Privacy at Nayax

TIGAPO

[Last updated: April 2022]

1. GENERAL

Tigapo Ltd. (“we”, “us”, “our”, “Company” or “Tigapo”), a part of the Nayax Group (as defined below), is committed to protecting the privacy of users who use our platform and services, and visitors of our website, all as further detailed below. We take several precautions and have implemented certain mechanisms designed to protect Personal Data (as defined below), as well as to comply with applicable privacy and data protection laws.

“Nayax Group” refers to Nayax Ltd. affiliated companies. Please note, that in case you are using additional, supplementary or other services offered by the Nayax Group, additional and/or other terms may apply to you, with respect to such services you subscribed to, as indicted in the applicable agreement executed between you and the relevant Nayax entity and as specified in Nayax’s Privacy Policy.

This Privacy Policy (“Privacy Policy”) is an integral part of our Terms of Use and governs the collection, processing, usage and transfer of data by us from: (i) individuals who access and use our website: https://www.nayax.tigapo.com/ (respectively, “Visitors” and “Website”); (ii) end-users (“End-Users”) who use the machines operated by of our clients (i.e., Merchants, as defined below) and use our app and the services offered by us (“App”); (iv) End-Users who use the machines operated by Merchants and use one of our self-service kiosks (“Kiosks”) placed at Merchant locations; and (iii) Merchant’s personnel. All of the above shall be referred to as “you” or “User(s)”.

This Privacy Policy explains how you can exercise your rights related to your Personal Data, in accordance with the laws and regulations applicable to you (which may include for example the EU General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”)). In the event you are a California resident and the CCPA applies to you – please make sure to review Section 16, below describing your rights under the CCPA.

If you have any questions regarding this Privacy Policy, please send any inquiries to: privacy@nayax.com.

THE HIGHLIGHTS:

• As an essential part of our business, we offer our clients (“Merchants”), a cloud based platform for coin-operated machines (“Solution”). Our Solution enables Merchants to control remotely and manage their machines through the Solution, including collecting payments, interacting with the End-Users, send customized incentives, etc.. In this framework, we process certain Personal Data related to End-Users as a data processor on behalf of the Merchants. We also operate a web platform which enables Merchants and their personnel to access their accounts on the Services. With respect to the processing of data related to Merchants’ personnel, we process Personal Data as a data controller. For the purpose of this Privacy Policy, the Solution, App and Kiosks shall be collectively referred to as the “Services”.
• Children under the age of 16 (or equivalent minimum age for providing consent in the jurisdiction in which the End-User is located) are not permitted to use the Services without parental or legal guardian consent. For more information, please review the section of our privacy policy below about how we process children’s’ Personal Data.
• You are not required by law to provide us with any Personal Data. Sharing Personal Data with us is entirely voluntary.
• You may not share Personal Data about other people with us who you are not authorized to share or use.
• You may be entitled to request to review, amend, erase restrict and opt-out from the processing of your Personal Data, in accordance with applicable law. For more information regarding your rights please refer to Section 7.
• We share Personal Data with third parties in connection with the provision of the Services to our Users, or other limited circumstances as specified herein.
• If you have any questions or requests regarding the processing of your Personal Data, or would otherwise like to contact us in connection with this Privacy Notice, please send us an email to: privacy@nayax.com.

• WHAT IS PERSONAL DATA?

Personal Data is any information which identifies or can be reasonably used to identify a natural person. Such data includes for example: first and last name, phone number, email address, unique online identifiers, billing information, credit card details, etc.

As opposed to Personal Data, non-personal data, or anonymized data, is information which does not identify a specific natural person and cannot reasonably be used for such identification. This type of information includes for example aggregate or statistical data, technical information transmitted from your device such as type of browser and operating system, language preference, referring and exit pages and URLs, time and date stamp, and amount of time spent on particular page.

