Privacy Policy

Recently updated: January 1, 2020

NAYAX is committed to your right to privacy. Protecting our Users’ privacy is a core value of NAYAX, and we take precautions to ensure the protection of our Users’ personal data as well as to comply with applicable privacy and data protection legislation. We respect the fact that our Users’ personal data and original content are their own, and have implemented mechanisms to ensure you have control over your data and content. A reference to “NAYAX” “we,” “us” or the “Company” is a reference to NAYAX Ltd. and the relevant affiliate involved in the data processing activity.

NAYAX is a company that provides, inter alia, cloud services for cashless payments, telemetry systems and management software and app for unattended vending machines, including: (i) the NAYAX Dashboard available through desktop application or mobile app (MOMA app);  (ii) Payment Solution (as defined below); and (iii) EVmeter related services (“Services”).Please note, NAYAX also provides cashless payment via Monyx, an app used by Consumers to pay for Merchant’s goods and services. For more information about Monyx please review the Monyx terms and condition and privacy policy available at: https://www.monyx.com/.

This Privacy Policy (the “Privacy Policy”) which is an integral part of our Terms and Conditions, and if applicable to you the NAYAX Dashboard Terms and Conditions, and governs the data collection, processing usage and transfer made by us (or on behalf of us) and our privacy practices with respect to data associated with: (i) individuals who access and use NAYAX websites: https://www.nayax.com/ and EVmeter website https://www.evmeter.com/.

(respectively, “Visitor” and “Site”); (ii) our customers that subscribed to our Services (e.g., merchants of vending machines), and anyone who acts on their behalf including their employees or contractors (“Customers”); and (iii) Customer’s clients who use the NAYAX Payment Solution for cashless payment (respectively, “Payment Solution” and “Consumer(s)”). Each of the Visitors, Customer and Consumers shall also be referred to herein as “you” or “user”. Any capitalized terms not defined herein shall have the meaning ascribed to them in the Terms of Use.

If you choose to use the Site and/or Services, or otherwise provide data to us, you explicitly agree to the use of such data in accordance with this Privacy Policy. Please note that if you are using the Services as NAYAX’ Customer, the processing of Personal Data in connection with the Payment Solution and the Services provided to you is governed also by the Data Processing Addendum (the DPA”).

You may not use the Site or submit any data through the Site and/or use the Services if you do not agree to any of the terms hereunder. This Privacy Policy shall not be construed in any manner to derogate from the Terms and Conditions or any other agreement made by and between NAYAX and you, including the DPA.

THE HIGHLIGHTS:

  • You are not required by law to provide us with any Personal Data (as defined below). Sharing Personal Data with us is entirely voluntary.
  • Our Site and/or Services are intended for Users over the age of 16 or equivalent minimum age for providing consent to processing of Personal Data in the relevant jurisdiction. Children under such age are not permitted to register to or use the Services. If you are under such age you should cease to use the Services immediately.
  • You may be entitled to request to review, amend, erase or restrict the processing of your Personal Data, pursuant to applicable laws. Please note that in case you request to erase or restrict the processing of your Personal Data, your use of the Services may be restricted. You may be entitled to exercise additional rights under the CCPA, please refer to our User Rights Policy.
  • We do not sell, trade, or rent Users’ Personal Data to third parties. We only share Personal Data with third parties in connection with the provision of the Services to our Users, or other limited circumstances specified herein.

If you have any questions or requests regarding the processing of your Personal Data, or would otherwise like to contact us in connection with this Privacy Policy, please send us an email to:  privacy@nayax.com.

  1. What is Personal Data, and what data is collected about me by NAYAX?

Personal Data” or “Personal Information” (will be referred together as “Personal Data”), means any information which identifies or can be used to identify a natural person, including, but not limited to, first and last name, phone number, email address, online identifiers, IP address, billing information, information concerning households, devices etc.

Non-Personal Data”, means non-identifiable aggregated data, such as technical data transmitted by the user’s device and aggregated use of the website. This data is not used to identify individuals.

Personal Data is only used for limited purposes, as specified below.

 

Type of user and type of Data Purposes of Processing For EU persons – Legal Basis under the GDPR
Customers
Customers onboarding and registration data

In order to provide Customers with the Services, or when a Customer registers to our Services, we collect information regarding the Customer and its users: Customer’s full name (in case the Customer is an individual), contact details of the Customer’s focal point person, address, phone number, financial information for billing purposes, and email address.

