Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data from which the identity of the individual cannot be discerned (anonymous data).
We use different methods to collect data from and about you.
When you use our Services, we may collect, use, store and transfer the following personal data: Information you give us. We may collect personal data directly from you, as set out below:
- Personal data collected while processing your payment. If you are a card-holder making a payment to a merchant using our Services to process your payment, we may, directly or through a merchant using our payment processing service, collect, store and process financial and transaction related personal data about you and your transaction. This may include your billing address, delivery address, date of birth, purchase amount, date of purchase, payment method, credit or debit card number, bank account information and additional necessary information required to process your transaction. Merchants are responsible for providing appropriate privacy information to you about our processing of your data.
- When required for compliance with applicable laws (including specifically anti-money laundering and counter-terrorism financing laws and regulations), we may verify your information and collect information from publicly available sources, credit reference or fraud prevention agencies or check data against government sanction lists, either directly, or using identity verification providers or due diligence and screening information providers.
- When securing our website and Services, we may collect details about your device, your transaction, your computer’s internet protocol and other technical information, through our data security and firewall providers.
- When marketing our Services, we may collect identity and contact data from publicly available sources.
We will process your personal data in the following circumstances: Where we need to perform the contract we are about to enter into or have entered into with you as our merchant.
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests, such as mitigating financial loss or other harm to our merchants, you and us. Where we need to comply with legal or regulatory obligations, such as detecting and preventing fraud.
Where we need to improve and analyse our products, website, systems and tools. Examples of how we may process your personal data include:
- To manage risk and protect the website, the Services and you from fraud, abuse and other illegitimate activities, by monitoring, detecting and preventing such activities. To comply with our obligations and to enforce the terms of our website and Services, including to comply with all applicable laws and regulations. Process a payment, communicate with third-parties regarding a payment, and provide related customer service.
- Monitor illegitimate activities and prevent information security risks related to our website and Services.
- Evaluate your application to use our Services and verify your identity for compliance purposes. Respond to inquiries, send service notices and provide customer support. For audits, regulatory purposes, and compliance with industry standards.
We share your personal data with trusted third parties for the purpose of providing our Services and promoting our business, as follows:
Affiliates. Your information may be shared with our affiliates within the Wondergate.io Group, to provide you with our Services. The relevant Wondergate.io entity is the party responsible for overall management and use of your personal data.
Business partners, payment industry suppliers and participants to your transactions. We may share your personal data with our merchants and their service providers, card schemes, payment method providers and third party acquirers, as necessary to process payments or provide our Services. The information shared includes:
- Personal data necessary to facilitate the transaction and activities related to your transaction; Personal data to help our partners resolve disputes and detect and prevent fraud; and Personal data and performance analytics to help our merchants better understand the uses of their platform and to help our merchants enhance their customers’ experiences. Third-party service providers. We may also use third-party service providers acting on our behalf. These service providers help us with data and cloud services, website hosting, data analysis, application services, advertising networks, information technology and related infrastructure, customer service, communications and auditing.
- Other third parties. We will share your personal data with third parties in the event of any reorganisation, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock.
- Safety, Legal Purposes and Law Enforcement. We may share your personal data with third parties to detect, prevent or otherwise address fraud, security or technical issues, or to protect against harm to the rights, property or safety of Wondergate.io, our users, customers, employees or the public or as otherwise required by law. We also use and disclose your personal data as we believe necessary (i) under applicable law, or payment method rules; (ii) to enforce our terms and conditions, or our Merchant Service Agreement and other agreements, as applicable; (iii) to protect our rights, privacy safety or property, and/or that of our affiliates, you or others; and (iv) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include authorities outside your country of residence.
- All our third-party service providers and other entities in the group are required to process the data in accordance with applicable data protection regulations and to take appropriate security measures to protect your personal information in line with EU data protection standards and our policies. We do not allow our third-party service providers to use your personal data for their own purposes. In addition, when a third-party entity processes your personal data on our behalf and according to our instructions, we sign a written agreement with it that specifically describes its obligations with regard to security and data protection, in accordance with European data protection laws. We only permit them to process your personal data for specified purposes.
We will process your personal data in the following circumstances: Where we need to perform the contract we are about to enter into or have entered into with you as our merchant.
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests, such as mitigating financial loss or other harm to our merchants, you and us. Where we need to comply with legal or regulatory obligations, such as detecting and preventing fraud.
Where we need to improve and analyse our products, website, systems and tools. Examples of how we may process your personal data include:
- To manage risk and protect the website, the Services and you from fraud, abuse and other illegitimate activities, by monitoring, detecting and preventing such activities. To comply with our obligations and to enforce the terms of our website and Services, including to comply with all applicable laws and regulations. Process a payment, communicate with third-parties regarding a payment, and provide related customer service.
- Monitor illegitimate activities and prevent information security risks related to our website and Services.
- Evaluate your application to use our Services and verify your identity for compliance purposes. Respond to inquiries, send service notices and provide customer support. For audits, regulatory purposes, and compliance with industry standards.
Protecting your information and your privacy is extremely important to us. Being entrusted with some of your most valuable data, we have set high standards for data security. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed, altered or disclosed in an unauthorised manner.
In addition, we limit access to your personal information to those employees and third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Under certain circumstances, you have rights under data protection laws in relation to your personal data:
- Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of the personal data we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal data. This enables you to ask us to delete or remove your personal data. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing, where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Please be aware that we may have to keep some of your data to comply with the law or for tax purposes but we will evaluate your request within applicable data protection laws.
- Object to processing of your personal data. In certain circumstances you can object to our processing of your personal data. You have the absolute right to object where we are processing your personal data for direct marketing purposes. You can exercise this right at any time by contacting us.
- Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data and we are considering whether we have overriding legitimate grounds to use it.
- Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine- readable format. This right applies to information which you have provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent at any time where we are relying on consent to process your personal data. Please note that if you withdraw your consent, we may not be able to provide certain products or services to you.You have the right to object to automated individual decision-making and profiling, and the right to request human intervention where we have relied on automated decision making or profiling.