Last update: January 17, 2023
By visiting the Platform, using the services available through the Platform (the “Services”), or providing us with personal information you consent to Paays collecting, storing, using and disclosing your personal information in accordance with the terms of this Policy. Updates to the Policy will be posted on the Platform.
The Platform and Services are made available for, and intended for use by, Canadian residents only. If you are not a resident of Canada, you may not visit or use the Platform or apply for or use the Services.
If you do not agree with the terms of this Policy, do not access or use the Platform, apply for or use the Services, or provide us with personal information. If you are under the age of majority in the province where you reside, you may not access or use the Platform or our services or submit personal information to Paays.
1. About Paays
Paays provides digital finance and authentication Services to Automotive, Real-estate, Mortgage and Accounting businesses in Canada (collectively, “Clients”). Paays collects personal information relating to current, prospective and former Clients and their authorized employees, representatives and agents (collectively, “Representatives”) in order to manage our relationship with Clients, and to promote, offer, provide and administer our Platform and Services. We refer to this personal information as Client Personal Information. Paays is accountable for and in control of Client Personal Information under applicable privacy laws.
In providing Services to Clients, Paays may collect and otherwise process personal information relating to our Clients’ customers (“End Users”). When Paays collects personal information about End Users (referred to as “End User Personal Information”) we do so as a service provider to the Client. The Client remains accountable for and in control of their End User Personal Information.
2. Personal Information: Collection, Retention and Use
The type of Personal Information that Paays collects depends on the nature of your interaction and relationship with us.
With respect to Clients and their Representatives, we may collect name, title, and business contact information, such as business address, telephone number and email address.
With respect to End Users, the End User Personal Information we or our service providers collect will depend on the nature of the Services that our Client has requested from us, but may include:
- Your name and contact information
- Country of residence
- A digital copy of your Canadian provincial or territorial driver’s license (and information extracted from it, including name, date of birth and ID number) and a selfie photo. Note that this only applies to ID Verifier by Paays (“IDV”). Use of IDV is through integrations with our verification partners Berbix or Yoti (“Verification Partners”). The collection and use of this information by Verification Partners is subject to their respective privacy policies available at https://terms.berbix.com/terms/privacy and https://www.yoti.com/privacy/.
We also collect information from our fraud detection and identity verification vendors (see section 4 below).
We use Client Personal Information to manage our Client relationships and for marketing purposes. Representatives may opt-out of email- based marketing communications at any time by using the unsubscribe link in the email message or sending an email with “Unsubscribe” to the email address provided in the marketing communication.
We use End User Personal Information only for the purposes of providing our Services to our Client, which may include soliciting feedback on behalf of the Client regarding your experience using the IDV services. End User Personal Information that we process is under our Client’s control. If you have any questions about how a Client handles End User Personal Information you must contact the Client directly.
We retain Client Personal Information only for as long as necessary to fulfill the purposes for which it was collected, to meet our legitimate business requirements, and as otherwise permitted or required by law.
We retain End User Personal Information only for as long as necessary to perform our Services for Clients.
3. Information Collected Automatically
When you visit or interact with the Platform certain information is collected automatically through cookies or similarly purposed technologies, including technical and statistical information such as your IP address, your location based on your IP address, mobile device identifiers, operating system, and page views and duration.
The primary use of this information by Paays is to detect and reduce instances of fraud or organized DDOS attacks against the Platform. The information collected may also be used by Paays for its business operations and planning, including the operation and improvements to the Platform, debugging, product research, evaluation, and development.
4. Disclosure of your Information
Our Clients control the End User Personal Information that we process when performing Services on their behalf. End User Personal Information will be shared with and made accessible to the applicable Client.
Fraud detection. We share information with vendors that provide fraud detection services. The information shared with these vendors includes email address, device ID, IP address and geolocation information. Using this information, these vendors will generate and share with Paays a risk score or flag. These vendors process your information in accordance with their own privacy policies (see: https://risk.lexisnexis.com/group/processing-notices/emailage and https://www.maxmind.com/en/privacy-policy).
Identity verification. We share information with TransUnion in order to verify End User identity. TransUnion will let us know if the information that we share about an End User matches the information that they have about that individual in their records. For IDV, we do not obtain credit reports or scores from Transunion. For information about TransUnion’s personal information practices, see https://www.transunion.ca/legal/privacy-policy.
