Skip to main content
January 2024

Privacy Notice

  • This privacy notice (“Privacy Notice”) explains how we “transact Elektronische Zahlungssysteme GmbH”, (“we”, “our” “us”) collect, use, store, share with other parties, and otherwise process your (collectively, “you”, “your”) personal data (“Personal Data”), as well as the mechanisms we have in place to protect your Personal Data and the rights you have, when you are acting in any of the below capacities:

    IMPORTANT NOTICE: Sections 2 (“Notice to Website visitors/users”, 3 (“Notice to Applicant Merchants”) and 4 (“Notice to Cardholders”) contain a detailed description and information about the processing of your Personal Data that takes place specifically in the context of each of the respective capacities. Sections 1 and 5 provide general information relating to data processing falling within the scope of this Privacy Notice (to the extent applicable with regard to each of the above capacities).


1. Who we are
  • The controller of your Personal Data processed in accordance with this Privacy Notice, whether you are a website visitor/user (“Website visitor/user”) of our website www.epaymerchantservices.pt (“Website”) or an applicant merchant who has expressed interest in entering into an agreement with us for any of our services/products (“Applicant Merchant”) or a cardholder paying by payment card for the purchase of goods or services at any of our merchants (“Cardholder”), is listed here.

    We, as the data controller, are committed to safeguarding your right to privacy and your Personal Data in accordance with the applicable legislative and regulatory framework.

    We encourage you to regularly review this Privacy Notice and check the Website for any updates. By continuing to deal with us, you agree to this Privacy Notice and any future modifications.

    If you have any questions or concerns regarding the processing of your Personal Data, you may contact us any time at: dpo@euronetworldwide.com

2. Notice to website visitors/users
  • In this section we describe how we collect, use, store, share with other parties or otherwise process the Personal Data we obtain as a result of the visit and/or use of our Website by the Website visitors/users.

    By visiting or using our Website, you acknowledge that you have read, understood, and agree to be bound by this Privacy Notice. You should not provide us with any of your information if you do not agree with the terms of this Privacy Notice.

    To the extent this Website allows access to other websites owned and operated by third parties, please note that this Privacy Notice will not apply to such websites, and we will, thus, not be held responsible for the protection of personal data processed by these third parties.

  • 2.1. What Personal Data is collected, how we collect these, and why?

    The categories, sources, purposes, and legal bases for collecting and processing your Personal Data when you visit and/or use our Website are listed below. Where the collection and processing of Personal Data is based on your consent, you may withdraw your consent at any time.

  • 2.1.1. Categories of Personal Data we collect

    We collect your Personal Data when you visit and/or use our Website or when you provide these to us in connection with your use of the Website, including when you visit the Website and complete the online forms provided through it, or when you submit any other requests for information or complaints in relation to the operation or use of this Website or to content uploaded by other users in accordance with our Website Terms of Use.

    These data may include the following:

      • Identification and contact data: your name (or names), business name, postcode, email, telephone number and other contact data, title, date of birth, gender, signature, images, unique identifiers, as well as any other Personal Data that may be included in your online enquiry, request for information or complaint in relation to the operation or use of this Website or to content uploaded by other users in accordance with our Website Terms of Use.

        It is possible that, during a process of responding and processing your online enquiry, request for information or complaint, or at a later stage, especially in the course of correspondence with us or in the course of telephone conversations with our representatives, you will provide us with additional information. In such case, we will process the Personal Data you provided us with as set out in this Privacy Notice.

      • Behavioral and technical data: information via cookies and similar technologies, including the IP address of visitors, internet or other similar network, browsing or search activity, behavioral information (to understand the way you behave while using our Website), browser type and version, time zone setting, screen resolution settings, browser plug-in types and versions, operating system and platform, device signature, and technical characteristics of your device.

        For more information, please read our Cookie Policy.

      • Location Information or Geolocation Data: We may collect information about your location when you visit our Website either through your computer or through your tablet or mobile phone. In any case, your consent will be required before using your location information or geolocation data.

      • Non-identifiable Data: Whenever possible, we use data where you cannot be directly identified (such as anonymous demographic and usage data) rather than Personal Data (“Non-identifiable Data”). These Non-identifiable Data may be used to improve our internal processes or delivery of services, without further notice to you. We may use aggregate data for a variety of purposes, including to analyze, evaluate and improve our Website and its content.

  • 2.1.2. Where do we collect your Personal Data from?

    We collect Personal Data from the following sources:

      • Directly from you through your direct interactions and the submission of online forms, requests for information or complaints, as set out above.

      • Through passive collection of information about your interactions, including page clicks, time spent, or other automatically collected meta-data.

      • Internet service providers.
  • 2.1.3. Why do we collect and use your Personal Data?

    I. We may process your Personal Data in the context of your contractual relationship (art. 6 (1) (b) GDPR) with us (i.e., the Website Terms of Use):

      • For the management of your online enquiry via the Website form (i.e. registering your enquiry, contacting you, updating our records about you, processing and responding to your enquiry).
      • For the management (handling and resolving) of requests for information or complaints in relation to the operation or use of the Website or to content uploaded by other users in accordance with our Website Terms of Use.

    II. We may process your Personal Data for the purposes of our legitimate interests (art. 6 (1) (f) GDPR). When we use your Personal Data to pursue our legitimate interests, we will make every effort to ensure that your Personal Data will only be used as permitted by applicable law and that such use will not override your interests or fundamental rights and freedoms that require protection:

      • To ensure the efficient operation, management, safety and security of our Website. Please note that, amongst other safeguards, we have tools that protect our Website for the purposes of fraud prevention and security controls. This information relates to the IP connection or the device you may be accessing from, and other relevant information that assists in the protection of the Website and the information we process.
      • To undertake activities to verify or maintain the quality of the Website, and to improve, upgrade, or enhance the Website, including to administer the Website for internal operations, such as troubleshooting, data analysis, testing, research, statistical and survey purposes.
      • To pursue any legal claims, as well as for archival purposes related to this purpose, including securing information in the event of the need to prove facts.

    III. We may process your Personal Data if you have previously provided us with your consent (art. 6 (1) (a) GDPR):

      • To provide advertising and marketing.
      • To measure and evaluate your behavior using automated processing to evaluate the technical performance of the Website.
      • To make available the Website to our Website visitors/users with a tailored experience on the web related to their location, such as displaying the local relevant location or geolocation.
      • To perform analytics to measure the use of our Website, including the number of visits, average time spent on the Website, pages viewed, page interaction data (such as scrolling, clicks, and mouse-hovers), etc., and to improve the content we offer to you.

    IV. We may process your Personal Data for purposes of complying with our legal obligations under the applicable legislative and regulatory framework (art. 6 (1) (c) GDPR), as well as with the decisions of the competent courts or supervisory authorities.

3. Notice to applicant Merchants
  • In this section we describe how we collect, use, store, share with other parties, or otherwise process the Personal Data we obtain when you have expressed an interest in any of our services and/or products and you interact with us for the purposes of entering into an agreement with us for the receipt of such services and/or products (pre-contractual stage).

  • 3.1. What Personal Data are collected, how we collect these, and why?

    The categories, sources, purposes, and legal bases for collecting and processing your Personal Data in the above-described context are set out in this section. Where the collection and processing of Personal Data is based on your consent, you may withdraw your consent at any time.

  • 3.1.1. Categories of Personal Data we collect

    We will only process the following categories of Personal Data, if and to the extent necessary to pursue the purposes set out below:

      • Identification Data: These can include name, title, marital status, residential and / or business address, email, telephone and / or fax and other contact information, date of birth, gender, images (only if you provide your consent), signature, passport / visa details, official credentials and its image capture. We may also collect data obtained from third parties, such as those collected in the context of a credit worthiness check.

      • Employment data: such as information about the occupation of a natural person, including job title and role.

      • Financial data: such as information on financial records related to a data subject´s business, including credit checks for a risk analysis, bank account data, tax registration number, financial statements and registration of social security.

      • Additional information requested by applicable laws: such as criminal records, where permissible by local law, or the certificate of judicial solvency or credit checks, depending on the jurisdiction.

      • Non-identifiable Data: Whenever possible, we use data where you cannot be directly identified (such as anonymous demographic and usage data) rather than Personal Data (“Non-identifiable Data”). These Non-identifiable Data may be used to improve our internal processes or delivery of services, without further notice to you. We may use aggregate data for a variety of purposes, but not limited to the analysis, evaluation and improvement of our services.
  • 3.1.2. Where do we collect your Personal Data from?