Additionally, In order to fulfill our legal obligations to prevent fraud and money laundering, we will obtain information for the purpose of “Know Your Client” (KYC) check. Such information includes, information regarding Customer or Customer’s shareholders (if the Customer is a legal entity that is not an individual), such information includes identification number (SSN, passport, I.D. number or driving license number), financial information (credit card number and banking information, date of birth, residence country, citizenship country, nationality, position, phone and mobile number, face snapshot and video, and copy of the identification document.

To onboard our Customers to our Services and sign-up registration;

To provide the Services to our Customers;

To identify authorized Users to access the Services, and in particular to the NAYAX Dashboard and perform activities;

To resolve any disputes, communicate with you regarding customer service and support issues, and to respond to questions or comments and help resolve any problems.

1.      Necessity of processing for the purposes of the legitimate interests of NAYAX.

2.      To perform the contract which the Customer is a party; or

3.       In order to take steps at the request of the Customer prior to entering into a contract.

4. To fulfil our legal obligation.

Technical Information, Geolocation and Online Identifiers

We collect technical information transmitted by your device when using the NAYAX Dashboard via desktop application or our mobile application, this information include: type of the device used to access the Services, date and time stamp and language, preference approximate geolocation (i.e., country), and user’s actions such as page views, search queries, etc. Please note that if you use the NAYAX Dashboard via our mobile app we will collect your precise location.

In addition, when you access the Services, we collect your IP address (“Online Identifiers”). Note that, while the Online Identifiers are considered Personal Data in many jurisdictions (such as the EEA and in California), there are some jurisdictions in which such data sets is not considered as Personal Data. We treat the Online Identifiers as Personal Data, in accordance with applicable laws.

This information is collected automatically via your use of the NAYAX Dashboard.

To identify authorized users of Customer;

To access and use the Services, and in particular to the NAYAX Dashboard and perform activities.

To resolve any disputes, communicate with you regarding customer service and support issues, and to respond to questions or comments and help resolve any problems

  1. Necessity of processing for the purposes of the legitimate interests of NAYAX.
  2. To perform the contract which the Customer is a party
Consumers
Consumers use of the Services

If you are a Consumer in order to use the Services we will collect information about your payment means. Please note that if you are using credit card we will retain partial number of your credit card, as required under applicable laws and regulation.   When you make a purchase in the Customer’s vending machines, we collect certain data regarding your purchase, such as the Machine you purchased from, the products purchased and your shopping history, total payment amount, and your geographical location when using the Services.

Consumers using prepaid cards

When you pay with prepaid cards while using the Services, we may collect and process additional information about you, such as: your name, email address, and your phone number. If you are an employee using the Service in connection with your workplace (e.g. when your employer provides you with prepaid card), we may also receive additional information regarding you and your workplace, through your employer, such details may include your balance on your employment card/prepaid card.


e Receipt Consumers

In the event you registered to the eReceipt service, we will collect additional information about you, such as your email address, name, and address.

To provide you with the Services, and enable you to pay for goods and services offered by the Customers via our Services (i.e. Payment Solution such as the VPOS and other hardware means).

To provide our Customer with the Services they subscribed to, therefore we will share with our Customers information we collected from you.

To resolve any disputes, communicate with you regarding customer service and support issues, and to respond to questions or comments and help resolve any problems.

For eReceipt Users – in order to send you the receipt via email.

  1. Necessity of processing for the purposes of the legitimate interests of NAYAX.
  2. To perform the contract which the Customer is a party; or
  3. in order to take steps at the request of the Customer prior to entering into a contract.
  4. To fulfil our legal obligation.
Users
Contact Us Information

If you contact us for support, business or refund services via the “Contact Us” or “Support” features, we will collect certain information regarding you, such as your full name, your email, your phone number, your company (if applicable to you), country, the content of your massage, etc.

To answer your queries and provide you with the services you requested from us.
  1. Necessity of processing for the purposes of the legitimate interests of NAYAX;
  2. To perform a contract, we may have with you;
  3. To fulfil our legal obligation.
Newsletter Subscription

If you voluntarily subscribe to our newsletter through the Site (or otherwise agree to receive our updates and content), you may be requested to provide us with your email address, name of Company and country. You can unsubscribe at any time using the unsubscribe option within the body of the applicable email or by contacting us directly.

