Paytrail

Data Privacy Notice – Paytrail Customer Management Systems

Your security and privacy is important to us.

Data Privacy Notice – Paytrail Customer Management Systems

August 27, 2019
Personal Data Act (523/1999), Sections 10 and 24

1. Register Controller

Paytrail Plc, hereinafter “Paytrail”.

2. Contact Person for Register

Noora Pasanen
Innova 2
Lutakonaukio 7
40100 Jyväskylä
Finland

Contact Paytrail’s customer service: www.paytrail.com/en/contact

3. Register Name

Paytrail Customer Management Systems Data Register.

4. Purpose of Processing Data

The registration is based on a contractual relationship with Paytrail. 

Personal data will be processed for producing and providing the agreed services to the customer, developing services, invoicing, customer relationship management and development, and for statistical purposes.

Data will also be used for marketing, direct marketing and target marketing for customers. The customer has the right to deny direct marketing.

Personal data shall be processed in accordance with Section 8 of the Personal Data Act.

5. Register Content

Company’s or the company representative’s data.

The following will be stored in the Paytrail’s customer management systems:
- Contact person’s name
- Contact person’s email address
- Contact person’s phone number
- Electronic communications with customer service and sales
- Personal identity number *
- Information on individuals in charge of the company **

* The personal identity number of the person signing the contract with Paytrail will be stored.
** The following information shall be retrieved automatically from Suomen Asiakastieto Ltd: personal identity number, name, nationality, place of residence, position in the company, amount of their shares or units, and new payment defaults.

6. Regular Sources of Data

Customer data will be acquired from the customer when the company/organization that they represent makes a contract with Paytrail or when the customer edits their data. By doing this, the customer accepts the use of their data for the purpose specified in Section 4 of this register description.

The following information shall be retrieved automatically from Suomen Asiakastieto Ltd: personal identity number, name, nationality, place of residence, position in the company, amount of their shares or units. Suomen Asiakastieto Ltd. shall provide any new payment defaults of individuals in charge of the company.

7. Regular Disclosure of Information

Data may be disclosed to the authorities and to companies that are a part of the same group as Paytrail under the statutory limits of the law and within the limits permitted by law. Customer contact information (name, address, telephone number) shall be available to the merchant of the product(s) or service(s) for customer service.

8. Transfer of Data Outside the EU or EEA

Data may be disclosed outside the EU or the European Economic Area within the limits of the law. Transfers outside of EU/ETA area are only performed, when necessary data protection guarantees are in force, such as:

  1. Country is deemed to have good enough data protection level for personal data by the EU commission
  2. EU model clauses are used to assure data protection methods in use when personal data is transferred.
  3. Company or service where the data is transferred is registered under the Privacy Shield arrangement. https://www.privacyshield.gov/Program-Overview

9. Register Protection Principles

Data is properly protected by electronic means and physical access is restricted and controlled. The use of the register is restricted and each register user has a personal username and password. Appropriate security methods are used to make sure personal data is secure from destruction, data loss and unauthorized changes. Paytrail's employees and third parties connected with Paytrail have a confidentiality obligation in relation to all customer data.

10. Registree Rights

The registered party has the right to review what information has been stored about them in the register. The review request must be sent in writing or electronically to the register contact person mentioned in Section 2. The request is free of charge and can be made once a year.

Registree has right to rectify personal data. To rectify personal data, registree must contact the register contact person mentioned in Section 2.

Registree has the right to object and limit the processing of personal data.

If processing of the personal data is based on consent, the consent can be withdrawn by notification. Withdrawal of consent does not prevent processing of personal data, that has been received for processing before the consent was withdrawn.

11. Other Rights Pertaining to the Processing of Personal Data

Once the statutory obligations connected to the person have expired, a written request can be made for the deletion of their information. For the deletion, the registered party must contact the register contact person stated in Section 2.