Privacy Policy

Hyperwallet Privacy Policy

Effective Date: March 31, 2022

I. Overview

This Privacy Policy explains how members of the PayPal group of companies, including PayPal, Inc., PayPal (Europe) S.à r.l. et Cie, S.C.A, PayPal Pte. Ltd., Hyperwallet Systems Inc. and Hyperwallet Australia Pty Ltd (collectively, “PayPal”, “Hyperwallet”, “we,” “us,” or “our”) may collect, Process, share, store, and transfer Your Personal Data that You provide when You visit the Sites, access the Services and any other Site as a visitor or User.

PayPal is deemed authorised and regulated by the Financial Conduct Authority. The nature and extent of consumer protections may differ from those for firms based in the UK. Details of the Temporary Permissions Regime, which allows EEA-based firms to operate in the UK for a limited period while seeking full authorisation, are available on the Financial Conduct Authority’s website.

For the purpose of the data protection regulations applicable in the EEA, UK and Brazil, the data controller is PayPal (Europe) S.à r.l. et Cie, S.C.A, a duly licensed Luxembourg credit institution under Article 2 of the law of 5 April 1993 on the financial sector, as amended, and under the prudential supervision of the Luxembourg supervisory authority, the Commission de Surveillance du Secteur Financier.

This Privacy Policy is designed to help You obtain information about our privacy practices and to help You understand Your privacy choices when You use our Sites and Services. Please note that our Service offerings may vary by region.

In this Privacy Policy, we sometimes refer to “You” or “Your.” “You” mostly refers to a Payee; however, “You” may also refer to a visitor to our Sites, a Payor, a third-party service provider, or an employee — all of whom are subject to this Privacy Policy.

The Sites and Services are operated by Hyperwallet for Payors or on behalf of Payors, respectively.

We have defined some terms that we use throughout the Privacy Policy. You can find the meaning of a capitalized term in the Definitions section.

Please contact us if You have questions about our privacy practices that are not addressed in this Privacy Policy.

II. What Personal Data Do We Collect?

The Hyperwallet Sites are where You can learn more about the Services.

We collect Personal Data about our business customers (each a “Payor”) and their designated payees (each a “Payee”) when they use the Sites or the Services. We also collect information about the third-party service providers who we engage to help us provide the Services, as well as information about our employees.

We collect information about You that You provide to us when You access or use the Sites or Service. This information may include Your name, nationality, home address, telephone number, personal e-mail address, Your forwarding address (e.g. during a vacation), previous address(es), billing and account information (such as credit or debit card number, or bank account number), Your mailing preferences, delivery instructions, transaction history, IP address, and service preferences, as well as other information defined as non-public or private information about You pursuant to applicable law.

III. How do We Retain Personal Data?

We retain Personal Data in an identifiable format for the least amount of time necessary to fulfill our legal or regulatory obligations and for our business purposes. We may retain Personal Data for longer periods than required by law if it is in our legitimate business interests and not prohibited by law. We will continue to use and disclose such Personal Data in accordance with this Privacy Policy.

IV. How Do We Process Personal Data?

We may Process Your information for the following reasons:

• To operate the Sites and provide the Services, such as to evaluate a Payor’s application to use our Services or to establish Your identity for compliance purposes, authenticate Your access to Your Account; and to process payment transactions on a Payor’s behalf;
• To manage our business needs, such as monitoring, analyzing, and improving the Services and the Sites’ performance and functionality.
• To manage risk and protect the Sites, the Services and You from fraud by verifying Your identity and helping to detect and prevent fraud and abuse of the Sites or Services.
• To market to Payors by delivering marketing materials about Services.
• To provide You with location-specific options, functionality or offers if You elect to share Your Geolocation Information through the Services. We will use this information to enhance the security of the Sites and Services and provide You with location-based Services, such as advertising, search results, and other personalized content.
• To comply with our obligations and to enforce the terms of our Sites and Services, including to comply with all applicable laws and regulations.
• For the performance of a contract, such as where necessary to carry out payment services.
• For our legitimate interests:
  • to enforce the terms of our Sites and Services;
  • manage our everyday business needs; and
  • provide aggregated and anonymized statistical data to third parties, including other businesses and members of the public, about how, when, and why Users visit our Sites and use our Services;
• With Your consent: to respond to Your requests, for example, to contact You about a question You submitted to our customer service team. You can withdraw Your consent at any time and free of charge.

