Blog

Mexico

PRIVACY POLICY PAYRETAILERS GROUP

PayRetailers Group S.A de C.V, (PayRetailers), with address at 405 Sierra Mojada Street, 3rd floor, office 1, Colonia Lomas de Chapultepec, C.P 11000 Miguel Hidalgo Mayor’s Office, Mexico City, is responsible for the use and protection of your personal data, and in accordance with the Federal Law on the Protection of Personal Data in Possession of Private Parties (LFPDPPP by its acronym in Spanish) we inform you of the following:

When you are acting on behalf of a business entity, we will refer to you as a representative.

When you do business with a business entity, but do not do business directly with PayRetailers, we refer to you as an end customer.

Where you act as a PayRetailers service provider, we will refer to you as a provider.

Consent

By accepting this Privacy Notice, you are expressly consenting to the use of your personal data for the exclusive purposes defined in this document.

The use of your provided data includes storage, understood as the storage in a register or in a database, by our own means or provided by third parties; and processing, understood as any operation, whether automated or not, that allows the collection, storage, recording, organization, processing, selection, extraction, comparison, interconnection, dissociation, communication, assignment, transfer, transmission, or cancellation of personal data.

Declaration

It is hereby noted that, to comply with this Privacy Notice, at the time of accepting it you must be of legal age and that the data provided are correct and truthful. If you request a change, please inform us as soon as possible in accordance with the procedure set out below.

Nowhere on the website do we knowingly collect personal data or information from persons under the age of 18.

What personal data will we use, how do we collect it and for what purposes?

1. Representative

Payretailers, in its capacity as data controller, will collect the following information through the Payretailers website, by email and by any other means that we make available to you:

  • General personal data: Full name, nationality, email, current personal identification, Federal Taxpayer Registry code and/or tax identification number and/or equivalent, telephone number, employment data, among others of the same category.
  • No sensitive personal data will be collected.

The personal data we collect from you will be used for the following primary purposes, which are necessary for the service you are requesting:

  • i) Creation of an account on the PayRetailers website;
  • ii) Onboarding process, including the review and approval of the Compliance area based on PayRetailers’ internal policies;
  • iii) Generate the necessary documentation to finalize the business relationship;
  • iv) Provide you with the contracted services;
  • v) Take steps to keep your personal data and legal documentation of your company up to date;
  • vi) To make clarifications for the prevention of money laundering, detect fraud or illicit acts against you or PayRetailers;
  • vii) Conduct legal reviews and due diligence;
  • viii) Communicate with you in order to fulfill our obligations under the terms of service;
  • ix) Carry out all types of analysis to improve the services offered by PayRetailers;
  • x) Marketing, advertising or commercial prospecting purposes with respect to the services we offer, our own or those of third parties;
  • xi) Conduct service surveys, with the aim of evaluating and improving the quality of the products and services we offer; and
  • xii) Comply with the legal obligations of PayRetailers.

2. End customer

PayRetailers provides its services to commercial entities, which directly or indirectly provide us with personal data of end customers in relation to the entities’ own commercial activities. When we act as a data processor, we process personal data in accordance with the terms and conditions of our agreement with that entity.

Business entities are responsible for ensuring the privacy rights of their end customers, including ensuring proper disclosure of data collection and processing that occurs in connection with the Services. If you are an end customer, please refer to the business entity’s privacy policy for information on the processing of your data.

Personal data that the business entity provides to us directly or indirectly from you, through our programming interface, email, or through the means designated by the business entity, includes the following:

  • Personal identification data: Full name, email, telephone number, address, official identification, among others of the same category.
  • Transaction data: date, amount, payment method, country where it was made, status, among others in the same category.
  • No sensitive personal data is submitted.

The personal data submitted to us in our capacity as data processor will be used for the following purposes:

  • i) Verify and confirm your identity;
  • ii) Transaction processing;
  • iii) To make clarifications for the prevention of money laundering, detect fraud or illicit acts against you or PayRetailers;
  • iv) Respond to complaints, claims and suggestions sent to PayRetailers; and
  • v) Comply with the legal obligations of PayRetailers.

We will not send commercial communications without your consent.

3. Supplier

PayRetailers will collect the following information via email and any other means we make available to you:

  • Personal identification and contact data: Full name, nationality, email, official identification, telephone number, employment data, among others of the same category.
  • No sensitive personal data will be collected.

