inpay logo inpay logo

Privacy Policy

Updated August 23, 2023

 

This website is provided and controlled by Inpay A/S, Toldbodgade 55 B, 1253 K Copenhagen, Denmark (“Inpay”).

 

Who are we and how to contact us?

Inpay is a cross-border payment solutions provider making the flow of global payments easier, more cost-effective, and faster.

Privacy is very important to us, and we take great care to keep the trust of our customers and users of our services when processing personal data.

Please find below our privacy policy regarding our procession of personal data, cf. Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of personal data.

If you wish to exercise your rights as described below or have any questions regarding our processing of your personal data or this data protection policy, you may always contact us at:

Inpay A/S
Company registration no. (CVR) 32 31 77 31
Toldbodgade 55B, 6.
DK-1253 Copenhagen,
E-mail: [email protected]
Phone: +45 88 61 06 00

 

On whom do we process personal data?

We process data on individual payers and payees that are necessary to carry out payments. Payers and payees are end-users who respectively request a payment or are beneficiaries to a payment, and they are customers of Inpay’s business customers (Merchants).

We also process data on users employed with our Merchants who make use of any of Inpay’s services, and likewise we process data on users employed with any suppliers to our business customers, who on behalf of these make use of Inpay’s services.

Furthermore, we process data on subscribers to our newsletter and on users of our website as well as on contact persons at contractors, customers, suppliers, and partners in order to provide our services and manage our organization.

How do we collect personal data?
We collect data during the interaction between the data subjects listed above and our business when we provide our services, thus when we facilitate payments requested by our Merchants and when we otherwise provide services requested by our Merchants.

Data may also be collected through third-parties and providers, such as intermediary payments service providers, as well as during events we organise or take part in, and other business initiatives (including partner promotions and communications).

 

What personal data do we collect and process?

1.1 Payers and payees (end-users who are customers with our Merchants):

Profile and account login information (if the payer uses our application such as PostalPay): Full name, e-mail address and, when applicable, hashed password and face-ID used for authentication and access control.

Payment information: Full name, email address, physical addresses, bank account number, IBAN, SWIFT code and payment preferences and supplemental documentation required in order for Inpay to fulfil our obligations following from anti-money laundering obligations, such as a copy of payers’ government-issued identification card, personal bank statements or other documentation serving as proof of identity or valid address.

1.2 Users employed with our customers:

Account login information: E-mail address and, when applicable, hashed password or other information used for authentication and access control.

Contact information: Full name, title, company name, e-mail and phone number, role, and any additional (non-sensitive) information submitted by our customer’s employees or their organization.

Platform usage information: technical usage data, such as user agent, IP addresses, device data (like type, OS, device id, browser version, geolocation and language settings used), connectivity data, activity logs, session recordings, and the cookies installed or utilised on the Customer’s User’s device; and

Identification Information: Supplemental documentation that may be required by Inpay as part of our obligations following from applicable anti-money laundering legislation. This may include documentation to verify the identity of our customer’s directors, officers, or owners (who may be Customer’s Users), such as a copy of a government-issued identification card, personal bank statements or other documentation serving as proof of identity or valid address.

1.3 Supplier Data:

Account login information: E-mail address and, when applicable, hashed password or other information used for authentication and access control.

Contact information: Full name, title, company name, e-mail and phone number, role, department, and any additional (non-sensitive) information submitted by the suppliers’ employees or their organization.

Platform usage information: Technical usage data, such as user agent, IP addresses, device data (like type, OS, device id, browser version, geolocation and language settings used), connectivity data, activity logs, session recordings, and the cookies installed or utilized on the Payee User’s device.

1.4 Users of our website and applications:

Technical and aggregated usage data, such as user agent, IP addresses, device data (like type, OS, device id, browser version, geolocation and language settings used), connectivity data, activity logs, session recordings, and the cookies and pixels installed or utilized on our Sites or your device.

 

Our legal basis for processing personal data

We process personal data to pursue our legitimate interest in managing our business – including being able to handle contracts, develop and market our services and fulfil our obligations following from among other applicable financial regulation, legislation on anti-money laundering and regulation on accounting.

The information will also be used to market your trade inquiry / posting in the market through social media and similar sources, and the processing may further include gathering of usage data, user statistics, and price analysis in order for us to improve our website (cookies).

You can read more about our cookie policy here.

Based on your consent, we may send you e-mails with commercial content. You can always withdraw you consent by using the link integrated in the mails.

Our legal basis for processing personal data is thus the following articles in the general data protection regulation:

· Article 6 (1), litra a, according to which personal data may be processed with express consent.

