Transfer of Data
Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those from your jurisdiction. If you are located outside Denmark and choose to provide information to us, please note that we transfer the data, including Personal Data, to Denmark (a member state within EU) and process it there.
Disclosure of Data
Mazepay A/S may disclose your Personal Data in the good faith belief that such action is necessary to:
To comply with a legal obligation
To protect and defend the rights or property of Mazepay A/S
To prevent or investigate possible wrongdoing in connection with the Service
To protect the personal safety of users of the Service or the public
To protect against legal liability
The security of your data is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
Links to other Sites
Our Service does not address anyone under the age of 18 ("Children"). We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children, we will take steps to remove that information from our servers.
Company ID: 39772388
8000 Aarhus C
1. Purpose and Scope
2. Processing of your Personal Data
Visit to the www.mazepay.com domain
1. How and why we use your Personal Data
We collect and process your Personal Data on our website to improve the experience for visitors and share relevant material.
2. Categories and types of data collected and received
When you visit Mazepay’s website, we may collect basic session information including IP-address, referrer, device and browser characteristics, and timestamp.
If you choose to interact with the communication technologies available on our website, we may collect additional information directly from you including, but not limited to, your name, email, professional position, phone number, and company.
The purpose for collecting and processing this data is to provide our services and information on our website, to confirm your identity and verify your personal and contact details and to analyse and optimise website traffic. The legal basis for the processing is to comply with applicable laws and pursue the legitimate interests of Mazepay.
Anonymous use of Mazepay’s website (www.mazepay.com)
3. Sharing of Personal Data
Mazepay acts as the data controller when collecting the information during your visit to www.mazepay.com. Mazepay does not share any collected, personal data with any 3rd party for commercial purposes. Mazepay uses sub-processors in accordance with the sub-processor documentation.
4. Retention and transfers of data
Mazepay stores the data up to 24 months after the last visit.
Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your country where the data protection laws may differ from those in your jurisdiction. If you are located outside Denmark or the EEA/EU and choose to provide information to us, please note that we transfer the data, including Personal Data, to our sub-processors as set out in the sub-processor documentation linked above.
Use of app.mazepay.com domain
1. How and why we use your Personal Data
We collect and process information about you to provide the Mazepay service, to enable identification of individual users for compliance with the employer’s implementation of the Mazepay service, and to ensure compliance with applicable regulations including strong customer authentication requirements as set out in the Payment Service Directive 2.
2. Categories of data collected and received
When you use different functionalities of the Mazepay services, we may collect and process the following information directly from you, your employer, or your employer’s official representatives:
IP-address, name, professional email, professional position, phone number, employer
Identity documentation, such as a photocopy of your passport, driver’s license and similar where required for Know-Your-Customer activities
User behaviour when interacting with app.mazepay.com
Location, if relevant
Account numbers and parts of payment card numbers
The legal basis for collecting and processing this data is the contractual agreement your employer has entered or is considering entering into a contract with us regarding the use of Mazepay services which requires us to process the data in order to perform our obligations under the contract.
Further basis for collecting and processing these data is to comply with the legal obligations to ensure compliance with applicable regulations including but not limited to:
The Danish Anti-Money Laundering Act (in Danish “Hvidvaskloven” or as applicable in any countries where we are licensed to operate)
The Danish Payments Act (in Danish “Lov om betalinger” or as applicable in any countries where we are licensed to operate)
The Danish Data Protection Act (in Danish “Databeskyttelsesloven”)
The legal basis for collecting and processing data about you when you use the Mazepay services is Mazepay’s legitimate interest to develop the services, including strengthening IT security measures, preventing unauthorised access to and loss of sensitive and personal information, and to improve the overall user experience for Mazepay’s services. In this context, we ensure to only collect and process your personal information if our interest overrides your interest and your rights are not adversely affected by our processing.
3. Sharing of Personal Data
Mazepay acts as the data processor where the personal information is received from the individual’s employer. The employer who signs up to use the Mazepay services must have relevant legal terms in place with the individual employee to ensure the lawfulness of processing the Personal Data.