The personal data we collect from you will be used for the following primary purposes, which are necessary to formalize the contractual relationship:

  • i) Verify and confirm your identity;
  • ii) Onboarding process, including the review and approval of the Compliance area based on PayRetailers’ internal policies;
  • iii) Generate the necessary documentation to finalize the business relationship;
  • iv) Manage the corresponding payments;
  • v) Conduct legal reviews and due diligence; and
  • vi) Comply with the legal obligations of PayRetailers.

Legal basis for processing

For the processing of personal data, PayRetailers starts from the following legal bases:

  • a. Contractual and pre-contractual business relationships: We process personal data for the purpose of entering business relationships with potential business entities and to fulfill the respective contractual obligations we have with such entities.
  • b. Legitimate business interests: In accordance with applicable law, we process the data for the purposes of complying with PayRetailers’ legal obligations, such as the prevention and clarification of fraud, as well as the provision of our services to such entities.
  • c. Consent. Based on the consent you provide to us to process your personal data in your capacity as a representative of a business entity.

How long do we store your personal data?

We will keep your data only for the period strictly necessary for the respective purposes of the processing or for the legal period.

To whom do we transfer your data?

PayRetailers shares your data with other entities of the PayRetailers corporate group that operate under the same standards, processes and/or internal policies under which Payretailers operates, for the comprehensive fulfillment of the services we offer.

In addition, PayRetailers shares your data, through referrals, to persons who are data processors, such as service providers or business partners with whom PayRetailers has a legal relationship. PayRetailers verifies that such service providers or business partners comply with the same data protection standards as PayRetailers.

We inform you that PayRetailers does not transfer data to third parties, except in exceptional cases that do not require your consent, provided for in the applicable legislation, such as those necessary or legally required for the safeguarding of a public interest, or for the prosecution or administration of justice.

International Data Transfer
Your personal data may be stored outside of Mexico by our suppliers or service providers or by companies of the PayRetailers Group for the purposes described in this privacy notice.

Your personal data eventually transferred to other countries will be treated with the same level of protection, in compliance with the guarantees required by applicable legislation and under the security policies of PayRetailers.

How can you exercise your privacy rights?

As a representative, you have the right to know what personal data we hold about you, what we use it for and the terms of our use of it (Access). It is also your right to request the correction of your personal information if it is outdated, inaccurate or incomplete (Rectification); that we delete it from our records or databases when we believe that it is not being used properly (Cancellation); as well as to oppose the use of your personal data for specific purposes (Opposition). These rights are known as ARCO rights.

You may also revoke your consent, if any, to the processing of your personal data. You should consider that, for certain purposes, the revocation of your consent will mean that we will not be able to continue providing you with the service you requested, or the termination of your relationship with PayRetailers.

To exercise any of the ARCO rights or revocation, you must send a request to the email address privacy@payretailers.com, which must comply with the following requirements and documents:

  • 1. Full name of the Owner;
  • 2. Copy of the document proving your identity on both sides;
  • 3. In the event that the Owner appears through a legal representative, the latter must also show, by the same means, the documents that prove the legal representation (i.e. simple power of attorney signed by the Owner, the attorney-in-fact and two witnesses, accompanied by a copy of the identifications of the attorney-in-fact and the two witnesses);
  • 4. Clear and precise description of the personal data in respect of which any of the ARCO rights are sought to be exercised.

Requests to exercise ARCO rights will be dealt with within a period of no more than 20 (twenty) business days from the date on which the request was received. If your request is admissible, it will be effective within 15 (fifteen) business days following the date on which PayRetailers communicates the response.

In the event that the information provided in your application is erroneous or insufficient, or the necessary documents to prove your identity or legal representation are not attached, you will be required within 5 (five) business days of receipt of your request, to correct the deficiencies. This request must be addressed by you within 10 (ten) business days of receipt, otherwise your request will be deemed not to have been submitted.

Requests will be handled by the data protection officer at Calle piso 3, oficina 1, Colonia Lomas de Chapultepec, C.P 11000 Miguel Hidalgo, Mexico City, who can be contacted at the email address privacy@payretailers.com

Security of personal data

PayRetailers has implemented technical and organizational security measures to prevent the loss, theft, modification and/or unauthorized access to your personal data, such as access controls, minimization of the number of people accessing the data, implementation of cybersecurity tools such as firewalls, antivirus, among others.

Our website also has a Secure Sockets Layer (SSL) security certificate, which encrypts the information you enter to keep it confidential.

How can you find out about changes to this privacy notice?

This privacy notice may be modified, changed, or updated as a result of new legal requirements; our own needs for the products or services we offer; our privacy practices; changes in our business model, or for other reasons.

The procedure through which notifications about changes or updates will be carried out will be by means of an information notice on our website, by email or any other technological means available at the time.

Last updated: April 2024