Privacy & Personal Data Pretection Policy
At EPAG, privacy is a relevant issue. We are focused on establishing a relationship of trust with our customers and users, based on respect for the privacy of people and their information.
We work to ensure the highest level of protection to our customers and their businesses’ information, continuously applying strict standards to guarantee safety and quality in this matter.
In addition to complying with non-disclosure agreements, we have this privacy policy that explains our actions in data handling and details the procedures through which personal information is collected, stored and used by us.
This Privacy Policy governs how EPAG collects, handle, uses and discloses your data when you use the services, features, technologies or functions offered by EPAG (collectively “EPAG Services”), this includes, but is not limited to, when you willingly provide information while using EPAG Services.
You accept and comply to this Privacy Policy when you sign up for, access or use any EPAG Services. By accepting and complying to this Privacy Policy, you expressly agree to how we collect, handle and use your data, as described herein.
EPAG’s Merchants are the companies that use our services to sell their products/services.
EPAG is the entity that performs payment process for its Merchants, processing Personal Data on their behalf and acting as their Data Processor. To process such payments EPAG may engage with other Data Processors.
EPAG’s Customers are the users that select our payment option to perform a purchase from EPAG’s Merchants. They are the data subject of the Personal Data EPAG´s processes.
Your Personal Data is processed by the following Data Processor:
ELPL Tecnologia em Pagamentos Ltda., registered before the Brazilian National Register of Corporate Identification Number 28.667.127/0001-69, with offices at Alameda dos Maracatins 1217, 3F, Indianópolis, São Paulo, 04089-014 – SP, Brazil.
If you have any questions about this Privacy Policy, or if you wish to exercise your rights mentioned under clause 12, please contact our Privacy Officers via mail at this address: EPLP Tecnologia em Pagamentos Ltda., Avenida Brigadeiro Faria Lima 1656, 4-D, Sala 6, Pinheiros, São Paulo, 01451-918 – SP
Brazil; or email address [email protected] according to the procedure described in clause 12.
You can also contact our Data Protection Officer by email to the following address: [email protected].
Personal Data is information that can be used to identify a person either directly or indirectly; it may include name, address, email, phone number, credit/debit card number, IP address and location data. Non-Personal Data does not allow a specific individual to be identified when analyzed alone or with other Non-Personal Data; it may include gender, age and general geographic location. We collect Personal and Non-Personal Data, and may also anonymize Personal Data to make it Non-Personal. You agree that EPAG may collect, handle, store, use, transfer and disclose Non-Personal Data for any purpose, which includes – but is not limited to – the use of aggregated transactional information for commercial purposes.
You may give us data about you by filling in forms on ours or EPAG’s Merchant’s sites and applications, as well as when you use our services. The data you give us may include, among others, your name, ID, date of birth, address, email address, phone number and credit card information.
We may record your call with call center agents working on our behalf for training purposes and to ensure quality customer service.
Regarding each of your visits to our site we may automatically collect the following information:
We are working closely with third parties (including, for example, business partners and sub-contractors in technical, payment and delivery services, that may access your Personal Data and share with us, always according to our instructions and taking the security measures defined in clause 13).
Some devices allow applications to access real-time location-based data (for example GPS). We may use this data to optimize your experience.
We process your Personal Data for – but not limited to – the following purposes, based upon the legal grounds of the applicable law and your consent:
For any Personal Data that requires your consent to be handled and processed, you have the right to withdraw such consent at any time.
We always strive for maintaining a fair balance between the need to process your Personal Data and the preservation of your rights and freedoms, including the respect for your privacy, always complying with legal or regulatory provisions to which we and you are subject.
There are circumstances where we disclose or are compelled to disclose your Personal Data to third parties. This will only take place in accordance with the applicable law and for the purposes listed in clause 7. These scenarios include disclosure:
By providing us with your Personal Data, you acknowledge that we may transfer it to recipients, including companies EPAG directly or indirectly controls, companies EPAG is controlled by or companies under common control with EPAG, subcontractors (e.g. payment service providers), even if they are established outside your area of residence (such as the European Economic Area, South America or North America). In this case, the processing of your Personal Data will be protected according to the requirements of applicable law and this Policy. Particularly, when transferring data to countries that are outside the European Economic Area and which do not offer an adequate level of protection, we will ensure the use of appropriate data transfer tools (e.g. the European Commission’s Standard Contractual Clauses).
Retention period for complying with legal obligations and evidence purposes: For compliance with legal obligations (such as accounting, tax and insurance) and evidence purposes, Personal Data is stored in our database for an additional five (5) years after the required legal term, unless longer retention is required and we have a legitimate and lawful purpose to do so.
We may keep an anonymized version of your Personal Data for statistical purposes, which will no longer refer to you. The anonymized version may be kept without any time limits, to the extent that we have a legitimate and lawful interest in doing so.
