Privacy Policy

We respect your privacy and we handle your data with utmost security and confidentiality.
This Privacy Policy (“Policy”) describes the “Personal Data” that we collect about you, how we use it, how we share it, your rights and choices, and how you can contact us about our privacy practices. This Policy also outlines your data subject rights, including the right to object to some uses of your Personal Data by us.Text element


PortPos”, “we”, “our” or “us” means the PortPos entity responsible for the collection and use of Personal Data under this Privacy Policy.Personal Data” means any information that relates to an identified or identifiable individual, and can include information that you provide to us and that we collect about you, such as when you engage with our Services (e.g. device information, IP address).Services” means the products and services that PortPos indicates are covered by this Policy, which may include PortPos apps, Payment Facilitation and PortPos SendBill. Our “Business Services” are Services provided by PortPos to entities (“Business Users”) who directly and indirectly provide us with “Customer” Personal Data in connection with those Business Users’ own business and activities. Our “End User Services” are those Services which PortPos provides directly to people (rather than entities) for their own use. Sites” means and the other websites, apps and online services that PortPos indicates are covered by this Policy. Collectively, we refer to Sites, Business Services and End User Services as “Services”.Depending on the context, “you” shall mean: ● Merchants and their legal representatives;● Merchant’s customer involved in any transaction with our payment facilitation;● PortPos account holders/end-users; and● Visitors to our websites.


A cookie is a piece of text which asks permission to be placed on your device. Once you agree (or your browser agrees automatically if you have set it up in that way), your browser adds that text in a small file. 
We use standard cookies and/or sessions and certain third-party services to improve your experience of using the websites, applications and related services. By using our services you agree that we can place these types of cookies on your device.
For more information on our Cookie Policy please click here.
Other key information you should know
Your public IP address with time-stamp is logged and kept on record (regardless of your cookie settings or preferences). This also allows the system to obtain and record certain publicly available meta-information aggregated from your IP address, which may include your ‘country-level’ location and basic information about your internet connection. This is a standard practice invariably applied at any website on the internet.
Your ‘user agent’ information is recorded (regardless of your cookie settings or preferences). ‘User agent’ information may include some details of the device you browse the Website with, its basic model, operating system etc. This is a standard practice invariably applied at any website on the internet.
Your browsing history inside PortPos is recorded for statistics anonymously.
We use 3rd party Analytics services to analyse and archive visitors’ behaviour statistics to improve the user experience.

Personal Data that we collect and how we use and share it

Our collection and use of Personal Data changes depending on your relationship with us (i.e. merchants; shoppers; portpos account holders; visitors etc.) 
“Transaction Data” as used in this Privacy Policy includes Personal Data, and may include the following: your name, email address, billing address, shipping address, payment method information (such as credit or debit card number, bank account information or payment card image selected by you), merchant and location, purchase amount, date of purchase, and in some cases, some information about what you have purchased and your phone number and past purchases. When collecting granular personal data including credit card information, it is fully encrypted following the highest standard of global card processing rules. We are audited and scanned regularly by the PCI DSS Council for your protection. 

PortPos Account Holders/End Users

We provide End User Services where we do not act as a service provider or processor to Businesses but instead provide the Services directly to you for your personal use (e.g. Save Card Facility). We do not sell or share End User Personal Data with third parties for marketing or advertising their products.
a. Personal Data that we collect about End Users
Using Save Card/ Remember me or Connecting your Bank Account: PortPos offers you the opportunity to store your payment methods with PortPos so that you can conveniently use it across merchants who are our Business Users. When you opt in to save card, you agree to let us securely store your Personal Data such as your payment method so that you can more readily make purchases with Business Users of our payment processing Business Services (e.g. name, contact information, payment method details such as (card number, name, and expiration date). When required, we collect the CVC/CVV from you and transmit it securely to our payment networks. We do not store any CVC/CVV information in our systems. When you choose to pay with a saved card, we will also collect Transaction Data related to your transactions. Your payment method data is secured using industry wide PCI-DSS standards.
Paying PortPos: If you are buying goods or services directly from PortPos, we receive Transaction Data. For example, when you make a payment to PortPos, we will collect contact information, payment method information, and information about that transaction.
b. How we use and share Personal Data of End Users
Services: We use your Personal Data to provide the End User Service to you, including security, sanctions screening, delivery, support, personalization (e.g. language preferences and settings choices) and messages related to the End User Service (e.g. communicating Policy updates and information about our Services). For example, we will use Personal Data to assess whether your use of a saved card to make a payment with a merchant is authorised by you (and not someone else) and likely to be successfully authorised by the payment method you choose to use when you choose to make purchases with a saved card.
Our Business Users: When you choose to connect your financial account with PortPos you may also choose to share account information with Business Users that you do business with. These Business Users will have their own privacy policies which describe how they use that information.
Transactions: For payment transactions with Link, End User Personal Data is shared with others to enable or “process” the transaction. For example, when you choose to use a payment method for the transaction with PortPos (e.g. credit card, debit card, or MFS), the provider of your payment method will receive Transaction Data that includes your Personal Data- When you use save card/remember me, the merchant you choose to do business with will also receive Transaction Data that includes your Personal Data and, with your separate consent, your bank account information. Please review the privacy policies of your payment method and the merchants who you choose to learn more about their processing of your Personal Data.  Fraud Detection and Loss Prevention: We use your Personal Data collected across our Services to detect fraud and prevent financial losses for you, us, and our Business Users and financial partners, including to detect unauthorised purchases. We may provide Business Users and financial partners (including card issuers, payment methods and others involved in payment processing activities) with Personal Data about you (including your attempted transactions) so that they can assess the associated fraud or loss risk with a transaction.
Advertising: We may use your Personal Data to assess your eligibility for, and offer you, other End User Services or promote existing End User Services.

Merchant’s Customer

PortPos offers Business Services to our Business Users (e.g. payment processing through online checkout). When we are acting as a Business User’s service provider (also known as a Payment Facilitator), we will process Personal Data in accordance with the terms of our agreement with the Business User and the Business User’s lawful instructions (e.g. when we process a payment for a Business User because you bought a product from them). 
Business Users are responsible for making sure that their Customers’ privacy rights are respected, including ensuring appropriate disclosures about data collection and use that happens in connection with their products and services. If you are a Customer, please refer to the privacy policy or notice of the Business User you choose to do business with for information regarding their privacy practices, choices and controls.
a. Personal Data that we collect about Merchant’s Customers
Transaction Data: If you are an End Customer, when you make payments to, get refunds from, begin a purchase, make a donation or otherwise transact with a Business User that uses us to provide payment processing Business Services, we will receive Transaction Data. 
b. How we use and share Personal Data of Merchant’s Customers
To provide our Business Services to our Business Users, we use Personal Data, and share Personal Data of a Business User’s Customers with the Business User. Where allowed, we also use Customers’ Personal Data for PortPos’s own purposes to secure, improve and provide our Business Services and prevent fraud, loss and other harms as described below.
Payments and Accounting: We use your Transaction Data to provide our Payments related Business Services to Business Users, including to process online payment transactions. We may also use Personal Data to provide and improve our Business Services.For payment transactions, your Personal Data is shared with a number of parties in connection with your transaction. Because we act as a service provider or processor, we share Personal Data to enable the transaction. For example, when you choose to use a payment method for the transaction (e.g. credit card, debit card, MFS), your payment method will receive the Transaction Data that includes your Personal Data. Please review your payment method’s privacy policy to learn more about how they use and share this information.The merchant you choose to do business with will also receive Transaction Data that includes your Personal Data and the merchant may share that Personal Data with others. Please review your merchant’s privacy policy to learn more.
Advertising by Business Users: If you have begun a purchase, we share Personal Data with that Business User in connection with our provision of Services and that Business User may use your Personal Data to market and advertise their products or services, subject to the terms of their privacy policy. Please review your merchant’s privacy policy to learn more, including your rights to stop their use of your Personal Data for marketing purposes. 
We do not use, sell or share End Customer Personal Data for our marketing or advertising, or for marketing and advertising by third parties who are not the Business User with which you have transacted or attempted to transact.

Visitors of our website and services

Visitors of our website and servicesBy visiting our website and services we may collect different information about you through the use of cookies and forms in various locations of our services. Further information may be collected at different parts of our services through the use of forms that you may choose to fill and submit.
More ways we collect, use and share Personal DataIn addition to the ways we collect, use and share Personal Data that are described above, we also process your Personal Data as follows: 
a. Personal Data Collection
Communication and Engagement Information We will collect any information you choose to provide to us, for example, through support tickets, emails or social media. When you respond to PortPos emails or surveys, we collect your email address, name and any other information you choose to include in the body of your email or responses. If you contact us by phone, we will collect the phone number you use to call PortPos, as well as other information you may provide during the call. We will also collect your engagement data such as your registration for, attendance of, or viewing of PortPos events and other interaction with PortPos personnel.
b. Personal Data Usage
In addition to the Personal Data usage described above, we use Personal Data in the following ways:
Improving and Developing our Service: We use analytics on our Sites to help us analyze your use of our Sites and Services and diagnose technical issues. Please refer to the cookies section as outlined before to learn more about the cookies that may be served through our Sites and how you can control our use of cookies and third-party analytics. We also collect and process Personal Data through our different Services, whether you are an End User or End Customer, to improve our Services, develop new Services and support our efforts to make our Services more relevant and more useful to you.
Compliance with Legal Obligations: We use Personal Data to meet our contractual and legal obligations related to anti-money laundering, Know-Your-Customer ("KYC") laws, anti-terrorism, export control and prohibitions on doing business with restricted persons or in certain business areas and other legal obligations. We strive to make our Services safe, secure and compliant, and the collection and use of Personal Data is critical to this effort. For example, we may monitor patterns of payment transactions and other online signals and use those insights to reduce the risk of fraud, money laundering and other activity that is harmful to PortPos, our End Users and their End Customers.
Minors: The Services are not directed to minors, including children under the age of 18, and we request that they not provide Personal Data through the Services. 
Compliance and Harm Prevention: We share Personal Data as we believe necessary: (i) to comply with applicable law, (ii) to comply with rules imposed by a payment method in connection with use of that payment method (e.g. network rules for Visa); (iii) to enforce our contractual rights; (iv) to secure or protect the Services, rights, privacy, safety and property of PortPos, you or others, including against other malicious or fraudulent activity and security incidents; and (v) to respond to valid legal process requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include authorities outside your country of residence.
Legal bases for processing dataFor the purposes of the General Data Protection Regulation, we rely upon a number of legal bases to enable our processing of your Personal Data. 
a. Contractual and Pre-Contractual Business RelationshipsWe process Personal Data for the purpose of entering into business relationships with prospective Business Users and End Users and to perform the respective contractual obligations with them. Activities include:Creation and management of PortPos accounts and PortPos account credentials, including the evaluation of applications to commence or expand the use of our Services;Creation and management of PortPos Checkout accounts;Processing of payments, including fraud detection, loss prevention, optimizing valid transactions, communications regarding such payments, and related customer service.
b. Legal ComplianceWe process Personal Data to verify the identity of individuals and entities in order to comply with fraud monitoring, prevention and detection obligations, laws associated with the identification and reporting of illegal and illicit activity, such as "Anti-Money Laundering ("AML"); “CFT” (Combating the Financing of Terrorism) and Know-Your-Customer ("KYC")" obligations, and financial reporting obligations. For example, we may be required to record and verify a User’s identity for the purpose of compliance with legislation intended to prevent money laundering and financial crimes. These obligations are imposed on us by the operation of law and may require us to report our compliance to third parties, and to submit to third party verification audits.
c. Legitimate Interests Where allowed under applicable law, we rely on our legitimate business interests to process Personal Data about you. The following list sets out the business purposes for which we have a legitimate interest in processing your data:Detect, monitor and prevent fraud and unauthorized payment transactions;Mitigate financial loss, claims, liabilities or other harm to End Customers, End Users, Business Users and PortPos;Determine eligibility for and offer new PortPos products and services;   Respond to inquiries, send Service notices and provide customer support;Promote, analyze, modify and improve our Services, systems, and tools, and develop new products and services, including reliability of the Services;Manage, operate and improve the performance of our Sites and Services by understanding their effectiveness and optimizing our digital assets;Analyze and advertise our Services, and related improvements;Conduct aggregate analysis and develop business intelligence that enable us to operate, protect, make informed decisions, and report on the performance of, our business;
d. ConsentWe may rely on consent to collect and process Personal Data as it relates to how we communicate with you. When we process data based on your consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing based on such consent before the consent is withdrawn.

