NAYAX – GENERAL PRIVACY POLICY
NAYAX is committed to your right to privacy. Protecting personal data processed in the framework of Nayax’s products and services is a core value of NAYAX, and we take precautions to ensure the protection of personal data as well as the rights and freedoms of data subjects, in accordance with our policies and applicable privacy and data protection legislation.
Nayax group consists of several affiliated companies, incorporated in different jurisdictions around the world, under Nayax Ltd., operating internationally and providing numerous products, services and solutions to our customers.
This Privacy Policy (“Privacy Policy” or “Policy”) described the way in which personal data is collected, processed and transferred by us, in the framework of our various products, services and solutions. This policy is intended to provide data subjects (meaning individuals regarding which personal data is collected and processed) with information regarding their personal data processed by us, their rights in relation to such data, and how they can exercise such rights as well as be in touch with us with any requests or concerns they may have.
As this Policy encompasses different activities, you may need to refer to the specific service or product relevant to you, in order to learn more about the processing of your personal data.
- General Information
- Nayax Cashless Payment and Telemetry Platform
- Visitors to Nayax Websites
- Authorized users of Nayax business customers
- Monyx
- EVmeter
- Weezmo
- Nayax Retail Solutions
- Nayax e-commerce Platform
- Israeli e-commerce website of EVmeter
- Dually
If you are a business partner of Nayax or a merchant working with us, please note that the processing of personal data in the framework of Nayax’s business relationship with you is governed by the Data Protection Agreement (“DPA”) consisting a part of the agreement between you and Nayax. This agreement may also include our Terms and Conditions. Unless a separate specific DPA was executed between you and Nayax, Nayax’s general DPA applicable to your relationship with Nayax can be accessed as follows:
General Information
- What is personal data?
Personal data is any information which identifies or can be reasonably used to identify a natural person. Such data includes for example: first and last name, phone number, email address, unique online identifiers, IP address, billing information and credit card details, etc.As opposed to personal data, non-personal data, or anonymized data, is information which does not identify a specific natural person and cannot reasonably be used for such identification. This type of information includes for example aggregate or statistical data. - Is a data subject legally obligated to provide personal data to Nayax?You are not required by law to interact with Nayax and use any of our services or products. If you choose to use any of our services or products, or if you choose to use or purchase products from merchants who work with us, some of the personal data processed about you is required under applicable laws and standards.For example, when making a payment via credit card in an unattended vending machine using Nayax cashless payment solutions, certain personal data, relating to the credit card being used and its holder, is required under law in order to process the payment. Such information includes the card holder’s name, credit card details, payment amount, etc.
In addition, certain personal data which is not required by law may also be processed in conjunction with Nayax products and services. - Is personal data regarding children collected by Nayax?Nayax’s services and products are not intended to persons under 16 years old or equivalent minimum age for providing consent to processing of Personal Data in the relevant jurisdiction (“Child”). If a parent or guardian becomes aware that his or her Child has provided us with Personal Data without their consent, he or she should contact us immediately. We do not knowingly collect or solicit Personal Data from a Child. If we become aware that a Child has provided us with Personal Data, we will delete such data from our databases.
- What are data subject rights, and how can they be exercised?Data subject rights are rights which data subject have in relation to their personal data. Data subject rights are determined by the relevant legal jurisdiction applicable to the specific circumstances or each data subject.Data subjects’ rights include for example (depending on your jurisdiction and applicable law):
-
- the right to receive a confirmation whether or not we process your personal data;
- the right to access your personal data and receive a copy of the personal data that we hold.
- the right to rectification of your personal data;
- the right to erasure of your personal data.
- the right to restrict processing of your personal data.
- the right to object to processing of your personal data;
- the right to data portability.
- the right to complain to a supervisory authority; and
- the right to withdraw consent to processing of personal data.
To learn more about your data subject rights and how to exercise them, please visit our User Rights Policy.
Please note, in the event we receive a data subject request from a consumer in relation to a purchase made in merchant’s vending machine, we will notify the relevant merchant and refer the consumer to the relevant merchant.
-
- How can data subjects contact Nayax with questions or concerns about privacy and personal data?If you have any questions, concerns or requests in relation to your privacy or personal data, you are welcome to contact us, by sending an email to: privacy@nayax.com.
