Nayax General Privacy Policy

NAYAX – General PRIVACY POLICY

Recently Updated: March 2023

NAYAX is committed to your right to privacy. Protecting personal data processed in the framework of Nayax’s products and services is a core value of NAYAX, and we take precautions to ensure the protection of personal data, as well as the rights and freedoms of data subjects, in accordance with our policies and applicable privacy and data protection legislation.

Nayax group consists of several affiliated companies, incorporated in different jurisdictions around the world, under Nayax Ltd., operating internationally and providing numerous products, services and solutions to our customers (“Nayax Group“).

NAYAX unattended services offered to merchants and retailers around the world, include a complete solution for localized cashless payment acceptance (via various devices) (“Payment Solution“), management suite via web and app (respectively, “NAYAX Core” and “Moma“) engagement tools and other associated services (collectively, “Services“). For the purpose of this Policy, any reference to NAYAX Core shall also include NAYAX’s Lynx API.

This Privacy Policy (“Privacy Policy” or “Policy“) describes the way in which personal data is collected, processed and transferred by us in the framework of our Services in connection with the following:

Our business customers who purchased our Services, either directly from us or from our Business Partners (“Customers“), as well as their consumers and end-users;
Our business partners who sell and distribute our Services (i.e., distributers) (“Business Partners“);
Visitors of our website (“Visitors“);
Authorized users of our Customers and Business Partners (“Authorized User(s)“); and
NAYAX group’s marketing and HR activities.

Note that if you used, purchased or otherwise interacted with other relevant NAYAX Group entity, product or service – you may need to refer to the specific service or product relevant to you, in order to learn more about the processing of your personal data. See below links to other NAYAX Group privacy policies.

Note that, while we act as a controller with respect to our Customers and Business Partner’s data (as further described in Section 4 below), we process data of consumers (e.g., cardholder data) as a processor, on behalf of our Customers and Business Partners when they use our Services.

Additional Legal Terms

If you are a Business Partner or Customer, please note that the processing of personal data in the framework of Nayax’s business relationship with you is governed also by the applicable Data Protection Agreement (“DPA“) consisting a part of the agreement between you and Nayax. Unless a separate specific DPA was executed between you and Nayax, Nayax’s general DPA applicable to your relationship with Nayax can be accessed as follows:

General Information

What is personal data?

Personal data is any information which identifies or can be reasonably used to identify a natural person. Such data includes for example: first and last name, phone number, email address, unique online identifiers, IP address, billing information, credit card details, information concerning households, devices etc.

As opposed to personal data, non-personal data, or anonymized data, is information which does not identify a specific natural person and cannot reasonably be used for such identification. This type of information includes for example aggregate or statistical data.

Is a data subject legally obligated to provide personal data to Nayax?

You are not required by law to interact with Nayax and use any of our Services or products. If you choose to use any of our Services, or if you choose to use or purchase products from merchants who work with us and use our Payment Solutions (i.e., Customers), some of the personal data processed about you is required under applicable laws and regulations (including Card Scheme regulations).

Is personal data regarding children collected by Nayax?

Nayax’s Services and products are not intended to persons under 16 years old or equivalent minimum age for providing consent to processing of Personal Data in the relevant jurisdiction (“Child”). If a parent or guardian becomes aware that his or her Child has provided us with Personal Data without their consent, he or she should contact us immediately. We do not knowingly collect or solicit Personal Data from a Child. If we become aware that a Child has provided us with Personal Data, we will delete such data from our databases.

What kind of Personal Data NAYAX collects and process?

NAYAX Customers & Business Partners their Authorized Users

Types of personal data processed

Purposes of processing

Legal Basis

Customers and Business Partners’ onboarding and registration data

In order to provide our Customers and Business Partners with our Services, we collect the following information: full name, contact details of a contact person, address, phone number, financial information for billing purposes, and email address. Note, this information is regarded as personal data solely when it is associated with an individual (i.e., sole trader, proprietor or an individual acting on behalf of our Customers and Business Partners).