3. PERSONAL DATA PROCESSED BY US IN CONNECTION WITH THE SERVICES AND WEBSITE

Types of Personal Data processed	Purposes of processing	For EU persons – Legal Basis under the GDPR
Data related to End-Users
Users Sign Up and Profile Data When you sign up to use our Services we will require you to provide your date of birth for age validation purposes. When you sign up to our Services and create an account on the App in order to use the Merchant’s machines, you will need to provide us with certain information including your name, email address and your credentials. Once registered, you may complete your profile on the App and provide us with additional information (at your choice). Such information includes your phone number, language preference and gender. Note that you are not required to provide us with the additional information in order to use the Services. If you choose to sign up using Facebook connect, Google+, Twitter or Apple (“Social Media”), we will collect your profile picture available on your Social Media account and your email address. Note that the Social Media operators’ use of your data is governed by their privacy policies. If you provide us with permission, we also collect and process your geolocation (Geofencing – location based service).	We will use this information for the purpose of performing our contract with you, provide you with the Services you have requested, and verify your account. To send you service-related massages. We will use your email address and phone number for our legitimate interest in order to send you needed information related to the Services and our business engagement (e.g., to notify you regarding any updates to our Services, send applicable invoices, and additional occasional communications related to the Services). To provide you with messages and alerts relating to a nearby Merchant location. To suggest activities and machines at the Merchant’s location that we think you would be interested in. To develop and train algorithms that help us gain insight into user preferences and machine use at Merchant locations and which otherwise enhance the Service. To prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts and other misuses of the Services, to protect the security or integrity of our databases, and to take precautions against legal liability.	Necessity of processing for the purposes of our legitimate interests. To perform a contract to which the data subject is a party to. To fulfil legal obligations under applicable laws.
Using the Services with Merchant’s Machines When using our Services in connection with the Merchant’s machines (e.g., playing arcade games in amusement parks), we will process the following information:Payment details that include 4 digits of credit card number and the credit card provider (i.e., Visa, AMEX, etc.). Note that we do not process the payment directly. We use a third party payment processor that will process your full payment information (e.g., credit card details).We are currently using Authorized net  services. Consequently, any transactions that are processed by this third party payment processor will be governed by its privacy policies and terms which we recommend that you review. Data regarding the purchases made at the Merchant’s location, such as machines used, prices, location of Merchant’s facility (approx. 500 meters radius of Merchant’s machines), date of purchase, prizes you won, etc. We also infer insights related to your uses at the App and the Services in order to customize and enhance the Services, provide you with incentives, etc. End User using NFC In the event you are using our Services by NFC (near field connection) devices, provided to you by the Merchant at the Merchant’s facilities, we will collect certain information about you that includes, your name, phone number and email. When using the NFC we do not collect your payment details. Your credit will be updated automatically through our Solution integrated with the Merchant’s machines.	This information will be processed for the purpose of performing our contract with the Merchant and you, to enable you to use our Services (e.g., play the arcade games offered through the coin machines). To suggest activities and machines at the Merchant’s location that we think you would be interested in. To develop and train algorithms that help us gain insight into user preferences and machine use at Merchant locations and which otherwise enhance the Service.	The legal basis for processing will be determined by the Merchant. Please refer to the Merchant’s privacy policy for full details. The following are examples of lawful basis that Merchants may rely on: Necessity of processing for the purposes of the legitimate interests of Merchant. To perform a contract to which the data subject is a party to on behalf of Merchant. To fulfil legal obligations under applicable laws.
