Midaspay
Privacy Policy
Last modified: October 2025
Thank you for using Midaspay! We respect your privacy and appreciate your trust and confidence in us.
Here is a summary of the information contained in this privacy policy (“Privacy Policy”). This summary is to help you navigate the Privacy Policy and it is not a substitute for reading everything. You can use the hyperlinks below to jump directly to particular sections.
Please note that this Privacy Policy only applies to the processing of your personal information when you use the Midaspay website and online platform (https://merchant.midaspayment.com), as well as the processing of your personal information by Midaspay for facilitating payment transactions and providing payment transaction-related services (collectively, the "Midaspay Service"). If you use any other products or services, please refer to the privacy policy for that particular product or service.
Midaspay Service is provided by three separate entities, each acting as an independent data controller for users in different countries. These entities are:
· HARVEST SHARP LIMITED, whose registered address is 29th Floor, Three Pacific Place, 1 Queen’s Road East, Hong Kong.
· CENTAURI TECHNOLOGY PTE. LTD., whose registered address is 10 Anson Road, #21-07, International Plaza, Singapore 079903.
· MP CENTAURI TECHNOLOGY EUROPE B.V., whose registered address is Buitenveldertselaan 5 1082 VA, Amsterdam, the Netherlands.
PLEASE NOTE THAT IF YOU ARE A USER OF A PRODUCT OR PLATFORM THAT INCORPORATES THE MIDASPAY SERVICE, YOU SHOULD DIRECT ANY QUERIES REGARDING THE PROCESSING OF YOUR PERSONAL INFORMATION (INCLUDING PAYMENT INFORMATION) TO THAT PRODUCT OR PLATFORM.
SUMMARY
Here is a summary of the information contained in this Privacy Policy. You can find more detail by clicking “More Information”.
What information do we need to provide the Midaspay Service? | · If you use Midaspay for payment, then we will process your payment information, card binding function data, device and network information, sanctions and verification data, and transaction records. · If you need to get in touch with us, we will retain some information (such as your email, name, Company Name and your position in the company, and, if applicable, any messages you send us) so that we can review and respond to your queries/requests. · If you register an account for or log in to use the Service, we will need some information from you to set this up. This includes a nickname as your username, and your email address. · Only after you sign a contract with us and your registration for the account is approved, we will need more information to provide the Service to you. This includes your contract signed with us and your transaction records (without personal information of your end users) conducted via our Service. | |
How will we use your information? | · We use your information in order to process your transaction. We also adopt fraud prevention and security measures to guard against unauthorised transactions. · We use your information to set up your account, enable you to use the Service, and to comply with our legal obligations and enforce our legal rights. | |
Who do we share your information with? | · We use some third parties (e.g. third party risk control service providers) to help us deliver the best possible experience and to facilitate the payment processing service. When we use a third party, we only do this to process your information for the purposes described in this Privacy Policy. We also have affiliates around the world who help us deliver Midaspay and we may be required by a court or legal obligation to disclose certain information in some circumstances. | |
Where do we process your information? | · Our servers are located in Singapore and Germany. Your information may be processed from outside of where you live by our support, engineering and other teams around the world, including from the People’s Republic of China. | |
How long do we keep your information? | · We retain your information for up to seven (7) years, after which time your data is deleted (as further described in this Privacy Policy), unless we are otherwise required to retain such data by applicable laws. · Unless otherwise required or permissible by applicable laws, we retain your information for the period during which you maintain an account for the Service, or for so long as the information is needed to fulfil the purpose for which it was collected (as further described in this Privacy Policy). We then delete or anonymise such data, in accordance with applicable laws. | |
How can I exercise my rights over my information? | · Depending on where you are, you may have certain rights with respect to your information, such as rights of access, to receive a copy of your data, or to delete your data or restrict or object to our processing of your data. | More Information |
How will we notify you of changes? | · Please check this page frequently to see if there are any updates or changes to this Privacy Policy. | More Information |
Welcome to Midaspay!
This Privacy Policy explains the when, how and why when it comes to the processing of your personal information when you use the Midaspay website and online platform (https://merchant.midaspayment.com), as well as the processing of your personal information by Midaspay for facilitating payment transactions and providing payment transaction-related services (collectively, the "Midaspay Service"), and sets out your choices and rights in relation to that information. Please read it carefully – it will allow you to understand how we collect and use your information, and how you can control it.
Please note that this Privacy Policy only applies to the Midaspay Service. If you use any other products or services, please refer to the privacy policy for that particular product or service.
If you do not agree to the processing of your personal information in the way this Privacy Policy describes, please do not provide your information when requested and stop using Midaspay. By providing your information through Midaspay you are acknowledging how we process your personal information as described in this Privacy Policy.
