Trust is the foundation of the GetPY platform and includes trusting us to do the right thing with your information. Three main values guide us as we develop our products and services. These values should help you better understand how we think about your information and privacy.
Your information belongs to you
We carefully analyze what types of information we need to provide our services, and we try to limit the information we collect to only what we really need. Where possible, we delete or anonymize this information when we no longer need it. When building and improving our products, our engineers work with security and privacy on priority. In all of this work our guiding principle is that your information belongs to you, and we aim to only use your information to your benefit.
We protect your information from others
If a third party requests your personal information, we will refuse to share it unless you give us permission or we are legally required. When we are legally required to share your personal information, we will tell you in advance, unless we are legally forbidden.
We help merchants and partners meet their privacy obligations
Many of the merchants and partners using GetPY apps and solutions do not have the benefit of a privacy team, and it is important to us to help them meet their privacy obligations. To do this, we try to build our products and services so they can easily be used in a privacy-friendly way. We also provide detailed FAQs, documentation and whitepapers covering the most important privacy topics, and respond to privacy-related questions we receive.
Your rights over your information
We believe you should be able to access and control your personal information no matter where you live. Depending on how you use GetPY, you may have the right to request access to, correct, amend, delete, port to another service provider, restrict, or object to certain uses of your personal information (for example, direct marketing). We will not charge you more or provide you with a different level of service if you exercise any of these rights.
If you buy something from a GetPY-powered store and wish to exercise these rights over information about your purchase, you need to directly contact the merchant you interacted with. We are only a processor on their behalf, and cannot decide how to process their information. As such, we can only forward your request to them to allow them to respond. We will of course help our merchants to fulfil these requests by giving them the tools to do so and by answering their questions.
Please note that if you send us a request relating to your personal information, we have to make sure that it is you before we can respond. In order to do so, we may ask to see documentation verifying your identity, which we will discard after verification.
If you would like to designate an authorized agent to exercise your rights for you, please email us from the email address we have on file for you. If you email us from a different email address, we cannot determine if the request is coming from you and will not be able to accommodate your request. In your email, please include the name and email address of your authorized agent.
If you are not happy with our response to a request, you can contact us to resolve the issue. You also have the right to contact your local data protection or privacy authority at any time.
How we protect your information
Privacy for Merchants
For merchants using GetPY to power their stores
If you are a merchant using GetPY to power your business, we collect and use your personal information to provide you with our platform and its services, and generally to help you better manage your business and your relationship with your customers.
What information we collect about you and why
We collect personal information when you sign up for GetPY, when you use our app, or when you otherwise provide us information. In general we need this information for you to be able to use our platform.
|What we collect||How we use it|
Information you provide us about you and your business, like your name, company name, address, email address, and phone number.
Payment information you provide us, such as your credit or debit card number or your bank account number.
- To provide you with the use of our platform and other related services (e.g., to confirm your identity, to contact you about issues with the platform, to invoice you)
- To advertise and market products or features to you
- To charge for our services
- To complete your transactions
- To provide you use of, and to improve, our platform and other related services (e.g., identifying ways to make our platform easier to use or navigate)
- To personalize the platform for you
- To advertise and market products or features to you
- Your rights over your information
We believe that you should be able to access and control your own personal information no matter where you live. You can access and correct a lot of your personal information directly through the GetPY admin. For information you are not able to access or correct directly within the GetPY admin, please email us at contactus@GetPY.com.
Finally, we do not and will not “sell” your personal information.
Your customers’ information
GetPY performs the roles of a data controller and data processor during the course of business. As a data controller, we determine the purpose and manner in which personal data is processed. As a data processor, we process personal information on behalf of another group company or a third party.
GetPY informs individuals of the purpose for which it collects, processes, stores and/or discloses their information through a notice. At the bare minimum, the notice includes:
- The type of personal data collected;
- The purpose for which it is collected;
- The legal requirement to collect this personal data (if applicable);
The notice is drafted in simple and clear language in a format that is consistent across the organization. The document also contains the geographic area, office locations, jurisdiction and name of the GetPY entity that issues the notice.
- How the personal data will be used or processed;
- How individuals can access their personal data and amend it for accuracy;
- An explanation of third party involvement in processing personal data (if applicable);
- The consequences / impact, if any, for not providing the requested personal data; and; · An option for individuals to indicate a preferred means of contact.
Choice and Consent
Where required by law, GetPY obtains consent from individuals to collect, use, retain or disclose their personal data. Individuals are given the choice to opt-in or opt-out of this procedure. If applicable, we inform individuals of the consequences for failing to consent or provide their personal data and the process to alter their consent decisions. GetPY verifies that the use of personal data is consistent with the consent obtained. If personal data will be used for a purpose other than that originally disclosed to the individual, we acquire additional consent.
