Privacy Policy

PayXpert takes privacy and data protection issues seriously. We have designed this Privacy Policy (together with our Legal Policy and any other documents referred to on it) to explain how any personal data we collect from you, or that you provide to us, will be processed by us.

Please read the following carefully to understand PayXpert views and practices regarding your personal data and how we will treat it. The use of this website implies the acceptance of this privacy policy. Additionally, by submitting your personal information, you are consenting to PayXpert holding and using it in accordance with this policy.
PayXpert guarantees the confidentiality and privacy of the personal data collected, having adopted security measures to prevent unauthorized alteration, modifications, loss, processing, misuse or access and ensure the integrity and security of personal data, in accordance with the provisions of current state regulations and, in any case, Regulation (EU) 679/2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, by providing the necessary technical and operational.

PayXpert will not be responsible for inconsistencies in personal data when it is derived from an attack or unauthorized access to the systems in such a way that it is impossible to detect by the security measures implemented or when it is due to a lack of diligence of the User in terms of the guard and custody of their access passwords or their own personal data.

As a user you accept and guarantee that the personal data you provide is true, being the only person responsible for any damage or loss, direct or indirect, that could be caused to Payxpert as responsible for this website or third party, if you fill in any form with false information or third parties causing deception, damage or injury.
Please inform us of any variation that may occur in the data provided by sending an email to contact (@)

Children’s privacy

Minors under 16 years old must not transfer their personal data to Payxpert, without the prior consent of those who hold parental authority and / or legal guardianship.
In the event that PayXpert detects users who may be under 16 years of age, PayXpert reserves the right to request a copy of their ID or equivalent document, or, where appropriate, the authorization of those who they have custody and / or legal guardianship, causing their dismissal if they fail to prove compliance with this requirement or lack of response.

Incorporation of personal data. Purposes and treatment.

PayXpert informs users that the following processing activities will be carried out:


Prior to sending any request for information through any contact form on this website, as a user you must accept having read this privacy policy and the conditions of use of this website, in order to provide your express and informed consent to the treatment of your data with the purposes indicated in this privacy policy. Such approval entails your express consent to:

  • The incorporation of your personal data in the personal data files of Payxpert
  • The access by Payxpert to the data that, according to the infrastructure of this website, are required to contact the user, validations or recommendations on social networks and / or send the newsletters.
  • The authorization to communicate electronically with you in response to your inquiries, sending an offer or quotation.
  • The periodic realization of analysis studies of the web for statistical purposes based on the data provided.

As a result of your registration and interaction through this website you can collect and store the following information of a personal nature:

  • Name, email address and contact information.
  • Data on your activities on this platform (articles and content you visit or are related to your browsing profile)
  • The electronic communications you send us or data that you issue in your queries.
  • In the event of an international personal data transfer is required, we will seek your express consent. Please note that we always use tools that are considered secure and whose servers or service providers are preferably within any member state of the European Union, or that comply with European regulation.

We will not use your data for any other purpose not expressed in this privacy policy, nor will we send unsolicited information through your express consent.

Exercise of rights

At any time, the user can modify their preferences in which regards the receiving of commercial communications as well as exercise his/her rights of access, rectification, erasure and to be forgotten, object, portability and restriction of processing provided in Regulation (EU) 679/2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, by contacting Payxpert via email address gdpr (@) payxpert. com. A form will be made available to smooth the process for the user/customer . The user must accompany a copy of their national identity document, passport or other valid document that identifies him/her; as well as all the necessary attached documentation and evidence of the right exercised.

The right of access means that you have the right to obtain information about whether your personal data is being processed, the purpose of the processing that is being carried out, the processing to which they are subject to, as well as the information available on the origin of the data, data transfers, the retaining period and the communications done or to be done. To exercise this right, you do not need to issue a justification or evidence a legitimate interest unless you have exercised it in the last six months. If you exercise your right of access, Payxpert is legally obliged to decide on this request within a maximum period of one month from receipt of the request. The same can be denied in case of existing a previous request in the previous six months, or because of a national or community standard or legislation. In any case, a response will be provided to you within the period mentioned above.

The right of rectification means that you have the right to modify the data that are inaccurate or incomplete. Please note you must clearly identify the data that needs modifications and provide respective documentation that justifies or accredit such change. We will rectify the data as soon as possible and a response to you will never exceed the time window of one (1) month. In case we deny or reject such request the reasons to do so will be provided to you within the period mentioned above.

The right of erasure or to be forgotten means that you have the right to have the data, that proves to be inadequate or excessive, suppressed. In this case a justification will have to be well-founded and legit and related to your specific personal situation. An answer will be provided to you within a period of no more than one (1) month. Please note that a rejection or denial can take place. The same will be done within the period mentioned above with respective reasons.