PLEASE NOTE THAT IF YOU ARE A USER OF A PRODUCT OR PLATFORM THAT INCORPORATES THE MIDASPAY SERVICE, YOU SHOULD DIRECT ANY QUERIES REGARDING THE PROCESSING OF YOUR PERSONAL INFORMATION (INCLUDING PAYMENT INFORMATION) TO THAT PRODUCT OR PLATFORM.
Midaspay Service is provided by three separate entities ("we", "our" and "us"), each acting as an independent data controller for users in different countries. These entities are:
· HARVEST SHARP LIMITED, whose registered address is 29th Floor, Three Pacific Place, 1 Queen’s Road East, Hong Kong.
· CENTAURI TECHNOLOGY PTE. LTD., whose registered address is 10 Anson Road, #21-07, International Plaza, Singapore 079903.
· MP CENTAURI TECHNOLOGY EUROPE B.V., whose registered address is Buitenveldertselaan 5 1082 VA, Amsterdam, the Netherlands.
Our data protection officer can be contacted at dpo@centauriglobal.com.
Please reach out to us if you have any questions or concerns regarding the processing of your personal information.
This section describes the different types of personal information we collect from you and how we collect it. If you would like to know more about specific types of data and how we use that data, please see the section entitled “How We Use Your Personal Information” below.
The following is a high-level summary of the types of personal information we use. This information is provided by you directly or generated when you use Midaspay.
· Payment information
· Card binding function data (if and to the extent applicable)
· Device and network information
· Sanctions and verification data
· Transaction records
· Risk Control Information
· Entitlement to Discount Information
Children must not use the Service for any purpose. By children, we mean users under the age of 18 years old; or in the case of a region where the minimum age for processing personal information differs, such different age.
We do not knowingly collect personal information from children under these ages for any purpose. If you believe that we have personal information of a child under these ages, please contact us.
This section provides more detail on the types of personal information we collect from you, and why. For users who live in Brazil, the United Kingdom, European Economic Area (“EEA”), Switzerland or Thailand (“Relevant Jurisdiction”), it also identifies the legal basis under which we process your data.
Personal Information | Use | Lawful Basis of Processing |
Payment information (native or from payment processor/ merchant) such as card number, CVC, CVV, expiry date, card holder's name, user's billing address, region, transaction cost, time and date, user ID/payer ID/Open ID, Order reference ID, and certain browser and device information, merchant contract information Notification of payment and/or transaction status (from payment processor) or alternative payment method, including: country, payment status, device type, currency, funding source, phone number, email address, card hash, card name and details, card issuing bank and country, billing address, expiry date, amount, date, time, payment method, browser code, payment account reference, authentication code, card bin. Notification of payment and/or transaction status (to merchants): transaction details, merchant details, details and status of order, card information, refund information. | We use this information to process your transaction, ensure the validity of your identity and transaction, and for risk control services provided to Midaspay. We also use this information for: · Merchant onboarding · Routing your transactions through a unified gateway/routing system in order to process the transaction/ complete the transaction · Create order/ make payment to the designated payment channel (PSP) · Perform risk checks · Settlement services | We process this information pursuant to contracts you have entered into to process payment transactions. |
Invoice data: card holder’s personal details, contact details, payment address, transaction information and device information. | We use this information to process your transaction, and to create invoice(s). | We process this information pursuant to contracts you have entered into to process payment transactions. |
Card binding function data (if and to the extent applicable): card number (encrypted), expiry date, card holder's name, user’s billing address, CVV (not stored after verification). | We use this information if providing a card binding function for a platform. | We process this information pursuant to contracts you have entered into to process payment transactions. |
Device and network information: web browser type and browser version, device fingerprint, location of device, IP address, open ID, operating system version, country, internet connection, page loading time, type of device, number of visits, platform use time, networks, demographic estimate, platform or referral source. | We use this information to process your transaction, conduct data analysis, improve Midaspay and prevent fraud and misuse of Midaspay, and for risk control services provided to Midaspay. | It is in our legitimate interest to maintain and improve the security and integrity of Midaspay. |
Sanctions and verification data: card hash, card BIN, email address, user's phone number, card number, card type, expiry date, card holder's name, user's billing address, currency, cost, order ID, product ID, merchant user ID, and provider ID. | We use this information to verify the validity of a transaction, and for risk control services provided to Midaspay. | We process this information pursuant to contracts you have entered into to process payment transactions. It is in our legitimate interest to maintain and improve the security and integrity of Midaspay. |
Risk controls data (if and to the extent applicable): transaction and order data, card payment information, card holder’s personal details, identification details, relevant tax details, contact details and location. | We use this information to verify the validity of a transaction, user support, and for risk control services provided to Midaspay (including, but not limited to identity verification and transaction monitoring). | We process this information pursuant to contracts you have entered into to process payment transactions. It is in our legitimate interest to maintain and improve the security and integrity of Midaspay. |
