NAYAX

USER RIGHTS POLICY

 

Last updated: January 1, 2020

 

NAYAX values the privacy rights of our Users. Thus, we have designed this user right policy (“User Rights Policy”) as an overview of individuals’ rights the EU General Data Protection Regulation (“GDPR”), which shall apply to you in the event you are a resident of the European Economic Area and the California Consumer Privacy Act of 2018 ("CCPA") which shall apply to you in the event you are in California for other than a temporary or transitory purpose or is domiciled in California. If you wish to submit a request to exercise any of your rights, please fill in the Data Subject Request (DSR). Terms used herein and not defined shall have the meaning ascribed to them in the Privacy Policy.

 

Under the GDPR

Personal Information

Personal data” is defined as any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, email address, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Online identifiers may be considered as personal data, such as IP addresses, cookie identifiers, and radio frequency identification tags. Personal data also covers publicly available data.

 

Your Right to Be Informed

You have the right to be informed with the Company’s details (e.g. name, address, etc.), as well as why and how we process personal data. This right includes, among others, the right to be informed with the identity of the business, the reasons and lawful basis for processing personal data, and additional information necessary to ensure the fair and transparent processing of personal data (for specific information that must be provided to you please see Exhibit A).

 

Access

You have a right to request us to confirm whether we process certain personal data related you, as well as a right to obtain a copy of such personal data, with additional information regarding how and why we use this personal data. After we receive such request, we will analyze and determine the veracity and appropriateness of the access request and provide you with the applicable confirmation of processing, the copy of the personal data or a description of the personal data and categories of data processed, the purpose for which such data is being held and processed, and details about the source of the personal data if not provided by you. Our response detailed above will be provided within the period required by law (please see below). Please note, we may ask you to provide us with certain information to authenticate your identity.

 

Rectification

If personal data held by us is not accurate or up to date, you may require us to update such data so it is accurate. Further, in the event we have passed on incorrect information about you to a third party, you also have a right to ask us to inform those third parties of the applicable information should be updated.

 

Erasure ("Right To Be Forgotten")

You have the right to require us to erase certain personal data, subject to fulfillment of specific conditions. We are required to comply with a request to exercise the right to be forgotten, and delete the requested personal data if:

In addition, in the event we have passed on your personal data to a third party, you have the right to instruct us to request those third parties to erase such information. Please note that, this right to erasure is not absolute. We are entitled to reject your request to erase the data in the event that we find it (subject to applicable laws):

 

Object

With regards to personal data processed by us under the lawful basis of our legitimate interests, you may object to our processing on such grounds. However, even if we receive your objection, we will be permitted to continue processing the personal data in the event that (subject to applicable laws and regulations):

 

Restriction

You may request to limit the purposes for which we process your personal data in the event that:

 

Data Portability

You may request us to send or "port" your personal data held by us to a third-party entity, however, solely when:

 

Response Timing and Format

 

We endeavor to respond to a verifiable request within 30 days. If we require more time, up to 60 days, we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request justify a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Deletion rights described above, please submit a request by either:

Calling us at:

(410) 666-3800

 

Emailing us at: privacy@nayax.com or support@nayax.com

Site Address: https://www.nayax.com/

All of the User Rights Policy sections under the GDPR also apply to individuals under the CCPA except for the following exceptions:

 

Personal Information

 

Personal Information” is defined as information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. The categories of information become personal information if that information identifies, relates to, describes, is capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular consumer or household. It does not cover publicly available information.

 

Right to be informed

 

The categories of personal information collected/sold/disclosed by us in the previous 12 months must be provided to you (for specific information that must be provided to you please see Exhibit A).

 

Right of Access

The right applies only to personal information collected in the 12 months prior to the request and we are not required to provide access to personal information more than twice in 12 months.

 

Right to deletion

 

Under the CCPA, there are no specific situations of deletion and no justifications needed for a deletion request.

In addition to the exceptions enumerated under the EU Law, we are not required to comply with the right to deletion in the following circumstances:

1) to perform a contract between you and us;

2) detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for that activity;

3) debug to identify and repair errors that impair existing intended functionality;

4) to enable solely internal uses that are reasonably aligned with your expectations based on the our relationship with you;

 

Response Timing and Format

 

We endeavor to respond to a verifiable consumer request within 45 days. If we require more time, up to 90 days, we will inform you of the reason and extension period in writing. Under the CCPA the data request only applies to the 12 months prior to the request and not more than 2 requests in a 12 months period.

 

Right to Opt Out (instead of the Right to Object mentioned above) 

Under the CCPA you have the right to opt out of the sale of personal information. In the event we will sell Personal Information, we will provide you with information on how to exercise your right to opt-out (by providing with applicable “DO NOT SELL MY DATA” feature.

Explicit Notice

Under the CCPA a third party is prohibited from selling information about you that has been sold by us unless you have received explicit notice and provided the opportunity to opt out.


 

Nondiscrimination

You must not be discriminated for exercising any of your rights, including by:

 

Under the CCPA we can set up incentive programs for providing financial incentives and you can opt-in to become part of them.

 

Data Portability

 

The CCPA’s right is limited to allowing you receive personal information, and it does not extend to having us transfer the information to another business.

 

 

 

Exhibit A

 

Information on the following must be provided to you:

 

 

Under the EU Law:

 

Under the CCPA: