Tigapo Privacy Policy
[Last updated: April 30, 2024]
- GENERAL
Tigapo Ltd. (“we”, “us”, “our”, “Company” or “Tigapo”), a part of the Nayax Group (as defined below), is committed to protecting the privacy of users who use our platform and services, and visitors of our website, all as further detailed below. We take several precautions and have implemented certain mechanisms designed to protect Personal Data (as defined below), as well as to comply with applicable privacy and data protection laws.
“Nayax Group” refers to Nayax Ltd. affiliated companies. Please note, that in case you are using additional, supplementary or other services offered by the Nayax Group, additional and/or other terms may apply to you, with respect to such services you subscribed to, as indicted in the applicable agreement executed between you and the relevant Nayax entity and as specified in Nayax’s Privacy Policy.
PRIVACY NOTICE ACCESSIBLE FOR CHILDREN
This Privacy Policy (“Privacy Policy”) is an integral part of our Terms of Use and governs the collection, processing, usage and transfer of data by us from: (i) individuals who access and use our website: https://www.nayax.tigapo.com/ (respectively, “Visitors” and “Website”); (ii) end-users (“End-Users”) who use the machines operated by of our clients (i.e., Merchants, as defined below) and use our app and the services offered by us (“App”); (iii) End-Users who use the machines operated by Merchants and use one of our self-service kiosks (“Kiosks”) placed at Merchant locations; and (iv) Merchant’s personnel. All of the above shall be referred to as “you” or “User(s)”.
This Privacy Policy explains how you can exercise your rights related to your Personal Data, in accordance with the laws and regulations applicable to you (which may include for example the EU General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”)). In the event you are a California resident and the CCPA applies to you – please make sure to review Section 17, below describing your rights under the CCPA.
If you have any questions regarding this Privacy Policy, please send any inquiries to: privacy@nayax.com.
THE HIGHLIGHTS:
- As an essential part of our business, we offer our clients (“Merchants”), a cloud based platform for coin-operated machines (“Solution”). Our Solution enables Merchants to control remotely and manage their machines through the Solution, including collecting payments, interacting with the End-Users, send customized incentives, etc.. In this framework, we process certain Personal Data related to End-Users as a data processor on behalf of the Merchants. We also operate a web platform which enables Merchants and their personnel to access their accounts on the Services. With respect to the processing of data related to Merchants’ personnel, we process Personal Data as a data controller. For the purpose of this Privacy Policy, the Solution, App and Kiosks shall be collectively referred to as the “Services”.
- Children under the age of 16 (or equivalent minimum age for providing consent in the jurisdiction in which the End-User is located) are not permitted to use the Services without parental or legal guardian consent. For more information, please review the section of our privacy policy below about how we process children’s’ Personal Data.
- You are not required by law to provide us with any Personal Data. Sharing Personal Data with us is entirely voluntary.
- You may not share Personal Data about other people with us who you are not authorized to share or use.
- You may be entitled to request to review, amend, erase restrict and opt-out from the processing of your Personal Data, in accordance with applicable law. For more information regarding your rights please refer to Section 6.
- We share Personal Data with third parties in connection with the provision of the Services to our Users, or other limited circumstances as specified herein.
- If you have any questions or requests regarding the processing of your Personal Data, or would otherwise like to contact us in connection with this Privacy Notice, please send us an email to: privacy@nayax.com.
- WHAT IS PERSONAL DATA?
Personal Data is any information which identifies or can be reasonably used to identify a natural person. Such data includes for example: first and last name, phone number, email address, unique online identifiers, billing information, credit card details, etc.
As opposed to Personal Data, non-personal data, or anonymized data, is information which does not identify a specific natural person and cannot reasonably be used for such identification. This type of information includes for example aggregate or statistical data, technical information transmitted from your device such as type of browser and operating system, language preference, referring and exit pages and URLs, time and date stamp, and amount of time spent on particular page.