Risk Control Information: order id, transaction amount, transaction status, user ID, email address, device information, midas id, IP address, phone number, card number (MD5 irreversibly encrypted), time, country, refunds history, refunds amount, successful transaction history, transaction interception information, days, order timings, order amounts, order days, user profile, currency, tax amount, payment method, order status, settlement status | We use this information, and aggregated user profiles derived from such information, to process your transaction, improve the Midaspay Service, prevent fraud and misuse of the Midaspay Service, risk control purposes, and provision of reconciliation service purposes. | It is in our legitimate interest to maintain and improve the security and integrity of the Midaspay Service. |
Payment Information: card number, expiry date, card holder’s name, CVV, billing address, browser info (accept_header, color_depth, java_enabled, javascript_enabled, language, screen height, screen_width, time_zone_offset, user_agent), payerid, amount, currency | We use this information to process your transaction, ensure the validity of your identity and transaction, and for risk control services provided to Midaspay. | We process this information pursuant to contracts you have entered into to process payment transactions. |
Tax Information: state, city, zip code, transaction id, amount, currency, tax rate, tax address. | We use this information to process your transaction and for our merchant’s tax purposes. | We process this information pursuant to contracts you have entered into to process payment transactions. |
Card binding data (recurrent payments): card number (encrypted), expiry date, card holder's name, user’s billing address, CVV (not stored after verification). | We use this information to provide card binding function to facilitate recurring payments within the Game that utilizes our Midaspay services. | We process this information pursuant to our contract with you to process transactions. |
Information that you provide to us (for the use of Mastercard’s Click-To-Pay Service) | ||
User Information Customer Account Information: email address, mobile phone number, OTP value, transaction amount, currency, masked cards (card bin, last four digits, pan expiration year & month, date of card created, masked billing address). Equipment and online transaction information such as the relevant url, referrer and any errors. | We use this information to process and/or facilitate your transaction, and to improve your experience when using our Midaspay Service. | We process this information pursuant to contracts you have entered into to process payment transactions. |
Card Information Checkout information: transaction details, card details, card holder’s name, billing address, payment token and payment cryptogram. Payment-related information: order details, card details, card holder’s personal details, contact information and billing address, device information, network and connection information, service usage information, network token, and payment cryptogram and token. | We use this information to process and/or facilitate your transaction and ensure the validity of the transaction. | We process this information pursuant to contracts you have entered into to process payment transactions. |
Sanctions and Verification Information: transaction details, card details, card holder’s personal details, contact information and billing address, device information, network and connection information, and service usage information. | We use this information to verify the validity of a transaction, and for risk control services provided to Midaspay. | We process this information pursuant to contracts you have entered into to process payment transactions. It is in our legitimate interest to maintain and improve the security and integrity of Midaspay. |
Payment Notification Information: location of card holder, device information, card details, customer details, status of payment transaction, currency, details and status of transaction, and details of merchant and PSP. | We use this information to notify you of the status of the transaction. | We process this information pursuant to contracts you have entered into to process payment transactions. |
Tax Information: city, state, zipcode | We use this information to process your transaction and for our merchant’s tax purposes. | We process this information pursuant to contracts you have entered into to process payment transactions. |
Information that you provide to us (for the use of Midaspay website and online platform) | ||
Nickname/name, email address | We use this information to allow you to register and create your account for the Service and allow you to log in to the Service. | Necessary to perform our contract with you to provide the Service. |
Email, name, Company Name and your position in the company, and, if applicable, any messages and any screenshots you send us | We use this information to allow you to get in touch with us and for us to respond to you. | Necessary to perform our contract with you to provide the Service. |
(Only after you sign a contract with us and your registration for the account is approved) Your contract signed with us, and transaction records (without personal information of your end users) conducted via our Service | We use this information to allow you to check status of the Service provided by us and send settlement statements and payment orders to you. | Necessary to perform our contract with you to provide the Service. |
As part of providing the Midaspay Service, we may transfer data outside of the location in which you are based for the purposes described in this Privacy Policy. We have servers for the Midaspay Service in Singapore and Germany. The servers applicable to your use of the Midaspay Service will depend upon your location. We also have support, engineering and other teams who may support the Midaspay Service, including from the People’s Republic of China.
Only where necessary will we share your personal information with third parties. Situations where this occur are:
· Third parties that provide services in support of Midaspay Service, including third party payment processors for the purpose of processing the credit card payment and facilitating payment in accordance with local regulations, and tax calculation (e.g. Avalara, Inc.). All companies providing services for us are prohibited from retaining, using, or disclosing your personal information for any purpose other than providing us with their services and/or to comply with their legal obligations under applicable laws.
· Companies within our corporate group who process your personal information solely for the purpose of providing the Midaspay Service to you. All such group companies may only use your personal information in accordance with this Privacy Policy.
