top of page

Transfer of Data

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

Mazepay A/S will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.

Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those from your jurisdiction. If you are located outside Denmark and choose to provide information to us, please note that we transfer the data, including Personal Data, to Denmark (a member state within EU) and process it there.

Disclosure of Data

Mazepay A/S may disclose your Personal Data in the good faith belief that such action is necessary to:

  • To comply with a legal obligation

  • To protect and defend the rights or property of Mazepay A/S

  • To prevent or investigate possible wrongdoing in connection with the Service

  • To protect the personal safety of users of the Service or the public

  • To protect against legal liability

Data Security

The security of your data is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

Links to other Sites

Our Service may contain links to other sites that are not operated by us. If you click a third party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Children's Privacy

Our Service does not address anyone under the age of 18 ("Children"). We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children, we will take steps to remove that information from our servers.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the "effective date" at the top of this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact us

If you have any questions about this Privacy Policy, cookies or GDPR please contact us by email at dpo@mazepay.com

Contact information

Contact information

Mazepay A/S

Company ID: 39772388

Klostertorvet 6

8000 Aarhus C

Privacy policy

1. Purpose and Scope

This Privacy Policy applies to information found on Mazepay’s websites and your use of the services made publicly available as well as any solutions delivered in the Mazepay application. This privacy policy covers the following domains and sub-domains:

 

www.mazepay.com

www.app.mazepay.com

 

The purpose of this Privacy Policy is to inform you on how Mazepay collects, uses, and protects personal information as it applies on the individual websites.

 

2. Processing of your personal data

Mazepay A/S will take all steps reasonably necessary to ensure that your data is handled securely and in accordance with this Privacy Policy and that no transfer of your Personal Data will take place to an organisation or a country unless there are adequate controls in place including the security of your data and other personal information.

 

—————————

 

 

  1. How and why we use your personal data

We collect and process your personal data on our website to improve the experience for visitors and share relevant material.

 

  1. Categories and types of data collected and received

When you visit Mazepay’s website, we may collect basic session information including IP-address, referrer, device and browser characteristics, and timestamp.

 

If you choose to interact with the communication technologies available on our website we may collect additional information directly from you including but not limited to your name, email, professional position, phone number, and company.

 

The purpose for collecting and processing these data is to provide our services and information on our website, to confirm your identity and verify your personal and contact details and to analyse and optimise website traffic. The legal basis for the processing is to comply with applicable laws and pursue the legitimate interests of Mazepay.

 

Anonymous use of Mazepay’s website (www.mazepay.com)

Please note that you can always use Mazepay’s website without providing personal information. This is done by you when selecting cookies and where you do choose not to share your personal information in forms and similar (see our cookie policy for further information). Mazepay does not automatically link individual personal information obtained with technical information (e.g. IP-address) to identify visitors.

 

  1. Sharing of personal data

Mazepay acts as the data controller when collecting the information during your visit to www.mazepay.com. Mazepay does not share any collected, personal data with any 3rd party for commercial purposes. Mazepay uses sub-processors in accordance with the sub-processor documentation [INSERT LINK].

 

  1. Retention and transfers of data

Mazepay stores the data up to 24 months after the last visit.

 

Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your country where the data protection laws may differ from those in your jurisdiction. If you are located outside Denmark or the EEA/EU and choose to provide information to us, please note that we transfer the data, including Personal Data, to our sub-processors as set out in the sub-processor documentation linked.

 

—————————

 

 

  1. How and why we use your personal data:

We collect and process information about you to provide the Mazepay service, to enable identification of individual users for compliance with the employer’s implementation of the Mazepay service, and to ensure compliance with applicable regulations including strong customer authentication requirements as set out in the Payment Service Directive 2.

 

  1. Categories of data collected and received

When you use different functionalities of the Mazepay services we may collect and process the following information directly from you, your employer, or your employer’s official representatives:

  • IP-address, name, professional email, professional position, phone number, employer.

  • Identity documentation, such as a photocopy of your passport, driver’s license and similar where required for know-your-customer activities

  • User behaviour when interacting with app.mazepay.com

  • Location, if relevant

  • Account numbers and parts of payment card numbers

 

The legal basis for collecting and processing these data is the contractual agreement your employer have entered or is considering entering into a contract with us regarding the use of Mazepay services which requires us to process the data in order to perform our obligations under the contract.

 

Further basis for collecting and processing these data is to comply with the legal obligations to ensure compliance with applicable regulations including but not limited to:

  • The Danish Anti-Money Laundering Act (in Danish “Hvidvaskloven” or as applicable in any countries where we are licensed to operate)

  • The Danish Payments Act (in Danish “Lov om betalinger” or as applicable in any countries where we are licensed to operate)

  • The Danish Data Protection Act (in Danish “Databeskyttelsesloven”)

 

The legal basis for collecting and processing data about you when you use the Mazepay services is Mazepay’s legitimate interest to develop the services including strengthening IT security measures, preventing unauthorised access to and loss of sensitive and personal information, and to improve the overall user experience for Mazepay’s services. In this context, we ensure to only collect and process your personal information if our interest overrides your interest and your rights are not adversely affected by our processing.