- PERSONAL DATA PROCESSED BY US IN CONNECTION WITH THE SERVICES AND WEBSITE
Types of Personal Data processed | Purposes of processing | For EU persons – Legal Basis under the GDPR |
Data related to End-Users | ||
Users Sign Up and Profile Data
When you sign up to use our Services we will require you to provide your date of birth for age validation purposes. When you sign up to our Services and create an account on the App in order to use the Merchant’s machines, you will need to provide us with certain information including your name, email address and your credentials. Once registered, you may complete your profile on the App and provide us with additional information (at your choice). Such information includes your phone number, language preference and gender. Note that you are not required to provide us with the additional information in order to use the Services. If you choose to sign up using Facebook connect, Google+, Twitter or Apple (“Social Media”), we will collect your profile picture available on your Social Media account and your email address. Note that the Social Media operators’ use of your data is governed by their privacy policies. If you provide us with permission, we also collect and process your geolocation (Geofencing – location based service). |
|
|
Using the Services with Merchant’s Machines
End User using NFC In the event you are using our Services by NFC (near field connection) devices, provided to you by the Merchant at the Merchant’s facilities, we will collect certain information about you that includes, your name, phone number and email. When using the NFC we do not collect your payment details. Your credit will be updated automatically through our Solution integrated with the Merchant’s machines. |
|
The legal basis for processing will be determined by the Merchant. Please refer to the Merchant’s privacy policy for full details. The following are examples of lawful basis that Merchants may rely on:
|
Technical Data
We collect certain technical information transmitted by your device when accessing the App, this information includes: type of the device used, IP address, device name, IP address, operating systems and device ID. We also collect certain information about your use of the App automatically such as access time and date, and user actions such as purchases and page views.
|
|
|
Merchant and Merchant’s Personnel | ||
Merchant’s onboarding
In order to provide Merchant with our Solution and the Services, and upon registration, we collect information regarding the Merchant’s and its personnel: Merchant’s full name, name and contact details of the Merchant’s contact person, address, phone number, financial information for billing purposes and email address. Additionally, if applicable and in order to fulfill our legal obligations to prevent fraud and money laundering, we may obtain information for the purpose of “Know Your Client” (KYC) check. Such information includes information regarding Merchant or Merchant’s shareholders (if applicable), such as: identification number (SSN, passport, I.D. number or driving license number), financial information (credit card number and banking information), date of birth, residence country, citizenship country, nationality, position, phone and mobile number, face snapshot, image and video, and copy of the identification document. Note that if you are an employee or an authorized user of a Merchant, we may process certain personal data about you, in the framework of our engagement with your employer, as specified herein. |
|
|
Website Visitors | ||
Demo
If you register for a demo, available through our Website, we will collect and process your name, email address and company name. |
To send you a demo of our Services.
|
|
Contact Information:
In the event you contact us for customer service, support or any other inquiries, by sending us an email via the “Get in touch” feature available on the Website, or by any other means of communications we may make available to you, you will be requested to provide us with your full name, email address and phone number. In addition, you can choose to provide us with additional information as part of your correspondence with us. |
|
|
Technical Data:
We collect certain technical information transmitted by your device when accessing the Website, this information includes: type of the device used, IP address, type of browser, internet service provider, End-User actions and page views, directing URL’s, device name, device ID and operating systems. |
|
|
-
DATA SUBJECTS RIGHTS
You are not required by law to interact with us or provide us with Personal Data. If you choose to use any of our App or Services, or if you choose to use or purchase from Merchants’ machines, we will process certain Personal Data (as detailed above) in order to deliver to Merchants and you, as applicable, our Services.
-
PRIVACY NOTICE ACCESSIBLE FOR CHILDREN
Welcome to Tigapo! Your privacy is important to us. This Privacy Policy explains how we collect, use, and protect information when you use our website, machines, app and Kiosks (“Services”).
Our Services are not intended to persons under 16 years, so please do not use our Services without a guardian adult consent.
What Is Personal Data?
- Personal Data is any information which can be used to identify a natural person. Such data includes for example: first and last name, phone number, email address, unique online identifiers, billing information, credit card details, etc.