· Regulators, judicial authorities and law enforcement agencies, and other third parties for safety, security or compliance with the law. There are circumstances in which we are legally required to disclose information about you to authorities, such as to comply with a legal obligation or processes, enforce our terms, address issues relating to security or fraud, or protect our users. These disclosures may be made with or without your consent, and with or without notice, in compliance with the terms of valid legal process such as a subpoena, court order, or search warrant. We are usually prohibited from notifying you of any such disclosures by the terms of the legal process. We may seek your consent to disclose information in response to a governmental entity’s request when that governmental entity has not provided the required subpoena, court order, or search warrant. We may also disclose your information to:
o enforce our terms and conditions and other agreements, including investigation of any potential violation thereof;
o detect, prevent or otherwise address security, fraud or technical issues; or
o protect the rights, property or safety of us, our users, a third party or the public as required or permitted by law (exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction).
· A third party that acquires all or substantially all of us or our business. We may also disclose your information to third parties if we either: (a) sell, transfer, merge, consolidate or re-organise any part(s) of our business, or merge with, acquire or form a joint venture with, any other business, in which case we may disclose your data to any prospective buyer, new owner, or other third party involved in such change to our business; or (b) sell or transfer any of our assets, in which case the information we hold about you may be sold as part of those assets and may be transferred to any prospective buyer, new owner, or other third party involved in such sale or transfer.
We have information security and access policies that limit access to our systems and technology, and we protect data through the use of technological protection measures such as encryption.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will implement and maintain reasonable measures to protect your personal information, we cannot guarantee the security of the information transmitted through the Midaspay Service or otherwise via the Internet; any transmission is at your own risk.
We do not keep your data for longer than is necessary to fulfil the relevant purpose described above unless we are required or permitted to do so under law. If we retain your information beyond the retention periods set out below, for example to comply with applicable laws, we will store it separately from other types of personal information.
For further details on how long we keep your data, please refer to the time periods set out below.
Personal Information | Retention Policy |
Equipment and online transaction information | Fifteen (15) days (unless otherwise required to be retained for the purpose of providing the Midaspay Service or required to be retained in accordance with statutory retention requirements) |
Risk Control Information | Stored for the lifetime of your use of the Service (i.e. until account deletion in accordance with your request), or for the minimum period to meet any regulatory obligations, and then to be deleted within 30 days. User profiles will be stored for 1 year and then deleted thereafter. |
Discount Entitlement Information | Only payment information (including number of times user makes payment for order) will be stored for the lifetime of discount related event, unless you request to delete your data, upon which such data will be deleted within 30 days |
Other Information | Seven (7) years (unless otherwise required to be retained in accordance with statutory retention requirements); a user may remove their payment information at any time by updating their account information |
Card binding data (recurrent payments) | Seven (7) years (unless otherwise required to be retained in accordance with statutory retention requirements); a user may remove their payment information at any time by updating their account information |
Nickname/name, email address | If your registration for your account is approved, stored for the lifetime of your use of the Service (i.e. until account deletion in accordance with your request) and then deleted within 30 days. If your registration for your account is not approved, deleted within 30 days. |
Email, name, Company Name and your position in the company, and, if applicable, any messages and any screenshots you send us | Deleted if we do not or cease to respond to your messages within 30 days. |
(Only after you sign a contract with us and your registration for the account is approved) Your contract signed with us, and transaction records (without personal information of your end users) conducted via our Service | Stored for the lifetime of your use of the Service (i.e. until account deletion in accordance with your request) and then deleted within 30 days. |
Some jurisdictions’ laws grant specific rights to users of Midaspay.
Please refer to the Supplemental Jurisdiction-Specific Terms, or the applicable laws in your jurisdiction for an overview of specific rights that apply to persons subject to data protection lists in the listed jurisdictions and how these can be exercised.
You may have certain rights in relation to the personal information we hold about you. Some of these only apply in certain circumstances (as set out in more detail below). You can exercise some of these rights directly by accessing and updating the information in your account. If you believe we hold any other personal information about you, please contact us.
PLEASE NOTE THAT IF YOU ARE A USER OF A PRODUCT OR PLATFORM THAT INCORPORATES THE MIDASPAY SERVICE, YOU SHOULD DIRECT ANY QUERIES REGARDING THE PROCESSING OF YOUR PERSONAL INFORMATION (INCLUDING PAYMENT INFORMATION) TO THAT PRODUCT OR PLATFORM.
Access
You may have the right to access personal information we hold about you, how we use it, and who we share it with. You can access the personal information you have made available as part of your account by logging into your account.
Portability
You may have the right to receive a copy of certain personal information we process about you. For example, in certain jurisdictions this can comprise personal information we process on the basis of your consent (e.g., survey information) or pursuant to our contract with you (e.g., account name), as described above in the section “How We Use Your Personal Information”. We will provide further information to you about transferring this data if you make such a request.