To execute an agreement with a Customer or Business Partner;

To onboard our Customers to our Services, and in the case of Business Partners to cooperate to distribute our Services.

To provide the Services to our Customers and Business Partners;

To resolve any disputes, communicate with you regarding customer service and support issues, and to respond to questions or comments and help resolve any problems.

To assess the level of risk associated with a Customer in connection with Anti-Money Laundering and other activities which can be also regulated under the Card Scheme rules, in order to set relevant monitoring to Customer’s account.

To provide support and improve our Services.

To perform the contract to which the Customer/Business Partner is a party to; or

In order to take steps at the request of a Customer/Business Partner prior to entering into a contract.

Know Your Client (KYC)

To the extent Customer is willing to obtain clearing services from the relevant NAYAX entity (i.e., a NAYAX entity that provides clearing/payment processing services in accordance with applicable laws), then in order to fulfill our legal obligations to prevent fraud and money laundering, we may be required to obtain information for the purpose of “Know Your Client” (KYC) check. Such information includes information regarding Customer or Customer’s shareholders (if applicable), as follows: full name, gender, EIN, email address, address, position, identification number (SSN, passport, I.D. number or driving license number), financial information (credit card number and banking information), date of birth, full residence address, citizenship country, nationality, phone and mobile number, face snapshot, image and video, and copy of the identification document.

To comply with applicable Anti Money Laundry regulations;

To prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts and other misuses of Services, to protect the security or integrity of our databases, websites and services, and to take precautions against legal liability.

To comply with legal obligations.

For GDPR purposes – the legal requirement is set forth in AML 4^th Directive and Lithuanian Law on Money Laundering and Terrorist Financing. For UK GDPR the legal requirement is set forth in – the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017.

As well as, for the legitimate interests of NAYAX, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

Authorized Users & Usage Data

We collect the following data associated with Authorized Users engaging with the Services on behalf of our Customers and Business Partners: name, email address, position (e.g., workplace), login credentials to the NAYAX Core (formerly DCS) and Moma, as well as, signup and login data, logs (view and edit).

To identify Authorized Users who access the Services and Nayax Core;

To provide and enhance the Services;

To resolve support issues;

To communicate with Customers, Business Partners or their Authorized Users;

We use this information also to receive statistical information about usage data of the Authorized Users.

To perform the contract to which the Customer or Business Party is a party to; and

Necessity of processing for the purposes of the legitimate interests of NAYAX, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

Technical Information, Geolocation and Online Identifiers

We collect technical information transmitted by your device when accessing NAYAX Core and Moma, such information includes type of the device used to access the services, date and time stamp and language, preferences, approximate geolocation (i.e., country), and user’s actions such as page views, search queries, etc.

Note that if you access certain services via mobile app, we will collect the precise location of your device at the time of such access.

In addition, when you access the Services and our databases, we collect your IP address.

To identify Authorized Users who access the NAYAX Core or Moma.

To resolve any disputes, communicate with you regarding customer service and support issues, and to respond to questions or comments and help resolve any problems.

To prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts and other misuses of services, to protect the security or integrity of our databases, websites and services, and to take precautions against legal liability.

Transaction Data

The below data is processed by NAYAX as a processor, on behalf of our Customers who are the Controllers of the below data, in the course of the Services provided to them (i.e., gateway or payment processing services). Note, if you would like to exercise your rights with respect to the below data – please contact the relevant merchant from whom you have purchased the goods or services using our Payment Solutions.