Information We Collect
We process certain Personal Data related to our users who use the machines operated by our clients (“Merchants”). We also operate a web platform which enables Merchants and their personnel to access their accounts related to the Services.
- For children, we collect less information than we do for adults (as previously described in this Policy). Here is what we collect from you based on how you interact with our Services:
- If you register with a Merchant: we collect either your first name or your last name, your nickname (display name), and your birthday.
- If you use a Kiosk: we only collect your nickname (display name).
- If you sign up through our app: we collect your full name, your nickname (display name), and your parent’s email address (to ask for parental permission).
- When you use our app, we might send notifications directly to your device and use your location to show nearby Services from Merchants.
- Details about any transactions, purchases at Merchants, and technical data from you are handled just like they are for adults, as previously described in this Policy.
Must I Provide You with My Personal Data?
- No, you are not required by law to provide us with any Personal Data, sharing Personal Data with us is entirely voluntary.
- Do not provide us information without the consent of a guardian, as we prohibit children from publicly disclosing information through any means.
- Please do not share Personal Data about other people with us who you are not allowed to share or use.
What Are My Rights with Respect to My Personal Data?
- You can request to review, amend, erase restrict and opt-out from the processing of your Personal Data by contacting us at: privacy@nayax.com immediately.
- Additionally, you can update or erase your information via Tigapo app. For more information regarding your rights please refer to Section 6.
Do You Share My Personal Date?
- We may share Personal Data with third parties in connection with the Services to our users, or other limited circumstances.
- We do not share any information with third parties for advertising or marketing.
- A list of third which we may share personal data provided in section 8.
Why Do You Need My Personal Date?
- To provide and improve our Services.
- To understand how our Services is used to enhance your experience.
How Can I Reach You?
- If you have any questions or requests regarding the processing of your Personal Data, or would otherwise like to contact us in connection with this Privacy Notice, please send us an email to: privacy@nayax.com.
Notice Regarding Children
Our Services are not intended to persons under 16 years old or equivalent minimum age for providing consent to processing of Personal Data in the relevant jurisdiction (“Child”). If a parent or guardian becomes aware that his or her Child has provided us with Personal Data without their consent, he or she should contact us at: privacy@nayax.com immediately. Additionally, parents can choose to update or erase Child information either by sending a request to the provided email address or via Tigapo app.
We do not knowingly collect or solicit Personal Data from a Child. If we become aware that a Child has provided us with Personal Data, we will delete such data from our databases.
We expressly prohibits children from publicly disclosing information without parental consent through any means.
-
WHAT ARE DATA SUBJECT RIGHTS AND HOW CAN THEY BE EXERCISED?
Depending on your jurisdiction, data protection and privacy laws provide you with the ability to exercise certain rights regarding your Personal Data that we process. Please note that, unless you instruct us otherwise, we retain the information we collect for as long as needed to provide the Services and to comply with our legal obligations, resolve disputes and enforce our agreements. If you object to the aforesaid collection, use and sharing of data, please immediately cease using the Services and/or App.
Data subject rights include (depending on your jurisdiction and applicable law):
- the right to receive confirmation whether or not we process your Personal Data;
- the right to access your Personal Dataand receive a copy of the Personal Data that we hold.
- the right to rectificationof your Personal Data;
- the right to erasureof your Personal Data.
- the right to restrictprocessing of your Personal Data.
- the right to objectto processing of your Personal Data;
- the right to data portability.
- the right to lodge a complaint to a supervisory authority; and
- the right to withdraw consent to processing of Personal Data.
To assert any of these rights, please contact us at: privacy@nayax.com.
We may request additional information from you when you contact us with a request concerning your data subjects rights in order to: (i) verify your identity; (ii) determine the applicable laws; (iii) and locate your data.
-
HOW CAN DATA SUBJECTS CONTACT WITH US WITH QUESTIONS OR CONCERNS ABOUT PRIVACY AND PERSONAL DATA?