You may also contact us using the following contact information:NAYAX Ltd.
3 Arik Einstein St., Herzliya 4659071 Israel
+97237694380
EU residents may also contact us by using the following details of our EU entity:
Nayax Europe UAB
Antakalnio 17, LT-10312, Vilnius, Lithuania - With which third parties does NAYAX share personal data?When we process personal data on behalf of customers, vendors or merchants, we share personal data collected in the framework of such services with the relevant customer, vendor or merchant. If you made a purchase as a consumer of goods or services with a certain vendor using our cashless payment services, you should take under consideration that your personal data will be shared with the vendor from which you made the purchase.We also share certain personal data in the framework of processing cashless payments, such as with credit card providers, certain acquirers and credit card clearing services, payment gateways, banks, etc.We share personal data with our service providers, data processors and sub-processors, and with distributors of our services and products. These service providers assist us in operating our services, conducting our business, expanding our business or servicing our customers, and for personalizing user experiences of the services, and include for example fraud prevention, cloud storage services, billing services, marketing, maintenance and technology services.
You can see a list of such third parties available here. While we strive to keep this list current, updated and complete, it is possible that there are additional processors which we have not yet added to the list. If you have any inquiries related to our service providers, please contact us.We may share personal data where required to in order to comply with a legal requirement, for the administration of justice, to protect the vital interests of data subjects or the vital interests of others, to protect the security or integrity of our databases or the services, and to take precautions against legal liability.In the event of a corporate transaction (e.g., sale of a substantial part of our business, merger, consolidation or asset sale), we may share personal data with our affiliated companies or acquiring company, which will assume the rights and obligations as described in this privacy policy.We may also share certain personal data within the Nayax group of companies, where certain affiliated companies provide services to assist others in the provision of our services. For example, Nayax Ltd. headquarters the group’s activities, and may have access to personal data collected by its subsidiaries. - Does NAYAX transfer personal data internationally?Nayax group is an international corporation, operating globally, with offices and data centers in various jurisdictions around the world. Therefore, personal data may be transferred across international borders in the framework of our services, including to Israel, the US and Europe. International transfers of data are done with appropriate measures to ensure that your personal data receives an adequate level of protection as required under applicable law. Further, when Personal Data collected within the EU is transferred outside the EU (and not to a recipient in a country that the European Commission has decided provides adequate protection), it shall be transferred in accordance with the provisions of the GDPR, including, where applicable, under the Standard Contractual Clauses approved by the European Union (if applicable). If you would like to understand more about these arrangements and your rights in connection therewith, please contact us at: privacy@nayax.com.
- Does NAYAX send marketing materials to users?We may send users of the services or users who provided us with their consent with information on new products, features, activities, services and periodic announcements or newsletters. You may opt-out any time from such communications at any time by either: (i) using the “unsubscribe” feature available within the message; or (ii) sending us an email to: privacy@nayax.com.
- How does NAYAX protect personal data?We implement extensive security measures to reduce the risks of damage, loss of information and unauthorized access or misuse of personal data. We implement appropriate data collection, storage and processing practices and security tools to protect personal data against unauthorized access, alteration, disclosure or destruction.You should be aware that no security measures are completely fail-proof, and it is impossible to prevent any and all threats to the security of data and systems. Therefore, you should be aware that any processing of digital personal data holds certain inherent risks, and we cannot guarantee that our services and databases will be immune to any wrongdoings, malfunctions, unauthorized interceptions or access, malware attacks or other kinds of abuse and misuse.
- Previous versions of the Privacy PolicyWe reserve the right to periodically revise or update this Privacy Policy. Any modifications to this Privacy Policy will go into effect upon the publication of the revised Privacy Policy on our Website.We will make a reasonable effort to provide notification in the event that we implement any amendments that substantially change our privacy practices, in the event that we are required to do so under applicable law. We recommend that you periodically review this page to ensure that you understand our privacy practices and to check for any amendments.
- Information for residents of California under the CCPAFor information relevant to residents of California in accordance with the California Consumer Privacy Act, see the following CCPA Notice .
- Data RetentionUnless you or our customer (as the case may be) instruct us otherwise, and subject to applicable laws, we retain the information we collect for as long as needed to provide our services and to comply with our legal obligations, resolve disputes and enforce our agreements, if applicable.
- APPLICABLE LAWSThe provisions included in this Privacy Policy relating to matters that may be regulated under the GDPR or CCPA and therefore will apply only to the processing of personal data (or Personal Information) which is subject to the GDPR or CCPA in accordance with the applicability provisions contained therein.
Nayax Cashless Payment and Telemetry Platform
Nayax processes personal data regarding consumers who purchase goods and services from merchants who use Nayax cashless payment and integrated telemetry systems and solutions. When you make a cashless payment using one of Nayax’s services, certain personal data will be collected and processed about you, as further specified below.
Types of personal data processed | Purposes of processing | For EU persons – Legal Basis under the GDPR |
Please note that if you are using credit card we will retain partial number of your credit card, as required under applicable laws and regulations. When you make a purchase in the merchant’s vending machine, we collect certain data regarding your purchase, such as the machine you purchased from, the products purchased and your shopping history, total payment amount, and your geographical location when using the services.
Consumers using prepaid cards When you pay with prepaid cards while using Nayax services, we may collect and process the following data: your name, email address, and your phone number. If you are an employee using the services in connection with your workplace (e.g. when your employer provides you with prepaid card), we may also receive additional information regarding you and your workplace, through your employer, such details may include your balance on your employment card/prepaid card. e Receipt Consumers In the event you registered to an eReceipt service offered by Nayax, we will collect additional information about you, such as your email address, name, and address.
|
To provide our customers with the services they subscribed to and process personal data on their behalf.
To enable consumers to make cashless payments for goods and services offered by the merchants via our services (i.e. payment solutions such as the VPOS and other products). To resolve any disputes, communicate with customers and consumers regarding customer service and support issues, and to respond to questions or comments and help resolve any problems. To prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts and other misuses of services, to protect the security or integrity of our databases, websites and services, and to take precautions against legal liability.
|
|
Visitors to Nayax Websites, Job Candidates, Contacting Us and Marketing
Nayax group operates various websites, including:
Do Not Track Disclosure – Our websites do not respond to Do Not Track signals. For more information about Do Not Track signals, please see: http://www.allaboutdnt.com.
When you visit one of the Nayax websites, certain information is collected about you, as further described below.
Types of personal data processed | Purposes of processing | For EU persons – Legal Basis under the GDPR |
IP and Online Identifiers
When you visit one of our websites we log your IP address. We collect additional Online Identifies via cookies placed on your browser. Such information includes, the type of the visitor’s operating systems, type of browser, access time and date, user’s click-stream, visitor’s actions on the website, browsing data (e.g., directing URL’s), search queries, and approximate location. More information on how we use such technologies can be found on the Cookies Policy of the relevant website. |
We collect these types of information for the purpose of operating, providing, maintaining, protecting, managing, customizing and improving our websites and services and the way in which we offer them; enhancing your experience with the websites and services; auditing and tracking usage statistics and traffic flow, and detecting fraud, security or technical issues in connection with our websites and services.
To prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts and other misuses of services, to protect the security or integrity of our databases, websites and services, and to take precautions against legal liability. |
Necessity of processing for the purposes of the legitimate interests of NAYAX. |
Contact Us Information
If you contact us for support, business or refund services via the “Contact Us” or “Support” features available on some of our websites, we will collect certain information you provide us voluntarily in relation or such features, such as your full name, your email, your phone number, your company (if applicable to you), country, the content of your message, etc. |
To process and respond to your queries, to address any customer support issues or malfunctions, and to maintain our services and websites. | Necessity of processing for the purposes of the legitimate interests of NAYAX.
