Payloco Privacy Policy

"User" – broadly defined in Section 1.1, including merchants, individuals associated with merchants, payment service providers, and website visitors, i.e., all entities interacting with or using the Payloco platform, including end consumers making payments.

"End User" – refers to the final consumer of the goods or services provided by our merchants.

'Customer' – defined in the introduction as "our customers (also referred to as 'merchants')." This indicates that "customers" primarily refer to merchants or commercial entities that use Payloco's payment-related technical services, typically those with whom we have entered into a cooperation agreement.

Introduction

Payloco is operated by PLO Technology US Limited and its affiliates (hereinafter referred to as "Payloco", "we" or "us") and is committed to providing payment-related technology services (hereinafter referred to as "Services") to our customers (also referred to as "Merchants").

This Privacy Policy details how we collect, use, store, share and protect your personal information, as well as how you can exercise your rights. Your trust is important to us, and we are committed to complying with all applicable laws and regulations. We understand how important your personal information is to you and will take all reasonable steps to protect your privacy. Please read and understand this Privacy Policy carefully before using the Payloco platform or services. Once you start using the platform or services, it means that you have fully understood and agreed to this policy. Our data processing obligations vary depending on where you are located, and some obligations may not apply in your location due to legal requirements.

1. How we collect and use your personal information

We only collect personal information necessary to provide our services, fulfill our legal obligations, and improve user experience. We are committed to clearly and transparently explaining the specific purpose of each type of data collection.

1.1 Whose information do we collect?

Payloco may process the personal information of the following categories of individuals when providing Payloco services:

Merchants, or any other individual employed by or associated with a Merchant;
Your payment service providers and other service providers, or individuals employed by or associated with such organizations who assist us in providing the Services;
Visitors who log in or use our website https://www.payloco.com/.

In this Privacy Policy, we refer to the above individuals collectively as "you" or "user".

1.2 How do we use your personal information?

We use Personal Information collected through our Website or Services for a variety of business purposes described below. We process your personal information for these purposes, relying on our legitimate business interests, in order to contact you, to enter into or perform a contract with you, with your consent, and/or for compliance with our legal obligations. If you choose not to provide information, we may not be able to provide you with services or the quality of the services you receive may be affected. We indicate the specific processing grounds we rely on next to each purpose listed below.