Correction
You may have the right to correct personal information we hold that is inaccurate. You can access the personal information we hold about you by logging into your Midaspay Service account
Erasure
You may be able to delete your account, or remove certain personal information, by logging into your Midaspay Service account. We may need to retain personal information if there are valid grounds under data protection laws for us to do so (for example, for the defence of legal claims or freedom of expression) but we will let you know if that is the case. Where you have requested that we erase personal information that has been made available publicly on the Midaspay Service and there are grounds for erasure, we will use reasonable steps to try to tell others that are displaying the personal information or providing links to the personal information to erase it too.
Restriction of Processing to Storage Only
You may have a right to require that we stop processing the personal information we hold about you (other than for storage purposes in certain circumstances). Please note, however, that if we stop processing the personal information, we may use it again if there are valid grounds under data protection laws for us to do so (for example, for the defence of legal claims or for another’s protection). Where we agree to stop processing the personal information, we will take steps to tell any third party to whom we have disclosed the relevant personal information so that they can stop processing it too.
You may have the right to object to our processing of your personal information. If you wish to do so, please contact us at dpo@centauriglobal.com or using the contact details set out below, and we will consider your request.
Consent Withdrawal
To the extent provided by applicable laws and regulations, you may withdraw consent you previously provided to us for certain processing activities by contacting us at dpo@centauriglobal.com. Where consent is required to process your personal information, if you do not consent to the processing or if you withdraw your consent, we may not be able to deliver the expected service. Please note that the right to withdraw consent is only available if the legal basis for processing information is consent.
We may from time to time send you announcements when we consider it necessary to do so (for example, when we temporarily suspend access to Midaspay for maintenance, or security, privacy or administrative-related communications). These are essential system and service-related announcements and you are not able to opt-out of these notifications, which are not promotional in nature.
Please get in touch with us if you have any questions. You can reach us in the first instance at:
Email: dpo@centauriglobal.com
Mailing Address:
Tencent International Privacy & Data Protection Centre
79 Robinson Road
#07-01
Singapore 0687798
If we make any changes to this Privacy Policy, we will post the updated Privacy Policy here and notify you in accordance with relevant legal requirements.
Except as otherwise prescribed by law, in the event of any discrepancy or inconsistency between the English version and local language version of this Privacy Policy, the English version shall prevail.
Our representatives for data protection purposes in certain jurisdictions are as follows:
Jurisdiction | Representative | Address | Contact details |
UK | Image Frame Investment (UK) Limited | Suite 1, 3rd Floor 11 - 12 St. James's Square, London, United Kingdom, SW1Y 4LB | |
EU | Tencent International Service Europe B.V. | Buitenveldertselaan 3-5 1082 VA Amsterdam | |
Thailand | Tencent (Thailand) Limited | T-One Building, Bangkok, Thailand | |
Korea | Tencent Korea Yuhan Hoesa | 152, Taeheran-ro, Gangnam-gu (Gangnam Finance Center, Yeoksam-dong), Seoul, Korea | |
Türkiye | Özdağıstanli Ekici Avukatlık Ortaklığı. | Varyap Meridian Grand Tower ABlok Al Zambak Sok No: 2 K: 32 D. 270 Ataşehir Istanbul Türkiye |
SUPPLEMENTAL TERMS – JURISDICTION-SPECIFIC
Some jurisdictions’ laws contain additional terms for users of Midaspay, which are set out in this section.
If you are a user located in one of the jurisdictions below, the terms set out below under the name of your jurisdiction apply to you in addition to the terms set out in our Privacy Policy above.
PLEASE NOTE THAT IF YOU ARE A USER OF A PRODUCT OR PLATFORM THAT INCORPORATES THE MIDASPAY SERVICE, YOU SHOULD DIRECT ANY QUERIES REGARDING THE PROCESSING OF YOUR PERSONAL INFORMATION (INCLUDING PAYMENT INFORMATION) TO THAT PRODUCT OR PLATFORM.
Australia
We take reasonable steps to ensure that third party recipients of your personal information located outside Australia handle your personal information in a manner that is consistent with Australian privacy laws. However, you acknowledge that we do not control, or accept liability for, the acts and omissions of these third party recipients.
If you are dissatisfied with our response to your privacy complaint in respect of your personal information, you may contact the Office of the Australian Information Commissioner (Telephone: +61 1300 363 992 or email: enquiries@oaic.gov.au).
Brazil
BY ACCEPTING THIS PRIVACY POLICY, YOU EXPRESSLY STATE THAT YOU AUTHORISE US TO COLLECT, USE, STORE, AND PROCESS YOUR PERSONAL INFORMATION, INCLUDING, DISCLOSING TO THIRD PARTIES, TO THE EXTENT PROVIDED BY THIS PRIVACY POLICY.