Technical Data We collect certain technical information transmitted by your device when accessing the App, this information includes: type of the device used, IP address, device name, IP address, operating systems and device ID. We also collect certain information about your use of the App automatically such as access time and date, and user actions such as purchases and page views.	To locate the Merchant’s services. To improve our Services, identify any difficulties or failures in the process, for analysis, statistics and customization of the services. To suggest activities and machines at the Merchant’s location that we think you would be interested in. To develop and train algorithms that help us gain insight into user preferences and machine use at Merchant locations and which otherwise enhance the Service. To resolve any disputes, communicate with you regarding customer service and support issues, and to respond to questions or comments and help resolve any problems. To prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts and other misuses of the Services.	To perform a contract to which the data subject is a party to on behalf of Merchant Necessity of processing for the purposes of our legitimate interests. To perform a contract to which the data subject is a party to.
Merchant and Merchant’s Personnel
Merchant’s onboarding In order to provide Merchant with our Solution and the Services, and upon registration, we collect information regarding the Merchant’s and its personnel: Merchant’s full name, name and contact details of the Merchant’s contact person, address, phone number, financial information for billing purposes and email address. Additionally, if applicable and in order to fulfill our legal obligations to prevent fraud and money laundering, we may obtain information for the purpose of “Know Your Client” (KYC) check. Such information includes information regarding Merchant or Merchant’s shareholders (if applicable), such as: identification number (SSN, passport, I.D. number or driving license number), financial information (credit card number and banking information), date of birth, residence country, citizenship country, nationality, position, phone and mobile number, face snapshot, image and video, and copy of the identification document. Note that if you are an employee or an authorized user of a Merchant, we may process certain personal data about you, in the framework of our engagement with your employer, as specified herein.	To onboard Merchants to our Services and sign-up registration. To identify authorized users who access the Solution. To resolve any disputes, communicate with you regarding customer service and support issues, and to respond to questions or comments and help resolve any problems. To send you marketing communications regarding our products and Services. To prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts and other misuses of services, to protect the security or integrity of our databases and services, and to take precautions against legal liability.	Necessity of processing for the purposes of our legitimate interests. To perform the contract to which the Merchant is a party. In order to take steps at the request of the Merchant prior to entering into a contract. To fulfil our legal obligations.
Website Visitors
Demo If you register for a demo, available through our Website, we will collect and process your name, email address and company name.	To send you a demo of our Services.	Your consent. To perform a contract we may have with you.
Contact Information: In the event you contact us for customer service, support or any other inquiries, by sending us an email via the “Get in touch” feature available on the Website, or by any other means of communications we may make available to you, you will be requested to provide us with your full name, email address and phone number. In addition, you can choose to provide us with additional information as part of your correspondence with us.	We will process this information and use it solely for the purpose of responding to your inquiries and providing you with the support or information you requested. We may process the contents of our correspondence with you in order to improve our customer service, and in the event we believe it is required in order to provide you with any further assistance (if applicable).	Necessity of processing for the purposes of our legitimate interests. To perform a contract to which the data subject is a party to.
Technical Data We collect certain technical information transmitted by your device when accessing the Website, this information includes: type of the device used, IP address, type of browser, internet service provider, End-User actions and page views, directing URL’s, device name, device ID and operating systems.	To estimate the number of visitors to our Website and visitor usage patterns. To store information about your preferences so we can customize our Website. To recognize you when you return to our Website. To provide marketing messages about our Services.	Necessity of processing for the purposes of our legitimate interests.