Information Category	Specific information type	Scene of usage	Business Purpose
Information you directly provide
Identity Information	Personal basic information : Name, email address, telephone number, address, date of birth, nationality.	Users fill in this information when registering an account or applying for specific services; and provide it when contacting customer service.	- Account creation and management: Used to verify Merchants identity, create, maintain and manage your account, and provide basic services. - Compliance requirements (KYC/AML): Fulfill Know Your Customer (KYC) and Anti-Money Laundering (AML) legal obligations, ensure that users of our services are legitimate and identifiable entities, and prevent fraud and identity theft. - User Communication: Used to send you account-related notifications, transaction reminders, security alerts, and customer support communications. - Provide services: Necessary information for providing payment, remittance, currency exchange and other services. - Dispute Resolution: To handle your complaints, disputes or refund requests.
	Identification Document : Number and copy of government-issued identification document (e.g., passport, ID card, driver's license); facial recognition or biometric data.	Mandatory user identity verification (e.g., when registering an account, making large transactions, or opening specific financial services in accordance with KYC requirements).	- Compliance requirements (KYC/AML): Strictly fulfill legal obligations and verify the authenticity, legitimacy and uniqueness of user identities to prevent fraud, money laundering and terrorist financing activities. - Enhanced Security: Ensure that only legitimate users can access and use your account and funds, preventing unauthorized access. - Account Recovery: Used to verify your identity to assist with account recovery if your account is lost or stolen.
	Business / Business Information : Company name, registered address, unified social credit code /EIN, etc., name of legal person, copy of business license, actual controller information, bank account opening information, business scope and qualifications.	Merchants / corporate customers provide this information when they register and apply to become our partners; and we collect this information during merchant due diligence (DD) and ongoing monitoring.	- Merchant access and management: Assess the merchant's legality, operational compliance, and risk level to ensure compliance with AML/KYC requirements. - Performance of the contract: As a prerequisite to providing payment processing services, ensure that the service agreement is signed with a legitimate entity. - Risk Control: Identify and manage business risks, fraud risks and compliance risks associated with merchants to protect the interests of the platform and users.
Financial Information	Bank Account Information : Including account type, account region, account currency, opening bank, SWIFT/BIC code, ABA and other local codes, account name, bank card number and payee's detailed address, mobile phone number/email address (optional), zip code (optional).	and receive bank transfer payments	- Transaction processing and settlement - Compliance requirements (AML/CFT): Fulfill regulatory obligations to trace fund flows, verify sources, and report suspicious transactions. - Risk Management: Identify fraud risks and money laundering patterns associated with specific bank accounts to ensure the legitimacy and security of transactions. - Customer Service: Process user requests related to finance, such as refunds, disputes, and inquiries. - Transaction routing and matching: Identify payment card types so that transactions can be properly routed to the appropriate card scheme and issuing bank. - Risk Management and Fraud Prevention: Perform initial risk assessment to identify potentially fraudulent transaction patterns (e.g. card transactions from high-risk regions), but we do not directly store your full card number, expiry date or CVV/CVC. These sensitive data are directly processed by payment institutions or banks that comply with PCI DSS standards.
Trading Information	All transaction details : Transaction amount, currency, transaction time, transaction type (such as payment, remittance, currency exchange, top-up, withdrawal), transaction status (successful / failed / pending / refund / rejection), transaction reference number / order number, transaction purpose / description.	When a user initiates, executes or completes any payment or financial service through our platform.	- Core business operations: Fulfill contractual obligations, process and complete users' payment, remittance, exchange and other transaction instructions, and ensure the accurate flow of funds. - Record keeping and reconciliation: Provide you with detailed transaction records for your convenience in query and management; conduct internal financial reconciliation and external settlement reconciliation to ensure the accuracy of capital flow. - Compliance Monitoring: Fulfill AML/CFT monitoring obligations, automatically or manually identify suspicious transaction patterns (such as unusual transaction amounts, frequencies or patterns), and make necessary reports. - Customer Service and Dispute Resolution: Used to handle transaction-related inquiries, refunds, chargebacks, disputes and disputes, and provide evidence support.
	Counterparty Information : Recipient's name, recipient's bank / account information (for remittance and transfer services).	a user initiates a cross-border remittance, P2P transfer or specific commercial payment.	- Transaction completed: Ensure that funds are accurately transferred to the designated recipient. - Compliance Tracking: Meet AML/CFT requirements for cross-border transactions and track the ultimate beneficiaries and sources of funds.
	Settlement information : Settlement batches, amounts, dates with banks / card schemes / payment networks; records of our settlements with your merchants.	banks and card organizations settle accounts with us on a regular basis, and when we make periodic settlements with your merchants.	- Financial management and liquidation: Ensure the accuracy of fund flows with all partners and complete the clearing and allocation of funds. - Internal Audit and Reporting: Support internal financial audits and generate regulatory reports and financial statements.
Information Collected Automatically
Equipment and Network Information	Equipment Information : Device model, operating system version, unique device identifier (UDID), IMEI, MAC address, etc. Network information : IP address, network type, operator information, browser type and language settings, service provider name.	users visit our website or app, initiate transactions, or use services.	- Security and Fraud Prevention: Detect abnormal logins, suspicious devices or network environments, identify and prevent fraud, and protect the security of your accounts and transactions. - Service Optimization: Ensure the compatibility of services on different devices and network environments to enhance user experience. - Data Analysis: Understand user behavior patterns to optimize and improve products and services, such as understanding which device types are most popular.
Equipment and Network Information	Location Information : (with your consent) precise geographical locations data.	users use our services through a mobile device and have granted location permission.	- Risk assessment: Detect unusual transaction geographical locations to enhance fraud detection capabilities. - Compliance requirements: Satisfy certain regional regulatory requirements for transaction location information. - Personalized service: Provide location-based offers or service recommendations.
Usage behavior information	Usage mode and duration: The frequency and duration of your use of our services, the pages you visit, the buttons you click, and the order in which you use features.	Automatically record when users interact with our websites and apps.	- Product Improvement: Analyze user behavior patterns, identify popular features and areas for improvement, and optimize user experience and product design. - Troubleshooting: Assist in identifying and resolving system failures or errors. - Marketing and referrals(to the extent permitted by law) : Based on your usage preferences, recommend services or features that may interest you.
Other Information	Communication records : The content of your communications with our customer service team (such as phone recordings, emails, and online chat records).	When users contact customer service for consultation, complaints, or help.	- Customer Service: Solve user problems, provide support, and improve service quality. - Internal training and quality control: Evaluate customer service performance, optimize training content, and ensure service standards. - Compliance and Dispute Resolution: Maintain records in case of dispute resolution, legal proceedings or regulatory audits.
Other Information	Information available to the public: Information about you or your company obtained through public channels, such as government filings, media reports, blacklist inquiries, etc.	Conduct KYC/AML due diligence and risk assessment.	- Compliance requirements: Fulfill AML/CFT due diligence obligations and enhance KYC verification. - Risk Management: Assess potential risks, such as sanctions risk or reputation risk.