Types of personal data processed	Purposes of processing		Legal Basis
When a consumer purchases goods or services from our Customers, while using one of our Payment Solutions, we will process certain transaction data, on behalf of our Customers. We process the credit card details (either as a gateway or as a payment processor), and retain the partial number of the credit card, as required under applicable laws and regulations (including PCI-DSS), as well as collect information about the machine where the purchase is made (in case of an online service then the site), the products purchased, shopping history, total payment amount, and geographical location when utilizing the NAYAX Payment Solution. Prepaid cards and stored valued cards. When a consumer pays with prepaid card provided by our Customers, while using Nayax Payment Solutions, we may collect and process the following data (as determined by the Customer): prepaid holder name, card unique identifier, user identifier chosen by operator or employer, email address, photo and phone number. In case where consumer uses the prepaid connection with his/her workplace (e.g., when your employer provides you with prepaid card) or the relevant machine operator, we may also receive additional information regarding the consumer and his/her workplace, such details may include the balance on the pre-paid card, identification number which the Customer determines, and other information dependent on the Customer’s needs. e Receipt Consumers In the event a consumer inserted his/her email to receive online receipt for a purchase made at our Customers’ services, we will process information (in addition to the transaction data) which includes consumer’s email address and first and last name.	To provide our Customers with the payment processing/gateway services they subscribed to and process personal transaction data on their behalf. To prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts and other misuses of services.	N/A The legal basis is determined by the Customer
Payment for parking services (scan to pay) We collect and process the following information, on our Customers behalf: A unique identification number which can be either user’s ticket number (the number appears on the parking ticket), user’s car license plate or phone number, as well as user’s payment method (credit card, e-wallet, debit, etc.), total payment amount, and payment details (partial number of your credit card, as required under applicable laws and regulations. We also process the following data associated with the parking details: location name (the parking lot name), time of parking at the location.	To provide our Customers with the payment Services they subscribed to and process personal transaction data on their behalf.	N/A The legal basis is determined by the Customer

Visitors to Nayax Websites, Job Candidates, Contacting Us and Marketing

When you visit our website, certain information is collected about you, as further described below.

Types of personal data processed

Purposes of processing

Legal Basis

IP and Online Identifiers

When you visit our website we log your IP address. We collect additional Online Identifies via cookies placed on your browser. Such information includes the type of the visitor’s operating systems, type of browser, access time and date, user’s click-stream, visitor’s actions on the website, browsing data (e.g., directing URL’s), search queries, and approximate location. More information on how we use such technologies can be found in the Cookies section below.

We collect these types of information for the purpose of operating, providing, maintaining, protecting, managing, customizing and improving our websites and services and the way in which we offer them; enhancing your experience with the websites and services; auditing and tracking usage statistics and traffic flow, and detecting fraud, security or technical issues in connection with our websites and services.

To protect the security or integrity of our website.

Certain information is being collected upon your consent (when you agree to cookies settings).

Contact Us Information

If you contact us for support, business or refund services via the “Contact Us” or “Support” features available on some of our websites, we will collect certain information you provide us voluntarily in relation or such features, such as your full name, your email, your phone number, your company (if applicable to you), website URL, country, the content of your message, etc.

To process and respond to your queries, to address any Customer support issues or malfunctions, and to maintain our services and websites.

Newsletter Subscription

We may send Users who provided us with their consent for us to do so (if required under applicable law) information with respect to new products, features, activities, services and periodic announcements or newsletters. You may opt-out at any time from such communications by either: (i) using the “unsubscribe” feature available within the message; or (ii) sending us an email to: privacy@nayax.com with your request to opt-out of such communications.

We use this information solely to provide you with the content you have requested.

Based on your consent when you subscribed to our mailing lists; or

Affiliates

We process information associated with affiliates who promote our Services and business, such information includes: contact details (name, email address), address, phone number, account data (you will be required to register the affiliate platform), and bank details and tax documents (in the US).

We use this data to contract affiliates;

To provide affiliates with their respective payments;

In addition, we may use this data to comply with, any legal or regulatory requirements.

And if applicable – to comply with applicable laws (i.e., tax laws).

Feedback and other information you provide us.

We will process you information in case you have provided us with feedback or other information about you for various reasons, including for support, review and promotional and marketing purpose (i.e., public marketing campaigns such as via social media, online channels, etc.). Such information may include photos of you (e.g., for publicly publishing to promote your business or NAYAX, based on your prior consent), free text such as your feedback to a service or product, etc.