4. DATA SUBJECTS RIGHTS

You are not required by law to interact with us or provide us with Personal Data. If you choose to use any of our App or Services, or if you choose to use or purchase from Merchants’ machines, we will process certain Personal Data (as detailed above) in order to deliver to Merchants and you, as applicable, our Services.

5. CHILDREN

Our Services are not intended to persons under 16 years old or equivalent minimum age for providing consent to processing of Personal Data in the relevant jurisdiction (“Child”). If a parent or guardian becomes aware that his or her Child has provided us with Personal Data without their consent, he or she should contact us immediately. We do not knowingly collect or solicit Personal Data from a Child. If we become aware that a Child has provided us with Personal Data, we will delete such data from our databases.

6. WHAT ARE DATA SUBJECT RIGHTS AND HOW CAN THEY BE EXERCISED?

Depending on your jurisdiction, data protection and privacy laws provide you with the ability to exercise certain rights regarding your Personal Data that we process. Please note that, unless you instruct us otherwise, we retain the information we collect for as long as needed to provide the Services and to comply with our legal obligations, resolve disputes and enforce our agreements. If you object to the aforesaid collection, use and sharing of data, please immediately cease using the Services and/or App.

Data subject rights include (depending on your jurisdiction and applicable law):

• the right to receive confirmation whether or not we process your Personal Data;
• the right to access your Personal Dataand receive a copy of the Personal Data that we hold.
• the right to rectificationof your Personal Data;
• the right to erasureof your Personal Data.
• the right to restrictprocessing of your Personal Data.
• the right to objectto processing of your Personal Data;
• the right to data portability.
• the right to lodge a complaint to a supervisory authority; and
• the right to withdraw consent to processing of Personal Data.

To assert any of these rights, please contact us at: privacy@nayax.com.

We may request additional information from you when you contact us with a request concerning your data subjects rights in order to: (i) verify your identity; (ii) determine the applicable laws; (iii) and locate your data.

7. HOW CAN DATA SUBJECTS CONTACT WITH US WITH QUESTIONS OR CONCERNS ABOUT PRIVACY AND PERSONAL DATA?

If you have any questions, concerns or requests in relation to your privacy or personal data, you are welcome to contact us, by sending an email to: privacy@nayax.com.

You may also contact us using the following contact information:

NAYAX Ltd.
3 Arik Einstein St., Herzliya 4659071 Israel

+97237694380

EU residents may also contact us by using the following details of our EU entity:

Nayax Europe UAB

Antakalnio 17, LT-10312, Vilnius, Lithuania

8. WITH WHICH THIRD PARTIES DO WE SHARE PERSONAL DATA?

WE DO NOT SELL OR RENT ANY OF YOUR PERSONAL DATA TO NON-AFFILIATED THIRD PARTIES FOR THEIR MARKETING PURPOSES.

• Merchants – When we process Personal Data on behalf of Merchants who subscribed to use our Solution, we share Personal Data collected in the framework of such services with the relevant Merchant. We may also share Personal Data on the Merchant’s behalf with other service providers of the Merchant, in accordance with the Merchant’s instructions.
• Service Providers – We share personal data with our service providers, data processors and sub-processors. These service providers assist us in operating our services, conducting our business, expanding our business or servicing our customers, and for personalizing user experiences of the Services, and include for example cloud storage services, billing services, marketing and analytics, maintenance and technology services.
• For Legal Purpose – We may share Personal Data to third parties where required to comply with a legal requirement, for the administration of justice, to protect the vital interests of data subject or the vital interests of others, to protect the security or integrity of our databases and services, and to take precautions against legal liability.
• Change of Control – In the event of a corporate transaction (e.g., sale of a substantial part of our business, merger, consolidation or asset sale, etc.), we may share Personal Data with our affiliated companies or acquiring company, which will assume the rights and obligations as described in this Privacy Policy.
• Within the Nayax Group – We may share certain Personal Data within the Nayax Group, where certain affiliated companies provide services to assist other entities in the group in the provision of services.

9. Cookie Policy

We may use cookies and other similar tracking technologies or methods of web and mobile analysis to gather, store, and track certain information related to your access of, activity and interaction with our Website and Services.

A “cookie” is a small piece of information that a website assigns to your device while you access such website. Cookies are very helpful and may be used for a variety of different purposes. These purposes include, among other things, allowing you to navigate between pages efficiently, enabling automatic activation of certain features, remembering your preferences and making the interaction between you and our Service quicker, easier and smoother. Cookies are also used to help customize your experience and for advertising purposes (including personalized advertising). You can find out more information about cookies at: www.allaboutcookies.org.

Most browsers will allow you to erase cookies from your computer’s hard drive, block acceptance of cookies, or receive a warning before a cookie is stored. However, if you block or erase cookies your online experience may be limited.

We use both session and persistent cookies on the Services and we may use different types of cookies to run the Services, as follows:

Strictly necessary cookies – these cookies are necessary for the Website and Services to function properly and cannot be switched off in our systems. If you set your browser to refuse these cookies, some parts of the Services will not then work.

Analytics and Performance-related cookies – these cookies allow us to assess and improve the performances of our Services, including improving your online activity on our Website and Services. These cookies allow us to count visits and geographic sources. The information we get through the use of these cookies are in an aggregated form and we make no attempt to identify you or influence your experience of the Website and Services. If you do not allow these cookies, the loss of the information stored in a preference cookie may make the Service experience less functional but should not prevent it from working.

