GlobalGate's Privacy and Cookie Policy

Being transparent and providing accessible information to individuals about how we will use their personal data is a key element of our organization. Please read the following privacy and cookie policy ("privacy policy") to understand how we use and protect the data obtained from you.

GlobalGate Ltd (or "GlobalGate", "we", "us", "our") is an e-money institution authorised to issue electronic money and to provide payment services under National Bank of Switzerland authorisation number XXXX-YY-007 of 25 April 2018. See our registration here.

Together with our partners and affiliates, we are offering payment services to online merchants, in order for them to accept payments through different payment instruments (like credit or debit cards, or other alternative payment methods) on their websites and to enable their customers to pay for products or services by using such payment instruments

In this privacy policy, we sometimes refer to "you". "You" could be a visitor to one of our websites, an user of our Services ("Merchant") or a customer of a Merchant ("Customer").

The collection and use of data from a variety of sources is essential to our ability to provide our payment Services in a safely manner and is helping us to reduce the risk of fraud and money laundering. If you disagree with the practices described in this privacy policy, you should take the necessary steps to remove cookies from your computer after leaving our website and not continue to use our Services.

The personal data that we may collect includes:

I. Customer contact details, such as name, e-mail, phone number, address (such data may be collected through our payment page or received from the Merchant from whom you buy goods or services);

II. Customer financial data, such as card number, name on the card, expiration date, card verification value (such data is collected through our payment page or, where applicable, merchant’s payment page) and transaction data, such as transaction date, transaction value and a short description of the transaction; and

III. Merchant personal data, such as name, address, telephone number, e-mail address, ID/Passport details regarding the Merchant’s legal representatives, shareholders, ultimate beneficial owners - natural persons (such data is collected before entering in a contractual relationship with us and during such relationship).

Also we collect certain information through cookies and other technologies (see section 7 below) that record data about the use of our websites and the use of our Services, including: (i) browser and device data, such as IP address, device type, operating system and Internet browser type, operating system name and version, device manufacturer and model, language, plug-ins, add-ons; (ii) transaction data, such as purchases, purchase amount, date of purchase, and payment method;(iii) cookie and tracking technology data, such as time spent on the Services, pages visited, language preferences, and other anonymous traffic data. In the European Economic Area countries, such information might be treated as "personal data" under applicable data protection laws. Where this is the case, we will process such information only for the same purposes as personal data under this privacy policy.

2. How we use information we collect

We use information we collect about you to (i) provide you with the payment services we offer; (ii) to detect and prevent fraud; (iii) to promote, analyze and improve our products and Services; and to (iv) notify Merchants about changes to our products and Services.

These are examples of how we may use personal data:

• process payment transactions and provide our Services;
• verify identity for compliance purposes;
• evaluate an application from a prospective Merchant to use our Services;
• manage risk, or to detect, prevent, and/or mitigate fraud or other potentially illegal or prohibited activities;
• respond to inquiries and provide customer support (for example in relation to chargebacks);
• for audits, regulatory purposes, and compliance with industry standards;
• to send marketing communications to our Merchants;

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data, like: pubic interest; legal obligation (necessary for compliance with a legal or regulatory obligation); performance of a contract (necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering into a contract); and our legitimate interest.

3. Disclosure of information

Generally, we collect, store and process personal data on servers located in the European Union. We share your personal data with our partners, including:

(i) Affiliated entities that we control or are under common control, to provide our Services;

(ii) Services Providers who help us to provide the Services, with things like payment processing (such as, financial institutions, payment method providers, card scheme processors, acquiring banks), website hosting, information technology and related infrastructure, customer service, email delivery, fraud prevention and risk mitigation;

(iii) Card Schemes (Visa or MasterCard) to provide our Services under the Card Schemes’ rules and regulations and entities administering MATCH (MasterCard) and VMAS (Visa) databases where you misuse the Services for payment card transactions or engage in activity the Card Schemes identify as damaging to their brand, or if we required to do so by Card Schemes’ rules and regulations; and

(iv) our Merchants, as necessary to process payments or provide the Services (for example transaction information about the purchases made by Customers through our payment processing Services). We may also disclose your personal data to third parties if we are under a duty to disclose or share your personal data in order to comply with a legal obligation or a court order.

4. Cross-Border transfer

Where GlobalGate transfers personal data to countries outside of your country of residence, including the United States of America, which may have data protection rules that are different from those of your country, we will take measures to ensure that any such transfers comply with applicable data protection laws and regulations and that your personal data remains protected to the standards described in this privacy policy. These measures may include reviewing third parties’ privacy and security standards, verifying if they have certified their compliance with the EU-U.S. Privacy Shield Framework and, where applicable, the Swiss-U.S. Privacy Shield Framework and/or enering into appropriate contracts (on the basis of the template adopted by the EU Commission and available via its homepage ).

5. Security

We maintain appropriate administrative, technical and physical safeguards to protect personal information against accidental or unlawful destruction, accidental loss, alteration, unauthorized disclosure or access, use, and all other unlawful forms of processing of the personal data in our possession. When card data is processed, such data will only be processed in accordance with the strict Payment Card Industry Data Security Standards requirements ("PCI-DSS") in an encrypted form. Only by complying with the PCI-DSS requirements we are permitted to provide debit or credit card payment services. For more details please visit: https://www.pcisecuritystandards.org.