We may also use information that we collect in aggregate form to further develop and improve the Sites and Services, and for our own business analyses that will allow us to make informed decisions.

V. Do We Share Personal Data?

We may share personal data or other information about You with others for the following reasons:

With other members of the Hyperwallet corporate family: We may share Your Personal Data with members of the Hyperwallet family of entities, including PayPal, to among other things, provide the Services You have requested or authorized; to manage risk; to help detect and prevent potentially illegal and fraudulent acts and other violations of our policies and agreements; and to help us manage the availability and connectivity of products, Services, and communications.

With Payors. We will share Your Personal Data with Payors for processing payments and transactions or as legally required. You should consult with Your Payor to learn how Your Payor uses any Personal Data, as we have no control over Personal Data once it is disclosed to Your Payor.

With other companies that provide services to us. We may share Personal Data with third-party service providers who assist us in managing, administering or delivering the Site or providing the Services.

With the other parties to transactions when You use the Services: We may share information with the other participants to Your transactions, including:

• Personal Data necessary to facilitate the transaction; and
• information to help other participant(s) resolve disputes and detect and prevent fraud, for example we may report device information, including if we conclude that a device has been used in connection with a fraudulent or abusive transaction with us.

With other third parties for our business purposes or as permitted or required by law: We may share information about You with other parties for Hyperwallet’s business purposes or as permitted or required by law, including:

• For the performance of a contract, such as where necessary to carry out payment services;
• if we need to do so to comply with a law, legal process or regulations;
• to law enforcement authorities or government officials, or other third parties pursuant to a subpoena, a court order or other legal process or requirement applicable to Hyperwallet or Hyperwallet’s corporate family:
• if we believe, in our sole discretion, that the disclosure of Personal Data is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity.
• To protect the vital interests of a person;
• To investigate violations of or enforce a user agreement or other legal Terms applicable to any Service;
• to protect our property, Services and legal rights;
• to facilitate a purchase or sale of all or part of Hyperwallet’s business;
• to help assess and manage risk and prevent fraud against us, our Users and fraud involving our Sites or use of our Services, including fraud that occurs at or involves our business partners or other individuals;
• to companies that we plan to merge with or be acquired by; and
• to support our audit, compliance, and corporate governance functions.

With Your consent: We also will share Your Personal Data and other information with Your consent or direction.

VI. International Transfers

Our operations are supported by a network of computers, cloud-based servers, and other infrastructure and information technology, including, but not limited to, third-party service providers.

The third parties mentioned above may be established in jurisdictions other than your own. These countries do not always afford an equivalent level of privacy protection. We have taken specific steps, in accordance with data protection laws, to protect your Personal Data, including implementing adequate measures. In particular, for transfers of your EEA Personal Data within PayPal- related companies, we rely on Binding Corporate Rules approved by competent Supervisory Authorities (available here). Other data transfers may be based on contractual protections. Please contact us for more information about this.

Please note that Hyperwallet may be required to disclose Personal Data if it is the subject of a lawful request by public authorities, including to meet national security or law enforcement requirements.

VII.How do we use Cookies and Tracking Technologies?

When You use the Site or interact with the Services, we may use cookies and other tracking technologies (collectively, “Cookies”) to collect non-personal data, including browsing history. Cookies are small text files (typically made up of letters and numbers) placed in the memory of Your browser or device when You visit a website or view a message. Cookies allow a website to recognize a particular device or browser.

Our Cookies and similar technologies have different functions. We may use cookies or other technologies that are necessary to the operation of our Sites, Services, applications, and tools. This includes technologies that allow You access to our Sites, Services, applications, and tools; that are required to identify irregular site behavior, prevent fraudulent activity, facilitate transactions and improve security; or that allow You to make use of our functions. Cookies and similar technologies can also be used for our advertising purposes, if you consent.

Certain aspects and features of our Services and Sites are only available through the use of Cookies, so if You choose to disable or decline Cookies through Your device or browser settings, Your use of the Sites and Services may be limited or not possible.

