will notify you of any changes to this Global Privacy Statement by publishing this on our Website. You can print or store this Global Privacy Statement by downloading a copy from your browser.
To view any country privacy terms required under applicable law, please click here. Any changes to the country privacy terms will be published on the websites of our local businesses. The country privacy terms will prevail if there are any differences.
It is very important that any personal information we hold about you is up to date and correct. Please inform us of any changes to your personal information.
The controller of this Website is MIH PayU BV, registration 521179839.
PayU has appointed a global privacy officer (CPO) and a Data Protection Officer (DPO). You can contact us here.
Click the link below to see if there are country-specific privacy terms that may exist in your country and the contact details of the PayU business in that country.