- The incorporation of your personal data in personal data files of PayXpert
- The access by PayXpert to the data that, according to the infrastructure of this website, are required to contact the user, validations or recommendations on social networks and / or send the newsletters.
- The authorization to communicate electronically with you in response to your inquiries, sending an offer or quotation.
- The periodic realization of analysis studies of the web for statistical purposes based on the data provided.
As a result of your registration and interaction through this website you can collect and store the following information of a personal nature:
- Name, email address and contact information.
- Data on your activities on this platform (articles and content you visit or are related to your browsing profile);
- The electronic communications you send us or data that you issue in your queries.
- In the event that the international transfer of data is required to send the requested information, the transfer will be requested for your express consent. We always try to use secure tools whose servers are preferably within any member state of the European Union, or that comply with European regulation.
Exercise of rights
At any time the user can modify their preferences in which regards the receiving of commercial communications, as well as exercise at all times their rights of access, rectification, erasure and to be forgotten, object, portability and limitation in, by contacting Payxpert provided in Regulation (EU) 679/2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, by means of a written communication via email address gdpr (@) payxpert.com. The user must accompany a copy of their national identity document, passport or other valid document that identifies them; as well as all the necessary attached documentation and evidence of the right exercised.
You can also make use of the models and forms that for the exercise of these rights makes available ICO’s portal.
In addition, if you do not wish to receive communications by e-mail, you can exercise your right of erasure or to be forgotten, limitation on processing and object by electronic mail, as well as through a link that you will have in each e-mail that you receive from us.
The right of access means that you have the right to obtain information about whether your personal data is being processed, the purpose of the processing that is being carried out, the processing to which they are subject to, as well as the information available on the origin of the data, data transfers, the conservation period and the communications made or to be made. To exercise it, you do not need to issue a justification, unless you have exercised it in the last six months and / or evidence a legitimate interest. If you exercise your right of access, Payxpert is legally obliged to decide on the access request within a maximum period of one month from receipt of the request. The same can be denied in case of existing a previous request in the previous six months, or because of a national or community standard or legislation.
The right of rectification means that you have the right to modify the data that are inaccurate or incomplete, for this you must indicate to us what data is referred and the correction that must be made providing documentation that justifies it. We will have to make the rectification as diligently as possible and, in any case, within a period not exceeding one month and we can only deny it by stating the reasons.
The right of erasure means that you have the right to have the data that prove to be inadequate or excessive to be suppressed, in this case justifying the concurrence of well-founded and legitimate reasons related to your specific personal situation. We will have to make the deletion within a period of no more than one month, being able to deny it by expressing the reasons.
The right to object means that you have the right to not carry out the processing of your personal data or we cease in the same in the cases in which your consent for the processing is not necessary, that it is business prospecting files or that have the purpose of adopting decisions referred to the interested party and based solely on the automated processing of their data. We will have to carry out the rectification within a period not exceeding one month, being able to deny it by stating the reasons.
The right to restriction in the processing entails the power of the interested parties to request and obtain from the Data Controller, a limitation of the processing of their personal data when any of the following scenarios occur: inaccuracy, illegality, claims and / or object. We will have to proceed with the limitation as soon as possible and, in any case, within a period of no more than one month, being able to deny it by stating the reasons.
The right to be forgotten implies the right to prevent the dissemination of personal information through the Internet when its publication does not meet the adequacy and pertinence requirements set forth in the regulations. We will have to process your request as soon as possible and, in any case, within a period not exceeding one month, being able to deny it by stating the reasons
The right to data portability is a right that complements the right of access, since it allows people to obtain the data they have provided to the company (Controller) in a structured, commonly used and machine-readable format. It implies that your personal data, as a user, can be transmitted directly from the company to another, without the need to be delivered to the user, provided that this is technically possible. We will have to make this transfer – as technically possible – as soon as possible and, in any case, within a period of no more than one month, being able to deny it expressing the reasons.
In which regards the rights in the processing of data through social media channels, you must take into account the following:
- Access, data portability and the right to be forgotten are defined by the functionality of each social network and the ability to access information according to the configuration you have designed for your profile.
- We can only rectify the rectification in relation to that information that is under our control, for example, delete comments posted on this page from a linked social network or our profiles on social networks, provided they are not by third parties. Everything that escapes our control must request its exercise before the social network in question.
- The deletion, opposition or limitation in the processing can be executed in relation to the information that is under our control or yours as a user, for example, stop being a follower in that social network that you decide. As a user, you can always control your connections, eliminate content that no longer interests you and restrict who you share your information with, so it is convenient that you access and configure the privacy of your accounts.
Security Measures Applicable to the Processing of Personal Data
- Risk: According to the data required from users and according to the activity of the Processor, a Risk Analysis/Assessment has been carried out regarding the processing of the data, evaluating them, graduating them and taking those measures for an adequate protection and security.
- Security Document: PayXpert states that it has a Security Document, in accordance with the aforementioned Risk Analysis and the criteria and principles of Regulation (EU) 679/2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
- Protocols: PayXpert declares that it has and keeps updated a series of protocols and work processes in general and, in particular, regarding the management of Personal Data; Committing to disclose them among all those employees, staff and third parties with whom it works and have access to data. Likewise, PayXpert undertakes not to allow access or processing of files with personal data to personnel who have not received a copy of said documents.