1.3 Information Sources

We process the personal information you provide us in the following ways:

When you make or receive payments from merchants using the Payloco service
When you inquire about our Payloco services or interact on our website
When you interact with us by phone, email and other electronic communications
When you attend our events or those of third-party partners or sign up to receive our publications
When we register you as a merchant and interact with you on our Services
When you provide services to us or seek to provide such services

We may also process your personal information from third party sources which is necessary to provide the Payloco services. We may obtain this information from your organization, publicly available sources or third parties, as appropriate:

Partner financial institutions and payment networks: When you initiate a payment through our platform, the bank, card association (such as Visa, Mastercard) or payment network will provide us with transaction-related status information (such as transaction success/failure), which is necessary to provide Payloco services;
Third parties, such as government agencies, information service providers or public records, for due diligence and other legally required compliance checks, such as those related to Know Your Customer (KYC), Anti-Money Laundering (AML) and Specially Designated Lists, where permitted by law, in order to perform our services
Merchants: When you use our payment services as an end consumer, our Merchants may provide us with your order information and some contact information (such as phone number, email) so that we can process payments and provide customer service.

Important: We are not responsible for the independent privacy or security practices of Merchants or any other third parties, which may differ from those described in this Privacy Policy. If your personal information was submitted to us by or on behalf of a merchant (if you are an end user) and you wish to exercise any of your rights under applicable data protection laws (such as access, correction, deletion, etc.), please contact that merchant directly. We will assist merchants in fulfilling their obligations regarding end-user data protection rights to the extent permitted by law.

We may provide links to other websites or resources provided by third parties. These links are provided for your convenience only. We have no control over the contents of those sites or resources, and accept no responsibility for them or for any loss or damage that may arise from your use of them. If you decide to access third-party links on the Website, you do so entirely at your own risk and subject to the terms and conditions of those websites.

1.4 Sensitive Information

Please do not provide us with any sensitive information (including: e-wallet password, credit card password, race or ethnic origin, political opinions, religious beliefs, health status, sexual orientation, criminal record, etc.) unless such information is required for legal compliance checks (such as KYC/AML).

