PayXpert guarantees the confidentiality and privacy of the personal data collected, having adopted security measures to prevent unauthorized alteration, modifications, loss, processing, misuse or access and ensure the integrity and security of personal data, in accordance with the provisions of current state regulations and, in any case, Regulation (EU) 679/2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, by providing the necessary technical and operational.
PayXpert will not be responsible for inconsistencies in personal data when it is derived from an attack or unauthorized access to the systems in such a way that it is impossible to detect by the security measures implemented or when it is due to a lack of diligence of the User in terms of the guard and custody of their access passwords or their own personal data.
As a user you accept and guarantee that the personal data you provide is true, being the only person responsible for any damage or loss, direct or indirect, that could be caused to Payxpert as responsible for this website or third party, if you fill in any form with false information or third parties causing deception, damage or injury.
Please inform us of any variation that may occur in the data provided by sending an email to contact (@) payxpert.com.
Minors under 16 years old must not transfer their personal data to Payxpert, without the prior consent of those who hold parental authority and / or legal guardianship.
In the event that PayXpert detects users who may be under 16 years of age, PayXpert reserves the right to request a copy of their ID or equivalent document, or, where appropriate, the authorization of those who they have custody and / or legal guardianship, causing their dismissal if they fail to prove compliance with this requirement or lack of response.
Incorporation of personal data. Purposes and treatment.
PayXpert informs users that the following processing activities will be carried out:
- The incorporation of your personal data in the personal data files of Payxpert
- The access by Payxpert to the data that, according to the infrastructure of this website, are required to contact the user, validations or recommendations on social networks and / or send the newsletters.
- The authorization to communicate electronically with you in response to your inquiries, sending an offer or quotation.
- The periodic realization of analysis studies of the web for statistical purposes based on the data provided.
As a result of your registration and interaction through this website you can collect and store the following information of a personal nature:
- Name, email address and contact information.
- Data on your activities on this platform (articles and content you visit or are related to your browsing profile)
- The electronic communications you send us or data that you issue in your queries.
- In the event of an international personal data transfer is required, we will seek your express consent. Please note that we always use tools that are considered secure and whose servers or service providers are preferably within any member state of the European Union, or that comply with European regulation.
Exercise of rights
At any time, the user can modify their preferences in which regards the receiving of commercial communications as well as exercise his/her rights of access, rectification, erasure and to be forgotten, object, portability and restriction of processing provided in Regulation (EU) 679/2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, by contacting Payxpert via email address gdpr (@) payxpert. com. A form will be made available to smooth the process for the user/customer . The user must accompany a copy of their national identity document, passport or other valid document that identifies him/her; as well as all the necessary attached documentation and evidence of the right exercised.
The right of access means that you have the right to obtain information about whether your personal data is being processed, the purpose of the processing that is being carried out, the processing to which they are subject to, as well as the information available on the origin of the data, data transfers, the retaining period and the communications done or to be done. To exercise this right, you do not need to issue a justification or evidence a legitimate interest unless you have exercised it in the last six months. If you exercise your right of access, Payxpert is legally obliged to decide on this request within a maximum period of one month from receipt of the request. The same can be denied in case of existing a previous request in the previous six months, or because of a national or community standard or legislation. In any case, a response will be provided to you within the period mentioned above.
The right of rectification means that you have the right to modify the data that are inaccurate or incomplete. Please note you must clearly identify the data that needs modifications and provide respective documentation that justifies or accredit such change. We will rectify the data as soon as possible and a response to you will never exceed the time window of one (1) month. In case we deny or reject such request the reasons to do so will be provided to you within the period mentioned above.
The right of erasure or to be forgotten means that you have the right to have the data, that proves to be inadequate or excessive, suppressed. In this case a justification will have to be well-founded and legit and related to your specific personal situation. An answer will be provided to you within a period of no more than one (1) month. Please note that a rejection or denial can take place. The same will be done within the period mentioned above with respective reasons.
The right to object means that you have the right to not having your personal data processed in a certain way or at all. An answer will be provided to you within a period of no more than one (1) month. Please note that a rejection or denial can take place. The same will be done within the period mentioned above with respective reasons.
The right to restriction can be requested during the time a rectification or objection request is being processed. Furthermore, it is also possible to request a restriction if you believe we have processed your data unlawfully but you do not want it deleted or we no longer need your data but you want us to keep it in order to create, exercise or defend legal claims. An answer will be provided to you within a period of no more than one (1) month. Please note that a rejection or denial can take place. The same will be done within the period mentioned above with respective reasons.
The right to data portability is a right that complements the right of access, since it allows you to obtain the data you have provided to us, in a structured, commonly used and machine-readable format. It implies that your personal data, as a user, can be transmitted directly to another company, without the need to be delivered to the user, provided that this is technically possible. We will have to make this transfer as soon as possible and a response provided to you within a period of no more than one (1) month. Please note that a rejection or denial can take place. The same will be done within the period mentioned above with respective reasons.
For more information regarding data subject rights please check ICO´s webpage: https://ico.org.uk/your-data-matters/
In which regards the rights in the processing of data through social media channels, you must take into account the following:
- Access, data portability and the right to be forgotten are defined by the functionality of each social network and the ability to access information according to the configuration you have designed for your profile.
- We can only rectify the information that is under our control, for example, delete comments posted on this page from a linked social network or our profiles on social networks, provided they are not by third parties. Everything that escapes our control must request its exercise before the social network in question.
- The erasure, objection or restriction in the processing can be executed in relation to the information that is under our control or yours as a user, for example, stop being a follower in that social network that you decide. As a user, you can always control your connections, eliminate content that no longer interests you and restrict who you share your information with, so it is convenient that you access and configure the privacy of your accounts.