If you have any questions, concerns or requests in relation to your privacy or personal data, you are welcome to contact us, by sending an email to: privacy@nayax.com.
You may also contact us using the following contact information:
NAYAX Ltd.
3 Arik Einstein St., Herzliya 4659071 Israel
+97237694380
EU residents may also contact us by using the following details of our EU entity:
Nayax Europe UAB
Antakalnio 17, LT-10312, Vilnius, Lithuania
-
WITH WHICH THIRD PARTIES DO WE SHARE PERSONAL DATA?
WE DO NOT SELL OR RENT ANY OF YOUR PERSONAL DATA TO NON-AFFILIATED THIRD PARTIES FOR THEIR MARKETING PURPOSES.
- Merchants – When we process Personal Data on behalf of Merchants who subscribed to use our Solution, we share Personal Data collected in the framework of such services with the relevant Merchant. We may also share Personal Data on the Merchant’s behalf with other service providers of the Merchant, in accordance with the Merchant’s instructions.
- Service Providers – We share personal data with the following service providers:
- Amazon Web Services
- Coriunder
- Authorize.Net
- Shift4 Payments
- Firebase, Elavon
- Sand Grid
- Sentry
These service providers assist us in operating our services, conducting our business, expanding our business or servicing our customers, and for personalizing user experiences of the Services, and include for example cloud storage services, billing services, marketing and analytics, maintenance and technology services. We always make sure this is done safely and in line with our Privacy Policy. Keep in mind that the list of our service providers might change over time. We will update these changes in our Privacy Policy, so it is highly recommended to check it now and then. Also, it is important to note that inquiries related to data subjects through our website are handled directly by us.
- For Legal Purpose – We may share Personal Data to third parties where required to comply with a legal requirement, for the administration of justice, to protect the vital interests of data subject or the vital interests of others, to protect the security or integrity of our databases and services, and to take precautions against legal liability.
- Change of Control – In the event of a corporate transaction (e.g., sale of a substantial part of our business, merger, consolidation or asset sale, etc.), we may share Personal Data with our affiliated companies or acquiring company, which will assume the rights and obligations as described in this Privacy Policy.
- Within the Nayax Group – We may share certain Personal Data within the Nayax Group, where certain affiliated companies provide services to assist other entities in the group in the provision of services.
We may use cookies and other similar tracking technologies or methods of web and mobile analysis to gather, store, and track certain information related to your access of, activity and interaction with our Website and Services.
A “cookie” is a small piece of information that a website assigns to your device while you access such website. Cookies are very helpful and may be used for a variety of different purposes. These purposes include, among other things, allowing you to navigate between pages efficiently, enabling automatic activation of certain features, remembering your preferences and making the interaction between you and our Service quicker, easier and smoother. Cookies are also used to help customize your experience and for advertising purposes (including personalized advertising). You can find out more information about cookies at: www.allaboutcookies.org.
Most browsers will allow you to erase cookies from your computer’s hard drive, block acceptance of cookies, or receive a warning before a cookie is stored. However, if you block or erase cookies your online experience may be limited.
We use both session and persistent cookies on the Services and we may use different types of cookies to run the Services, as follows:
Strictly necessary cookies – these cookies are necessary for the Website and Services to function properly and cannot be switched off in our systems. If you set your browser to refuse these cookies, some parts of the Services will not then work.
Analytics and Performance-related cookies – these cookies allow us to assess and improve the performances of our Services, including improving your online activity on our Website and Services. These cookies allow us to count visits and geographic sources. The information we get through the use of these cookies are in an aggregated form and we make no attempt to identify you or influence your experience of the Website and Services. If you do not allow these cookies, the loss of the information stored in a preference cookie may make the Service experience less functional but should not prevent it from working.
Functionality-related cookies: these cookies tell us, for example, whether you have engaged our Website and Services before or if this is your first time, and help us to identify the features in which you may find favorable.
Targeting and Advertising-related cookies: these cookies allow us to deliver content relevant to your interests, based on how you interact with our Website and Services. We have set out further information about the use of cookies by third parties below.