Internal Uses: We collect, store and process your data on servers located on countries throughout the world, which includes, but is not limited to, South America, North America and Europe. Our primary purpose in collecting your data is to provide you with a safe, smooth, efficient, and customized experience. You agree that we may use your Personal Data to:
We use your email or physical address to send you notice of payments made through EPAG, information about important changes to our products and services, notices and other disclosures required by law. Generally, users cannot opt out of these communications, but they will be primarily informational in nature rather than promotional.
As a data subject, you can exercise the rights below regarding your Personal Data.
To exercise these rights, please contact our Privacy Officers, either by mail or by email at the addresses mentioned under clause 4, attaching a copy of your identity card, passport or other valid means of identification and your specific request.
Should you wish to unsubscribe from our emailing list, please use the unsubscribe button that appears on each email sent for commercial purposes by us, or contact local Privacy Officers, either by mail or by email on the following address Alameda dos Maracatins 1217, 3F, Indianópolis, São Paulo, 04089-014 – SP, Brazil or email address [email protected]. and state the type of information you do not want to receive anymore or indicate the email address you want to unsubscribe from.
Due to the importance we grant to privacy and data protection, we do everything we can to safeguard your Personal Data from any misuse. Our employees are trained to correctly deal with Personal Data. Your Personal Data is hosted in secured environments, which are not accessible to the public. Our computer facilities are equipped with back-up, filtering and firewall systems, conforming to the adequate industry security standards. Access to your Personal Data is solely granted to those persons who are authorized for the performance of their duties. Furthermore, we are PCI-DSS certified to guarantee that data are stored and handled safely.
What exactly are cookies?
To collect the information as described in this Policy, we use cookies on our website.
A cookie is a small file that a website or its service provider transfers to your computer’s hard drive through your web browser that enables the websites or service providers systems to recognize your browser and capture and remember certain information.
You can set your browser to notify you when you receive a cookie. This enables you to decide if you want to accept it or not. Alternatively, you can choose to turn off all cookies via your browser settings. However, some of the services and features offered through our Website may not function properly if your cookies are disabled.
Cookies can be first party or third-party cookies.
We use the following cookies on our Website:
These cookies are essential in enabling you to move around our website and use its features. Without these cookies, services you have asked for cannot be provided. They are deleted when you close the browser. These are first party cookies.
These cookies collect anonymous data about how visitors use our website. They allow us to recognize and count the number of visitors and to see how visitors move around our website when they are using it and the approximate regions that they are visiting from. These are first party cookies.
These cookies allow the website to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customize. The information these cookies collect may be anonymized and they cannot track your browsing activity on other websites. These are first party cookies.
The use of cookies allows us and our advertisers to deliver information more relevant to you and your interests and they may also connect you with social media networks. These are persistent cookies which will be kept on your device until their expiration or earlier manual deletion. We make use of third party cookies, including the Google Analytics cookie and the Google Advertising cookie.
Our use of the Google Analytics is as foreseen on Google’s policy “How Google Uses Information from Sites or Apps That Use Our Services” available at https://policies.google.com, which you completely agree with when accepting this Privacy Policy. Any use made by Google and its partners of the user data collected through these tools will be the sole liability of Google, holding EPAG harmless of any resulting liability.
By using our website, you are consenting to our use of cookies. If you, or another user of your device, wishes to withdraw your consent at any time, you can do so by altering your browser settings, otherwise we will assume that you are happy to receive cookies from our website.In addition to paragraph 14.d above, should you not wish us to use Analytics and Advertising cookies, you can access the following page to deactivate Google Analytics: https://tools.google.com/dlpage/gaoptout/.
Please note that EPAG Services and EPAG website are not intended for children under the age of 16. EPAG is committed with the protection of children’s privacy, particularly in an online environment. To our best knowledge, EPAG does not collect personally identifiable information from children under 16 without parental authorization. If a parent or guardian becomes aware that his/her child has provided Personal Data to EPAG without his/her authorization, please contact us at [email protected].
We are not responsible for the privacy policies and practices of other websites even if you accessed the third-party website using links from our Website. We recommend that you check the policy of each website you visit and contact the owner or operator of such website if you have concerns or questions.
We reserve the right to amend or modify this Policy upon notice to you and if we do so we will post the changes on this page. It is your responsibility to check the Policy every time you submit information to us or place an order.
If you have any questions about this Privacy Policy, or if you wish to exercise your rights mentioned under clause 12 please contact our Privacy Officers via mail at this address: ELPL Tecnologia em Pagamentos Ltda. Privacy Office Alameda dos Maracatins 1217, 3F, Indianópolis, São Paulo, 04089-014 – SP, Brazil; or email address [email protected] according to the procedure described in clause 12.
You can also contact our group Data Protection Officer by email on the following address: [email protected].