Your consent, in relation to any personal data you provide us voluntarily, such as information included in inquiries sent by you through our websites. |
Newsletter Subscription
If you voluntarily subscribe to our newsletter through the website (or otherwise agree to receive updates and content from us), you may be requested to provide us with your email address, name of company and country. You can unsubscribe at any time using the unsubscribe option within the body of the applicable email or by contacting us directly. |
We use this information solely to provide you with the content you have requested. | Based on your consent when you subscribed to our mailing lists. |
Feedback and other information you provide us
We will process you information in case you have provided us with feedback or other information about you for various reasons, including for support, review and promotional and marketing purpose (i.e., public marketing campaigns such as via social media, online channels, etc.). Such information may include photos of you (e.g., for publicly publishing to promote your business or NAYAX, based on your prior consent), free text such as your feedback to a service or product, etc. |
We use this information to learn from your feedback and use the information for marketing purposes (as detailed), as well as to enhance our services, develop new products, learn more about the customer’s journey and experience. For instance, if you choose to send us your photos next to vending machines for online marketing campaign, we will use these photos solely for the said online campaign based on your consent. |
Necessity of processing for the purposes of the legitimate interests of NAYAX. |
Information collected via Cookies
we use data files such as cookies, pixel tags, “Flash cookies,” or other local storage files provided by your browser or associated applications (“cookies”). For more information on how we use cookies, you should refer to the relevant cookie policy posted on the website you are visiting. |
Cookies are used in order to recognize you as a user; customize our websites and services, content, and advertising; measure promotional effectiveness; help ensure that your account security is not compromised; mitigate risk and prevent fraud; and to promote trust and safety across our websites and services. | Necessity of processing for the purposes of our legitimate interests. |
Job Candidates
When applying for a job and throughout the application and recruitment process we will collect and process your personal data, such data includes: contact information (full name, email address, phone number), CV information (education, experience, qualifications), performance information (information we infer from exams or evaluations you perform, as part of the recruiting process), feedbacks from managers or interviewers, recommendations from third parties, nationality (if relevant to the location of the position), and any other information you share with us (photos, feedback, survey’s responses, etc.). This information can be provided directly by you or, at your consent, by third parties (such as recruiting agencies, headhunters, etc.). |
We will use this data in order to assess your skills, qualifications and consider your application and candidacy for the position you have applied for. As well as communicating with you regarding the recruitment processes. In addition, we may use this data to comply with, any legal or regulatory requirements. |
We will process the data for the purposes of our legitimate interests.
In certain cases, where there is a legal requirement under applicable laws, we will process data based on this basis. |
Authorized users of Nayax business customers
If you are an employee or an authorized user of a merchant, vendor or other business customer of partner of Nayax, or if you are Nayax’s customer (i.e., a merchant’s employee) or acting on behalf of Nayax’s customer, we may process certain personal data about you, in the framework of our engagement with your employer, as further specified below.
Types of personal data processed | Purposes of processing | For EU persons – Legal Basis under the GDPR |
Customers onboarding and registration data
In order to provide customers with our services, or when a customer registers to our services, we collect information regarding the customer and its users: customer’s full name, name and contact details of the customer’s contact person with Nayax, address, phone number, financial information for billing purposes, and email address. Additionally, In order to fulfill our legal obligations to prevent fraud and money laundering, we may obtain information for the purpose of “Know Your Client” (KYC) check. Such information includes information regarding customer or customer’s shareholders (if applicable), such as: identification number (SSN, passport, I.D. number or driving license number), financial information (credit card number and banking information, date of birth, residence country, citizenship country, nationality, position, phone and mobile number, face snapshot, image and video, and copy of the identification document. |
To onboard our customers to our services and sign-up registration;
To provide the services to our customers; To identify authorized users who access the services and Nayax databases; To resolve any disputes, communicate with you regarding customer service and support issues, and to respond to questions or comments and help resolve any problems. To prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts and other misuses of services, to protect the security or integrity of our databases, websites and services, and to take precautions against legal liability. |
|
Technical Information, Geolocation and Online Identifiers
We collect technical information transmitted by your device when accessing our services and databases via desktop application or mobile application, this information includes type of the device used to access the services, date and time stamp and language, preference approximate geolocation (i.e., country), and user’s actions such as page views, search queries, etc. Please note that if you access certain services and databases via mobile app, we will collect the precise location of your device at the time of such access. In addition, when you access the services and our databases, we collect your IP address and other online identifiers. |
To identify authorized users of customers;
To resolve any disputes, communicate with you regarding customer service and support issues, and to respond to questions or comments and help resolve any problems.
To prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts and other misuses of services, to protect the security or integrity of our databases, websites and services, and to take precautions against legal liability. |
|