GetPY collects personal data in a fair, transparent, and lawful manner. As such, we adhere to the following guidelines:
- Collect the minimum personal data required to support a GetPY business activity or as mandated by law;
- Collect personal data in a fair and non-deceptive manner;
- Collect personal data directly from the individual, when possible;
- Where required by local law, obtain explicit consent from individuals, prior to the collection of sensitive personal information (e.g. race, ethnic origin, health details, sexual orientation etc.); and
- Verify that personal data collected from third parties is reliable and legally obtained.
Furthermore, GetPY monitors the involvement of third parties during collection and conducts due diligence to ensure their compliance with our Policy.
All personal data collected by GetPY is used expressly for legitimate business activities and for purposes consented to by the individual. GetPY only uses personal data in strict adherence to contractual, regulatory and applicable laws. Retention GetPY does not retain personal data any longer than is absolutely necessary. The retention period for personal data is determined by:
- The purpose of the data collected,
- The fulfilment of that purpose, and
- Mandatory adherence to local, state and national regulations.
As part of our retention practices, GetPY documents and tracks:
- Retention periods, as mandated by any contractual and/or regulatory requirements;
- The mode of storage, archival and back up of personal data collected; and
- Approval-based disposal procedures (e.g. destruction and redaction) and exceptions to these procedures.
Disposal, Destruction and Redaction of Personal Data
GetPY’s Data Retention and Disposal Policy require managerial approval for the disposal, destruction and deletion of any personal data. Our disposal, destruction and redaction procedures prevent the recovery, theft, misuse or unauthorized access of personal data.
All individuals are given access to review, update or correct their personal data. The mode of access to this information is clearly communicated to the individual within an appropriate timeframe. Where required by law, GetPY will respond to requests from individuals to provide them with information relating to the personal data, we hold about them. Furthermore, GetPY authenticates individuals before granting access to personal data. Access to personal data may be denied if an unreasonable request is made, subject to local laws. If access is denied, GetPY provides the reason and a point of contact for further inquiry to the individual.
GetPY may disclose personal data to third parties as a part of normal business operations. Such third parties must enter into a written contract with us containing appropriate privacy clauses. Third parties are mandated to handle all personal data in accordance with the following:
- Third parties must ensure equal care and adequate levels of protection; and
- Appropriate security measures must be implemented to safeguard the personal data; and
- The personal data must only be processed in accordance with GetPY’s instructions.
GetPY will ensure that international transfers of personal data are afforded with an adequate level of protection, as required by local law.
Protection of Personal Data in the Possession of Third Parties
GetPY conducts appropriate due diligence checks prior to and during the selection of third parties who process personal data on behalf of GetPY. GetPY requires third parties to strictly adhere to contractual terms and guidelines on data protection to the extent such third parties have access to or are otherwise processing personal data on behalf of GetPY. Furthermore, GetPY retains the audit rights to monitor and supervise all GetPY provided personal data that is processed or handled during the performance of services by a third party contractor. Finally, GetPY maintains a well-defined mitigation and remediation plan in the event that any harm may result due to third party misusing or improperly processing such GetPY provided personal data in violation of contractual and statutory obligations.
GetPY informs individuals that they have a responsibility to provide accurate, complete and relevant information in order to maintain the quality and integrity of all personal data. Individuals may contact our designated personnel for any updates or corrections. Individuals may verify and challenge the accuracy and completeness of their personal data and have it amended or deleted if appropriate. Additionally, GetPY has a system in place to record the date, edits, validation and verification of all personal data collected, maintained and updated.
Compliance and Reporting
GetPY is committed to monitoring and enforcing compliance with this Policy and with applicable privacy laws, regulations and obligations. We have documented procedures for:
- Addressing and resolving any data privacy grievance;
- Implementing a remediation process for any data privacy breach; and
- Identifying a third-party arbitrator for dispute resolution, if necessary. In addition, employees, customers and third parties are welcome to submit questions, concerns or complaints about GetPY’s privacy practices to our compliance helpline by writing to us at: contactus@GetPY.
Any potential or actual violation of this Policy is immediately reported to our Chief Compliance Officer.
GetPY conducts regular audits of our compliance with applicable privacy policies, procedures, laws, regulations, contracts and standards. During compliance review, we:
- Document the processes for resolution of issues and vulnerabilities, as well as corrective action plans;
- Record the results of compliance reviews and regularly submit material findings to the Audit Committee of our Board of Directors; and
- Follow up on recommendations for improvement/remediation plans based on the results of the compliance review.
All GetPY directors, officers, employees, agents and contractors are expected to fully comply with this Policy. Violations of this Policy are investigated, and failure to comply with this Policy may result in disciplinary action up to and including termination of employment or contract.
Version: 2.0 Effective Date: January 01, 2020, Last Revised Date: August 1st, 2020