Last updated: March 2021
PIPO ("we", "our", "us") is committed to protecting and respecting your privacy. This policy sets out the basis on which we will process the personal data we collect from you, you provide to us or a merchant provides to us. Please read this policy carefully so that you understand your rights in relation to your personal data, and how we will collect, use and process your personal data.
3. What types of information do we collect?
We receive, collect and use the following types of personal data when you use the Services.
4. How do we use this information?
We use your personal data for a range of legitimate purposes related to processing payments on behalf of the relevant merchant, including:
In addition, we may use de-identified of aggregated data that can no longer identify you to develop new PIPO products or other purposes as permitted by law.
5. How do we share your personal data?
Third party services providers.
We share your information with selected recipients. These categories of recipients include:
Payment service providers that process the payment or facilitate the payment processing. These payment service providers may also process your payments and for anti-money laundering and fraud prevention purposes.
Among others, we use Worldpay, a UK-based payment service provider. Under UK law, some of Worldpay's data processing activities are performed as an independent data controller. For details of its data processing activities, please read Worldpay's Privacy Statement (link);
Service providers such as cloud storage providers and providers of IT support services that assist us in providing the Services;
Our corporate group
We also share your information within our corporate group, including parent, subsidiary or affiliate companies as needed to provide the Services or for the purposes set out in this policy.
We will share your information with law enforcement agencies, public authorities or other organisations if legally required to do so, or based on our legitimate business interest if such use is reasonably necessary to:
We will disclose your information to third parties in our legitimate business interests in the event that we:
6. Where do we store your personal data?
The personal data that we collect from you will be transferred to and stored at/processed in countries outside your country (and, for EU data subjects, outside of the European Economic Area (the "EEA")) including in Singapore and the United States.
If you are a user of our merchants' platforms which enable the Services in the European Union, where we transfer your personal data to countries outside the EEA, we do so under the Commission's model contracts for the transfer of personal data to third countries (i.e. Standard Contractual Clauses) pursuant to 2004/915/EC or 2010/87/EU (as appropriate). For a copy of these Standard Contractual Clauses, please contact us at: firstname.lastname@example.org.
7. The security of your personal data
We take steps to ensure that your information is treated securely and in accordance with this policy. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, for example, by encryption, we cannot guarantee the security of your information transmitted via the Platform; any transmission is at your own risk.
We have appropriate technical and organizational measures to ensure a level of security appropriate to the risk of varying likelihood and severity for the rights and freedoms of you and other users of our merchants' platforms. We maintain these technical and organizational measures and will amend them from time to time to improve the overall security of our systems.
8. How long do we store your personal data?
We retain your information for as long as it is necessary for us to provide our Services and fulfil our contractual obligations and rights in relation to the information involved. We retain your information only for so long as we have a legitimate business purpose or legal obligation to keep such data (including where it is necessary for the establishment, exercise or defence of legal claims).
9. Your Rights
For information about the rights you have in relation to your personal data, please see the Jurisdiction-specific Terms below.
In the event that you wish to make a complaint about how we process your personal data, please contact us in the first instance at email@example.com and we will endeavour to deal with your request as soon as possible. This is without prejudice to your right to launch a claim with the data protection supervisory authority in the country in which you live or work where you think we have infringed data protection laws.
Any changes we will make to this policy in the future will be posted on this page. Please check back frequently to see any updates or changes to this policy.
Questions, comments and requests regarding this policy are welcomed and should be addressed to firstname.lastname@example.org.
Our registered address is:
PIPO (HK) Limited, Suite 3707-09 37/F, Tower Two Times Square, 1 Matheson Street Causeway Bay, Hong Kong SAR.
If you are located in the EEA, our representative is: PIPO Europe Limited, 10 Earlsfort Terrace, Dublin 2, D02 T380, Ireland.
13. Jurisdiction-specific terms
Some jurisdiction-specific laws contain additional terms, which are set out in this section. If you are a user of our merchants' platforms to which the laws of the jurisdictions set out below apply, the terms set out below apply to you in addition to the terms set out above and, in the event of a conflict, the terms set out below prevail.
Overseas recipients: We take reasonable steps to make sure that third party recipients located outside Australia handle your personal information securely and in accordance with this Policy. However, because we manage personal information on a global basis, we cannot always require these recipients to handle your personal information in a manner consistent with Australian privacy laws. That means if a third party recipient does not handle your personal information in a manner consistent with Australian privacy law, we will not be accountable to you and you will not be able to seek redress under Australian privacy law. By providing us your personal information, you consent to us disclosing your personal information to recipients outside Australia on this basis.
Access: You have the right to access your personal information including information on how we use it and who we share it with. If you believe we hold any other personal information about you, please contact us at email@example.com.
Correction: You have the right to correct your personal information where it is inaccurate. If you believe we hold any inaccurate personal information about you, please contact us at firstname.lastname@example.org.
Your rights: If you have any questions, concerns or complaints in relation to our handling of your personal data, you may contact us at email@example.com. We will respond to let you know who will be handling your matter and when you can expect a further response.
This Policy applies to all users of our merchants' platforms, including California residents. As a California resident, there are certain additional provisions that may apply to you.
To the extent we are processing consumers' payment transactions on behalf of merchants, we are acting as a service provider to that merchant. Such consumers may exercise their rights by contacting the relevant merchant.