We use this information solely to provide you with the content you have requested.
  1. Necessity of processing for the purposes of the legitimate interests of NAYAX; or
  2. Based on your consent when you subscribed to our mailing lists.
Visitors
Site Visitors

When you visit our Site we log your IP address. We collect additional Online Identifies via cookies placed on your browser. Such information includes, the type of the visitor’s operating systems, type of browser, access time and date, user’s click-stream, visitor’s actions on the Site, browsing data (e.g., directing URL’s), search queries, browser history, and approximate location.

We collect this type of information for the purpose of operating, providing, maintaining, protecting, managing, customizing and improving our Site and Services and the way in which we offer them; enhancing your experience with the Site and Services; auditing and tracking usage statistics and traffic flow, and detecting fraud, security or technical issues in connection with the Site and Services.
  1. Necessity of processing for the purposes of the legitimate interests of NAYAX;
  2. Your consent, in case you provided it;
  3. To fulfil our legal obligations.

In addition, we may use certain Personal Data to prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts and any other misuse of the Site or the Services and to enforce the Terms and Conditions, as well as to protect the security or integrity of our databases, Site and the Services, and to take precautions against legal liability. Such processing is based on out legitimate interests.

Non-Personal Data, aggregate and statistical or otherwise anonymized data may be shared without limitation with third parties at our discretion. This information does not contain Personal Data and is used to develop content and services for our Users. Please note that we may also use Personal and non-Personal Data in connection with automatic analysis of our users’ behavior.

  1. Does NAYAX use cookies? Yes, we use data files such as cookies, pixel tags, “Flash cookies,” or other local storage files provided by your browser or associated applications (“Cookies”). We use these technologies in order to recognize you as a user; customize our Site and Services, content, and advertising; measure promotional effectiveness; help ensure that your account security is not compromised; mitigate risk and prevent fraud; and to promote trust and safety across our Site and Services. Please read our Cookie Policy  for more information about the Cookies we use. You may at any time program your browser to block Cookies, but please be aware that such blocking may prevent us from providing some or all of the Services to You. These cookies help us track how visitors use the Site and our Services.
  2. Will NAYAX Share my Personal Data?Non-Personal Data, aggregate and statistical or otherwise anonymized data may be shared without limitation with third parties at our discretion. This information does not contain any Personal Data and is used to develop content and services for our Users and clients.We share Personal Data only under the following limited circumstances:
    1. We share Personal Data with certain acquirers and credit card clearing services, as specified below, for the purpose of processing credit cards or debit card payments with respect to our Services provided to Customers and their Consumers. Following is a list of our current acquirers:
      1. Safecharge – https://www.safecharge.com/our-company/
      2. Borgun – https://www.borgun.com/about-borgun/
      3. Credorax – https://www.credorax.com/about
      4. Elavon – https://www.elavon.com/about/company.html
    2. Consumers Data. We share Personal Data related to Consumers with the Customers in order to provide you the Services such as when you make purchases through the Services. The privacy and security practices of the Customers are not covered by this Privacy Policy, and NAYAX accepts no responsibility or liability for the privacy or security practices or the content of such applications.
    3. All Users. NAYAX operates with multiple suppliers in various fields of activity with respect to the Site and Services. Such third parties assist NAYAX in operating the Site and Services, conducting our business, expanding our business or servicing you, and for personalizing your experience of the Services such as fraud prevention, cloud storage services, bill collection, marketing, cloud storage services, maintenance and technology services.
    4. With our affiliates and connected companies, such as subsidiaries
    5. To the extent you are using a pre-paid card with our Services, we may share your information with your employer. Please note that in such case we are processing Personal Data on behalf of our Customers (i.e., your employer), and your use of the Services shall be subject to your employers’ policies. The privacy and security practices of our Customers are not covered by this Privacy Policy.
    6. To comply with a legal requirement, for the administration of justice, to protect your vital interests or the vital interests of others, to protect the security or integrity of our databases or the Services, to take precautions against legal liability.
    7. In the event of a corporate transaction (e.g., sale of a substantial part of our business, merger, consolidation or asset sale). In such case, our affiliated companies or acquiring company will assume the rights and obligations as described in this Privacy Policy.
  3. Will NAYAX transfer my Personal Data internationally?
    1. NAYAX is a global company with offices all over the world. Our databases are located currently in Germany, Israel and in the US]. Some of our processing activities are made in Israel. The European Commission has decided that Israel ensures an adequate level of privacy and data protection, therefore, in accordance with the GDPR, the transfer of Personal Data to Israel is lawful and does not require any specific authorization.
    2. Any future transfer of Personal Data outside the EU to a third country (other than Israel) shall be made in accordance with applicable law, including by providing adequate protections, or otherwise implementing appropriate safeguards to ensure the protection of our Users’ rights.
  4. Will I receive SPAM from NAYAX?We may send users of the Services or Users who provided us with their consent with information on new products, features, activities, services and periodic announcements or newsletters. You may opt-out any time from such communications by either: (i) using the “unsubscribe” feature available within the message; or (ii) sending us an email to: privacy@nayax.com asking to opt-out.
  5. Users rights with respect to Personal DataSubject to applicable law requirements, we will provide individuals (i.e., our Users) with the opportunity to exercise their rights regarding their Personal Data. Individuals’ principal rights under data protection and privacy laws may include (you may have some or all of these rights depending on your jurisdiction):
    • the right to confirm whether or not we process your Personal Data;
    • the right to access your Personal Data and being provided with a copy of the Personal Data that we hold.
    • the right to rectification of your Personal Data;
    • the right to erasure of your Personal Data.
    • the right to restrict processing of your Personal Data.
    • the right to object to processing of your Personal Data;
    • the right to data portability.
    • the right to complain to a supervisory authority (in the event that you are a European Economic Area (“EEA”) resident); and
    • the right to withdraw consent.