    We collect your Personal Data directly from you in the course of our pre-contractual interactions or from third parties, as and where required for purposes of considering your application to enter into an agreement with us for any of our services and/or products (e.g., credit check bureaus, adverse media checks and sanctions’ lists providers etc.).

  • 3.1.3. Why do we collect and use your Personal Data?

    We collect and use your Personal Data to pursue the following purpose:
    To assess the suitability of the applicant merchant to enter into an agreement with us.
    For processing of your Personal Data occurring in the above context, we rely on the legal basis of pre-contractual obligation as per art. 6 (1) (b) GDPR. We may also process your Personal Data on the legal basis of legitimate interests (art. 6 (1) (f) GDPR) or compliance with our legal obligations under the applicable laws (art. 6 (1) (c) GDPR).

4.2. Who receives the Personal Data?
  • In this section we describe how we collect, use, store, share with other parties, or otherwise process your Personal Data when you make a card payment for the purchase of goods and/or services at any of our merchants (whether in an e-commerce environment or in physical stores/automated self-service machines).

  • 4.1. Who is responsible for processing my Personal Data and whom can I contact?

    We, “transact Electronische Zahlungssysteme GmbH”, are a payment service provider authorized and regulated by the Federal Financial Supervisory Authority – BaFin (see details here) to provide acquiring services on a cross border basis to our merchants (our customers). Such services involve the acceptance of payments on behalf of our merchant and the transfer of the funds paid by you to our merchant for goods or services purchased at our merchant (whether in an e-commerce environment or in a physical store/automated self-service machine). In providing the acquiring services to our merchants, we request authorization of the transaction from your card issuer through the relevant payment scheme (e.g., Mastercard or Visa) and once this has been given, we proceed with the transfer of the funds to the merchant’s payment account. In providing the acquiring services to our merchants, we process your Personal Data in our capacity as a data controller, treating such data with utmost care and in accordance with the relevant applicable laws, regulations and standards (PCI DSS).

  • 4.1.1. What Personal Data are collected, how we collect these, and why?

    The categories, sources, purposes, and legal bases for collecting and processing your Personal Data in the above-described context are set out in this section.

  • 4.1.2. Categories of Personal Data we collect?

    In providing our acquiring services to our merchants, we process the following Personal Data:

      • Personal details in the case of an online payment (your name, address and, in rare cases your ID information where required by law).

      • Card Data (data stored on your card): IBAN or account number and short bank code, card expiration date (month and year), and card sequence number (encrypted as per the PCI DSS).

      • Additional Payment Data: Amount of the transaction, date, time, identifier of the payment terminal (location, company, and branch where you are making the payment), your signature where applicable.

      • Cancellation Data: Information about the non-redeeming of a direct debit or credit by your card-issuer or the request made by you to cancel the transaction.

      • Information about an outstanding claim, e.g., your name, address, bank fees, reminder fees, reason for the direct debit return, customer number with your contracting party (not the content of your purchases).
  • 4.1.3. Where do we collect your Personal Data from?

    We collect the above Personal Data from the following sources:

      • The Card Data are read from your card by the payment terminal or provided by you through the e-commerce portal of the merchant.

      • The Additional Payment Data are provided by the payment terminal and, if applicable, directly by the merchant.

      • Where required, the signature is provided by you.
  • 4.1.4. Why do we collect and use your Personal Data?

    We process your Personal Data for the following purposes and relying on the legal bases set out below:


Purpose of processing


Provision of acquiring services to our merchants.


Archiving of documents as required by law.


Prevention of card misuse and limitation of the risk of payment defaults.


Secure transmission of your data in accordance with legal provisions.


Prevention of future payment defaults.


Protecting our legal rights in connection with legal claims where processing of your information is required.


Processing for purposes of complying with our legal obligations under the applicable legislative and regulatory framework, as well as with the decisions of the competent courts or supervisory authorities.