We use this information to learn from your feedback and use the information for marketing purposes (as detailed), as well as to enhance our services, develop new products, learn more about the customer’s journey and experience.

For instance, if you choose to send us your photos next to vending machines for online marketing campaign, we will use these photos solely for the said online campaign based on your consent.

And in certain cases where it will be required (e.g., using your image) – based on your consent.

Job Candidates

When applying for a job and throughout the application and recruitment process, we will collect and process your personal data, such data includes: contact information (full name, email address, phone number), CV information (education, experience, qualifications), performance information (information we infer from exams or evaluations you perform, as part of the recruiting process), feedbacks from managers or interviewers, recommendations from third parties, nationality (if relevant to the location of the position), and any other information you share with us (photos, feedback, survey’s responses, etc.).

This information can be provided directly by you or, at your consent, by third parties (such as recruiting agencies, headhunters, etc.).

We will use this data in order to assess your skills, qualifications and consider your application and candidacy for the position you have applied for. As well as communicating with you regarding the recruitment processes.

In addition, we may use this data to comply with any legal or regulatory requirements.

We will process the data for the purposes of the legitimate interests of NAYAX, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

In certain cases, where there is a legal requirement under applicable laws, we will process data based on this basis.

Do Not Track Disclosure – Our websites do not respond to Do Not Track signals. For more information about Do Not Track signals, please see: http://www.allaboutdnt.com.

What are data subject rights, and how can they be exercised?

Data subject rights are rights which data subject have in relation to their personal data. Data subject rights are determined by the relevant legal jurisdiction applicable to the specific circumstances or each data subject.

Data subjects’ rights include for example (depending on your jurisdiction and applicable law): the right to receive a confirmation whether or not we process your personal data; the right to access your personal data and receive a copy of the personal data that we hold; the right to rectification of your personal data; the right to erasure of your personal data; the right to restrict processing of your personal data; the right to object to processing of your personal data; the right to data portability; the right to complain to a supervisory authority; and the right to withdraw consent to processing of personal data.

To learn more about your data subject rights and how to exercise them, please visit our User Rights Policy.

In the event we receive a data subject request from a consumer in relation to a purchase made in merchant’s vending machine, we will notify the relevant merchant and refer the consumer to the relevant merchant.

How can data subjects contact Nayax with questions or concerns about privacy and personal data?

If you have any questions, concerns or requests in relation to your privacy or personal data, you are welcome to contact us, by sending an email to our DPO at: privacy@nayax.com.

You may also contact us using the following contact information:

NAYAX Ltd.
3 Arik Einstein St., Herzliya 4659071 Israel

+97237694380

EU residents may also contact us by using the following details of our EU entity:

Nayax Europe UAB

Antakalnio 17, LT-10312, Vilnius, Lithuania.

UK residents may also contact us by using the following details of our UK entity:

NAYAX UK LTD.

The Maylands Building | Maylands Avenue | Hemel Hempstead | HP2 7TG

With which third parties does NAYAX share personal data?

When we process personal data on behalf of customers, vendors or merchants, we share personal data collected in the framework of such services with the relevant customer, vendor or merchant. If you made a purchase as a consumer of goods or services with a certain vendor using our cashless payment services, you should take into consideration that your personal data will be shared with the vendor from which you made the purchase.
We also share certain personal data in the framework of processing cashless payments, such as with credit card providers, certain acquirers and credit card clearing services, payment gateways, banks, etc.
We share personal data with our service providers, data processors and sub-processors, and with distributors of our services and products. These service providers assist us in operating our services, conducting our business, expanding our business or servicing our customers, and for personalizing user experiences of the services, and include for example fraud prevention, cloud storage services, billing services, marketing, maintenance and technology services.

You can see a list of such third parties available here. While we strive to keep this list current, updated and complete, it is possible that there are additional processors which we have not yet added to the list. If you have any inquiries related to our service providers, please contact us.