For more information about the cookies we use and to manage your preferences you can: go the cookies settings or see the following links for more information with respect to how you can block or erase cookies via your particular browser: Google Chrome; Firefox; Internet Explorer; Safari; Edge; Opera.
-
DO WE TRANSFER PERSONAL DATA INTERNATIONALLY?
Nayax Group is an international corporation, operating globally, with offices and data centers in various jurisdictions around the world. Therefore, Personal Data may be transferred across international borders in the framework of our services, including to Israel, the US and Europe. International transfers of data are done with appropriate measures to ensure that your Personal Data receives an adequate level of protection as required under applicable law. Further, when Personal Data collected within the EU is transferred outside the EU (and not to a recipient in a country that the European Commission has decided provides adequate protection), it shall be transferred in accordance with the provisions of the Standard Contractual Clauses approved by the European Union (if applicable). If you would like to understand more about these arrangements and your rights in connection therewith, please contact us at: privacy@nayax.com.
-
DO WE SEND MARKETING MATERIALS TO USERS?
We may send users of the Services or users who provided us with their consent with information on new products, features, activities, services and periodic announcements or newsletters. You may opt-out any time from such communications at any time by either: (i) using the “unsubscribe” feature available within the message; or (ii) sending us an email to: privacy@nayax.com.
-
HOW DO WE PROTECT PERSONAL DATA?
We implement security measures designed to reduce the risks of damage, loss of information and unauthorized access or misuse of personal data. We implement appropriate data collection, storage and processing practices and security tools designed to protect personal data against unauthorized access, alteration, disclosure or destruction.
You should be aware that no security measures are completely fail-proof, and it is impossible to prevent all threats to the security of data and systems. Therefore, you should be aware that any processing of digital personal data holds certain inherent risks, and we cannot guarantee that our services and databases will be immune to any wrongdoings, malfunctions, unauthorized interceptions or access, malware attacks or other kinds of abuse and misuse.
-
DATA RETENTION
Unless you or the Merchant (as the case may be) instruct us otherwise, and subject to applicable laws, we retain the information we collect for as long as needed to provide our Services and to comply with our legal obligations, resolve disputes and enforce our agreements, if applicable.
-
APPLICABLE LAWS
The provisions included in this Privacy Policy relating to matters that may be regulated under the GDPR or CCPA apply only to the processing of Personal Data (or Personal Information) which is subject to the GDPR or CCPA in accordance with the applicability provisions contained therein.
-
DO NOT TRACK
Our Website does not currently take any action when it receives a Do Not Track request. Do Not Track is a privacy preference that you can set in your web browser to indicate that you do not want certain information about your webpage visits collected across websites when you have not interacted with that service on the page. For additional details visit www.donottrack.us.
-
CHANGES TO THIS PRIVACY POLICY
We may, at any time and from time to time, modify this Privacy Policy. Modifications to this Privacy Policy will be posted on the Website, and shall be effective as of the date in which they are posted on the Website.
In case of a material change in this Privacy Policy, we shall seek and obtain verifiable parental consent through your contact information.
-
PRIVACY INFORMATION FOR CALIFORNIA RESIDENTS
In this section, we provide information for California residents, as required under California privacy laws, including the CCPA, which requires that we provide California residents certain specific information about how we handle their personal information, whether collected online or offline. Under the CCPA, “personal information” is any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household. It does not include publicly available data as defined by the CCPA.
Except for the right to opt-out and the right of non-discrimination, this section does not apply to California residents with whom we transact or communicate solely in the context of providing or receiving a product or service to or from a company that employs such residents or engages such residents as contractors. This section also does not apply to personal information we collect about job applicants, independent contractors, or current or former full-time, part-time and temporary employees and staff, officers, directors or owners of the Company or any affiliated entities.
