Our Privacy Policy

We at Payment Express take your privacy seriously, and will only use your personal information for the purposes permitted by law and specified in this privacy policy. Please read it, and let us know if you have any questions.

Who is Payment Express?

Payment Express is a group of companies consisting of Payment Express Limited, its affiliates and its subsidiaries, that provides technical solutions to businesses that allow them to process payments in e-commerce, and via physical payment devices, such as card readers. With respect to any of your personal data collected during or otherwise processed in connection with your use of a Payment Express terminal, or our ecommerce payment solution, Payment Express acts as data controller.

Payment Express Protects Your Personal Information at Least Up to the Standards Set Forth by PCI-DSS

Payment Express, is committed to protecting your privacy whenever you buy goods or services from a merchant that uses Payment Express payment solutions (“Merchant”). Merchants will generally use Payment Express payment solutions when customer uses a credit or debit payment card over the internet, telephone, fax, unattended or integrated electronic funds transfer at the point of sale (EFTPOS) system. As such, please note that your Merchant acts as the data controller.

Payment Express recognizes its responsibility to keep confidential at all times any information that Payment Express acquires in connection with such a transaction, whether directly from a cardholder or Merchant. Payment Express protects personal information - at a minimum - to the Payment Card Industry Data Security Standards (PCI-DSS). To learn more about PCI-DSS, please see our PCI-DSS section below, or visit the PCI Security Standards Council’s website, at: https://www.pcisecuritystandards.org/.

Please note, however, that Payment Express’s responsibility is limited to protection by Payment Express of information that Payment Express obtains. Payment Express itself cannot control the use or disclosure by your Merchant of any information that it obtains from you.

How We Collect Information

To enable Payment Express to provide secure payment facilities, we will typically acquire information which may include a cardholder's name, credit card number (with the expiry date) and billing address. That information is collected when a card and its information is provided to a Payment Express solution.

How We Use and Disclose Information

Payment Express uses the information it collects to obtain authorization of transactions from the payment card’s issuing bank (the bank that issued your credit or debit card) and from Payment Express's own or the Merchant's bank (the “acquirer” or “acquiring bank”) – this is done in order to process the payment. Some details from the transaction (such as name, email and delivery address) may be made available to the Merchant or acquiring bank through Payline - Payment Express’s web-based transactions management system, which allows Merchants to track transactions and process refunds. Payment card numbers themselves will be encrypted and stored by Payment Express securely, and will not be provided to the Merchant. Please note that your personal data may be shared with legal authorities if required by law. In addition, and separate from its performance of the services set forth in this privacy policy, Payment Express may aggregate and disclose aggregate data that is not personally identifiable to its partners or third parties. This aggregated, non-identifiable data may be used for statistical analysis or similar purposes.

Security

Payment Express is committed to data security. Payment Express uses a variety of technologies and procedures to help protect personal information from unauthorized access, use or disclosure. For example, Payment Express stores the data in computer servers with limited access that are located in controlled facilities secured by advanced surveillance and security technology. When Payment Express transmits sensitive information (such as a payment card number), Payment Express protects it through the use of encryption, such as the Secure Socket Layer (SSL) protocol. Credit card details stored onsite are encrypted using 168bit 3DES encryption. Payment Express is a level 1 certified PCI-DSS compliant provider.

What is PCI-DSS?

PCI-DSS, the Payment Card Industry Data Security Standard, is a set of security requirements relating to the protection of cardholder data. The standard is governed by the Payment Card Industry (PCI) Security Standards Council, an organisation put together by most of the major card schemes - VISA, MasterCard, American Express, JCB and Discover. It is relevant for any entity that stores or transmits sensitive cardholder data, that being generally things like the PAN (card number), card security code, track data, and PIN block. Preceding PCI-DSS, the card schemes had their own standards, and the VISA Account Information Security (AIS) standard formed the basis to most of the PCI-DSS requirements. Click here to view our PCI-DSS compliance certificate.

Storage of Information

Otherwise, Payment Express may transfer your information to countries outside of your country of residence, and those countries may have information protection rules that are different from those of your country of residence. Generally, Payment Express stores and processes information in countries where we operate offices, such as the New Zealand, Australia, the United States, and the United Kingdom. Payment Express takes measures to ensure that information transfers comply with applicable data protection laws and that your information remains protected to the standards described in this Privacy Policy.

Although we do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Transfer of Personal Data Outside European Economic Area

The data that we collect from you may be transferred to, and stored at, a destination outside of the European Economic Area (“EEA”), including, but not limited to in New Zealand, Australia, an. It may also be processed by staff operating outside the EEA who work for us. Such staff may be engaged in, among other things, the fulfilment of your order, the processing of payment details, and the provision of support services. By submitting your personal data, you agree to this transfer, storing and processing.

Your Rights With Respect to Your Personal Data

You, as the customer of a Merchant using Payment Express, have certain rights with respect to your personal data. You have the right to revoke your agreement to the collection, processing, and use of your personal data at any time with effect for the future by contacting our Data Protection Officer at the email address, or physical address, listed in this privacy policy. However, please note that doing so may result in Payment Express no longer being able to perform services for your benefit and/or processing payments for your benefit.

You have the right to request access and know what information is held about you. Payment Express will inform you about the personal data it has in relation to you, to the extent permitted by applicable law and regulation, upon your written request to our Data Protection Officer.

You have the right to erasure, or otherwise to have your personal data deleted or removed upon written request to Payment Express. Please note that Payment Express may erase such data in a reasonable period of time, and that lodging a request to erase your data may effect some of the services Payment Express offers to Merchants.

How to Contact Us

Any questions or concerns relating to the collection and processing of your personal data should be sent via email to the following address: compliance@paymentexpress.com. At this address you can also request to change your personal data, or have your personal data deleted. Payment Express will answer your request within a reasonable time. You can also send your requests in writing to the following address: Payment Express, 31-33 Wilkinson Road, Ellerslie, Auckland 1060, New Zealand for the attention of the Data Protection Officer. If you are contacting Payment Express via letter, e-mail, phone or by fax, Payment Express is storing your personal data in order to be able to answer your request.

Updating this Policy

Payment Express reserves the right to change this privacy statement at all times. It is your responsibility to periodically verify the applicable privacy statement and to comply with its most recent version. This privacy statement was last modified in May 2018.

Cookies

Cookies are small text files that some websites place on your computer as a tool to remember your preferences. At Payment Express, we do not use cookies at this time.

Employment Data

As an employer, Payment Express may collect personal information of its employees including name, address, email, date of birth, bank information, work experience, and education history. This information is provided to Payment Express by its employees through an application form. In the event a conditional employment offer is made, we may share this information with third parties for the completion of background screenings, payment distribution, and enrollment in health/financial benefits. Payment Express may require such third parties to maintain confidentiality of employee personal information.

We release account and other personal information when we believe release is appropriate to comply with the law; protect the rights, property or safety of Payment Express, our customers or others. Certain laws or government regulations may require us to disclose non-public personal information about you to respond to court orders or legal investigations. Note that this does not include selling, renting, sharing, or otherwise disclosing personally identifiable information from customers for commercial purposes in violation of the commitments set forth in this Privacy Policy.

Miscellaneous

Our website contains links to third-party websites, and Payment Express is not responsible for the content or the privacy practices employed by other websites. Apart from using your data in the processing of transactions, Payment Express does not use your data to make automated decisions. We will ask for your consent before using information for a purpose other than those that are set out in this privacy policy.