We may share personal data where required to in order to comply with a legal requirement, for the administration of justice, to protect the vital interests of data subjects or the vital interests of others, to protect the security or integrity of our databases or the services, and to take precautions against legal liability.
In the event of a corporate transaction (e.g., sale of a substantial part of our business, merger, consolidation or asset sale), we may share personal data with our affiliated companies or acquiring company, which will assume the rights and obligations as described in this privacy policy.
We may also share certain personal data within the Nayax group of companies, where certain affiliated companies provide services to assist others in the provision of our Services. For example, Nayax Ltd. headquarters the group’s activities, and may have access to personal data collected by its subsidiaries.
Additionally, NAYAX can share Customer’s information with NAYAX affiliated companies, including NAYAX Capital, for the purpose of providing financing solutions.

Does NAYAX transfer personal data internationally?

Nayax group is an international corporation, operating globally, with offices and data centers in various jurisdictions around the world. Therefore, personal data may be transferred across international borders in the framework of our services, including to Israel, the US and Europe. International transfers of data are done with appropriate measures to ensure that your personal data receives an adequate level of protection as required under applicable law. When Personal Data collected within the EU/UK is transferred outside the EU/UK (and not to a recipient in a country that was recognized as adequate), it shall be transferred in accordance with the provisions of the GDPR/UK GDPR, including, where applicable, under the Standard Contractual Clauses approved by the European Union (if applicable). If you would like to understand more about these arrangements and your rights in connection therewith, please contact us at: privacy@nayax.com.

Cookies

We use data files such as cookies, pixel tags, “Flash cookies,” or other local storage files provided by your browser or associated applications (“Cookies”) on our website. We use these technologies in order to recognize you as a specific Visitor; customize our website, content, and advertising; measure promotional effectiveness; help ensure that your security is not compromised; mitigate risk and prevent fraud; and to promote trust and safety across our website. If you do not accept the use of these cookies, please disable them by changing your browser settings so that cookies from our website cannot be placed on your computer or mobile device, as detailed below and/or visit our cookie management platform widget, which is at the bottom of our website (i.e., cookie icon), however, it is important that you are made aware of the fact that if you choose to do so this may prevent us from providing some or all of the Services to You.

The following pages have information on how to change your cookies settings for the different browsers:

Cookie settings in Chrome
Cookie settings in Firefox
Cookie settings in Internet Explorer
Cookie settings in Safari and iOS

How does NAYAX protect personal data?

We implement extensive security measures to reduce the risks of damage, loss of information and unauthorized access or misuse of personal data. We implement appropriate data collection, storage and processing practices and security tools to protect personal data against unauthorized access, alteration, disclosure or destruction. For more information about our technical and operational security measures please see here.

Previous versions of the Privacy Policy

We reserve the right to periodically revise or update this Privacy Policy. Any modifications to this Privacy Policy will go into effect upon the publication of the revised Privacy Policy on our website.

We will make a reasonable effort to provide notification in the event that we implement any amendments that substantially change our privacy practices, in the event that we are required to do so under applicable law. We recommend that you periodically review this page to ensure that you understand our privacy practices and to check for any amendments.

Information for residents of California under the CCPA

For information relevant to residents of California in accordance with the California Consumer Privacy Act, see the following CCPA Notice.

Data Retention

Unless you or our customer (as the case may be) instruct us otherwise, and subject to applicable laws, we retain the information we collect for as long as needed to provide our services and to comply with our legal obligations, resolve disputes and enforce our agreements, if applicable.

APPLICABLE LAWS

The provisions included in this Privacy Policy relating to matters that are regulated by various privacy laws, including the GDPR, UK GDPR, CCPA, Mexican privacy laws, as well as other applicable privacy laws.

Privacy at Nayax

¡AVISO IMPORTANTE AL PÚBLICO EN GENERAL!

NAYAX no es una empresa que promueva inversiones y/o negocios multinivel.