    Please review our Privacy Users Rights Policy regarding your rights under applicable law.

    You may exercise any or all of your above rights in relation to your Personal Data by filling out the Data Subject Request Form (“DSR”) and send it to our privacy team at: privacy@nayax.com.

    Please note that

    • We may request additional information from you when you contact us with a DSR in order to: (i) verify your identity; (ii) determine the applicable laws apply to you; (iii) and locate your data.
    • It may take time to process requests in a way that is consistent with applicable privacy law.
  6. Persons under 16Our Site and the Services provided through it is a general audience Site which is not directed to persons under 16 years old. If a parent or guardian becomes aware that his or her child has provided us with Personal Data without their consent, he or she should contact us immediately. We do not knowingly collect or solicit Personal Data from people under 16 years old. If we become aware that a person under 16 years old has provided us with Personal Data, we will delete such data from our databases.
  7. How does NAYAX protect your data?We implement measures to reduce the risks of damage, loss of information and unauthorized access or use of information in accordance with the applicable law. We adopt appropriate and generally accepted data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your Personal Data. In particular, your payment information is secured in accordance with the PCI-DSS standard. However, these measures are unable to provide absolute information security. Therefore, although efforts are made to secure your personal information, it is not guaranteed and you cannot reasonably expect that the Service and its related databases will be immune from any wrongdoings, malfunctions, unauthorized interceptions or access, or other kinds of abuse and misuse.
  8. Data RetentionUnless you instruct us otherwise and subject to applicable laws, we retain the information we collect for as long as needed to provide our services and to comply with our legal obligations, resolve disputes and enforce our agreements if applicable.
  9. Questions or concerns regarding privacy If you have any questions or concerns regarding privacy issues, please send us a detailed message to: support@nayax.com or privacy@nayax.com  and we will make every effort to resolve your concerns without delay.NAYAX may, at any time and from time to time, modify this Privacy Policy. Modifications to this Privacy Policy will be posted on the Site and shall be effective as of the date in which they are posted on the Site.
  10. Do Not Track DisclosureOur website does not respond to Do Not Track signals. For more information about Do Not Track signals, please see: http://www.allaboutdnt.com.
  11. PRIVACY NOTICE FOR CALIFORNIA RESIDENTS UNDER THE CALIFORNIA CONSUMER PRIVACY ACT This section for California Residents under the California Consumer Privacy Act of 2018 (respectively,  “Privacy Notice” and “CCPA”) supplements the information contained in our general Privacy Notice and applies solely to all visitors, users, and others who reside in the State of California (“consumers” or “you”), as defined under the CCPA. Any terms defined in the CCPA have the same meaning when used in this Privacy Policy. Further, this Privacy Notice is an integral part of our Privacy Policy and thus, definitions used herein but not defined herein shall have the meaning ascribed to them in our Privacy Policy.
    As required under the CCPA, we will update this Privacy Notice every 12 months. The last revision date will be reflected in the “Recently Updated” heading located at the top of the Privacy Policy.

types of PERSONAL information we COLLECT

Under the CCPA, “Personal Information” is defined as any information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household or device. The categories of Personal Information that we collect (and has collected within the last 12 months), are detailed in the table below.