The right to object means that you have the right to not having your personal data processed in a certain way or at all. An answer will be provided to you within a period of no more than one (1) month. Please note that a rejection or denial can take place. The same will be done within the period mentioned above with respective reasons.
The right to restriction can be requested during the time a rectification or objection request is being processed. Furthermore, it is also possible to request a restriction if you believe we have processed your data unlawfully but you do not want it deleted or we no longer need your data but you want us to keep it in order to create, exercise or defend legal claims. An answer will be provided to you within a period of no more than one (1) month. Please note that a rejection or denial can take place. The same will be done within the period mentioned above with respective reasons.

The right to data portability is a right that complements the right of access, since it allows you to obtain the data you have provided to us, in a structured, commonly used and machine-readable format. It implies that your personal data, as a user, can be transmitted directly to another company, without the need to be delivered to the user, provided that this is technically possible. We will have to make this transfer as soon as possible and a response provided to you within a period of no more than one (1) month. Please note that a rejection or denial can take place. The same will be done within the period mentioned above with respective reasons.

For more information regarding data subject rights please check ICO´s webpage:

In which regards the rights in the processing of data through social media channels, you must take into account the following:

  • Access, data portability and the right to be forgotten are defined by the functionality of each social network and the ability to access information according to the configuration you have designed for your profile.
  • We can only rectify the information that is under our control, for example, delete comments posted on this page from a linked social network or our profiles on social networks, provided they are not by third parties. Everything that escapes our control must request its exercise before the social network in question.
  • The erasure, objection or restriction in the processing can be executed in relation to the information that is under our control or yours as a user, for example, stop being a follower in that social network that you decide. As a user, you can always control your connections, eliminate content that no longer interests you and restrict who you share your information with, so it is convenient that you access and configure the privacy of your accounts.

Security Measures Applicable to the Processing of Personal Data

  • Risk: According to the data required from users and according to the activity of the Controller, a Data Protection Impact Assessment has been carried out regarding the processing of the data, evaluating them, graduating them and taking those measures for an adequate protection and security.
  • Scope of Application of Technical and Organizational Security Measures: PayXpert states that it applies the necessary technical and organizational measures for adequate protection, confidentiality, integrity, resilience and security under of the proactivity criteria required by Regulation (EU) 679/2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, to the functions described in this privacy policy.
  • Security Document: PayXpert states that it has a Security Document, in accordance with the aforementioned Data Protection Impact Assessment and the criteria and principles of Regulation (EU) 679/2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
  • Protocols: PayXpert declares that it has and keeps updated a series of protocols and processes in general and, in particular, regarding the management of Personal Data; Committing to disclose them among all those employees, staff and third parties with whom it works to or with and have a confidentiality agreement. Likewise, PayXpert undertakes not to allow access or processing of files with personal data to personnel who have not agreed to such agreement.
  • Incident Registry: PayXpert states that it has an Incident registry that complies with what is specified in the Security Document and the proactiveness principles of the Controller, this registry being used by its personnel for the report of any incident related to the security of the information and personal data as well as any files with processing of personal data.
  • Access Control: PayXpert states that it complies with the following measures regarding access control:
  1. Maintains an updated list of authorized users and accesses.
  2. Allows access only to authorized users according to the functions assigned to each of them.
  3. Establishes mechanisms that prevent access to data or resources with rights other than those authorized.
  4. Access are only granted by authorized personnel.
  • Identification and Authentication: PayXpert in its access to personal data maintains the following security measures regarding the identification and authentication of users who will have access to said data:
  1. The identification and authentication are personalised.
  2. There is a procedure for assigning and distributing passwords, which imposes the use of robust passwords. Passwords are stored in an unintelligible way.
  3. The passwords are confidential (only known by the user).
  4. Passwords are changed at least once every six months.
  • Support Management: PayXpert has adopted the following security measures regarding media with personal data:
  1. Maintains a media inventory.
  2. Has established a labelling system according to the inventory system that also allows to identify the type of information they contain.
  3. Stores the authorized media in a restricted access area.
  4. Has established an authorization regime for the outputs of supports for its facilities, including outputs through e-mail.
  5. Adopts specific measures aimed at guaranteeing the confidentiality and security of personal data during transport and disposal of media.
  • Security copies: PayXpert states that it has a backup system that guarantees the recovery of information (if necessary), and that the same is regularly tested.
  • Non-Automated Files: Regarding the documents with personal data to which PayXpert has access adopts the following measures:
  1. Keeps the documentation in filing cabinets, drawers or cabinets that have a system that hinder its opening.
  2. During the review or processing of documents, the person in charge of them must be diligent and guard it to avoid unauthorized access. Only authorized personnel have access to documents.
  3. If a documentation transfer occurs, security measures are adopted that prevent the loss or access by third parties to said documentation.
  • Third party personnel: PayXpert has duly communicated these obligations to its staff, ensuring compliance with the applicable regulations. Also, and by virtue of Regulation (EU) 679/2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, all those responsible for processing on behalf of them have the appropriate contract for the processing signed, where there is the commitment of the latter to comply with the same legal minimums and with the measures outlined by the Controller in terms of management and protection in the processing of personal data.


We store the user’s personal data on secure servers, protected against the most common types of attacks located in France.

