Privacy Policy: Paytrail Customer Support Systems
Your security and privacy is important to us.
Privacy Policy: Paytrail Customer Support Systems
17.04.2025
1. General
This privacy policy provides the information required under the EU General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the Finnish Data Protection Act (2018/1050) to both registrants and the supervisory authority.
2. Data controller
Paytrail Plc, hereinafter referred to as “Paytrail”.
3. Contact person for matters concerning the register
Markku Hänninen
Innova 2
Lutakonaukio 7
40100 Jyväskylä
Finland
Contact Paytrail’s customer service at: www.paytrail.com/en/contact
4. Name of the register
Data register of Paytrail’s customer support systems.
The register contains data on representatives of Paytrail’s merchant customers, as well as consumer customers and representatives of organizations who seek assistance with Paytrail’s services.
5. Purpose and legal basis for processing personal data
Personal data is processed to manage and develop customer relationships, improve services, handle invoicing, and support statistical analysis.
The processing of personal data is based on Article 6 of the General Data Protection Regulation (GDPR). The legal bases applied in this register, along with examples of processing under each basis, are described below:
|
Legal basis |
Example |
|
Consent |
When using support services, the individual consents to the processing of their personal data so that support can be provided. By contacting support, the customer accepts that their data will be processed. |
|
Legitimate interests of the data controller or a third party |
The following activities are based on legitimate interest:
|
Certain support requests are handled with the assistance of AI. The AI system interprets the content of messages, categorizes them, and generates automated responses to routine requests.
6. Register data content
Information about a company or organization representative, or a consumer.
The following data is stored in Paytrail’s customer support systems:
- Name of the individual
- Email address of the individual
- Electronic communications with customer service
7. Collection of personal data
Personal data is collected directly from the individual when they contact Paytrail’s customer service or respond to a contact from Paytrail. In doing so, the individual consents to the use of their data for the purposes described in section 5 of this privacy policy.
8. Regular disclosures of data
Personal data can be shared to public authority when required by law and to companies belonging to same corporation group within limitations set by law. Data stored to this registry may be provided to sales person of Paytrail’s products and services for customer care purposes.
9. International data transfers
Personal data may be transferred outside the European Union (EU) or the European Economic Area (EEA) within the limits permitted by law. Such transfers are made only when appropriate safeguards are in place, including:
A. The country has been recognized by the European Commission as providing an adequate level of protection for personal data.
B. Appropriate safeguards are ensured through the use of the European Commission’s standard contractual clauses for personal data transfers.*
* We make every effort to ensure that the contractual clauses applied by our subcontractors are always the most recent version, in line with GDPR case law.
10. Rights of the data subject
The data subject has the following rights regarding the processing of their personal data.
The data subject has the right to access the personal data stored in the register concerning them. An access request must be submitted in writing or electronically to the contact person for the register referred to in section 3.
An access request may be made free of charge once per year. The data controller may charge a reasonable administrative fee for any additional copies requested by the data subject. The payer’s data is stored per payment transaction and is not updated during the course of the transaction.
The data subject has the right to request the rectification of inaccurate or incorrect personal data and the updating of their data.
The data subject has the right to object to and restrict the processing of their personal data. If the processing of personal data is based on consent, the consent may be withdrawn by notice. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
The data subject has the right to erasure (“the right to be forgotten”). In payment services, data is retained for five years from the date of the transaction for statutory reasons, after which it is automatically deleted or anonymized.
If the data subject believes their personal data has been processed unlawfully, they have the right to lodge a complaint with the supervisory authority.
11. Retention of personal data
Personal data is stored for three years from the date of the most recent support request, after which it is automatically deleted from the system.
12. Principles of register protection
Data is securely protected electronically, and physical access is both restricted and monitored. Use of the register is limited, and each authorized user has a personal username and password.
Appropriate safeguards are applied to protect personal data from destruction, loss, or unlawful alteration. Paytrail’s employees, as well as the employees of subcontractors involved in processing Paytrail’s service data, are bound by confidentiality obligations regarding all customer information.
The data controller has implemented appropriate technical and organizational measures to ensure data security. Protection of the register includes, among others, the following measures:
- protection of equipment and files
- Access control
- User authorizations
- User log data
- Processing guidelines and monitoring
- The data controller also requires subcontractors to apply proper safeguards when processing personal data.