Privacy policy for end-users

Paylike ApS (hereafter referred to as ‘we’) is fully committed to protecting your privacy. We collect and process personal information about the users (hereafter referred to as ‘you’) of our payment solution.

All information is processed in accordance with the General Data Protection Regulation 2016679 (hereafter referred to as ‘GDPR’). When we process personal data, a specific purpose and legal basis is required in order to comply with the GDPR. We do not process your information for other purposes than the ones listed below.

Payment information

When you initiate a payment through our payment solution, we receive your payment instrument information, e.g. your payment card details. The purpose of the processing is to carry out the payment which you have initiated, either when making a purchase or when subscribing to a service with recurring payments.

The processing is necessary for our legitimate interest in accordance with the GDPR article 6 (1) (f). Our legitimate interest is to ensure that the payment is carried out correctly.

We store payment data until it is no longer necessary to process the data for the above-mentioned purpose. However, there are situations in which we must keep the data for a longer period of time, in order to comply with other European Union or Member State legislation.

Who do we share personal information with?

As is true with most companies, we can’t do everything by ourselves. This is why we have to share your personal information with other companies who act as our data processors etc. We only share personal information with these companies when it’s necessary in order to achieve the purposes mentioned above, and they only process your personal information with this objective.

In some cases, the companies we share your personal information with, are located outside of the European Union. This means that these companies must comply with extended data protection requirements according to the GDPR. The GDPR allows us to share with companies located in the US, if these are registered under the “Privacy Shield”. This framework ensures that companies registered comply with the data protection requirements, and has been approved by the European Commission in accordance with the GDPR article 45 (1).

We share data with the following companies located inside the European Union:

  • The Currency Cloud Limited
  • Clearhaus A/S
  • Amazon Web Services EMEA SARL
  • Google Ireland Limited

We share data with the following companies located outside the European Union:

Your rights

If you have any questions regarding our processing of your personal information, please do not hesitate to contact us using the contact information found here. This also applies if you wish to exercise your rights as a data subject according to the GDPR. Your rights under the GDPR are as follows:

Right of access

As a data subject, you have the right to access the personal information we process about you according to the GDPR article 15.

Right to redification

As a data subject, you have the right to have any incorrect personal information, which we process about you, rectified without undue delay, according to the GDPR article 16. You also have the right to have incomplete information completed through a supplementary statement.

Right to erasure (the right to be forgotten)

As a data subject, you have the right to have your personal information erased under certain circumstances according to the GDPR article 17. This right applies in case the processing is based on your consent in accordance with the GDPR article 6 (1) (a), and there is no other legal ground for the processing.

Right to restriction of processing

As a data subject you have the right to restrict the processing of your personal information under certain circumstances according to the GDPR article 18.

Right to data portability

As a data subject, you have the right to get a copy of the personal information, which we process about you, in a structured and commonly used machine-readable format, according to the GDPR article 20. Under some circumstances, your personal information can be handed over directly to a new data controller.

Right to object

As a data subject, you have the right to object to the processing of your personal information according to the GDPR article 21. This right applies in case the processing is based on legitimate interests in accordance with the GDPR article 6 (1) (f).

Complaints

As a data subject, you have the right to file a complaint with the competent supervisory authority. Paylike is located in Denmark, which means the complaint must be filed with the danish authority ‘Datatilsynet’/’The Danish Data Protection Agency’. You can file a complaint with ‘Datatilsynet’ by sending them an email at: dt@datatilsynet.dk