However, and since there is no invulnerable technology, the user must also put the means at their disposal to maintain the level of security of their data, through the use of robust passwords, the periodic modification of their passwords, avoiding using the same in diverse accounts as well as avoiding taking note of them in any physical or unencrypted medium.

PayXpert uses up-to-date technologies to protect your personal data and information, striving for the strictest confidentiality and application of technical tools for technical and organizational information security (passwords, physical security, data encryption, etc.) that correspond according to the applicable legislation, as well as keeping at all times the security document with the regulatory measures established.

Transfer of data to third parties.

PayXpert informs the users that their personal data will not be transferred to third parties or organizations, with the exception that said transfer of data is covered by a legal obligation or when the provision of the service implies the need for a contractual relationship with service providers responsible for the processing. In the latter case, only the transfer of data to the third party will take place when PayXpert has the consent of the user and maintains a contractual relationship with the person in charge of the treatment that guarantees its confidentiality and compliance.

If PayXpert is required by the competent authorities, may communicate personal information to respond to legal requirements, criminal investigation of possible illegal activity or claims that a content infringes the rights of third parties or protect the rights, property or security of third parties. In such cases, PayXpert may communicate to the competent authorities personal information such as name and surname, city or province, postal code, telephone number, email address, user history and address IP.

If PayXpert is transferred, absorbed or merged with another entity, we undertake to agree on the subrogation and commitment of the new managing entity responsible for the processing of personal data for the continuation of this Privacy Policy warning the commitment that if the personal information is going to be used contrary to this policy the User must be notified previously. In any case, and as a result of the operation, the User will also be transferred so that the User can renew or, if applicable, revoke the consent previously granted.

Prohibition to users to transfer data from third parties.

PayXpert expressly prohibits the user from sharing, facilitating or transferring data of third parties to anyone, which may be obtained as a result of contact, interaction or browsing performance or consultation through this website, unless it could accredit the express authorization of the user whose data is intended to transfer.

We remind users that when we talk about data we also talk about pictures, videos or sound of people. The personal image is a data protected by regulations. No one can use it without the express consent of the person who appears in it.

As a user, you acknowledge that you assume your responsibility and hold PayXpert blameless against any possible claim, penalty, fine or sanction that may be required to be borne as a result of the breach by the user of the described duty.

If you provide us with personal data of other people, you must do so with their consent and having previously informed them of the points contained in this Privacy Policy.

Comments and social networks.

The data included in the form to make comments on this website may be read by third parties, and the name and other data may be read, once a comment is approved. If you make comments on the website of PayXpert, you assume the display of the comment and the data you use to assign such comment on its completion.

PayXpert actively works channels on LinkedIn social networks with the main purpose of publishing and disseminating information about the services provided through the website of PayXpress, interact with users and serve as a channel of attention and social interaction.

In the event that you access this website using an application that connects a social network with this website, you are authorizing the social network to share some data with PayXpert. It is important that you know that if you have geolocated your accounts in social networks said information of your location when sharing in networks will be visible to third parties with whom you share your information.

For more information about the method by which data is shared with social networks, we recommend that you check the privacy policies of each social network in question, as well as responsibly configure your profile in social media accounts and email applications to guarantee your privacy and security.

Below we link the privacy policy of social networks where we have an open profile at this time:


In the link “Cookies Policy” we inform you that this website can use cookies (small files of information that the server sends to the user’s computer that accesses this website) to carry perform certain functions that are considered essential for the proper functioning and visualization of the site, to share on social networks and, in some cases, to perform analysis of evaluation statistics and improvement proposals.

In order to obtain these analyses, this website can store certain information in the server’s registers automatically through the use of cookies that collect usage and navigation data related to the use of this website by you as a user. These records usually include information such as browser type, browser language, date and time of access request, URL, computer or device model, operating system version, unique identifiers (IP) and data on the mobile network used in accessing and browsing this website.

The IP is considering a personal data, in the sense that its situation could be investigated, and the device and its location identified if necessary at the request of the competent authorities. PayXpert uses cookies that record IP addresses when accessing and browsing this website to analyse and measure access and time spent on the different pages of this website and draw conclusions about the trend of web traffic. PayXpert does not associate IP addresses or other data that throws the use of cookies, or the results of metrics, with identifiable information of people, or to collect personal information, although punctually serve to direct advertising or segment users to whom direct it.

It is convenient that as a user you know that we use Internet tools and platforms that install cookies that do not depend on us, so it is possible that the owners of these tools use such data for other uses, of which PayXpert is not responsible. For this reason, it is advisable that you read the Cookies Policy of this website to know which are our own, which are third-party, which are permanent, temporary or of session; and can decide upon them. In the cookie policy you can also find the shortcuts that will allow you to modify the configuration of your computer or device, deactivating or eliminating cookies if you deem it convenient.


PayXpert may modify this privacy policy at any time by publishing it on this website, which will always include the date of the last applicable update.


Privacy policy last updated on 2/07/2018.