Alipay, China's leading third-party online payment solutionAlipay, China's leading third-party online payment solution

Antom PayFac Data Handling Notice

PayFac Data Handling Notice

The Ant Group provides certain payment facilitation services to our merchants (the “PayFac Services”). These services facilitate e-commerce transactions for those merchants and help them manage their e-commerce businesses.

This “Data Handling Notice” describes for purposes of the PayFac Services, what personal data we handle about you, how we use it, how we share it, and your rights and choices. References to “you” or “your” in this Data Handling Notice refer to you as the individual shopper whose personal data we receive when providing the PayFac Services to our merchants. References to “Antom”, “we”, “us” or “our” in this Data Handling Notice refer to the relevant company(ies) in the Ant Group that are involved in providing the PayFac Services to our merchant(s). Depending on your location, this will include the following entities (each, a member of the “Ant Group” for which contact details are set out below):

Your Location

Ant Group Entity

Role of Ant Group Entity

 

US

AUS Merchant Services, Inc.

Email address: privacy@us.antgroup.com

As a “service provider” on behalf of the merchant (as a “business”) making the sale to you. This means that those merchants are responsible under applicable data protection laws and regulations for ensuring that your privacy rights are respected, including ensuring appropriate disclosures are made to you about data collection and use that happens in connection with the merchant’s products and services.

 

EU

Alipay (Europe) Limited S.A.

Email address: Privacy-OpenPlatform@alipay.com

 

As a "controller”. The merchant is also a “controller”.

 

Singapore

Alipay Singapore E-commerce Private Limited

Email address: Privacy-OpenPlatform@alipay.com

 

As a "controller”. The merchant is also a “controller”.

 

UK

Alipay (UK) Limited

Email address: Privacy-OpenPlatform@alipay.com

As a "controller”. The merchant is also a “controller”.

 

For information about how the merchant you transact with uses or shares your personal data, or otherwise about their privacy practices and controls, and your choices and privacy rights, please refer to the applicable merchant’s privacy notice.

1. WHAT PERSONAL DATA DO WE COLLECT ABOUT YOU?

When providing the PayFac Services to merchants, we collect the following personal data about you:

  • Contact information: including name, email address, phone number, billing address, and shipping address.
  • Transaction information: i.e., information about your transactions with a merchant, such as payment method, payment card details, payment amount, product/order information, transaction time.
  • Complaints information: records of your complaints relating to a merchant, such as chargebacks and refund information.
  • Identity information: identity and verification information for purposes of fraud prevention and identity authentication, such as your age (when purchasing age restricted goods), authorization to use a payment method, and government identification numbers.
  • Device and technical information: including IP address (which identifies the precise geolocation of the device and is used for purposes of fraud prevention and detection), device ID and other unique identifier of device, browser/platform type and version, internet service provider, operating system, device operations, and other information regarding your interaction with checkout page.

2. HOW WE USE YOUR PERSONAL DATA

We use your personal data for the following purposes:

Categories of Personal Data

Purposes for Processing

If you are located in the EEA/UK: Legal Basis for Processing

 

Contact information, transaction information, complaints information, identity information, device and technical information

Providing the PayFac Services to our merchant customers, including processing e-commerce payment transactions, calculating applicable sales tax, invoicing and billing, and helping customers calculate revenue, pay bills, and perform accounting tasks.

 

To comply with our legal obligations under payment services regulatory laws

Contact information, transaction information, complaints information, identity information, device and technical information

Sharing your personal data with the respective merchant according to applicable laws, payment scheme rules and the contractual obligations undertaken by us with such merchant. Please refer to the relevant merchant’s privacy notice for further information about how they use your personal data.

 

To comply with our legal obligations under payment services regulatory laws and where necessary to carry out our agreement with a merchant.

Contact information, transaction information, identity information, device and technical information

Verifying your identity, reducing fraud, and enhancing security in accordance with the instructions of the relevant merchants.

 

To comply with our legal obligations under payment services regulatory laws

Contact information, transaction information, complaints information, identity information, device and technical information

Complying with our own legal obligations to prevent fraud, money laundering, and other illegal activity, and to fulfil compliance reporting obligations.

 

To comply with our legal obligations under payment services regulatory laws

Contact information, transaction information, complaints information, identity information, device and technical information

Where permitted by law and pursuant to any applicable contractual restrictions, to enable any due diligence and other appraisals or evaluations for any actual or proposed merger, acquisition, financing transaction or joint venture contemplated by us.

 

To pursue our legitimate interests to operate and improve our business. You have a right to object to the processing of your personal data where that processing is carried out for our legitimate interests. Please note however that we may not be able to fulfil this request in all instances.

 

Where we need to collect personal data to comply with a legal obligation, and you do not provide this personal data when requested, we may not be able to comply with our legal obligations and in turn, provide the PayFac Services to the merchant.