Legal basis


Legitimate interest (art. 6 (1) (f) GDPR)


Legal obligation (art. 6 (1) (c) GDPR)


Legitimate interest (art. 6 (1) (f) GDPR)


Legal obligation (art. 6 (1) (c) GDPR)


Legitimate interest (art. 6 (1) (f) GDPR)


Legitimate interest (art. 6 (1) (f) GDPR)
*


Legal obligation (art. 6 (1) (c) GDPR))
*
*
*


  • 4.2. Who receives the Personal Data??

    We will share your Personal Data with other persons/entities or authorities only to the extent necessary to pursue the above-described purposes.
    In addition to the payment processing, other entities require your data to carry out the payment or to comply with legal regulations. Your data will only be shared to the extent necessary with the following entities:

      • Parties involved in the processing of your payment transaction: Your card-issuer, any intermediary entities appointed by the credit industry that handle the clearing and settlement of payments (e.g., card schemes etc.), and our merchants.
      • Law enforcement authorities or competent regulators: in cases where this is required for purposes of complying with our legal obligations provided for by the applicable laws (e.g., the anti-money laundering authorities).
5. General Provisions
  • 5.1. How long do we keep Personal Data?

    Personal Data are kept for as long as it is necessary to achieve the purposes for which the Personal Data were collected and is subject to different standards and regulations. In general, Personal Data are retained for as long as necessary to process your enquiry, request for information or complaint (as set out in Section 2) or to evaluate your application (as set out in Section 3) or process your transaction (as set out in Section 4) or as otherwise may be required for purposes of complying with applicable legal and regulatory obligations. The retention period is determined based on the applicable requirements and obligations, which may include (to the extent relevant):

      • Legal and Regulatory Requirements: We will retain your Personal Data if required to comply with all our legal and regulatory obligations, compliance procedures and statutory limitation periods. While we store your Personal Data only for the purposes of complying with legal and regulatory obligations, your Personal Data will be restricted such that they cannot be used for any other purpose, and they will be accessed only when necessary. We will take all reasonable steps to delete the data you have requested us to delete. Please note, however, that some data may be retained for legal or regulatory purposes, or for the purposes of protecting our business or other legal interests.

      • Customer Service and Contractual relationship (administration of customer relationship, complaint handling, etc.): If you provide us with your Personal Data, we may (subject to any legal or regulatory considerations) retain your Personal Data for as long as necessary to deal with your online enquiry, or request of information or complaint (as set out in Section 2) or to evaluate your application (as set out in Section 3). Please note that in the latter case, if your application is not accepted, we will delete all Personal Data you have shared with us.

      • Marketing: We will process your Personal Data for marketing purposes if you have given your consent and you haven’t opted out or until we become aware that you are no longer interested or that your data is not accurate (NB: not applicable to cardholders).
  • 5.2. Do we disclose your Personal Data?

    Except as may otherwise be provided in this Privacy Notice, we may disclose your Personal Data for business purposes or to meet legal obligations as outlined below:

    I. Within the Euronet Group: We may share your Personal Data with Euronet and Euronet Group affiliates where it is necessary in order to enable or facilitate us to process your enquiry, request for information or complaint (as described above) or to otherwise pursue the purposes described in this Privacy Notice, or for purposes of compliance with Group obligations.

    II. To third-party service providers*: We may share the Personal Data we collect with third-party service providers that assist us with certain technical, operational, regulatory of compliance tasks. By way of example, such third-party service providers may include database and website administration professionals, providers of development services, maintenance, customization of IT infrastructure, fraud prevention, risk, credit reference and anti-money laundering check providers, advertisers or advertising networks and social media companies to place personalized advertisements in digital services and to adapt to consumer preferences.

    * The legal meaning and list of “third-party service providers” may vary depending on the country you are based. For additional information regarding which providers have access and why they have access to your Personal Data, you may reach us at dpo@euronetworldwide.com .

    III. Corporate process: We may transfer your Personal Data to a third party as a result of a sale, acquisition, merger, or re-organisation involving Euronet, a company within the Euronet Group, or any of their respective assets. In these circumstances, we will take reasonably appropriate steps to ensure that your information is properly protected.

    IV. Legal and regulatory: We may also disclose your Personal Data with entities that are entitled to request it under applicable law, including judicial or supervisory authorities as well as other public authorities within the scope of their competence.