6. Data retention period

We will retain personal data for the period necessary to fulfill the purposes outlined in this privacy policy unless a longer retention period is required or permitted by law. Please note that we have a variety of obligations to retain the data that you provide to us, including to ensure that transactions can be appropriately processed, settled, refunded or charged-back, to help identify fraud and to comply with anti-money laundering and other laws and rules that apply to us and to our financial service providers. If your GlobalGate account is closed, we reserve our ability to retain and access the certain data for so long as required to comply with applicable laws or card scheme rules. Under the current Swiss anti-money laundering regulatory framework we are required to retain relevant data for a minimum period of five years. When we no longer need to retain your personal data, it will be deleted or be anonymised so that you can no longer be identified from it.

7. Cookies

When you access our websites or use our Services, we or our authorised services providers may place small data files on your computer or other device. These data files may be cookies, pixel tags or "flash cookies" (collectively "cookies"). The cookies set may obtain information about you, your computer or device, your use of our website and your general internet usage. These technologies help to make it easier for you to log on and use the websites, to recognize you as a customer, provide feedback to us as to which parts of the website you visit, so we can assess the effectiveness of the site and provide a better, faster, and safer experience, advertising purposes, measure promotional effectiveness, help ensure that your account security is not compromised, mitigate risk and prevent fraud.
The types of cookies that we use generally fall into one of four usage categories:

Strictly Necessary cookies
These cookies are essential and are required for the operation of our website. They enable you to navigate around the website and use its features. They include, for example, cookies that enable users to log into secure areas of our websites.

Performance/Analytical cookies
These cookies collect information about how you use the website, including which pages you go to most often and if you get error messages from certain pages. This assists us to improve the way in which our website works, for example, by ensuring that you can find what you are looking for easily.

Functionality cookies
These cookies allow a website to remember your preferences (for example, your choice of language or region). They are used to recognize you when you return to our website.

Targeting cookies
These cookies record your visit to our website, the individual pages visited and the links followed. These cookies are used to tailor marketing to you and your interests. Information collected by tracking cookies is commonly used to target online advertising. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign.

We may use third parties, such as advertising networks and exchanges, to allow us to serve you advertisements. These third-party ad networks and exchange providers may use third-party cookies, web beacons, or similar technologies to collect information about your visit to our site and elsewhere on the Internet. The information that these third parties collect may be used to provide you with more relevant advertising on our sites or elsewhere on the web. Third party cookies are covered by the third-parties’ privacy policies.

(i) Pixel tags, also known as Web Beacons and clear GIFs, may be used in connection with some Services to, among other things, track the actions of website users (such as email recipients), measure the success of our marketing campaigns and compile statistics about usage of the Services and response rates.
(ii) Third Party Analytics - we use Google Analytics, which uses cookies and similar technologies, to collect and analyze information about use of the Services and report on activities and trends. This service may also collect information regarding the use of other websites, apps and online resources. You can learn about Google’s practices on their website
(iii) Flash Cookies - we may use Adobe Flash and other technologies to, among other things, collect and store information about your use of the Services. If you want to block or control flash cookies, you can adjust your settings.

Cookie management and control
Cookies can normally be disabled or deleted from the cookie folder of your browser. You may be able to configure your browser not to accept cookies, although please note that this may affect your ability to use the Services we provide and affect the website’s functionality.

Chrome: https://support.google.com/chrome/answer/95647?hl=en
Explorer: https://support.microsoft.com/en-us/products/windows?os=windows-10
Safari: https://support.apple.com/kb/PH21411
Firefox: https://support.mozilla.org/products/firefox/cookies
Opera: http://www.opera.com/help/tutorials/security/cookies/

8. Third party websites

Our websites may, from time to time, contain links to and from the websites of third parties. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these third party websites.

9. Your choices and rights

If you no longer want to receive marketing-related emails from us, you may opt-out via the unsubscribe link included in such emails. We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt-out of receiving marketing-related emails from us, we may still send you important administrative messages that are required to provide you with our Services.

Generally, you have certain rights under the applicable data protection legislation in respect to your personal data (right of access, right to rectification, right to restriction, right to opposition, erasure or right to data portability). If you would like to review, correct, or update personal data that you have previously disclosed to us, you may do so by signing in to your merchant account or by contacting us at:. If emailing us your request, please make clear in the email what personal data would like to have changed. Note that we may have to review your identity and full details of your request, before we process any request. We will try to comply with your request as soon as reasonably practicable.

10. Use of services by minors

The Services are not directed to children we request that they not provide personal data through the Services. We do not knowingly collect information, including personal data, from children or other individuals who are not legally able to use our Services, including our sites.

11. Data processor

We process personal data about Customers when acting as the Merchant’s payment service provider. Our Merchants are responsible for making sure that the Customer’s privacy rights are respected, including ensuring appropriate disclosures about third party data collection and use. To the extent that we are acting as a Merchant’s data processor, we will process personal data in accordance with the terms of our agreement with the Merchant, the Merchant’s lawful instructions and applicable data protection legislation and rules.

12. Changes to our privacy policy

We may amend this privacy policy from time to time. Any changes we may make to our privacy policy in the future will be posted on our website and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.

13. Contact us

If you have any questions or comments concerning this privacy policy please e-mail us at: [email protected] or at the following address: 5 Majestic Court, St. Mary's Street, Mellieha MLH1337, Malta, attn. to GlobalGate legal.

Latest updated 25 May 2018