Where appropriate, security measures are set in place to prevent unauthorized access to our Cookies and similar technologies. A unique identifier ensures that only we and/or our authorized service providers have access to Cookie data.

Service providers are companies that help us with various aspects of our business, such as Site operations, Services, applications, advertisements and tools. We may use some authorized service providers to help us to serve You relevant ads on our Services and other places on the internet. These service providers may also place Cookies on Your device via our Services (third-party Cookies). They may also collect information that helps them identify Your device, such as IP-address or other unique device identifiers.

VIII. What Privacy Choices Are Available To You?

Choices Relating to Cookies

You may have options available to manage Your cookies preferences. For example, Your browser or internet device may allow You to delete, disable, or block certain cookies and other tracking technologies. You can learn more by visiting AboutCookies.org. You may choose to enable these options but doing so may prevent You from using many of the core features and functions available on a Service or Site. Manage your cookie settings here.

Choices Relating to Registration and Account Information

If You use our Services, You generally may review and edit Personal Data by logging in and updating the information directly or by contacting us. Contact privacyofficer@hyperwallet.com if You have questions about Your Account information or other Personal Data. Some of the Personal Data in Your profile may only be updated in Your Payor’s system.

Choices Relating to Communication

We may communicate with Payors (and related business contacts) about our Services. We may also send You surveys after being in contact with our customer support. If You wish to unsubscribe from receiving e-mail marketing or survey communications, please opt-out via the unsubscribe link included in such emails, and we will stop sending You communications.

We will send communications to You that are required or necessary to send to Users of our Services, notifications that contain important information and other communications that You request from us. You may not opt out of receiving these communications. However, You may be able to adjust the media and format through which You receive these notices.

IX. How Do We Protect Your Personal Data?

We maintain technical, physical, and administrative security measures designed to provide reasonable protection for Your Personal Data against loss, misuse, unauthorized access, disclosure, and alteration. The security measures include firewalls, data encryption, physical access controls to our data centers, and information access authorization controls. You should keep in mind that no Internet transmission is ever completely secure or error-free. In particular, e-mail sent between You and us may not be secure.

X. Can Children Use Our Services?

The Sites and Services are not directed to children under the age of 16. If we obtain actual knowledge that we have collected Personal Data from a child under the age of 16, we will promptly delete it, unless we are legally obligated to retain such data. Contact us if You believe that we have mistakenly or unintentionally collected information from a child under the age of 16.

XI. Data Subject Rights

What are Your Rights?

If You have an Account with any of our Services, You generally can review and edit Personal Data in the Account by logging in and updating the information directly.

Subject to limitations set out in data protection laws, You have certain rights in respect of Your Personal Data. In particular, You have a right of access, rectification, restriction, opposition, erasure and data portability. Please contact us at privacyofficer@hyperwallet.com if You wish to exercise these rights.

You can also make a request by logging into the Pay Portal (Go to “Support,” select “Email” and complete the form for “Privacy Concerns”). Some of the Personal Data in Your profile may only be updated in Your Payor’s system. In such case, Your Payor may provide the information to us so that we may update Your profile in our systems.

Please note that if we do not collect or receive certain Personal Data from You, You may not be able to utilize the Services offered on the Sites or Service, including receipt of funds from the Payor.

XII. Specific provisions relating to EEA, UK Personal Data

Banking Regulations Notice for Payors in the EEA and UK

This section applies to Payors who have relationships with PayPal Europe. In general, the Luxembourg laws to which PayPal’s handling of user data is subject (data protection and bank secrecy) require a higher degree of transparency than most other EU laws. This is why, unlike the vast majority of providers of internet-based services or financial services in the EU, PayPal has listed in this Privacy Policy the third-party service providers and business partners to whom we may disclose Your data, together with the purpose of disclosure and type of information disclosed. You will find a link to those third parties here. By acknowledging this Privacy Policy and maintaining an account with PayPal, You expressly consent to the transfer of Your data to those third parties for the purposes listed.

PayPal may update the list of third parties referred to above every quarter (January 1st, April 1st, July 1st and October 1st). PayPal will only start transferring any data to any of the new entities or for the new purposes or data types indicated in each update after 30 days from the date when that list is made public through this Privacy Policy. You should review the list each quarter on the PayPal website on the dates stated above. If You do not object to the new data disclosure, within 30 days after the publication of the updated list of third parties, You are deemed to have accepted the changes to the list and to this Privacy Policy. If You do not agree with the changes, You may close Your account and stop using our services.

In order to provide the PayPal Services, certain of the information we collect (as set out in this Privacy Policy) may be required to be transferred to other PayPal related companies or other entities, including those referred to in this section in their capacity as payment providers, payment processors or account holders (or similar capacities). You acknowledge that according to their local legislation, such entities may be subject to laws, regulations, inquiries, investigations, or orders which may require the disclosure of information to the relevant authorities of the relevant country. Your use of the PayPal Services constitutes Your consent to our transfer of such information to provide You the PayPal Services.

Specifically, You consent to and direct PayPal to do any and all of the following with Your information:

1. Disclose necessary information to: the police and other law enforcement agencies; security forces; competent governmental, intergovernmental or supranational bodies; competent agencies, departments, regulatory authorities, self-regulatory authorities or organizations (including, without limitation, the Agencies referenced in the “Agencies” section of the Third Party Provider List here) and other third parties, including PayPal Group companies, that (i) we are legally compelled and permitted to comply with, including but without limitation the Luxembourg laws of 24 July 2015 on the US Foreign Account Tax Compliance Act (“FATCA Law”) and 18 December 2015 on the OECD common reporting standard (“CRS Law”); (ii) we have reason to believe it is appropriate for us to cooperate with in investigations of fraud or other illegal activity or potential illegal activity, or (iii) to conduct investigations of violations of our User Agreement (including without limitation, Your funding source or credit or debit card provider).

   If You are covered by the FATCA or CRS Law, we are required to give You notice of the information about You that we may transfer to various authorities. Please read more about PayPal’s obligations under the FATCA and CRS Law and how they could affect You as well as take note of the information we may disclose as result.

   We and other organizations, including parties that accept PayPal, may also share, access and use (including from other countries) necessary information (including, without limitation the information recorded by fraud prevention agencies) to help us and them assess and to manage risk (including, without limitation, to prevent fraud, money laundering and terrorist financing). Please contact us if You want to receive further details of the relevant fraud prevention agencies. For more information on these Agencies, fraud prevention agencies and other third parties, click here.

2. Disclose Account Information to intellectual property right owners if under the applicable national law of an EU member state they have a claim against PayPal for an out-of-court information disclosure due to an infringement of their intellectual property rights for which PayPal Services have been used (for example, but without limitation, Sec. 19, para 2, sub-section 3 of the German Trademark Act or Sec. 101, para 2, sub-section 3 of the German Copyright Act).
3. Disclose necessary information in response to the requirements of the credit card associations or a civil or criminal legal process.
4. If You as a merchant use a third party to access or integrate PayPal, we may disclose to any such partner necessary information for the purpose of facilitating and maintaining such an arrangement (including, without limitation, the status of Your PayPal integration, whether You have an active PayPal account and whether You may already be working with a different PayPal integration partner).
5. Disclose necessary information to the payment processors, auditors, customer services providers, credit reference and fraud agencies, financial products providers, commercial partners, marketing and public relations companies, operational services providers, group companies, agencies, marketplaces and other third parties listed here. The purpose of this disclosure is to allow us to provide PayPal Services to You. We also set out in the list of third parties, under each ” Category”, non-exclusive examples of the actual third parties (which may include their assigns and successors) to whom we currently disclose Your Account Information or to whom we may consider disclosing Your Account Information, together with the purpose of doing so, and the actual information we disclose (except as explicitly stated, these third parties are limited by law or by contract from using the information for secondary purposes beyond the purposes for which the information was shared).
6. Disclose necessary information to Your agent or legal representative (such as the holder of a power of attorney that You grant, or a guardian appointed for You).
7. Disclose aggregated statistical data with our business partners or for public relations. For example, we may disclose that a specific percentage of our users live in Manchester. However, this aggregated information is not tied to personal information.
8. Share necessary Account Information with unaffiliated third parties (listed here) for their use for the following purposes:
   1. Fraud Prevention and Risk Management: to help prevent fraud or assess and manage risk. For example, if You use the PayPal Services to buy or sell goods using eBay Inc, or its affiliates (“eBay”), we may share Account Information with eBay in order to help protect Your accounts from fraudulent activity, alert You if we detect such fraudulent activity on Your accounts, or evaluate credit risk.