Anti-money laundering (AML). Certain Clients for IDV may request Paays to check an End User’s information against AML databases (Watchlists, Politically Exposed Persons (PEP) lists, UN Sanctions lists, and Adverse Media lists). To perform these checks, we may share your information with Comply Advantage (“Comply”). Comply will let us know if the information we share about an End User matches that on any of the above mentioned lists, and this information will be shared with our Clients. For information about Comply’s personal information practices, see https://complyadvantage.com/privacy-notice/.
IDV: If you complete the IDV process, a verification report is sent to the Client who initiated the IDV request, confirming the authenticity of your identity document(s) submitted. This report may contain a digital copy of your Driver’s License, along with other text-based identity information, extracted and verified by IDV. This information is passed only to the Client who initiated the request.
Our employees, representatives and agents will have access to your Personal Information as necessary in connection with their responsibilities.
In connection with providing the IDV service, Paays may share your Personal Information with companies providing related services to Paays, such as data hosting and processing, analytics, marketing, fraud detection and prevention, identity verification. Some of these service providers may be located outside of Canada, including the United States.
Paays may share with any third party that we deem appropriate, aggregate anonymized information regarding the Platform and users of the Platform, such as demographic information about, and geographic territory of, end users (as a group), customer preferences (as a group), technical performance and usage statistics. These third parties may include, for example, business partners or companies who assist Paays in providing or supporting the Paays platform.
Paays may share Personal Information where permitted or required by law (including as required by foreign laws applicable to Paays service providers), if we believe we are required to do so in order to comply with an order of a court of competent jurisdiction or other legal requirements of any governmental authority, if we believe doing so would potentially mitigate our liability in an actual or potential lawsuit, if we believes it is necessary to protect our rights or property, or if Paays sells all or part of its assets, or enters into a similar business transaction to a third party.
5. Data Protection and Security
Paays takes your privacy and the protection of your Personal Information seriously and takes commercially reasonably measures to ensure its security. However, no transmission of Personal Information over the Internet can be guaranteed to be uninterrupted or completely secure, and accordingly Paays cannot, and does not, guarantee that your Personal Information will not be unlawfully accessed by a third party. PAAYS DOES NOT WARRANT THE SECURITY OF ANY INFORMATION YOU TRANSMIT ELECTRONICALLY, AND YOU DO SO AT YOUR OWN RISK.
6. Governing Law and Jurisdiction
Paays is domiciled in and provides its services from the Province of Ontario. Consumers from countries and jurisdictions outside of Canada are advised that this Policy, and the collection, retention, and use of your Personal Information, shall be construed in accordance with and governed by the laws of the Province of Ontario and the federal laws of Canada as applicable.
You are also advised that Personal Information is retained in cloud-based servers which may be located in Canada, the U.S.A. and other jurisdictions. The laws of these jurisdictions may offer less stringent privacy and consumer rights than the jurisdiction in which you reside.
7. Changes to this Policy
Paays may revise this Policy from time to time. The updated Policy will be published on the Platform and identified by the publication date. Please review the Policy frequently during your use of the Platform and Paays Services to ensure that you are aware of the most up to date Policy. Your continued use of the Platform or the Services following the publication of an update to this Policy confirms your acceptance of the then updated Policy terms.
8. Opting out of Marketing Communications
Client Representatives can opt-out of marketing communications by using the unsubscribe link in the email or by sending an email with “Unsubscribe” in the subject line to the email address provided in the communication.
9. Your rights
Representatives have the right to request access to or correction of their Personal Information in our custody or control by writing to us at the email address below. We will take appropriate steps to verify your identity before providing access or making corrections. Representatives may also have the right, subject to contractual and legal restrictions and reasonable notice, to withdraw their consent to our collection, use and disclosure of their Personal Information, and in certain circumstances, to request deletion of their Client Personal Information. However, if a Representative withdraws their consent, we may no longer be able to provide our Services.
End Users may also have similar rights with respect to their End User Personal Information. However, since End User Personal Information is under the control of the applicable Client, End Users must contact the relevant Client in order to exercise these rights.
10. Contact Paays
Should you have any questions regarding this Policy or the processing of Client Personal Information, please contact Paays’s Chief Privacy Officer at Paays Financial Technologies Inc., 41 Industrial Street, Suite 203, Toronto, ON, M4G 0C7 or email@example.com.
Questions related to the security of the Paays website or any solutions provided by Paays? Contact firstname.lastname@example.org.
Should you have any questions regarding the processing of End User Personal Information please contact the Client directly.