Your rights and choices

You may have choices regarding our collection, use and disclosure of your Personal Data:
a. Opting out of receiving electronic communications from us-If you no longer want to receive marketing-related emails from us, you may opt-out via the unsubscribe link included in such emails. We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt-out of receiving marketing-related emails from us, (i) we retain the right to communicate to you regarding the services you receive (e.g. support and important legal notices) and (ii) our Business Users may still send you messages and/or direct us to send you messages on their behalf. 
b. Your data protection rights-Subject to applicable law, you may have the following rights described here with regard to the Personal Data we control about you:● The right to request confirmation of whether PortPos processes Personal Data relating to you, and if so, to request a copy of that Personal Data;● The right to request that PortPos rectify or update your Personal Data that is inaccurate, incomplete or outdated;● The right to request that PortPos erase your Personal Data in certain circumstances provided by law;● The right to request that PortPos restrict the use of your Personal Data in certain circumstances, such as while PortPos considers another request that you have submitted (including a request that PortPos make an update to your Personal Data);● The right to request that we export your Personal Data that we hold to another company, where technically feasible;● Where the processing of your Personal Data is based on your previously given consent, you have the right to withdraw your consent at any time; ● Where we process your information based on our legitimate interests, you may also have the right to object to the processing of your Personal Data. Unless we have compelling legitimate grounds or where it is needed for legal reasons, we will cease processing your information when you object. 

Security and retention

We make reasonable efforts to provide a level of security appropriate to the risk associated with the processing of your Personal Data. We maintain organizational, technical and administrative measures designed to protect Personal Data covered by this Policy against unauthorized access, destruction, loss, alteration or misuse. 
To help us protect Personal Data, where you have an account with PortPos, we encourage you to use a strong password, protect that password from unauthorized use and not use the same log-in credentials (e.g. password) for your PortPos accounts as you do with other services or accounts. If you have reason to believe that your interaction with us is no longer secure (e.g. you feel that the security of your PortPos account has been compromised), please contact us immediately.
We retain your Personal Data as long as we are providing the Services to you or our Business Users (as applicable) or for a period during which we reasonably anticipate providing the Services. Even after we stop providing Services directly to you or a Business User with which you are doing business, and even if you close your PortPos account or complete a transaction with a Business User, we may retain your Personal Data: ● to comply with our legal and regulatory obligations. ● to enable fraud monitoring, detection and loss prevention activities. ● to comply with our tax, accounting, and financial reporting obligations● where required by our contractual commitments to our financial partners (and where data retention is mandated by the payment methods you used). 
In cases where we keep Personal Data, we do so in accordance with any limitation periods and records retention obligations that are imposed by applicable law.
Updates and notifications
We may change this Policy from time to time to reflect new services, changes in our privacy practices or relevant laws. The “Last updated” legend at the top of this Policy indicates when this Policy was last revised. Any changes are effective the latter of when we post the revised Policy on the Services or otherwise provide notice of the update as required by law.We may provide you with disclosures and alerts regarding the Policy or Personal Data collected by posting them on our website and, if you are an End User or Representative, by contacting you through your PortPos Dashboard, email address and/or the physical address listed in your PortPos account.
Contact us
If you have any questions or complaints about this Policy, please contact us. If you are a Merchant’s Customer (i.e. an individual doing business or transacting with a Business User), please refer to the privacy policy or notice of the Business User for information regarding the Business User’s privacy practices, choices and controls, or contact the Business User directly.