Please note that, under the CCPA Personal Information does not include: publicly available information from government records and de-identified or aggregated consumer information, information excluded from the CCPA’s scope (e.g., health or medical information covered by applicable laws such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA)); and information covered by certain sector-specific privacy laws (e.g., the California Financial Information Privacy Act (FIPA)).

 

 

Category Examples Collected
A. Identifiers. A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers. Yes
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information,

Some personal information included in this category may overlap with other categories.

Yes
C. Protected classification characteristics under California or federal law. national origin, citizenship, religion or creed, marital status,). Yes
D. Commercial information. Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. Yes
E. Biometric information. No
F. Internet or other similar network activity. Browsing history, search history, information on a consumer’s interaction with a website, application. Yes
G. Geolocation data. Physical location or movements. Yes
H. Sensory data. Audio, electronic, visual, thermal, olfactory, or similar information. No
I. Professional or employment-related information. Current or past job history or performance evaluations. Yes
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. No
K. Inferences drawn from other personal information. Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. No

HOW WE COLLECT INFORMATION

Depending on the nature of your interaction with us, we may collect the above detailed information from you, as follows: (i) directly from you, for example, when a Customer subscribe to our Services he will fill his/her Personal Information as part of the onboarding process; (ii) automatically when you use the NAYAX Dashboard via desktop or app; (iii) from third-party business partners such as analytics providers.

USE OF PERSONAL INFORMATION

We may use, or disclose the Personal Information we collect for one or more of the following business purposes:

  • To fulfill or meet the reason you provided the information. For example, if you contact us with an inquiry and share your name and contact information, we will use that Personal Information to respond to your inquiry.
  • To provide, support, personalize, and develop our Site and Services, as well as improve our Site and Services.
  • For security and fraud detection purposes, and to maintain the safety, security, and integrity of our Site Services.
  • For testing, research, analysis, and product development, including to develop and improve our Site and Services.
  • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
  • As described to you when collecting your Personal Information or as otherwise set forth in the CCPA.
  • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding.

We will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

 

SHARING AND SELLING DATA

We may disclose your Personal Information to a third party for a business purpose. When we disclose Personal Information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except performing the contract.

We share your Personal Information with the following categories of third parties:

(i)  We share your Personal Information with our service providers (such as: AWS our cloud storage services, Salesforce, Pardot and clearing service providers)

(ii)  We share your Personal Information data aggregators (such as: Salesforce Analytics and Google Analytics)

(iii)  We share your Personal Information to our Customers (when you purchase through their vending machines and pay through the NAYAX cashless Payment Solution).

 

DISCLOSURES OF PERSONAL INFORMATION FOR A BUSINESS PURPOSE OR FOR SELLING PURPOSES

In the preceding twelve (12) months, the Company has disclosed the following categories of Personal Information for a business purpose:

Category A: Identifiers.

Category B: Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).

Category C: Protected classification characteristics under California or federal law.

category D: Commercial information: Commercial Information

Category F: Internet or other similar network activity.

Category G: Geolocation data.

SALES OF PERSONAL INFORMATION

In the preceding twelve (12) months Company has not sold Personal Information (“selling” under CCPA relates to any disclosure, transfer, and selling of Personal Information for monetary or other valuable consideration).

YOUR RIGHTS REGARDING YOUR PERSONAL INFORMATION

The CCPA provides consumers with specific rights regarding their Personal Information. Please review our User Rights Policy regarding your rights under applicable law.

You may exercise any or all of your above rights in relation to your Personal Information by filling out the DSR Form and send it to our privacy team at: privacy@nayax.com.

  1. CONTACT US

If you have any questions about this Privacy Policy, you may contact us as follows:

By sending our DPO email at: privacy@nayax.com

By regular mail (address) at:

NAYAX Ltd.
3 Arik Einstain St., Herzliya 4659071 Israel

 

Previous version of Privacy Policy