California
This section applies to California residents covered by the California Consumer Privacy Act of 2018 (“CCPA”) (as amended by the California Privacy Rights Act of 2020) (“CCPA”). For purposes of this section, “personal information” and “sensitive personal information” have the meanings given in the CCPA and do not include information excluded from the CCPA’s scope
Collection and Disclosure of Personal Information
Over the past 12 months, we have collected and disclosed the following categories of personal information from or about you or your device:
· Identifiers, such as your name as it appears on your credit card, Open ID / user ID, IP address, phone number, mailing or billing address, and email address. This information is collected directly from you and your device.
· Internet or other electronic network activity information, such as device and network information as described in the main Privacy Policy. This information is collected directly from you and your device.
· Other information described in subdivision (e) of Section 1798.80, including your credit card number or any other financial information. This information is collected directly from you in the context of being our consumer.
We collect and disclose your personal information for the following purposes:
· To provide you with Midaspay, to process your transaction and ensure the validity of your identity and transaction.
· To provide a card binding function for a platform (if and to the extent applicable).
· To improve the Midaspay Service.
· For security and verification purposes, including to prevent and detect fraudulent activity and misuse of Midaspay.
For additional information about what each type of personal information is used for, see Section 3 (How We Process Your Personal Information).
We disclose each of the categories of personal information that we collect to the following types of entities:
· Other companies within our corporate group who process your personal information in order to operate Midaspay.
· Other companies that provide services on our behalf in support of Midaspay and who are prohibited by contract from retaining, using, or disclosing personal information for any purpose other than for providing their services to us.
· Regulators, judicial authorities and law enforcement agencies.
· Entities that acquire all or substantially all of our business.
In the past 12 months, we have not sold or shared personal information of California residents within the meaning of “sold” and “Share” in the CCPA. And we have no knowledge of any sale or sharing of personal information of users under 16 years of age.
In addition, we do not use or disclose sensitive personal information for purposes other than to perform the services reasonably expected by an average consumer who requests those services.
Retention of Your Personal Information
The retention period varies among the different categories of data collected. For detailed information about the retention period for any specific category of data, see this chart in the main portion of the Privacy Policy.
Rights under the CCPA:
If you are a California resident and the CCPA does not recognize an exception that applies to you or your personal information, you have the right to:
· Request we disclose to you free of charge the following information covering the 12 months preceding your request:
o the categories of personal information about you that we collected;
o the categories of sources from which the personal information was collected;
o the purpose for collecting personal information about you;
o the categories of third parties to whom we disclosed personal information about you and the categories of personal information that was disclosed (if applicable) and the purpose for disclosing the personal information about you; and
o the specific pieces of personal information we collected about you;
· Request we delete personal information we collected from you, unless CCPA recognises an exception;
· Request we correct inaccurate personal information that we maintain about you; and
· Be free from unlawful discrimination for exercising your rights including providing a different level or quality of services or denying goods or services to you when you exercise your rights under the CCPA.
We aim to fulfil all verified requests within 45 days pursuant to the CCPA. If necessary, extensions for an additional 45 days will be accompanied by an explanation for the delay.
How to Exercise Your Rights
First, you may wish to log into your account and manage your data from there. If you are a California resident to whom the CCPA applies, you may also exercise your rights, if any, regarding other data by contacting us as specified in Section 8 (Contact).
Canada
If you are located in Canada and wish to obtain written information about our policies and practices with respect to our service providers located outside Canada, you may contact us as specified in Section 8 (Contact). Where we use service providers who might have access to your personal information, we require them to have privacy and security standards that are comparable to ours. We use contracts and other measures with our service providers to maintain the confidentiality and security of your personal information and to prevent it from being used for any purpose other than as provided in this Privacy Policy.
Colombia
Your authorization to process personal information for Midaspay may be expressed (i) in writing, (ii) orally or (iii) through unequivocal conduct that allows us to reasonably conclude that your authorization has been granted, such as the act of accepting the Privacy Policy. We may keep evidence of said authorizations, while respecting the principles of confidentiality and privacy of information.
To the extent we process personal data as a data controller, you can contact us to exercise your rights using the information specified in Section 8 (Contact).
France
Instructions for the processing of your personal data after your death. You have the right to provide us with general or specific instructions for the retention, deletion, and communication of your personal data after your death. The specific instructions are only valid for the processing activities mentioned therein and the processing of these instructions is subject to your specific consent. You may amend or revoke your instructions at any time.
You may designate a person responsible for the implementation of your instructions. This person will be informed of your instructions in the event of your death, and be entitled to request their implementation from us. In the absence of designation or, unless otherwise provided for, in the event of the death of the designated person, their heirs will have the right to be informed of your instructions and to request their implementation from us.
When you wish to make such instructions, please contact us as set out in Section 8 (Contact).