To the extent that you have provided information to us as an employee, owner, director, officer, or contractor of a company, partnership, sole proprietorship, non-profit or government agency, the additional provisions that may apply to you as a California resident are more limited.
The following terms used in this section and not otherwise defined have the meanings given to such terms under the California Consumer Privacy Act of 2018 (CCPA): "personal information," and "sale."
No Sales. We do not and have not in the last twelve (12) months sold personal information about you. In the past 12 months we have disclosed for a business purpose the categories of personal information described in section 5 of this policy.
Freedom from Discrimination. You may have the right not to be discriminated against for properly exercising any rights under the CCPA that are applicable to you.
Rights Relating to Direct Marketing. You may be able to request certain details about our disclosure of information about you to third parties for their own direct marketing purposes during the preceding calendar year. This request is free and may be made once a year.
Exercising Your California Privacy Rights. To submit a request, please contact us by email at firstname.lastname@example.org.
You have the right to ask us to access the personal data we hold about you and be provided with certain information about how we use your personal data and who we share it with. You also have the right to ask us to correct your personal data where it is inaccurate or incomplete.
Where you have provided your personal data to us with your consent, you have the right to ask us for a copy of this data in a structured, machine readable format and to ask us to share (port) this data to another data controller.
In certain circumstances, you have the right to ask us to delete the personal data we hold about you:
In addition, you can object to our processing of your personal data based on our legitimate interests and we will no longer process your personal data unless we can demonstrate an overriding legitimate ground.
To exercise any of these rights above, please contact us by email at email@example.com. In addition, you have the right to complain to the Information Commissioner's Office or other applicable data protection supervisory authority.
Please note that these rights are limited, for example, where fulfilling your request would adversely affect other individuals or company trade secrets or intellectual property, where there are overriding public interest reasons or where we are required by law to retain your personal data.
Consent: By enabling the Services through our merchants' platforms, you are accepting and consenting to the practices described in this Policy.
Transfer and Storage of your information: The personal data that we collect from you may be transferred to, and stored at, a destination outside of your country. It may also be processed by staff operating outside your country who work for us, for one of our suppliers or one of our business partners. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this Policy. Please refer to the above sections of "How do we share your personal data" and "Where do we store your personal data" for further details of the collection and storage of your personal data.
Data rights: You have the right to access and review personal data we hold about you, to rectify any personal data held about you that is inaccurate, to request the deletion of personal data held about you, and the right to request the suspension of the processing of your personal data. You can exercise these rights by contacting us by email at firstname.lastname@example.org. You may at any time withdraw your consent previously provided for the collection and processing of your personal data. Please note that if you withdraw your consent, you will not be unable to use the Services through our merchants' platforms as we require your information for the provision of our Services through our merchants' platforms.
Retention of Data: We will retain your information as required under applicable laws. After you have terminated your use of the Services through our merchants' platforms, we may store your information in an aggregated and anonymised format.
Grievances: If you have any questions, concerns or complaints in relation to our handling of your personal data, or about this Policy, please contact us by email at email@example.com.
If you are using the Services in Brazil, the following additional terms apply:
Exercise of data protection rights. Brazilian law provides certain rights to individuals with regard to their personal data. Thus, we seek to ensure transparency and access controls in order to allow users to benefit from the mentioned rights.
We will respond and/or fulfill your requests for the exercise of your rights below, according to the applicable law and when applicable, to the Brazilian General Data Protection Law - LGPD:
Verifying your identity : For your safety and to allow us to make sure that we do not disclose any of your personal data to unauthorized third parties, in order to verify your identity and guarantee the adequate exercise of your rights, we may request specific information and/or documents from you before we can properly respond to a request received concerning your data. All data and documents received from you in the process of responding to your requests will be used for the strict purposes of analyzing your request, authenticating your identity, and finally responding to your request.
Limitations to your rights : In certain situations, we may have legitimate reasons not to comply with some of your requests. For instance, we may choose not to disclose certain information to you when a disclosure could adversely impact our business whenever there is a risk of violation to our trade secrets or intellectual property rights. In addition, we may refrain from complying with a request for erasure when the maintenance of your data is required for complying with legal or regulatory obligations or when such maintenance is required to protect our rights and interests in case a dispute arises. Whenever this is the case and we are unable to comply with a request you make, we will let you know the reasons why we cannot fulfill your request.
Language. The Policy may have been prepared in the English language and in the Portuguese language. If you are a user located in Brazil, you shall refer to the Portuguese version, which shall prevail.
Contact : In case of doubt about your privacy, your rights or how to exercise them, please contact us through the form "Contact". If you have any questions about the processing of your personal data, we would like to clarify them.
DPO : If you wish to reach the PIPO's Data Protection Officer, contact us at: firstname.lastname@example.org
If you are using the Services in Indonesia, the following additional terms apply:
Language. In compliance with any applicable law to the extent that the applicable law requires that the Policy is to be made in a local language (for example Indonesian language), the Policy is made in an English language version and an Indonesian language version. If there is any inconsistency between the English language version and the Indonesian language version of the Policy, the English language version shall prevail, and the Indonesian language version is deemed to be automatically amended (with effect from the last updated date of the Policy) to make the relevant part of the Indonesian language version consistent with the relevant part of the English language version.
Contact. Questions, comments and requests regarding this Policy should be addressed to email@example.com.