Functionality-related cookies: these cookies tell us, for example, whether you have engaged our Website and Services before or if this is your first time, and help us to identify the features in which you may find favorable.

Targeting and Advertising-related cookies:  these cookies allow us to deliver content relevant to your interests, based on how you interact with our Website and Services. We have set out further information about the use of cookies by third parties below.

For more information about the cookies we use and to manage your preferences you can: go the cookies settings or see the following links for more information with respect to how you can block or erase cookies via your particular browser: Google Chrome; Firefox; Internet Explorer; Safari; Edge; Opera.

10. DO WE TRANSFER PERSONAL DATA INTERNATIONALLY?

Nayax Group is an international corporation, operating globally, with offices and data centers in various jurisdictions around the world. Therefore, Personal Data may be transferred across international borders in the framework of our services, including to Israel, the US and Europe. International transfers of data are done with appropriate measures to ensure that your Personal Data receives an adequate level of protection as required under applicable law. Further, when Personal Data collected within the EU is transferred outside the EU (and not to a recipient in a country that the European Commission has decided provides adequate protection), it shall be transferred in accordance with the provisions of the Standard Contractual Clauses approved by the European Union (if applicable). If you would like to understand more about these arrangements and your rights in connection therewith, please contact us at: privacy@nayax.com.

11. DO WE SEND MARKETING MATERIALS TO USERS?

We may send users of the Services or users who provided us with their consent with information on new products, features, activities, services and periodic announcements or newsletters. You may opt-out any time from such communications at any time by either: (i) using the “unsubscribe” feature available within the message; or (ii) sending us an email to: privacy@nayax.com.

12. HOW DO WE PROTECT PERSONAL DATA?

We implement security measures designed to reduce the risks of damage, loss of information and unauthorized access or misuse of personal data. We implement appropriate data collection, storage and processing practices and security tools designed to protect personal data against unauthorized access, alteration, disclosure or destruction.

You should be aware that no security measures are completely fail-proof, and it is impossible to prevent all threats to the security of data and systems. Therefore, you should be aware that any processing of digital personal data holds certain inherent risks, and we cannot guarantee that our services and databases will be immune to any wrongdoings, malfunctions, unauthorized interceptions or access, malware attacks or other kinds of abuse and misuse.

13. DATA RETENTION

Unless you or the Merchant (as the case may be) instruct us otherwise, and subject to applicable laws, we retain the information we collect for as long as needed to provide our Services and to comply with our legal obligations, resolve disputes and enforce our agreements, if applicable.

14. APPLICABLE LAWS

The provisions included in this Privacy Policy relating to matters that may be regulated under the GDPR or CCPA apply only to the processing of Personal Data (or Personal Information) which is subject to the GDPR or CCPA in accordance with the applicability provisions contained therein.

15. DO NOT TRACK

Our Website does not currently take any action when it receives a Do Not Track request. Do Not Track is a privacy preference that you can set in your web browser to indicate that you do not want certain information about your webpage visits collected across websites when you have not interacted with that service on the page. For additional details visit www.donottrack.us.

16. CHANGES TO THIS PRIVACY POLICY

We may, at any time and from time to time, modify this Privacy Policy. Modifications to this Privacy Policy will be posted on the Website, and shall be effective as of the date in which they are posted on the Website.

17. PRIVACY INFORMATION FOR CALIFORNIA RESIDENTS

In this section, we provide information for California residents, as required under California privacy laws, including the CCPA, which requires that we provide California residents certain specific information about how we handle their personal information, whether collected online or offline. Under the CCPA, “personal information” is any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household. It does not include publicly available data as defined by the CCPA.

Except for the right to opt-out and the right of non-discrimination, this section does not apply to California residents with whom we transact or communicate solely in the context of providing or receiving a product or service to or from a company that employs such residents or engages such residents as contractors. This section also does not apply to personal information we collect about job applicants, independent contractors, or current or former full-time, part-time and temporary employees and staff, officers, directors or owners of the Company or any affiliated entities.