India
Sensitive Personal Information
Sensitive Personal Information under local law includes passwords, financial information (such as bank account, credit card, debit card or other payment instrument details), biometric data, physical or mental health, sex life or sexual orientation, and/or medical records or history, but does not include information available in the public domain, or provided under Indian laws, including the Right to Information Act, 2005.
Sharing Of Your Sensitive Personal Information
Where we permit any third parties to collect and use Sensitive Personal Information, we shall use reasonable measures to ensure that the third parties do not further disclose the Sensitive Personal Information to the extent required by applicable laws.
Withdrawal Of Consent
To the extent provided by applicable laws and regulations, you may withdraw any consent you previously provided to us for certain processing activities by contacting us as set out in Section 8 (Contact). Where consent is required to process your personal information, if you do not consent to the processing or if you withdraw your consent, we may not be able to deliver the expected service.
Indonesia
By accepting and consenting to this Privacy Policy, you agree that we may collect, use and share your personal information in accordance with this Privacy Policy, as revised from time to time. If you do not agree to this Privacy Policy, you must not access or use our services and we have the right to not provide you with access to our services.
In the event we fail to maintain the confidentiality of your personal information in Midaspay, we will notify you through the contact information provided by you or via Midaspay, to the extent required by local laws and regulations.
You are responsible for making sure that any personal details which you provide to us are accurate and current. In order to confirm the accuracy of the information, we may also verify the information provided to us, at any time. You hereby represent that you have secured all necessary consent(s) before providing us with any other person’s personal information (for example, for referral promotions), in which case we will always assume that you have already obtained prior consent, and as such, you will be responsible for any claims whatsoever from any party arising as a result of the absence of such consent(s).
Japan
By clicking “accept”, you consent to the transfer of your personal information to third parties (if any), which may include the cross-border transfer of your information to any country where we have databases or affiliates and, in particular, to the jurisdictions specified in Section 4 (How We Store and Share Your Personal Information).
The categories of personal information specified in to the jurisdictions specified in Section 4 (How We Store and Share Your Personal Information) may include "special care-required personal information" (i.e., sensitive information as detailed under applicable law), and you consent to the collection of such information.
Malaysia
To protect your personal information and handle complaints relating to your personal information, we have appointed the following department responsible for managing and protecting your personal information.
· Our data protection officer, responsible for the management and safety of your personal information
o Telephone: +603-22872388
o Email: as set out in Section 8 (Contact)
Mexico
Some of the purposes of processing specified in Section 3 (How We Process Your Personal Information) are voluntary, which may include to show you personalised recommendations or advertising.
In general, we do not require your consent to carry out the transfers detailed in Section 4 (How We Store and Share Your Personal Information). In any case, by using Midaspay and providing us with your personal data, you agree to the data transfers detailed therein that require your consent.
To understand more about and exercise your rights, as well as the applicable means, procedures and requirements to exercise any of your rights as specified in Section 8 (Contact).
You can register with the Public Registry to Avoid Advertising (‘REPEP’) (REPEP (profeco.gob.mx)) to refuse to receive advertising to your phone number.
New Zealand
We take reasonable steps to ensure that third party recipients of your personal information located outside New Zealand handle your personal information in a manner that is consistent with New Zealand privacy laws. However, you acknowledge that we do not control, or accept liability for, the acts and omissions of these third party recipients.
If you are dissatisfied with our response to your privacy complaint in respect of your personal information, you may contact the Office of the New Zealand Privacy Commissioner (www.privacy.org.nz).
While we take reasonable steps to ensure that third party recipients of your personal information comply with privacy laws that are similar to those of your jurisdiction, you acknowledge and agree that we cannot control the actions of third party recipients and so cannot guarantee that they will comply with those privacy laws.
Peru
To protect your personal information and handle complaints relating to your personal information, we have appointed the following department responsible for managing and protecting your personal information.
· Data Protection Team, responsible for the management and safety of your personal information
· Contact: as set out in Section 8 (Contact)
Philippines
By consenting to this Privacy Policy, you consent to us:
· collecting and processing your personal information as described in Section 3 (How We Process Your Personal Information);
· sharing your personal information with third parties, companies within our corporate group, and a third party that acquires substantially all or substantially all of us or our business, as described in this Privacy Policy and for the purposes stated herein; and
· transferring or storing your personal information in destinations outside the Philippines as described in Section 4 (How We Store and Share Your Personal Information).