Security Measures Applicable to the Processing of Personal Data
- Risk: According to the data required from users and according to the activity of the Controller, a Data Protection Impact Assessment has been carried out regarding the processing of the data, evaluating them, graduating them and taking those measures for an adequate protection and security.
- Security Document: PayXpert states that it has a Security Document, in accordance with the aforementioned Data Protection Impact Assessment and the criteria and principles of Regulation (EU) 679/2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
- Protocols: PayXpert declares that it has and keeps updated a series of protocols and processes in general and, in particular, regarding the management of Personal Data; Committing to disclose them among all those employees, staff and third parties with whom it works to or with and have a confidentiality agreement. Likewise, PayXpert undertakes not to allow access or processing of files with personal data to personnel who have not agreed to such agreement.
- Incident Registry: PayXpert states that it has an Incident registry that complies with what is specified in the Security Document and the proactiveness principles of the Controller, this registry being used by its personnel for the report of any incident related to the security of the information and personal data as well as any files with processing of personal data.
- Access Control: PayXpert states that it complies with the following measures regarding access control:
- Maintains an updated list of authorized users and accesses.
- Allows access only to authorized users according to the functions assigned to each of them.
- Establishes mechanisms that prevent access to data or resources with rights other than those authorized.
- Access are only granted by authorized personnel.
- Identification and Authentication: PayXpert in its access to personal data maintains the following security measures regarding the identification and authentication of users who will have access to said data:
- The identification and authentication are personalised.
- There is a procedure for assigning and distributing passwords, which imposes the use of robust passwords. Passwords are stored in an unintelligible way.
- The passwords are confidential (only known by the user).
- Passwords are changed at least once every six months.
- Support Management: PayXpert has adopted the following security measures regarding media with personal data:
- Maintains a media inventory.
- Has established a labelling system according to the inventory system that also allows to identify the type of information they contain.
- Stores the authorized media in a restricted access area.
- Has established an authorization regime for the outputs of supports for its facilities, including outputs through e-mail.
- Adopts specific measures aimed at guaranteeing the confidentiality and security of personal data during transport and disposal of media.
- Security copies: PayXpert states that it has a backup system that guarantees the recovery of information (if necessary), and that the same is regularly tested.
- Non-Automated Files: Regarding the documents with personal data to which PayXpert has access adopts the following measures:
- Keeps the documentation in filing cabinets, drawers or cabinets that have a system that hinder its opening.
- During the review or processing of documents, the person in charge of them must be diligent and guard it to avoid unauthorized access. Only authorized personnel have access to documents.
- If a documentation transfer occurs, security measures are adopted that prevent the loss or access by third parties to said documentation.
- Third party personnel: PayXpert has duly communicated these obligations to its staff, ensuring compliance with the applicable regulations. Also, and by virtue of Regulation (EU) 679/2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, all those responsible for processing on behalf of them have the appropriate contract for the processing signed, where there is the commitment of the latter to comply with the same legal minimums and with the measures outlined by the Controller in terms of management and protection in the processing of personal data.
We store the user’s personal data on secure servers, protected against the most common types of attacks located in France.
However, and since there is no invulnerable technology, the user must also put the means at their disposal to maintain the level of security of their data, through the use of robust passwords, the periodic modification of their passwords, avoiding using the same in diverse accounts as well as avoiding taking note of them in any physical or unencrypted medium.
PayXpert uses up-to-date technologies to protect your personal data and information, striving for the strictest confidentiality and application of technical tools for technical and organizational information security (passwords, physical security, data encryption, etc.) that correspond according to the applicable legislation, as well as keeping at all times the security document with the regulatory measures established.
Transfer of data to third parties.
PayXpert informs the users that their personal data will not be transferred to third parties or organizations, with the exception that said transfer of data is covered by a legal obligation or when the provision of the service implies the need for a contractual relationship with service providers responsible for the processing. In the latter case, only the transfer of data to the third party will take place when PayXpert has the consent of the user and maintains a contractual relationship with the person in charge of the treatment that guarantees its confidentiality and compliance.
If PayXpert is required by the competent authorities, may communicate personal information to respond to legal requirements, criminal investigation of possible illegal activity or claims that a content infringes the rights of third parties or protect the rights, property or security of third parties. In such cases, PayXpert may communicate to the competent authorities personal information such as name and surname, city or province, postal code, telephone number, email address, user history and address IP.
Prohibition to users to transfer data from third parties.
PayXpert expressly prohibits the user from sharing, facilitating or transferring data of third parties to anyone, which may be obtained as a result of contact, interaction or browsing performance or consultation through this website, unless it could accredit the express authorization of the user whose data is intended to transfer.
We remind users that when we talk about data we also talk about pictures, videos or sound of people. The personal image is a data protected by regulations. No one can use it without the express consent of the person who appears in it.
As a user, you acknowledge that you assume your responsibility and hold PayXpert blameless against any possible claim, penalty, fine or sanction that may be required to be borne as a result of the breach by the user of the described duty.
Comments and social networks.
The data included in the form to make comments on this website may be read by third parties, and the name and other data may be read, once a comment is approved. If you make comments on the website of PayXpert, you assume the display of the comment and the data you use to assign such comment on its completion.
PayXpert actively works channels on LinkedIn social networks with the main purpose of publishing and disseminating information about the services provided through the website of PayXpress, interact with users and serve as a channel of attention and social interaction.
In the event that you access this website using an application that connects a social network with this website, you are authorizing the social network to share some data with PayXpert. It is important that you know that if you have geolocated your accounts in social networks said information of your location when sharing in networks will be visible to third parties with whom you share your information.
For more information about the method by which data is shared with social networks, we recommend that you check the privacy policies of each social network in question, as well as responsibly configure your profile in social media accounts and email applications to guarantee your privacy and security.