- Incident Registry: PayXpert states that it has an Incident Registry that complies with what is specified in the Security Document and the proactiveness principles of the Controller, this registry being used by its personnel for the report of any incident related to the security of the information and personal data as well as any files with processing of personal data.
- Access Control: PayXpert states that it complies with the following measures regarding access control:
- Maintains an updated list of authorized users and accesses.
- Allows access only to authorized users according to the functions assigned to each of them.
- Establishes mechanisms that prevent access to data or resources with rights other than those authorized.
- Access are only granted by authorized personnel.
- Identification and Authentication: PayXpert in its access to personal data maintains the following security measures regarding the identification and authentication of users who will have access to said data:
- The identification and authentication is personalized.
- There is a procedure for assigning and distributing passwords, which imposes the use of robust passwords. Passwords are stored in an unintelligible way.
- The passwords are confidential (only known by the user).
- Passwords are changed very regularly and with time periods assigned that depend on the data that gets available with such access.
- Support Management: PayXpert has adopted the following security measures regarding media with personal data:
- Maintains a media inventory.
- Has established a labelling system according to the inventory system that also allows to identify the type of information they contain.
- Stores the authorized media in a restricted access area.
- Has established an authorization regime for the outputs of supports for its facilities, including outputs through e-mail.
- Adopts specific measures aimed at guaranteeing the confidentiality and security of personal data during transport and disposal of media.
- Security copies: PayXpert states that it has a backup system that guarantees the recovery of information (if necessary), and that the same is regularly tested.
- Non-Automated Files: Regarding the documents with personal data to which PayXpert has access adopts the following measures:
- Keeps the documentation in filing cabinets, drawers or cabinets that have a system that hinder its opening.
- During the review or processing of documents, the person in charge of them must be diligent and guard it to avoid unauthorized access. Only authorized personnel have access to documents.
- If a documentation transfer occurs, security measures are adopted that prevent the loss or access by third parties to said documentation.
- Third party personnel: PayXpert has duly communicated these obligations to its staff, ensuring compliance with the applicable regulations. Also, and by virtue of Regulation (EU) 679/2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, all those responsible for processing on behalf of them have the appropriate contract for the processing signed, where there is the commitment of the latter to comply with the same legal minimums and with the measures outlined by the Controller in terms of management and protection in the processing of personal data.
We store the user’s personal data on secure servers, protected against the most common types of attacks located in France.
However, and since there is no invulnerable technology, the user must also put the means at their disposal to maintain the level of security of their data, through the use of robust passwords, the periodic modification of their passwords, avoiding using the same in diverse accounts as well as avoiding taking note of them in any physical or unencrypted medium.
PayXpert uses up-to-date technologies to protect your personal data and information, striving for the strictest confidentiality and application of technical tools for technical and organizational information security (passwords, physical security, data encryption, etc.) that correspond according to the applicable legislation, as well as keeping at all times the security document with the regulatory measures established.
Transfer of data to third parties
PayXpert informs the users that their personal data will not be transferred to third parties or organizations, with the exception that said transfer of data is covered by a legal obligation or when the provision of the service implies the need for a contractual relationship with service providers responsible for the processing. In the latter case, only the transfer of data to the third party will take place when PayXpert has the consent of the user and maintains a contractual relationship with the person in charge of the processing that guarantees its confidentiality and compliance.
If PayXpert is required by the competent authorities, may communicate personal information to respond to legal requirements, criminal investigation of possible illegal activity or claims that a content infringes the rights of third parties or protect the rights, property or security of third parties. In such cases, PayXpert may communicate to the competent authorities personal information such as name and surname, city or province, postal code, telephone number, email address, user history and address IP.
Prohibition to users to transfer data from third parties
PayXpert expressly prohibits the user from sharing, facilitating or transferring data of third parties to anyone, which may be obtained as a result of contact, interaction or browsing performance or consultation through this website, unless it could accredit the express authorization of the user whose data is intended to transfer.
We remind users that when we talk about data we also talk about image files of people. The personal image is a data protected by regulations. No one can use it without the express consent of the person who appears in it.
As a user, you acknowledge that you assume your responsibility and hold PayXpert blameless against any possible claim, penalty, fine or sanction that may be required to be borne as a result of the breach by the user of the described duty.
Comments and social networks
The data included in the form to make comments on this website may be read by third parties, and the name and other data may be read, once a comment is approved. If you make comments on the website of PayXpert, you assume the display of the comment and the data you use to assign such comment on its completion.
PayXpert actively works channels on LinkedIn social networks with the main purpose of publishing and disseminating information about the services provided through the website of PayXpert, interact with users and serve as a channel of attention and social interaction.
In the event that you access this website using an application that connects a social network with this website, you are authorizing the social network to share some data with PayXpert. It is important that you know that if you have geolocated your accounts in social networks said information of your location when sharing in networks will be visible to third parties with whom you share your information.
For more information about the method by which data is shared with social networks, we recommend that you check the privacy policies of each social network in question, as well as responsibly configure your profile in social media accounts and email applications to guarantee your privacy and security.
How to contact us
All comments, queries and requests relating to our use of your information are welcomed, or if you should wish to exercise any of your rights, you should write to firstname.lastname@example.org