 

  1. Sharing of personal data

Mazepay acts as the data processor where the personal information is received from the individual’s employer. The employer which signs up to use the Mazepay services must have relevant legal terms in place with the individual employee to ensure the lawfulness of processing the personal data.

 

Mazepay acts as the data controller when you use the Mazepay service to ensure compliance regulatory requirements (e.g. Payment Service Directive 2). Mazepay further acts as a joint data controller in exchange of information with the associated corporate card issuing partner in order to continuously ensure that the identity and use of the Mazepay and issuing partner services happen in accordance with applicable legislation. Mazepay uses sub-processors in accordance with the sub-processor documentation as linked below.

 

  1. Retention and transfers of data:

We retain your data for as long as necessary for the purpose for which the data has been collected and are being processed. When your employer terminates a contract to deliver the Mazepay services we usually store your personal information for an additional 7 years. This is done in order to comply with the regulatory requirements as set out in the applicable legislations as mentioned above or the Danish Financial Supervisory Authority’s requirements.

 

Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your country where the data protection laws may differ from those in your jurisdiction. If you are located outside Denmark or the EEA/EU and choose to provide information to us, please note that we transfer the data, including Personal Data, to our sub-processors as set out in the sub-processor documentation linked.

 

Mazepay uses sub-processors in accordance with the sub-processor documentation [INSERT LINK].

 

—————————

 

  1. Security and integrity

Mazepay always process personal data in accordance with applicable laws and regulations, and we have implemented appropriate technical and organisational security measures to prevent that your personal data is used for non-legitimate purposes or disclosed to unauthorised third parties and otherwise protected from misuse, loss, alteration or destruction. The technical and organisational measures that we have implemented are designed to ensure a level of security appropriate to the risks that are associated with our data processing activities, in particular accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to your personal data including access control to premises, facilities, systems and data, disclosure control, input control, job control, availability control and segregation control.

 

Mazepay is subject to PCI-DSS self-assessment requirements and is therefore obligated to adhere to all the requirements stated by the PCI Security Standards Council. To get more information about the different requirements of the PCI Security Standards Council please read more here: https://www.pcisecuritystandards.org.

 

  1. Profiling and decision automation

    1. Profiling

Mazepay may use profiling in our work to combat money laundering, to detect and minimise the risk of fraud and for identity validation.

 

    1. Decision automation

Mazepay may automate decision-making based on the information collected about you in order to prevent fraud and ensure compliance with applicable legislation.

 

  1. Rights of the data subjects

You have a range of important rights under EU law regarding your personal data. There are exceptions to these rights related to your employer’s contractual agreement with Mazepay, so access may be denied when we are legally prevented from making a disclosure.

 

    1. Right of access

You have the right to access the personal information that we have collected including origination and purpose for which the information is processed. Your right to access may be limited by legislation or the information may be subject to an exemption from the right of access including but not limited to the overriding interest of another data subject, public interest and national defence, or safeguarding of our business secrets and practices.

 

    1. Right to object

You have the right - under certain circumstances - to object to our processing of your personal data. This could be, for instance, where the processing is based on our legitimate interest

 

    1. Right to rectification

In case that the personal data collected is inaccurate, you have the right to rectify the data stored and processed. In case that the data is incomplete you have the right to have the data completed. Such rectification may require that you provide additional or validated data.

 

    1. Right to erasure

You have a right to have your data erased in cases where purpose of the collection of the data has expired. However Mazepay may be required to retain such personal data in accordance with applicable legislation, regulations or supervisory authorities guidance or for the purpose of preparing or defending against or exercising a legal claim.

 

    1. Right to restrict processing

In the case that you have object, requested rectification or erasure you have the right to demand that we restrict the processing of the data to storage. Such restriction to store data only will be limited until the accuracy is verified or it was identified if your interest supersedes our interest or legal obligations.

 

    1. Withdrawal of consent

You may retract your consent for Mazepay’s processing of your personal information at any time. In case that you retract your consent we may not be able to offer you access to the Mazepay’s services or the services that your employer has entered into a contract for Mazepay to deliver.

 

Please note that Mazepay may continue to process your personal information based on but not limited to contractual obligations with your employer, our obligation to comply with applicable law and similar.

 

  1. Links to other Sites

Our Service may contain links to other sites that are not operated by us. If you click a third party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

 

  1. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the "effective date" at the top of this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

 

  1. Contact us

If you wish to exercise your rights within applicable legislation for insight into the data stored, objection, correction or erasure or you have any questions about this Privacy Policy, cookies or GDPR please contact us by email at dpo@mazepay.com

bottom of page