      As part of our fraud prevention and risk management efforts, we also may share necessary Account Information with eBay in cases where PayPal has placed a hold or other restriction on Your account based on disputes, claims, chargebacks or other scenarios regarding the sale or purchase of goods. Also, as part of our fraud prevention and risk management efforts, we may share Account Information with eBay to enable them to operate their programmes for evaluating buyers or sellers.

   2. Customer Service: for customer service purposes, including to help service Your accounts or resolve disputes (e.g., billing or transactional).
   3. Shipping: in connection with shipping and related services for purchases made using PayPal.
   4. Legal Compliance: to help them comply with anti-money laundering and counter-terrorist financing verification requirements.
   5. Service Providers: to enable service providers under contract with us to support our business operations, such as fraud prevention, bill collection, marketing, customer service and technology services. Our contracts dictate that these service providers only use Your information in connection with the services they perform for us and not for their own benefit.

XIII. What Else Should You Know?

Links to Third-Party Websites

We are not responsible for the websites of third parties to which we provide links for Your convenience. We cannot endorse these websites or their privacy practices and this Privacy Policy does not apply to them. You should familiarize Yourself with the privacy policies provided by the owners of these third-party sites before submitting any Personal Data to them.

Changes to this Privacy Policy

We may revise this Privacy Policy from time to time to reflect changes to our business, the Sites or Services, or applicable laws. The revised Privacy Policy will be effective as of the published effective date.

If the revised version includes a substantial change, we will provide You with advance notice by posting notice of the change on our website.

XIV. Contact Information

In compliance with applicable privacy laws, Hyperwallet is committed to responding to concerns regarding our collection or use of Your Personal Data. For inquiries or complaints regarding this Privacy Policy You should first contact Hyperwallet and the Data Protection Officer at privacyofficer@hyperwallet.com or at PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal L-2449, Luxembourg.

XV. Supervisory Authority

If you are not satisfied by the way in which we address Your concerns, You have the right to lodge a complaint with the Supervisory Authority for data protection in Your country.

XVI. Definitions

Personal Data means any information that can be associated with an identified or identifiable person. “Personal Data” can include name, home address, telephone number, personal e-mail address, forwarding address (e.g., during a vacation), previous address(es), billing and account information (such as credit or debit card number, or bank account number), mailing preferences, delivery instructions, transaction history, IP address, and service preferences, as well as other information defined as non-public or private information pursuant to applicable law. Personal Data does not include information that does not identify a specific user.

Process describes any method or way that we handle Personal Data or sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, and consultation, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of Personal Data.

Services means the online payment platform (“Pay Portal”), payment services and related functionality and technology.

Sites means the Hyperwallet websites, mobile apps, official social media platforms, or other online properties through which Hyperwallet offers the Services.

User means You or anyone else who has established a relationship with Hyperwallet or otherwise uses the Services or accesses the Sites.

California Consumer Privacy Act Notice

In this notice, we are addressing specific disclosure requirements under the California Consumer Privacy Act of 2018 for California residents. This notice should be read together with Hyperwallet’s Privacy Policy and applies to all California residents who visit our Sites or use the Services.

Personal Data Collection and Purposes of Use

We collect, use and share personal data regarding California residents as described in this notice.

We did not sell any consumers’ personal data in the preceding 12 months.

California Residents’ Privacy Rights

California residents have rights to request access to certain personal data collected about them over the past 12 months, or deletion of their personal data, subject to certain exceptions, and may not be discriminated against because they exercise their rights under the California Consumer Privacy Act. We may require you to provide additional personal data to verify your identity before we process your request; we may not process your request if we are unable to verify your identity.

You may contact us by clicking here, calling 1-877-546-8220, or e-mailing privacyofficer@hyperwallet.com. For security reasons, the best way to make a request is to do so while logged into the Pay Portal.