CATEGORIES OF PERSONAL INFORMATION THAT WE COLLECT, DISCLOSE AND SELL

We have set out above the categories of personal information (as defined by the CCPA) about California residents that we collect. As noted below, we do not sell your personal information or disclose it to third parties for a business purpose. We may disclose each of these categories of personal information to our service providers, who are not permitted to use your personal information except as necessary for performing Services on our behalf. We collect these categories of personal information from the sources and for the purposes described above under the heading “Overview of Data We Process”. Our collection, use and disclosure of personal information about a California resident will vary depending upon the circumstances and nature of our interactions or relationship with such resident. Please note that the CCPA defines the term “sale” very broadly to include any exchange of data for consideration of any kind, not simply selling your data for monetary compensation.

CALIFORNIA CONSUMER RIGHTS

California law grants consumers certain rights and imposes restrictions on particular business practices as set forth below. California consumers have the right to request that we disclose what personal information we collect, use, disclose, and sell about you.

• Right to Opt-out of Sale of Personal Information (“Do Not Sell”)

California residents have the right to opt-out of our sale of their personal information. We do not sell your personal information to other businesses or third parties. However, because of how broadly “sale” is defined under the CCPA, the collection of data by our third party digital advertising and web analytics service providers for our targeted advertising and analytics purposes may be considered a “sale” under the CCPA. To not have your information shared with such parties, you may manage your cookie preferences through our “Do Not Sell My Personal Information” web page.

• Requests for Copy, Deletion and Right to Know

Subject to certain exceptions, California consumers have the right to make the following requests, at no charge, up to twice every 12 months. Please see “Submitting Requests” for instructions on how to exercise your rights.

o          Deletion: the right to request deletion of personal information that we have collected about you, subject to certain exemptions.

o          Copy: the right to request a copy of the specific pieces of personal information that we have collected about you in the prior 12 months.

o          Right to Know (Collection): Where we have collected personal information about you, the right to request that we disclose certain information about how we have handled your personal information in the prior 12 months, including: the categories of personal information collected; categories of sources of personal information; business and/or commercial purposes for collecting and selling your personal information; and the categories of third parties/with whom we have disclosed or shared your personal information.

o          Right to Know (Disclosure and Sale): Where we have sold or disclosed for a business purpose your personal information, the right to request that we disclose certain information about how we have handled your personal information in the prior 12 months, including: the categories of personal information collected; categories of third parties to whom your personal information has been sold and the specific categories of personal information sold to each category of third party; categories of third parties to whom personal information has been disclosed; and the categories of personal information that we have disclosed or shared with a third party for a business purpose.

• Submitting Requests. You can exercise your rights by emailing us at: privacy@nayax.com, or by telephone at: 1 866 684-4276. Once you submit your request, we will take steps to attempt to verify your identity. We will seek to match the information in your request to the personal information we maintain about you. As part of our verification process, we may ask you to submit additional information, use identity verification services to assist us, or if you have created an account on our Platform, we may ask you to sign in to your account as part of our identity verification process. Please understand that, depending on the type of request you submit, to protect the privacy and security of your personal information, we will only complete your request where we are satisfied that we have verified your identity to an appropriate degree of certainty. We will make every reasonable effort to respond to you within 45 days after we receive a verified request. If we are unable to meet this timescale, we will contact you to let you know why it will take more than 45 days and respond as soon as possible over the next 45-day period.

INCENTIVES AND DISCRIMINATION

The CCPA prohibits discrimination against California consumers for exercising their rights under the CCPA and imposes requirements on any financial incentives offered to California consumers related to their personal information. We do not currently offer financial incentives for the collection of personal information.

If consumers exercise their rights under CCPA, businesses may not discriminate against them including by denying or providing a different level or quality of goods or services or charging or suggesting that a business will charge different prices or rates or impose penalties, unless doing so is reasonably related to the value provided to the consumer by the consumer’s data.

CALIFORNIA “SHINE THE LIGHT” LAW

California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our App that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to privacy@nayax.com.

18. NEVADA RESIDENTS

We do not sell your personal information as defined under Nevada law. However, if you are a Nevada resident, you may submit a request that we not sell any personal information we have collected about you by contacting us at privacy@nayax.com.