2. Legal Basis for Our Collection of Information

We collect and process your personal information based on the following legal bases:

Necessity for performance of contract: We process your personal information to fulfill the service agreement between you and us, such as completing payment transactions, providing account management services, etc.
Comply with legal obligations: As a regulated financial institution, we must comply with Anti-Money Laundering (AML), Know Your Customer (KYC), Counter-Terrorism Financing (CFT) and other relevant laws and regulations, which requires us to collect and retain certain personal information.
Your consent: For certain non-mandatory features or features that require your authorization (receiving marketing emails, collecting specific device permissions), we will obtain your explicit consent in advance, or reasonably regard it as implied consent based on your active behavior. You have the right to withdraw your consent at any time, but the withdrawal of consent will not affect the lawful processing based on consent before its withdrawal.
Legitimate Interests: We may process your personal information based on our legitimate business interests, such as improving our products and services, performing risk management and fraud prevention, and conducting internal analysis and auditing, provided these interests do not override your data protection rights.

3. How we share, transfer, and publicly disclose your personal information

We attach great importance to the protection of your personal information and promise not to sell your personal information. We only share, transfer or publicly disclose your personal information in the following circumstances:

3.1 Sharing

We may share your personal information with the following third parties, but only to the extent necessary to achieve the above purposes:

Partner financial institutions and payment networks: In order to complete your payment transactions, we must share necessary transaction and account information with banks, card associations (such as Visa, Mastercard), clearing institutions, payment networks, other payment service providers and remittance agencies. These shares are the core links to realize your payment instructions.
Service Providers/Data Processors: We may entrust third-party service providers to assist us in providing services, such as cloud storage service providers, data analysis service providers, technical support service providers, SMS service providers, anti-fraud service providers, customer relationship management (CRM) service providers, etc. These service providers are bound by strict contracts to process your information only in accordance with our instructions and are required to implement adequate security measures to protect your data.
Affiliates: Your information may be shared among our affiliates to provide unified services, conduct internal management and risk control. We promise that all our affiliates will abide by the provisions of this Privacy Policy.
Third-party verification services: For KYC/AML verification, we may share your identity information with professional identity verification service providers to cross-check and verify the authenticity of the information you provide.
Partners (with your consent): In some cases, if you give us your explicit consent, we may share your information with our business partners so that they can provide products or services that may be of interest to you.

3.2 Transfer

We may transfer your personal information in the following circumstances:

Change of corporate control: In corporate transactions such as mergers, acquisitions, asset sales, reorganizations, bankruptcy liquidations, etc., your information may be transferred as part of the transaction. When personal information is transferred, we will ensure that the new holder continues to be bound by this Privacy Policy, or require it to obtain your authorization and consent again.
Legal requirements: We may need to transfer your personal information in accordance with laws, regulations, judicial proceedings or government mandatory requirements.

3.3 Public Disclosure

We will only disclose your personal information publicly in the following circumstances:

Obtain your explicit consent: With your explicit consent, we may publicly disclose the information you specify.
Legal and regulatory requirements: We may disclose your personal information publicly when we believe it is necessary to comply with laws, regulations, judicial procedures, government mandatory requirements, or to safeguard the public interest or protect the legitimate rights and interests of us or our users or partners, such as reporting suspicious transactions to regulators or providing information pursuant to court orders.

4. How do you store your personal information?

We will retain your personal information for the period necessary to achieve the purpose of collection or as required by laws and regulations. The specific retention period depends on the type of information and the legal obligations:

Compliance requirements: We must comply with anti-money laundering (AML) and counter-terrorism financing (CFT) laws, which generally require us to retain transaction records and identity verification information for at least 5 years, and may require longer retention in some jurisdictions. Even if you terminate our service, this information may need to be retained to fulfill our legal obligations.
Service provision: To ensure that you can use our services normally, your account information, transaction records, etc. will be retained throughout the period of your use of the services.
Dispute Resolution: To resolve potential disputes, conflicts or audit needs, relevant information may be retained during the statute of limitations.

After the above retention period, we will securely destroy, delete, or anonymize your personal information so that it can no longer be associated with you.

5. How we use cookies and similar technologies

We or our third-party partners may use cookies, web beacons, pixel tags and other similar technologies to collect and store your information. We will ask for your permission when we use these technologies.

5.1 What are Cookies?

A cookie is a small data file that is stored on your computer or mobile device when you visit a website or application. It enables the website to "remember" your actions or preferences (such as login status, language settings, shopping cart contents) so that it can provide more convenient services when you visit next time.

5.2 How do we use cookies and similar technologies?

We use cookies and similar technologies primarily for the following purposes:

Necessary Cookies: These cookies are necessary for the operation of our website or application, such as for user login, security authentication, maintaining your session status, and ensuring that you can access and use core functions normally.
Functionality cookies: help us remember your preferences (such as language selection, regional settings) and provide a more personalized user experience.
Performance/Analytical Cookies: These are used to collect anonymous data to analyze traffic and user behavior patterns on our website or application, such as which pages are most popular, so that we can optimize the performance and design of our services.
Advertising/Marketing Cookies: With your consent, we or our third-party partners may use these cookies to deliver ads relevant to your interests, measure advertising effectiveness, or conduct remarketing.
Fraud Prevention and Security: Used to identify and prevent potential fraud and to enhance the security of our Services.

5.3 Your Choices

Most browsers allow you to control cookies. You can modify your browser settings to refuse all or some cookies, or to be alerted when cookies are being sent. But please note that disabling cookies may affect your normal use of certain features of our services. Please refer to your browser's help documentation for specific operations.

6. Marketing Emails

6.1 How do we send marketing emails?

With your explicit consent or certain active actions of yours that can be reasonably regarded as consent, we may send marketing and promotional information to your email address, including but not limited to new product releases, feature updates, special offers or industry information.

6.2 How do I cancel my subscription?

If you no longer wish to receive our marketing emails, you can contact our customer service team at any time and we will assist you in unsubscribing.

Please note that even if you choose to unsubscribe from marketing emails, we may still send you necessary service notifications due to necessary steps to provide services or to comply with legal requirements.

7. Your rights and how to exercise them

In accordance with applicable data protection laws and regulations, you have the following rights with respect to your personal information. We will respect and assist you in exercising these rights:

7.1 Your rights

We attach great importance to your management needs for accessing, correcting/modifying, deleting, etc. of personal information, and will do our best to help you protect your privacy and security.

Right to Know: You have the right to know how we collect, use, store and share your personal information. This Privacy Policy is intended to provide you with comprehensive information.
Right of access: You have the right to obtain a copy of the personal information we hold about you (e.g., your account details, transaction history).
Right to correction/amendment: If you find that the personal information we hold about you is inaccurate or incomplete, you have the right to ask us to correct or supplement it.
Right to erasure (right to be forgotten): Under certain circumstances, you have the right to ask us to delete your personal information. These situations include:
- The personal information is no longer necessary for the purposes for which it was collected or processed.
- You have withdrawn your consent and there is no other lawful basis for the processing to continue.
- You object to the processing and there are no legitimate grounds for the processing that override your rights.
- Personal information has been processed unlawfully.
- Deletion is necessary to comply with a legal obligation.
- Limitations: Please note that the right to erasure is not absolute. We may need to retain certain information due to our legal or regulatory obligations (such as AML/KYC requirements), even if you request deletion. In this case, we will inform you why deletion is not possible.
If you request us to delete the basic account information you provided or withdraw your authorization, you may not be able to continue to use our services. We will inform you that such deletion request will result in account cancellation. If you need to continue to use our services, you will need to re-register for verification.

When you meet the agreed account cancellation conditions and apply to cancel your account, the information in your account will be cleared, and we will no longer collect or use the personal information related to the account. However, we will still (1) preserve the information you provide or generate during the use of the service in accordance with the time limit required by laws, regulations and regulatory requirements and the relevant instructions of this Policy, and cooperate with the inquiries of the competent authorities in accordance with the law during the preservation period, and (2) or preserve it in accordance with the content of your separate authorization and consent.
Right to withdraw consent: For personal information collected and processed based on your consent, you have the right to withdraw your consent at any time. How to exercise: You can withdraw your consent through your account settings or by contacting our customer service. Impact: Withdrawing consent will not affect lawful processing based on consent before its withdrawal. At the same time, withdrawing your consent may result in you being unable to use certain features or services that require such information.
Right to restrict processing: You have the right to ask us to restrict the processing of your personal information under certain circumstances (for example, if you contest the accuracy of the data, or you believe the processing is unlawful). During this time, we may continue to store your information but will limit further processing.
Right to data portability: You have the right to receive the personal information you have provided to us in a structured, commonly used and machine-readable format and to transmit that information to another data controller (where technically feasible).
Right to object: You have the right to object to our processing of your personal information in certain circumstances, in particular where we are processing it based on legitimate interests, unless we can demonstrate overriding legitimate grounds or for the exercise or defence of legal claims.
Right to complain: If you believe that our processing of your personal information is not in compliance with applicable law, you have the right to lodge a complaint with the relevant data protection supervisory authority.

7.2 How to exercise your rights

If you wish to exercise any of the rights set out above, please contact us through the "How to Contact Us" section provided at the end of this Policy.

A Data Protection Officer (DPO) is a person or team within an enterprise who is specifically responsible for overseeing and managing personal data protection matters. You can contact us and ask for the contact details of your local DPO.

To protect the security of your information, you may be required to provide a written request or prove your identity in other ways. We may ask you to verify your identity before processing your request. In principle, we do not charge you for reasonable requests. However, for repeated requests, requests that exceed reasonable limits, and requests that are costly, we will charge a certain amount of cost depending on the circumstances. We may reject requests that are unreasonably repetitive, require excessive technical means, pose risks to the legitimate rights and interests of others, or are extremely impractical. In the following circumstances, we will be unable to respond to your request in accordance with legal regulations and/or regulatory requirements:

Those directly related to the security of relevant countries, regions and fields, and national defense security;
Directly related to public safety, public health, and major public interests;
Directly related to criminal investigation, prosecution, trial and execution of judgment;
There is sufficient evidence that you have subjective malice or abuse of rights;
Responding to your request will cause serious damage to the legitimate rights and interests of you or other individuals or organizations;
Involving commercial secrets.

Please understand that Payloco does not support independent review, correction/modification, or deletion of KYC information. To ensure the consistency and compliance of KYC information, you need to send an email to our customer service email address support@payloco.com or the official personnel who work with you can review, correct/modify or delete it.

8. How do we handle personal information of minors?

Our Services are primarily intended for adults. We will not intentionally collect, use or process the personal information of minors unless we obtain the explicit consent of their parents or legal guardians. By using the Service, you represent that you are at least an adult as defined by local law, or that you are the parent or guardian of such a minor and consent to such minor dependent's use of the Service.

If a minor provides us with personal information without the consent of his or her parents or legal guardians, please have your parents or legal guardians contact us using the contact information at the end of this policy. We will deactivate the account as quickly as possible and take reasonable steps to promptly delete such data from our records.

9. Data Cross-border

By using our Services, you understand and agree that your personal information may be transferred to jurisdictions outside of your country of residence.

We commit to taking all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and all applicable data protection laws. We take the following safeguard measures based on actual conditions:

Standard Contractual Clauses (SCCs): Contractual clauses that comply with regulatory requirements and are signed with data recipients to ensure that they provide the same level of data protection as we do.
Data transfer impact assessment: Before conducting cross-border data transfer, we will conduct necessary data transfer impact assessment to identify and take measures to address potential risks.
Strict contractual arrangements: ensuring that all third-party service providers involved in data transfer are contractually bound to adhere to strict data protection and security protocols and only process data in accordance with our instructions.
Regular Audits: We regularly audit our data transfer practices and third-party service providers to ensure compliance.

10. How we protect your information

We take the security of your personal information very seriously and implement industry-standard physical, technical and administrative security measures to protect your data from unauthorized access, disclosure, use, modification, damage or loss. These measures include, but are not limited to:

Technical measures:
- Data encryption: Encrypt data in transit and sensitive data in storage.
- Access control: Implement strict authentication and authorization mechanisms to ensure that only authorized personnel can access your data when necessary, and record all access logs.
- Firewalls and Intrusion Detection Systems: Deploy multi-layer firewalls and intrusion detection systems to monitor and block unauthorized access attempts.
- Security audits and vulnerability scans: Conduct security audits, penetration tests, and vulnerability scans regularly to promptly identify and fix potential security vulnerabilities.
Management measures:
- Employee Training: Conduct regular data protection and privacy security training for all employees to ensure they understand and comply with internal data protection policies and procedures.
- Data access permission management: strictly limit employees' access permissions to personal information and grant minimal permissions based on division of responsibilities.
- Security incident emergency response: Establish a comprehensive security incident emergency response mechanism to respond quickly, control the impact and take remedial measures once a data leak or security incident occurs.
- Data Protection Officer (DPO): An appointed or designated person responsible for overseeing data protection compliance.
Physical security measures: Implement physical security controls on servers that store personal information, such as access restrictions and video surveillance.

Although we have taken the above comprehensive and strict security measures, please understand that the Internet is not an absolutely secure environment and we cannot guarantee the absolute security of information transmission. We recommend that you keep your account information and passwords safe and be wary of online fraud. If the security of your personal information is at risk, please contact us immediately.

11. Data Breach

If the following personal data is leaked:

Financial information that has not been publicly disclosed;
Personal data that may belong to vulnerable individuals (for example, data concerning minors arrested for crimes);
life, accident and health insurance information that has not been publicly disclosed;
certain medical information, including evaluation and diagnosis of HIV infection;
Information related to adoption matters;
A private key used to authenticate any digitally signed electronic record or transaction;
personal account identification and data for accessing personal accounts; and
Other sensitive data.

or any unauthorized access, collection, use, disclosure, copying, modification or disposal of Personal Data, or any loss of storage media or devices used to store Personal Data,

We will take reasonable and prompt steps to assess whether the data breach requires notification of a data breach, or explain when the assessment actually occurred or how long it will take to complete the assessment if requested by the authorities.

If it is a notifiable event, we will notify the affected individuals within the local notification period, and the notification will include the following information:

Details of the data breach;
the specific circumstances of how we handle data breaches;
Contact information of at least one of our authorized representatives.

12. How this Policy is updated

Revise this Privacy Policy to reflect changes in the way we handle your personal information or updated legal requirements. The most current version of this policy will govern our use of your information. Please check back periodically for any updates or changes. Continued use will be deemed as acceptance of such changes. The date this Privacy Policy was last updated is indicated at the top of this page.

13. How to contact us

If you have any questions, complaints or comments about this Privacy Policy or our privacy practices, or to report any violation of this policy, please contact us at support@payloco.com

After we receive your request, we will respond to your request within a reasonable period of time.

General Terms

These Terms shall be governed by and construed in accordance with the laws of the Hong Kong Special Administrative Region. These terms are general policies. If they conflict with other special policies of Payloco, the special policies shall prevail.

Supplementary Terms

The following additional or revised terms apply to users in designated jurisdictions:

Singapore

Right to data portability: Subject to certain exceptions and conditions, when we receive your request for data transfer (only data related to you), we will transfer the specified applicable data to the organization receiving the data in an appropriate manner.
"No calls": Unless you have given us your consent, we will only send to destination numbers that are not on the DNC registry.

Japan

Agree again: Personal information obtained when inheriting business from other personal information processors due to merger or other reasons must also be processed within the scope necessary for the originally agreed purpose, otherwise consent must be obtained again.
Right to data portability: You can request that your personal data be transferred to another organization in a structured, commonly used and machine-readable format. This applies to data processed with your consent or based on a contract.