CATEGORIES OF PERSONAL INFORMATION THAT WE COLLECT, DISCLOSE AND SELL
We have set out above the categories of personal information (as defined by the CCPA) about California residents that we collect. As noted below, we do not sell your personal information or disclose it to third parties for a business purpose. We may disclose each of these categories of personal information to our service providers, who are not permitted to use your personal information except as necessary for performing Services on our behalf. We collect these categories of personal information from the sources and for the purposes described above under the heading “Overview of Data We Process”. Our collection, use and disclosure of personal information about a California resident will vary depending upon the circumstances and nature of our interactions or relationship with such resident. Please note that the CCPA defines the term “sale” very broadly to include any exchange of data for consideration of any kind, not simply selling your data for monetary compensation.
CALIFORNIA CONSUMER RIGHTS
California law grants consumers certain rights and imposes restrictions on particular business practices as set forth below. California consumers have the right to request that we disclose what personal information we collect, use, disclose, and sell about you.
Right to Opt-out of Sale of Personal Information (“Do Not Sell”)
California residents have the right to opt-out of our sale of their personal information. We do not sell your personal information to other businesses or third parties. However, because of how broadly “sale” is defined under the CCPA, the collection of data by our third party digital advertising and web analytics service providers for our targeted advertising and analytics purposes may be considered a “sale” under the CCPA. To not have your information shared with such parties, you may manage your cookie preferences through our “Do Not Sell My Personal Information” web page.
Requests for Copy, Deletion and Right to Know
Subject to certain exceptions, California consumers have the right to make the following requests, at no charge, up to twice every 12 months. Please see “Submitting Requests” for instructions on how to exercise your rights.
o Deletion: the right to request deletion of personal information that we have collected about you, subject to certain exemptions.
o Copy: the right to request a copy of the specific pieces of personal information that we have collected about you in the prior 12 months.
o Right to Know (Collection): Where we have collected personal information about you, the right to request that we disclose certain information about how we have handled your personal information in the prior 12 months, including: the categories of personal information collected; categories of sources of personal information; business and/or commercial purposes for collecting and selling your personal information; and the categories of third parties/with whom we have disclosed or shared your personal information.
o Right to Know (Disclosure and Sale): Where we have sold or disclosed for a business purpose your personal information, the right to request that we disclose certain information about how we have handled your personal information in the prior 12 months, including: the categories of personal information collected; categories of third parties to whom your personal information has been sold and the specific categories of personal information sold to each category of third party; categories of third parties to whom personal information has been disclosed; and the categories of personal information that we have disclosed or shared with a third party for a business purpose.
Submitting Requests
You can exercise your rights by emailing us at: privacy@nayax.com, or by telephone at: 1 866 684-4276. Once you submit your request, we will take steps to attempt to verify your identity. We will seek to match the information in your request to the personal information we maintain about you. As part of our verification process, we may ask you to submit additional information, use identity verification services to assist us, or if you have created an account on our Platform, we may ask you to sign in to your account as part of our identity verification process. Please understand that, depending on the type of request you submit, to protect the privacy and security of your personal information, we will only complete your request where we are satisfied that we have verified your identity to an appropriate degree of certainty. We will make every reasonable effort to respond to you within 45 days after we receive a verified request. If we are unable to meet this timescale, we will contact you to let you know why it will take more than 45 days and respond as soon as possible over the next 45-day period.
INCENTIVES AND DISCRIMINATION
The CCPA prohibits discrimination against California consumers for exercising their rights under the CCPA and imposes requirements on any financial incentives offered to California consumers related to their personal information. We do not currently offer financial incentives for the collection of personal information.
If consumers exercise their rights under CCPA, businesses may not discriminate against them including by denying or providing a different level or quality of goods or services or charging or suggesting that a business will charge different prices or rates or impose penalties, unless doing so is reasonably related to the value provided to the consumer by the consumer’s data.
CALIFORNIA “SHINE THE LIGHT” LAW
California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our App that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to privacy@nayax.com.
-
NEVADA RESIDENTS
We do not sell your personal information as defined under Nevada law. However, if you are a Nevada resident, you may submit a request that we not sell any personal information we have collected about you by contacting us at privacy@nayax.com.