    V. Professional Partners: We will share your Personal Data with advisers, lawyers, consultants, auditors, or accountants to comply with our legal obligations and to perform our contractual obligations and provide our services in accordance with best practices.

  • 5.3. Do we share Personal Data outside of the EEA?

    As explained above, we may share your Personal Data within the Euronet Group, which may involve transferring your data outside of the EEA. It is important for you to note that while the laws on holding data in the countries to which we may transfer your data may be less stringent than the laws of your country, we intend to adhere to the principles set forth in this Privacy Notice, unless otherwise required by applicable laws.
    If we share Personal Data with third-party service providers based outside of the EEA, we will ensure a level of protection and safeguarding of your Personal Data in accordance with the applicable data protection laws.

    IMPORTANT NOTICE TO CARDHOLDERS: In the context of and for the purposes of processing your transactions, it may be necessary that we transfer your Personal Data outside the EEA (e.g., to the card-issuer bank, the payment card schemes). Please note that in such cases the third parties act as independent data controllers. We strongly advise you to carefully read their privacy notice in order to be informed as to how they process your Personal Data.

  • 5.4. Minors

    We do not provide services directly to children under 18 or proactively collect their personal information. If you are under 18, please do not use our Website or offerings or share Personal Data with us. If you learn that anyone younger than 18 has unlawfully provided us Personal Data, please contact us at  dpo@euronetworldwide.com

  • 5.5. How do we keep your Personal Data safe?

    We are committed to protecting your Personal Data and have put in place commercially reasonable and appropriate safeguards to prevent any loss, abuse, and alteration of the information you have entrusted us.

    We will always strive to ensure your Personal Data are well protected, in accordance with international best practices. We maintain this commitment to data security by implementing appropriate physical, electronic, and managerial measures to safeguard and secure your personal information.

    To safeguard our systems from illegal access we use secure, cutting-edge physical and organizational security measures which are continuously enhanced to ensure the highest level of security in accordance with international best practices and cost efficiency. All Personal Data are kept in a secure location protected by firewalls and other sophisticated security mechanisms with limited administrative access.

    Personnel who have access to your Personal Data as well as the processing activities surrounding your Personal Data are contractually bound to keep your data private and adhere to the Privacy Policy we have implemented in our organization.
    We aim to achieve the highest standard of data protection by adopting industry-standard measures to protect your privacy.

  • 5.6. Profiling and automated decision-making

    When expressly agreed, we may provide you with tailored information regarding our products and services. We undertake data analysis to target appropriate communications and advertisements to you that we think you may be interested in as well as recommending products and services that we think might be suitable for you.

    In some cases, we may use automated decision-making and profiling if it is authorized by legislation and necessary for the performance of a contract. The legal basis to proceed with the profiling and the automated decision-making is legitimate interest.

    We also make automated decisions in processes such as transaction monitoring to counter fraud in compliance with the legal requirements related to prevention of money laundering, terrorist financing and financial services. Depending on your residence, you may have a right to request not to be subject to fully automated decision-making, including profiling, if such decision-making has legal effects or similarly significantly affects you. This right may not apply if the decision-making is necessary to enter or to fulfil an agreement with you, if the decision-making is permitted under applicable data protection laws or we have received your explicit consent.

  • 5.7. Marketing and Advertising

    Third-party advertisers provide advertisements that are displayed on our Website or elsewhere in our services. Third-party advertisers don’t have access to any of the information our customers have given us directly. Typically, advertisers rely on cookies or some other web/app-based mechanism to assess which advertisements may be interesting to you. We do not place “Targeting Cookies” or enable “Targeting” and “Location” on your system without your consent.

    If you have provided your consent by accepting Targeting Cookies on the Website, we may use third parties to do so (remarketing and Similar Audience features). You can opt-out of advertising by modifying your cookies settings here .

    Third parties are not bound by our Privacy Notice. To understand the privacy policy of their notices, you should visit the third-party website. You can find all the third parties that may use Cookies for targeting in our Cookie Policy.

  • 5.8. Why would you receive electronic communications?

    Depending on the country you are based in, you will receive marketing communications if you have authorized us to process your Personal Data for these purposes. That means you have opted-in during the registration process or at any time in the settings section of your profile or otherwise.