South Korea

If you use or access the Service in South Korea, the following Supplemental Terms will apply and will take precedence over any conflicting terms in the Privacy Policy:

After the purpose of processing your personal information has been achieved, your personal information will be transferred to a separate database (if your information is retained in paper form, it will be moved to a separate storage device) and retained for a period of time in accordance with Payloco's internal regulations and other applicable laws and regulations, after which it will be destroyed. Your personal information transferred to a separate database will not be used for other purposes unless required by applicable laws and regulations. When destroying your personal information, we will take reasonable and technically feasible measures to make the personal information irrecoverable. For example, electronic files containing personal information will be permanently deleted using technical methods that render the files irrecoverable, and any other records, printouts, files or any other recording media will be shredded or incinerated.
Right to data portability: You can request that your personal data be transferred to another organization in a structured, commonly used and machine-readable format. This applies to data processed with your consent or based on a contract.

Brazil

Law 13.709/2018 (the Brazilian General Data Protection Law, or "LGPD") provides additional rights to individuals located in Brazil.

In addition to the personal information listed above, we also request your CPF (Brazilian Individual Taxpayer Registry) information to personalize your registration, prevent fraudulent registrations, and assist you with the login and password recovery process when necessary. Once the CPF is linked to a registered account, this number cannot be changed. Your CPF will be used and protected in the same manner as other personal information you provide.

Information of Minors: We do not intentionally collect personal information from children under the age of 18. If you are under 18, please do not use the Payloco service or provide any personal information. If we discover that we have mistakenly collected information about minors, we will delete it immediately.

Data Subject Rights: Under Article 18 of the LGPD, you have the following rights:

Confirmation of the existence of processing activities
View your personal information
Correction of incomplete, inaccurate or outdated information
Anonymize, block or delete the information processed in violation of regulations
Right to portability of personal information
Deletion of information processed based on consent after revocation of consent
Public and private entities informed of information sharing
Understand the possibility and consequences of refusing to provide consent
Right to withdraw consent
The right to lodge a complaint with the National Data Protection Authority (ANPD)

Indonesia

Pursuant to the Personal Data Protection Law ("Law No.27 of 2022 regarding Personal Data Protection", "PDPL"), as long as the processing activities of personal data controllers and processors outside Indonesia have a "legal effect" on the country or any citizen of the country, they are subject to the PDPL. For privacy within this scope, the following provisions shall prevail:

Party consent: Providing third-party personal data requires prior explicit consent from the party concerned
Data sharing: We will not use your information for purposes other than Payloco services without your consent.
Governing Language: This policy is available in English and Indonesian. In case of any discrepancy, the English version shall prevail.
Guardian consent: Users under the age of 21 must obtain the consent of their parents or legal guardians
Waiver Clause: The parties agree to waive the requirement of a court judgment under Article 1266 of the Indonesian Civil Code for termination of the agreement.

the Philippines

The following special terms apply to users in the Philippines:

(Information collection) Supplement: Providing third-party personal information requires prior consent from the party concerned, and ensuring that the party concerned is aware of the terms of this policy
(Information Sharing) Supplement: Our authorized service providers include: local licensed payment service providers, cloud storage providers, anti-money laundering (AML) / know your customer (KYC) check service providers, credit risk reduction and other fraud prevention service providers, as well as financial institutions, credit agencies and regulatory agencies and other similar service providers
(Rights) Supplement: Even if you withdraw your consent, we may continue to process the information in accordance with the law, in particular for the purpose of exercising legal rights or fulfilling legal obligations

Vietnam

Special statement on Vietnam:

In accordance with the Decree on Protection of Personal Data ("PDPD"), we do not:

Selling and purchasing personal data in any form;
Data processing activities do not deviate from or expand the registered and declared purposes