Data Privacy Notice – Paytrail Payment Service

Your security and privacy is important to us.

Data Privacy Notice – Paytrail Payment Service

April 1, 2018
Personal Data Act (523/1999), Sections 10 and 24

1. Register Controller

Paytrail Plc, hereinafter “Paytrail”.

2. Contact Person for Register

Markku Hänninen
Innova 2
Lutakonaukio 7
40100 Jyväskylä

Contact Paytrail’s customer service:

3. Register Name 

Paytrail Payment Service Data Register.

4. Purpose of Processing Data

Personal data shall be used for implementing payment transactions as defined in the Payment Services Act, for the development of the service offered by Paytrail, compilation of statistics and customer service.

Personal data shall be processed in accordance with Section 8 of the Personal Data Act.

5. Register Content

Payment and identifier data. Payment and identifier data shall be transmitted to a financial institution through an encrypted connection. 

Information stored in Paytrail’s data register includes:
- Payment method
- Time of transaction
- IP-address
- Account number *

* Only in cases where the customer stores their account number in Paytrail’s system for a refund.

6. Regular Sources of Data 

Customer data shall be acquired as the customer completes the transaction, or from the customer directly. By completing the transaction, the customer accepts the use of their data for the purpose specified in Section 4 of this register description.

7. Regular Disclosure of Information

Data may be disclosed to the authorities and to companies that are a part of the same group as Paytrail under the statutory limits of the law and within the limits permitted by law. Customer contact information (name, address, telephone number) shall be available to the merchant of the product(S) or service(s) for customer service.

8. Transfer of Data Outside the EU or EEA

Data may be disclosed outside the EU or the European Economic Area within the limits of the law.

9. Register Protection Principles 

Data is properly protected by electronic means and physical access is restricted and controlled. The use of the register is restricted and each register user has a personal username and password. Paytrail's employees and third parties connected with Paytrail have a confidentiality obligation in relation to all customer data.

10. Right to Inspection

The registered party has the right to review what information has been stored about them in the register. The inspection request must be sent in writing or electronically to the register contact person mentioned in Section 2. The request is free of charge and can be made once a year.

11. Right to Demand Correction of Data

The registered party’s data shall be stored for each payment, and data is not updated during the payment process. The registered party can contact the register contact person stated in Section 2.

12. Other Rights Pertaining to the Processing of Personal Data

Once the statutory obligations connected to the person have expired, a written request can be made for the deletion of their information. For the deletion, the registered party must contact the register contact person stated in Section 2.