Segpay Carat

Segpay Merchant Privacy Policy

Last Updated: December 1, 2020

Segregated Payments Limited, with registered address at 71 Blanche Lane, South Mimms, EN6 3PA, United Kingdom, and Segregated Payments Ireland, Ltd., with a registered address in Carrick House, 49 Fitzwilliam Street, Dublin 2, Ireland and Toccata, Inc., 220 Hillsboro Technology Drive, Suite 130, Deerfield Beach, FL 33441 dba Segpay (‘Segpay‘). You (‘Merchant‘) will be sharing your personal data with Segpay if you contact us through our online contact form at Segpay.com (‘Website‘) and if you apply for or make use of its services (‘Service’). Segpay may collect, use and disclose certain personal data of you while it performs its services on your behalf. Segpay respects your privacy and is committed to protecting the security of it.

This privacy policy describes the types of information Segpay may collect from you for the purpose of undertaking customer due diligence investigations as required by anti-money laundering regulations in order to accept the merchant as a Segpay customer and to maintain the relationship and Segpay’s practices for collecting, using, keeping, protecting, and disclosing that information (the ‘Policy’).

For the purpose of this policy ‘you’ or ‘your’ shall refer to the personal information of the data subject acting in his/her capacity as a director and/or beneficial owner and/or representative of the (prospective) merchant with whom Segpay is considering establishing or maintaining a business relationship.

This policy applies to information Segpay collects as part of the application for services and use of the services, either through the Website or email correspondence, as part of its Know Your Customer (KYC) procedures as required to be undertaken pursuant to applicable anti-money laundering regulations.

Important: Please read this policy carefully to understand Segpay’s policies and practices regarding your information and how Segpay will treat it. If you do not agree with Segpay’s policies and practices, your choice is not to use the Service and Segpay will not be able to approve the application of your company or continue the services. Segpay is prohibited by law to establish or maintain any business relationships with customers that are not properly identified and verified (continuously throughout the relationship). By accessing or using the Service, you agree to this Policy and consent to Segpay’s collection, use, disclosure, retention, and protection of your personal information as described in this Policy. By accessing or using the Website and clicking the ‘I agree’ button, you agree to this policy and consent to Segpay’s collection, use, disclosure, retention, and protection of your personal information as described in this Policy. Segpay may change this Policy on one or more occasions. Segpay will consider your continued use of the Website or the Service after Segpay makes changes as your acceptance of the changes, so please check this policy frequently for updates. If any changes relate to the purpose of Segpay’s processing of your personal information, Segpay will provide you upfront notice, including its lawful basis.


1. What types of information does Segpay collect about you and how is it collected?

Segpay may collect several types of personal information from as a user of the Service, which is information by which you may be personally identified, including your first name, last name, postal address, telephone number, browser information, IP address, email address or any other information that Segpay collects that is defined as personal or personally identifiable information under law (‘personal information’).

Segpay collects this information:

  • Directly from you when you provide it to Segpay.
  • Automatically as you navigate through the Service. Information collected automatically may include usage details, IP addresses, and information collected through cookies, web beacons, and other tracking technologies.
  • From third parties, for example, from merchants and Segpay’s business partners, such as ThreatMetrix (for collection of browser information).

Legal Basis Personal Information Collecting Through Services. The information we collect in relation to the Services is information necessary in order to perform the contract that is between you and the merchant (for the purchase of goods/services). On this basis Segpay is considered to be undertaking lawful processing as set forth under applicable data protection laws. As part of our Services, we will inform you when your trials with merchants expire. These activities are considered relevant and appropriate in relation to your relationship with Segpay. The processing of your personal information for this purpose is based upon the lawful ground of carrying out a legitimate interest.


2. Information Segpay Collects through Automatic Data Collection Technologies

As you navigate through and interact with the Website or the Service, Segpay may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:

  • Details of your visits to the Website, including traffic data, location data, logs, and other communication data and the resources that you access and use on the Website.
  • Information about your computer and Internet connection, including your IP address, operating system, and browser type.
  • Information about your mobile device and Internet connection, including the device’s unique device identifier, IP address, operating system, browser type, mobile network information, and the device’s telephone number. Segpay also may use these technologies to collect information about your online activities over time and across third-party websites or other online services (behavioral tracking).

