Oharapay Limited ("Oharapay", "we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, share, and protect information in relation to our payment processing platform, services, and website (collectively, the "Services").
This Privacy Policy applies to all users of our Services, including merchants, customers, website visitors, and any other individuals whose personal data we process.
By using our Services, you agree to the collection, use, and sharing of your information as described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use our Services.
Oharapay is the data controller for the personal data we process, except where we process data on behalf of our merchant customers, in which case we act as a data processor.
We collect various types of information in connection with the Services, including:
Account Information: When you register for an account, we collect your name, email address, phone number, business name, business address, tax identification number, and other registration details.
Payment Information: To process payments, we collect payment card details, bank account information, billing addresses, and transaction data. Payment card information is encrypted and tokenized for security.
Identity Verification Information: To comply with Know Your Customer (KYC) and anti-money laundering regulations, we may collect government-issued identification documents, proof of address, and beneficial ownership information.
Transaction Data: We collect details about the transactions you make or receive through our Services, including transaction amounts, currency, dates, times, merchant and customer details, and payment methods used.
Technical Information: We automatically collect certain technical information when you use our Services, including IP addresses, browser type and version, device information, operating system, time zone settings, and location data.
Usage Data: We collect information about how you use our Services, including pages viewed, features accessed, time spent on pages, clickstream data, and referring URLs.
Communications: When you contact us, we collect the content of your communications, including emails, support tickets, and chat messages.
We use the information we collect for the following purposes:
Service Provision: To provide, maintain, and improve our payment processing services, including processing transactions, managing accounts, and providing customer support.
Compliance and Security: To verify your identity, prevent fraud, comply with legal obligations, enforce our Terms and Conditions, and protect the security of our Services and users.
Communication: To send you service-related notifications, updates, security alerts, and administrative messages. We may also send you marketing communications if you have opted in to receive them.
Analytics and Improvement: To analyze usage patterns, understand user preferences, improve our Services, develop new features, and conduct research and development.
Personalization: To customize your experience with our Services and provide personalized content and recommendations.
Legal Compliance: To comply with applicable laws, regulations, legal processes, and governmental requests.
Business Operations: To operate our business, including accounting, auditing, billing, reconciliation, and other internal business purposes.
For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process your personal data based on the following legal grounds:
Contract Performance: Processing is necessary to perform our contract with you and provide the Services you have requested.
Legal Obligation: Processing is necessary to comply with our legal obligations, including KYC/AML requirements, tax obligations, and regulatory reporting.
Legitimate Interests: Processing is necessary for our legitimate interests or those of a third party, such as fraud prevention, network security, direct marketing (where permitted), and business analytics.
Consent: In some cases, we process your data based on your consent, which you may withdraw at any time by contacting us.
We may share your information in the following circumstances:
Service Providers: We share information with third-party service providers who perform services on our behalf, such as payment processors, fraud detection services, cloud hosting providers, customer support tools, and analytics providers.
Business Partners: We may share information with business partners who help us provide or improve our Services, subject to confidentiality obligations.
Payment Networks: To process card transactions, we share transaction data with payment card networks (Visa, Mastercard, American Express, etc.) and card-issuing banks.
Merchants and Customers: When you make or receive a payment, we share relevant transaction information between the merchant and customer to facilitate the transaction.
Legal Requirements: We may disclose your information to comply with legal obligations, respond to lawful requests from public authorities, enforce our Terms and Conditions, protect our rights and property, or investigate fraud or security issues.
Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the acquiring entity.
With Your Consent: We may share your information with third parties when you give us explicit consent to do so.
We retain your personal data for as long as necessary to fulfill the purposes for which it was collected, including:
Account data is retained for the duration of your account plus a period necessary to comply with legal obligations and resolve disputes.
Transaction data is retained for at least seven (7) years to comply with financial regulations and tax requirements.
Communications and support data are retained for three (3) years or as required by law.
Marketing data is retained until you withdraw consent or opt out of marketing communications.
When we no longer need your personal data, we will securely delete or anonymize it in accordance with our data retention policies and applicable laws.
We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:
Encryption: All sensitive data, including payment card information, is encrypted in transit using TLS/SSL and at rest using industry-standard encryption algorithms.
Access Controls: We implement role-based access controls and the principle of least privilege to limit access to personal data.
PCI DSS Compliance: We maintain PCI DSS Level 1 certification, the highest level of payment card security compliance.
Regular Security Audits: We conduct regular security assessments, penetration testing, and vulnerability scans.
Employee Training: Our employees receive regular training on data protection and security best practices.
Incident Response: We maintain an incident response plan to quickly detect, respond to, and recover from security incidents.
While we strive to protect your personal data, no security system is impenetrable, and we cannot guarantee the absolute security of your information.
Depending on your location, you may have the following rights regarding your personal data:
Access: You have the right to request access to the personal data we hold about you.
Correction: You have the right to request correction of inaccurate or incomplete personal data.
Deletion: You have the right to request deletion of your personal data in certain circumstances.
Restriction: You have the right to request restriction of processing of your personal data in certain circumstances.
Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.
Objection: You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.
Withdraw Consent: Where processing is based on consent, you have the right to withdraw your consent at any time.
Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated.
To exercise any of these rights, please contact us at privacy@oharapay.com. We will respond to your request within the timeframes required by applicable law.
Oharapay operates globally, and your personal data may be transferred to, stored, and processed in countries other than your country of residence. These countries may have data protection laws that differ from those of your country.
When we transfer personal data from the EEA, UK, or Switzerland to countries that do not provide an adequate level of data protection, we implement appropriate safeguards, such as:
Standard Contractual Clauses approved by the European Commission
Data Processing Agreements that include appropriate security measures
Binding Corporate Rules for transfers within our corporate group
Transfers based on adequacy decisions by the European Commission
We ensure that all international data transfers comply with applicable data protection laws and that your data receives adequate protection wherever it is processed.
Our Services are not directed to individuals under the age of 18, and we do not knowingly collect personal data from children under 18.
If you are a parent or guardian and believe your child has provided us with personal data, please contact us at privacy@oharapay.com, and we will delete such information from our systems.
Merchants using our Services must ensure they comply with applicable age verification and parental consent requirements when selling to minors.
Our Services may contain links to third-party websites, applications, or services that are not owned or controlled by Oharapay.
We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through our Services.
This Privacy Policy applies only to information collected by Oharapay and does not apply to information collected by third parties.
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected about you, the sources of that information, the purposes for collection, and the third parties with whom we share it.
Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.
Right to Opt-Out: You have the right to opt out of the sale of your personal information. Note that we do not sell personal information as defined by the CCPA.
Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your CCPA rights.
To exercise these rights, please contact us at privacy@oharapay.com or call us at +1 (800) 123-4567. We will verify your identity before processing your request.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
When we make material changes to this Privacy Policy, we will notify you by email (if you have provided an email address) or by posting a prominent notice on our website prior to the changes taking effect.
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.
Your continued use of our Services after the effective date of an updated Privacy Policy constitutes your acceptance of the changes.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Data Protection Officer
Oharapay Limited
Grand Canal Square
Dublin 2, Ireland
Email: privacy@oharapay.com
Phone: +353 1 234 5678
For data protection inquiries specifically, you may also contact our Data Protection Officer directly at dpo@oharapay.com.
Our Data Protection Officer is available to answer any questions about how we handle your personal data.