3. WITH WHOM DO WE SHARE YOUR PERSONAL DATA?

We share your personal data to complete the transaction you request, with card schemes, banks and other financial institutions. We also share your personal data with:

  • our affiliates and subsidiaries;
  • the relevant merchant (as described in section 2 above);
  • contractors, professional advisers and third party service providers who provide administrative, customer support, telecommunication, computing, remittance or other services to us in connection with the operation or maintenance of the PayFac Service; and
  • governmental departments, regulatory bodies, law enforcement/tax/customs agencies, courts of law or other third parties, for example, in respect of anti-money laundering, sanction screening and fraud or illegal activity prevention.

Please refer to the relevant merchant’s privacy notice for further information about how they share your personal data. If you are located in the US, all sharing of your personal data with third parties - other than regulators, our affiliates or vendors - are done pursuant to the instructions of the relevant merchant.

4. YOUR CHOICES AND PRIVACY RIGHTS WITH RESPECT TO YOUR PERSONAL DATA

If you are located in the US: The relevant merchant from whom you make a purchase is the “controller” or “business” with regard to your personal data processed through the PayFac Services. They (rather than us) decide how and why your personal data is collected, used and shared, and how long it is retained. As a result, to make a request about your personal data, please contact the relevant merchant directly. If you send a request to us, we will forward that request to the relevant merchant and, where applicable, support them in meeting your request.

If you are located in the EU or the UK: You have certain rights in respect of your personal data as outlined below. If you would like to exercise any of the below rights then please contact Privacy-OpenPlatform@alipay.com and we will respond to your request. As necessary, we will ask you to provide proof of identity and to provide sufficient information to enable us to locate relevant personal data.

  • To ask for personal data that we hold about you to be corrected.
  • To ask us to erase your personal data if we no longer have a reason to hold it.
  • To ask us to restrict the processing of your personal data.
  • To ask for a copy of the personal data we hold about you.
  • To object to the processing of your personal data by us.

If you are located in Singapore: You have certain rights in respect of your personal data as outlined below. If you would like to exercise any of the below rights then please contact Privacy-OpenPlatform@alipay.com and we will respond to your request. As necessary, we will ask you to provide proof of identity and to provide sufficient information to enable us to locate relevant personal data.

  • To ask for personal data that we hold about you to be corrected.
  • To ask for a copy of the personal data we hold about you, and information about how that personal data has been used in the 12 months prior to the date of your request. As necessary, we may charge you a reasonable fee to respond to a request of this nature and we will provide you with a written estimate of any proposed fee.
  • To withdraw your consent to the processing of your personal data.

Please note that your privacy rights under applicable data protection laws are not absolute and are subject to certain exceptions and qualifications that mean they may not always apply.

5. INTERNATIONAL TRANSFERS OF PERSONAL DATA

Our operations are supported by a network of computers, servers and other infrastructure and information technology, including third party service providers – as identified in section 4 above. Some of these are established in countries outside of the European Economic Area (“EEA”), Singapore or the UK.

If you are located in the EEA/UK, your personal data identified in section 2 above is transferred outside of the EEA/UK as permitted by applicable data protection and privacy laws and regulations, including but not limited to the United States, China, and Singapore.

Ant Group has entered into standard contractual clauses (“SCCs”) for intra-group transfers of personal data. The categories of personal data processed by the data importers are set out in section 2 above. The data importers may also (onward) transfer personal data to third party recipients who may also be located outside the EEA/UK for the purposes set out in section 4 above. The data importers will only make such (onward) transfers to recipients ensuring appropriate safeguards are in place where required, or where otherwise permitted by the SCCs and which may include entry into SCCs.

Where we transfer personal data to other recipients located outside of the EEA/UK, we will always ensure that the recipient is based in a country with adequate data protection laws (e.g., Japan), that appropriate contractual obligations (e.g., SCCs) are implemented, that they otherwise adhere to Binding Corporate Rules, or that an appropriate derogation to legitimize the transfer can be relied on.

If you are located in Singapore, your personal data identified in section 2 above is transferred outside of Singapore as permitted by applicable data protection and privacy laws and regulations.

If you would like further information or a copy of the relevant contractual safeguards, you can contact us using the details set out in section 7 below.

6. HOW DO WE STORE YOUR PERSONAL DATA?

We will only retain your personal data for as long as is necessary to provide our PayFac Services and will not hold or process your personal data for any longer than we are legally permitted to. The criteria used to determine the appropriate retention period includes:

  • Regulatory requirements we are subject to
  • Whether a legal claim could be brought against us
  • Necessity of information to provide our PayFac Services to the merchant
  • The types of personal data being processed
  • The legal basis for processing your personal data

7. CONTACT US

If you would like to get in contact with us, please contact our Privacy Office by sending an email to Privacy-OpenPlatform@alipay.com.