The information Segpay collects automatically is statistical data and does not include personal information, but Segpay may keep it or associate it with personal information Segpay collects in other ways or receives from third parties. This information helps Segpay to improve the Website, the Service, and to deliver a better and more personalized service, including by allowing Segpay to:

  • Estimate the Website’s and the Service’s audience size and usage patterns.
  • Store information about your preferences, thus allowing Segpay to customize the Website and the Service according to your individual interests.
  • Speed up your searches.
  • Recognize you when you return to the Website.
  • Continually personalize electronic payment services.

The technologies Segpay uses for this automatic data collection may include:

  • Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. Your browser stores cookies in a manner associated with each website you visit. Segpay uses cookies to enable its servers to recognize your browser and tells Segpay how and when you visit the Website or use the Service. You may refuse to accept browser cookies by activating the appropriate setting on your browser. But if you select this setting you may be unable to access certain parts of the Website or the Service. Unless you have adjusted your browser settings so that it will refuse cookies, Segpay’s system will issue cookies when you direct your browser to the Website or use the Service. To learn more about cookies, visit www.allaboutcookies.org or www.youronlinechoices.eu.
  • Flash Cookies. Certain features of the Website or the Service may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from, and on the Website or the Service. Flash cookies are not managed by the same browser settings as are used for browser cookies. For information about managing your privacy and security settings for Flash cookies, you can access your Flash management tools from Adobe’s website.
  • Web Beacons. Pages of the Website (and Segpay’s emails) may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit Segpay, for example, to count users who have visited those pages (or opened an email) and for other related website statistics (for example, verifying system and server integrity). To learn more about web beacons, visit www.allaboutcookies.org/web-beacons/.

Segpay does not collect personal information automatically, but it may tie this information to personal information about you that Segpay collects from other sources or you provide to Segpay.

Third-party Use of Cookies and Other Tracking Technologies

Some content or applications, including advertisements, on the Website or the Service are served by third parties, including advertisers, ad networks and servers, content providers, and application providers. These third parties may use cookies alone or in conjunction with web beacons or other tracking technologies to collect information about you when you use the Website or the Service. The information they collect may be associated with your personal information or they may collect information, including personal information, about your online activities over time and across different websites and other online services. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content.

Segpay does not control third-party tracking technologies or how third parties’ use them. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly.


3. How does Segpay use your information?

Segpay may use the personal information that it collects about you or that you provide to Segpay, including any personal information:

  • To present the Website and its contents to you and to improve our Website.
  • To contact you and provide you with information, products, or services that you request from Segpay and to send updates, news, promotions and/or newsletters regarding the Service;
  • To sell the Service;
  • To verify and identify and to perform screening (sanction and PEP; politically exposed persons) as required under applicable anti-money laundering and sanctions regulations and to detect, prevent or otherwise address money-laundering/ fraud risks and issues, during both the application process as well as the course of the relationship after approval.
  • To evaluate a merchant application to use the Segpay services.
  • To provide you with information, products, or services that you request from Segpay or newsletters, updates and/or promotions.
  • To provide you access to Segpay’s merchant portal which will provide access to for instance reports, refunds processing and settlement account information (changes).
  • To manage risk, or to detect, prevent, or remediate fraud or other potentially prohibited or illegal activities.
  • To investigate and prevent fraudulent transactions, unauthorized access to the Service, and other illegal activities.
  • To comply with relevant laws and regulations, including the retention of financial information and transactions and the detection and prevention of criminal activity.
  • To comply with legal proceedings and or requests from government/ supervisory bodies and/or payment schemes (SEPA, Visa, Mastercard, Diners, American Express; depending upon your chosen payment method and the governing scheme of such payment method).
  • To submit applications or provide information to merchant banks and credit card associations.
  • For audits.
  • To comply with any court order, law, or legal process, including to respond to any government or regulatory request.

4. With whom does Segpay share your information?

Segpay may disclose personal information that it collects, or you provide as described in this policy:

  • To Segpay’s subsidiaries and affiliates.
  • To Segpay’s affiliate merchant banks, credit card associations and other payment method providers (depending upon the payment method chosen by you to make the payment with) as required to process a transaction and provide services to you.
  • To service providers for the performance of fraud, anti-money laundering and sanction screening or undertaking any other anti-money laundering screening activities on our behalf, as required by law. These parties have their own privacy policies in respect to the information Segpay is required to provide to them. For these providers, Segpay recommends that you read their privacy policies, so you can understand the manner by which these providers will handle your personal information. These parties are bound by contractual obligations and processing agreements (or other safeguards as set forth under section 5 of this Policy)
  • To contractors, service providers, and other third parties Segpay uses to support its business, which include the support in relation to server hosting, security/ protection, gateway facilitation, customer support ticketing systems, CRM solutions, automated onboarding and corporate email. These parties are bound by contractual obligations and processing agreements (or other safeguards as set forth under section 5 of this Policy) to keep personal information confidential and use it only for the purposes for which Segpay discloses it to them.
  • To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all Segpay’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by Segpay about the Service’s or the Website’s users is among the assets transferred.
  • To fulfill the purpose for which you provide it.
  • For any other purpose disclosed by Segpay when you provide the information.
  • With your consent.

Segpay has made arrangements with such parties to ensure the proper security of your personal information in compliance with applicable data protection laws. In any case, when the data transfer is not necessary for the execution of the payment transaction or any other purpose as provided in this Policy, Segpay will inform you of the purpose of processing and the identity of the potential third parties so that you may permit or refuse the transfer depending on its purpose. In general, the third-party providers used by Segpay will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us and the merchant. These parties are not only based within the European Economic Area. Please be referred to the next section 5.

Segpay may also disclose your personal information:

  • To comply with any court order, law, or legal process, including to respond to any government or regulatory request.
  • To enforce or apply the terms of service and other agreements.

Segpay may disclose aggregated information about its users (but only after anonymization), and information that does not identify any individual, without restriction. Segpay does not share your personal data with third parties without obtaining your prior consent, unless the transfer is necessary for execution of the Service or Application you initiated or requested, in which case you will be informed before such information is shared (through this Policy). Segpay does not sell or rent your personal data.


5. Where is your data kept?

Your personal information may be transferred outside of your country or region (such as the European Economic Area), to other countries including the United States, which may have data protection rules that are different from those of your country. This could happen if you make a purchase at a merchant that is not based within your country or region or if any third party Segpay uses is based outside of your country or region. For any US non-residents: If you are accessing the Service, please be aware that your information may be transferred to, stored, and processed in the United States where Segpay’s servers are located and Segpay’s central database is operated. The data protection and other laws of the United States and other countries might not be as comprehensive as those in your country. To comply with EU data protection laws around international data transfer, Segpay only allows third parties outside the European Economic Area to process your personal data if they apply the European Commission’s Standard Contractual Clauses (Article 46.2(c) GDPR). For more information on where and how the relevant document may be accessed or obtained, please contact us. By using Segpay’s services, you acknowledge that your information may be transferred to Segpay’s facilities and those third parties with whom Segpay shares it as described in this Policy.

Appropriate safeguards. Segpay will take measures to ensure that any such transfers comply with applicable data protection laws and that your personal information remains protected to the standards described in this Policy. Segpay’s affiliated companies in the US are bound to Standard Contractual Clauses. For any other third parties, Segpay will either ensure that: (i) the transfer is permitted as their country of residence is designated by competent authorities as providing an adequate level of protection, similar to your rights under European data protection legislation; or (ii) other sufficient measures are put in place to ensure that such third party provides the appropriate safeguards, such as Standard Contractual Clauses which shall include the ability for you to exercise your rights as set forth in the next section 7. As part of such appropriate safeguards, such parties that receive your personal information (if you pay with card) will at all times adhere to the Payment Card Information Data Security Standards as set by the card schemes.


6. What rights do you have about how Segpay uses and discloses your information?

Segpay provides you the ability to exercise certain controls and choices regarding its collection, use, and sharing of your personal information at all times. In accordance with local law, your controls and choices include all of the following: access your personal information, rectification or erasure (right to be forgotten) of personal information and objection to such processing. Further, you retain the right to request restriction of processing (if for instance you objected to our processing or you contest the accuracy of the personal information).

Finally, you may also contact Segpay and exercise your right to data portability. This means you may receive your personal information which you have provided to Segpay, giving you the right to transmit this to a third party, provided that the processing by Segpay has been carried out by automated means and such transfer is technically feasible (right to data portability).

Segpay will inform you about any rectification or erasure of your personal information or restriction of processing carried out pursuant to your request. In the event Segpay does not conform to your request, for justifiable reasons, Segpay will inform you without delay and clarify the reasons for not taking action. You may then exercise your rights under the next paragraph.

The right to lodge complaints

Besides any other remedies given by you under law, you will have the right to redress and to lodge a complaint with the data protection authorities in your country or in the Ireland (if you are an EU resident) or in the United Kingdom (if you are a UK resident), if you feel that Segpay’s processing of your personal information infringes applicable data protection laws. Please visit the website of the data protection authorities in your country (for the EU go here: https://forms.dataprotection.ie/contact for the UK go here: https://ico.org.uk/concerns/) to obtain more information on how the complaint procedures work.


7. How do you exercise your rights?

You can send Segpay an email at [email protected] or contact Segpay through the ‘Contact’ page to request access to, correct, or delete any personal information that you have provided to Segpay.


8. How does Segpay protect your personal information?

Segpay will process any received personal data in accordance with the requirements of applicable data protection legislation, including the European General Data Protection Regulation. Segpay has implemented adequate technical and organizational measures designed to secure your personal information from accidental loss and from unauthorized access, use, change, and disclosure. All information you provide to Segpay is stored on its secure servers behind firewalls. Segpay encrypts all payment transactions using TLS technology as required by PCI standards.

No Security Guarantees. The transmission of information over the Internet is not completely secure. Although Segpay does its best to protect your personal information, Segpay cannot guarantee the security of your personal information transmitted to it during the application process or during the course of the relationship via email or otherwise. Any such transmission of personal information is at your own risk. Segpay is not responsible for circumvention of any privacy settings or security measures contained on the Service. Nor does Segpay guarantee against all unauthorized disclosure, alteration, or destruction of personal information.


9. Data Retention

Your personal information will not be stored longer than necessary for the provision of the Service to the merchant and for as long as required by applicable law. In order to comply with applicable anti-money laundering (AML) laws, we are required to hold KYC records, including your personal information, for a period up to five (5) years after the business relationship with the merchant has ended. However, if you exercise your right to erasure, we will assess which data is required to ensure AML compliance. Any other data will be deleted.


10. Changes to Privacy Policy

Segpay will post any changes it makes to this policy on this page. If Segpay makes material changes to how it treats your personal information, Segpay will notify you by email to the email address that Segpay has on file for you or through a notice on the Website homepage. This policy identifies when Segpay last updated it at the top of the page. You are responsible for making sure Segpay has an up-to-date active and deliverable email address for you, and for frequently visiting the Website and this policy to check for any changes.


11. Contact Information

To ask questions or comment about this policy and Segpay’s privacy practices, you can reach Segpay at:

By Email:
[email protected]

By Post:

Segregated Payments (Ireland) Ltd
Carrick House, 49 Fitzwilliam Street
Dublin 2
Ireland
Segregated Payments Limited
71 Blanche Lane
South Mimms, EN6 3PA
United Kingdom
Toccata, Inc.
220 Hillsboro Technology Drive, Suite 130,
Deerfield Beach, FL 33441
USA

By Phone:
(+1) 954 414 1610
(+353) 1 513 3337


12. Notice for California Residents

The privacy notice for California residents is available here as a supplement to this policy.

Back to To