Mazepay acts as the data controller when you use the Mazepay service to ensure compliance regulatory requirements (e.g. Payment Service Directive 2). Mazepay further acts as a joint data controller in exchange of information with the associated corporate card issuing partner in order to continuously ensure that the identity and use of the Mazepay and issuing partner services happen in accordance with applicable legislation. Mazepay uses sub-processors in accordance with the sub-processor documentation as linked below.
4. Retention and transfers of data
We retain your data for as long as necessary for the purpose for which the data has been collected and is being processed. When your employer terminates a contract to deliver the Mazepay services, we usually store your personal information for an additional 7 years. This is done in order to comply with the regulatory requirements as set out in the applicable legislations as mentioned above or the Danish Financial Supervisory Authority’s requirements.
Your information, including Personal Data, may be transferred to - and maintained on - computers located outside of your country where the data protection laws may differ from those in your jurisdiction. If you are located outside Denmark or the EEA/EU and choose to provide information to us, please note that we transfer the data, including Personal Data, to our sub-processors as set out in the sub-processor documentation linked.
Mazepay uses sub-processors in accordance with the sub-processor documentation.
3. Security and integrity
Mazepay always processes Personal Data in accordance with applicable laws and regulations, and we have implemented appropriate technical and organisational security measures to prevent that your Personal Data is used for non-legitimate purposes or disclosed to unauthorised 3rd parties and otherwise protected from misuse, loss, alteration or destruction. The technical and organisational measures that we have implemented are designed to ensure a level of security appropriate to the risks that are associated with our data processing activities, in particular accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to your personal data including access control to premises, facilities, systems and data, disclosure control, input control, job control, availability control and segregation control.
Mazepay is subject to PCI-DSS self-assessment requirements and is therefore obligated to adhere to all the requirements stated by the PCI Security Standards Council. To get more information about the different requirements of the PCI Security Standards Council please read more here: https://www.pcisecuritystandards.org.
4. Profiling and decision automation
Mazepay may use profiling in our work to combat money laundering, to detect and minimise the risk of fraud, and for identity validation.
4.2. Decision automation
Mazepay may automate decision-making based on the information collected about you in order to prevent fraud and ensure compliance with applicable legislation.
5. Rights of the data subjects
You have a range of important rights under EU law regarding your Personal Data. There are exceptions to these rights related to your employer’s contractual agreement with Mazepay, so access may be denied when we are legally prevented from making a disclosure.
5.1. Right of access
You have the right to access the personal information that we have collected including origination and purpose for which the information is processed. Your right to access may be limited by legislation or the information may be subject to an exemption from the right of access including but not limited to the overriding interest of another data subject, public interest and national defence, or safeguarding of our business secrets and practices.
5.2. Right to object
You have the right - under certain circumstances - to object to our processing of your Personal Data. This could be, for instance, where the processing is based on our legitimate interest.
5.3. Right to rectification
In case that the Personal Data collected is inaccurate, you have the right to rectify the data stored and processed. In case that the data is incomplete, you have the right to have the data completed. Such rectification may require that you provide additional or validated data.
5.4. Right to erasure
You have a right to have your data erased in cases where purpose of the collection of the data has expired. However, Mazepay may be required to retain such Personal Data in accordance with applicable legislation, regulations or supervisory authorities guidance, or for the purpose of preparing, defending against, or exercising a legal claim.
5.5. Right to restrict processing
In the case that you have object, requested rectification, or erasure, you have the right to demand that we restrict the processing of the data to storage. Such restriction to store data will only be limited until the accuracy is verified or it was identified if your interest supersedes our interest or legal obligations.
5.6. Withdrawal of consent
You may retract your consent for Mazepay’s processing of your Personal Data at any time. In case that you retract your consent, we may not be able to offer you access to the Mazepay’s services or the services that your employer has entered into a contract for Mazepay to deliver.
Please note that Mazepay may continue to process your Personal Data based on, but not limited to, contractual obligations with your employer, our obligation to comply with applicable law, and similar.
6. Links to other Sites
8. Contact us