Organizations operating in the EU or handling data of EU citizens need to be compliant with the GDPR by May 25th, 2018. Located in the United States, the Payhere team established full GDPR compliance prior to this deadline.
Data privacy and security have always been top priorities for Payhere. We’re optimistic about the changes the GDPR will bring to the industry, and the opportunity it gives us to strengthen our commitment to user privacy and data protection. We’ve taken all necessary steps to ensure our compliance with the GDPR, as both a data controller and data processor.
Here are the policy, product, and operational changes you can expect from Payhere to comply with the GDPR.
Payhere preparation for GDPR
Under the GDPR, organizations are recognized as data controllers, data processors, or both. The requirements differ depending on your role in the data collection and handling process. Payhere is both a data controller (of data about our customers) and a data processor (of our customers’ data). Any Payhere customers managing the data of EU citizens are also data controllers, with Payhere acting as one of their data processors.
The GDPR has defined comprehensive data protection principles to standardize how data is collected and processed across countries. These include clarification around what constitutes “personal data”, requirements for explicit user consent to collect their personal data, standardization around the security of personal data, and the expansion of user rights with respect to their personal data and the “right to be forgotten”.
Policy Updates & Certifications
- Terms of Service: Our Terms of Service have been updated, and we have a Data Processing Addendum (with the Model Clauses required by the GDPR) pre-signed and available at your request (email email@example.com for a copy).
- Data Usage: We’ve completed a comprehensive data audit to ensure we only collect data critical to business needs and will review our retained data regularly. We’ve also streamlined how we use personal data throughout our infrastructure to limit usage of data to only the necessary applications that allow us to operate our service.
- Data Access, Portability, and Deletion: We have a process that allows customers to request that their data be corrected, exported, or deleted.
Our commitment to security and privacy
It’s critical that we find ways to establish trust on the Internet, and that technology businesses operate with strong, transparent, and standardized security and privacy practices. As a business that is regularly trusted with financial and other confidential business data, this effort is especially important to us. We believe the GDPR is a major step forward.
At Payhere we take pride in our approach to data privacy and protection, and in our compliance with the GDPR. For new features and products we develop at Payhere, we incorporate “privacy by design” principles to carefully understand the privacy and security implications and ensure we build with them top of mind. As these new standards are put in place, we’re committed to meeting them to deepen the trust we’ve built with our customers.
If you have any questions, please do not hesitate to contact us.
Payhere’s Data Processing Addendum provides assurances that: (1) Payhere acts solely as a service provider (as that term is defined under the CCPA) on a customer’s behalf, (2) Payhere does not retain, use or disclose personal data for any purpose other than the purposes described in the DPA, (3) and Payhere does not “sell” Personal Data (within the meaning under the CCPA).