    We may also send you electronic communications for marketing purposes when you have a contractual relationship with us, meaning when you are currently using our services or when you haven’t expressly requested to not receive said marketing communications.

    You will always be informed and we will make sure that during the usage of our services or even during the registration process or at any other relevant time, you have all the necessary information in order for you to be aware that your Personal Data may be used for that specific purpose and you will, during the registration process or during the usage of our services be given the opportunity to expressly say that you are not interested in receiving such marketing communications. In these instances, we will remove you from our list and you will not receive any updates that may be of your interest regarding our services and products. You will be able to opt-back in at any time.

    How can you withdraw your consent?

    You will be able to withdraw your consent at any time by using one of the following mechanisms:

      • Go to your profile and update your marketing preferences.
      • Use the opt-out link you will receive in any of our communications.
      • By sending an email at dpo@euronetworldwide.com

    If you have any additional questions regarding the usage of your Personal Data for marketing purposes and/or wish to start receiving marketing communications, you can also send an email to dpo@euronetworldwide.com.

  • 5.9. Description of Personal Data Rights

    Depending on where you live, your Personal Data Rights under applicable law may include:

    1. Right to Know: the right to know what Personal Data is being collected, sold or shared and to whom.

    2. Right to Access: the right to request access to a copy of your Personal Data.

    3. Right to Correct Inaccuracies: the right to request correction of inaccuracies in your Personal Data.

    4. Right to Deletion: the right to request deletion of your Personal Data where certain conditions apply.

    5. Opt-Out Rights:


    a. The right to opt-out of the processing of Personal Data for the purposes of targeted advertising.
    b. The right to opt-out of the processing of Sensitive Personal Data.
    c. The right to opt out of the processing of personal data for profiling in furtherance of decisions that produce legal or similarly significant effects concerning the Data Subject.

    6. The right to limit sensitive personal data use and disclosures to specifically permitted purposes.

    7. Right to Restrict Processing: the right to restrict processing where certain conditions apply.

    8. Right to Data Portability: the right to receive Personal Data in a structured, commonly used and machine-readable format and have the right to transmit the Personal Data to another controller under certain conditions.

    9. Right to Object: the right to object to the processing of Personal Data (i.e., for direct marketing purposes).

    10. Rights related to Automated Individual Decision-Making: the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects on the individual.

    11. Right of No Retaliation: a business shall not discriminate against an individual for exercising their Personal Data rights.

    We will respond to your request as soon as possible and within the timeframe stated in the applicable law.

    For applicable rights please refer to the Regional Privacy Notice section below.

    To exercise any of your rights, you must send an email to dpo@euronetworldwide.com. To help protect your privacy and maintain security we will take necessary steps to verify your identity and may ask you to provide other details before granting you access to your Personal Data or initiating a modification of any Personal Data. When required, if we don’t have a copy of your ID or any legal valid document that proves your identity, we will not be able to answer your request.

    Be aware that some rights may not be enforceable due to business needs or legal obligations while providing you with the service. Your rights may be limited to comply with other legal obligations such as anti-money laundering, contractual and compliance obligations. Notwithstanding that you will always be responded to when exercising any of the rights stated above and/or any additional right you may have depending on your jurisdiction. If your rights can’t be enforced, you will always receive a proper explanation.

  • 5.10. Privacy Complaints

    If you have a complaint regarding our processing of your Personal Data, you may contact us at dpo@euronetworldwide.com .

    Depending on the applicable privacy law, you may have the right to make a complaint to a Data Protection Authority or other regulatory body if you believe we have failed to comply with our obligations under this Privacy Notice or the applicable law:

    – Europe (EEA): Members | European Data Protection Board (europa.eu)

6. Our entities

Entry Name


Transact Elektronische Zahlungssysteme GmbH, under registration number 124138, with VAT No: DE182769455, Register Court: Munich District Court, Register No.: HRB 114 439, represented by the Managing Directors: Marc Ehler, Dr. Markus Landrock, Martin Croot

Address


Fraunhoferstrasse str. 10, 82152 Martinsried, Alemanha

Contact Details


Numero di telefono: +49 (0)89 899 64 30

e-mail: info@epay.de



© Transact Elektronische Zahlungssysteme GmbH, A Euronet Company