· Article 6 (1), litra b, according to which personal data may be processed if this is necessary to fulfil a contract.

· Article 6 (1), litra c, according to which personal data may be processed if this is necessary to comply with a legal obligation.

· Article 6 (1), litra f, according to which personal data may be processed if this is necessary to pursue a legitimate interest, unless such interests are overridden the interests of the data subject to not have the data processed.

Note: Because we process data partly on basis of article 6 (1) litra f, (legitimate interests) you may in certain cases object to our otherwise lawful processing of your personal data if you find that your interests in not having your data processed exceeds our legitimate interests in processing your data, cf. article 21 of the general data protection regulation. See further below (point 10) on you rights under the data protection regulation.

 

Recipients of personal data

We engage with intermediary payment services when conducting payments. We also engage with service providers or contractors who support the operation of our business.

Such service providers or contractors include hosting and server co-location services, communications and content delivery networks, internet service providers, operating systems and platforms, data analytics services, web analytics, marketing and advertising services, data and cyber security services, fraud detection and prevention services as well as banks, financial institutions, credit bureaus, collection agencies, customer engagement services, billing and payment processing services.

Furthermore, we use companies that provide background checking services for KYC regarding anti-money laundering efforts, and for our business we also make use of legal, tax, financial and compliance advisors. These Service Providers may have access to your Personal Data, depending on each of their specific roles and purposes in facilitating, supporting, and enhancing our Services, and may only use it for such purposes.

In exceptional circumstances, we may disclose or allow government and law enforcement officials access to personal data in response to a subpoena, search warrant or court order (or similar requirement), or in compliance with applicable laws and regulations. All such disclosure requests will be reviewed by Inpay to determine to what extent, if any, Inpay is required to comply with such request.

 

Processing outside of the EU/EEA

We may use service providers and have partners outside of the EU/EEA. This means that your data may be transferred and processed outside of the EU/EEA. We do however take great care to ensure that this is only done if the appropriate safeguards are in place.

If data is transferred to a country outside EU/EEA, and if the country in question has not been approved by the European Commission as providing adequate protection (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_da), our transfers will be based on standard contractual clauses also approved by the European Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en

 

Storage period

We retain personal data for as long as it is reasonably necessary to achieve our stated purpose. E.g. to provide our services, to comply with contractual obligations, or as required for proper log-keeping, records and bookkeeping, and in order to have proof and evidence concerning our relationship, should any legal issues arise following your discontinuance of use).

As a general rule, personal data is retained for no longer than at the end of the calendar year 3 years after our business relationship with said customer has ended.

Data is however also retained in accordance with applicable laws and regulations – namely regulation on anti-money laundering that require us to retain customer and payer data obtain to provide proper due diligence and KYC for 5 years.

Any data processing based on your consent will however be deleted if you withdraw your consent.

If you have any questions about our data retention policy, please contact us by e-mail at [email protected]

 

Security measures

Inpay – and our service providers – have implemented technical security measures to ensure data protection in all contexts. We have supplemented the technical safety measures with organizational measures carrying out internal training and internal instructions to our employees which are regularly followed up. We have also ensured contract based instructions to our data processors regarding necessary security measures.

Your rights under the data protection regulation
Under the General Data Protection Regulation, you have a number of rights in relation to our processing of information about you. If you want to exercise your rights, you may always contact us at:

Inpay A/S
Company registration no. (CVR) 32 31 77 31
Toldbodgade 55B, 6.
DK-1253 Copenhagen,
E-mail: [email protected]
Phone: +45 88 61 06 00

You may at any time withdraw your consent at which point we will cease to process your data. A withdrawal will, however, not affect any processing based on the consent before your withdrawal and will neither affect processing performed on any other lawful basis.

You have a right to gain access to the information that we process about you and some further information, and you have a right to have any incorrect information about you corrected.

In certain cases, you may also ask to have information about you erased prior to the scheduled date in accordance with Inpay’s policies for timely erasure of data.

You may further in certain cases ask to have the processing of your personal data restricted. If you have a right to have the processing restricted, we may (except for storage) only process the information in question with your consent or for the purpose of determining, relying on or defending a legal claim or to protect a person or vital public interests.

Because we process your data partly on basis of article 6 (1) litra f, (legitimate interests) you may in certain cases also object to our otherwise lawful processing of your personal data if you find that your interests in not having your data processed exceeds our legitimate interests in processing your data.

Finally, you have the right to make a complaint about our processing of your personal data to the Danish Data Protection Agency (Datatilsynet): https://www.datatilsynet.dk/english/file-a-complaint