Republic of Korea
We provide your personal information to third parties as described below:
Name of Recipient (and contact information) | Types of Personal Information provided | Purpose of Use by Recipient | Period of Retention and Use by Recipient |
Adyen Hong Kong Limited | Transaction data and payment information. | To facilitate payment transactions in connection with the provision of services to support payment transactions. | See retention periods in the privacy policy: |
Boku Payments, Inc. | Transaction data and payment information. | To facilitate payment transactions in connection with the provision of services to support payment transactions. | See retention periods in the privacy policy: https://www.boku.com/payments-privacy-notice/ |
Evonet Global Corporation Limited | Transaction data and payment information. | To facilitate payment transactions in connection with the provision of services to support payment transactions. | See retention periods in the privacy policy: |
Mastercard Asia/Pacific Pte. Ltd | Transaction Data | Risk management. | See "How We Protect Your Personal Information" in the privacy policy: |
Ping Pong Global Holdings Limited | Transaction data and payment information. | To facilitate payment transactions in connection with the provision of services to support payment transactions. | See retention periods in the privacy policy: |
PMmax Technology Limited | Transaction data and payment information. | To facilitate payment transactions in connection with the provision of services to support payment transactions. | See retention periods in the privacy policy: |
Red Dot Payment Pte Ltd | Transaction data and payment information. | To facilitate payment transactions in connection with the provision of services to support payment transactions. | See retention periods in the privacy policy: |
UniPin (Labuan) Limited | Transaction data and payment information. | To facilitate payment transactions in connection with the provision of services to support payment transactions. | See "How Long We Store Your Data" in the privacy policy: |
Checkout Limited | Transaction data and payment information. | To facilitate payment transactions in connection with the provision of services to support payment transactions. | See retention periods in the privacy policy: |
HAOPLAY LIMITED | Transaction data and notification of payment and/or transaction status. | To enable transaction processing and order fulfillment for purchases. | See retention periods in the privacy policy: |
Top Range Mobile Limited | Transaction data and notification of payment and/or transaction status. | To enable transaction processing and order fulfillment for purchases. | See retention periods in the privacy policy: |
High Morale Developments Limited | Transaction data and notification of payment and/or transaction status. | To enable transaction processing and order fulfillment for purchases. | See retention periods in the privacy policy: |
For the performance of the services detailed in this Privacy Policy, we delegate the processing of your personal information to the following professional service providers:
Delegatee | Description of Delegated Services |
Centauri Dynamic Pte. Ltd. | To provide technical infrastructures to enable the services. |
Tencent Cloud International Ltd | To provide technical infrastructures to enable the services. |
Overseas Transfer of Personal Information
We transfer personal information to third parties overseas as follows:
Recipient (Contact Information of Information Manager) | Country/region to which Your Personal Information is to be Transferred | Date and Method of Transfer | Types of Your Personal Information to be Transferred | Purposes of Use by Recipients | Period of Retention of Use by Recipient |
Adyen Hong Kong Limited | See “Where do we transfer this information?” in the Privacy Policy | Transmitted from time to time | Transaction data and payment information. | To facilitate payment transactions in connection with the provision of services to support payment transactions. | See retention periods in the privacy policy: |
Boku Payments, Inc. | See “How your data is shared” in the Privacy Policy | Transmitted from time to time | Transaction data and payment information. | To facilitate payment transactions in connection with the provision of services to support payment transactions. | See retention periods in the privacy policy: https://www.boku.com/payments-privacy-notice/ |
Centauri Technology Pte. Ltd. | Singapore | Transmitted from time to time | Transaction data and payment information. | To facilitate payment transactions in connection with the provision of services to support payment transactions. | Seven (7) years (unless otherwise required to be retained in accordance with statutory retention requirements) |
Evonet Global Corporation Limited | See "Data Processing Activities" in the Protection Policy | Transmitted from time to time | Transaction data and payment information. | To facilitate payment transactions in connection with the provision of services to support payment transactions. | See retention periods in the privacy policy: |
Mastercard Asia/Pacific Pte. Ltd | Singapore | Transmitted from time to time | Transaction Data | Risk management. | See "How We Protect Your Personal Information" in the privacy policy: |
Ping Pong Global Holdings Limited | See “DO WE ENGAGE IN CROSS-BORDER DATA TRANSFERS?” in the Privacy Policy | Transmitted from time to time | Transaction data and payment information. | To facilitate payment transactions in connection with the provision of services to support payment transactions. | See retention periods in the privacy policy: |
PMmax Technology Limited | Singapore | Transmitted from time to time | Transaction data and payment information. | To facilitate payment transactions in connection with the provision of services to support payment transactions. | See retention periods in the privacy policy: |
Red Dot Payment Pte Ltd | Singapore | Transmitted from time to time | Transaction data and payment information. | To facilitate payment transactions in connection with the provision of services to support payment transactions. | See retention periods in the privacy policy: |
UniPin (Labuan) Limited | See "Where We Process Your Data" in the privacy policy | Transmitted from time to time | Transaction data and payment information. | To facilitate payment transactions in connection with the provision of services to support payment transactions. | See "How Long We Store Your Data" in the privacy policy: |
Checkout Limited | See “International data transfers?” in the Privacy Policy | Transmitted from time to time | Transaction data and payment information. | To facilitate payment transactions in connection with the provision of services to support payment transactions. | See retention periods in the privacy policy: |
HAOPLAY LIMITED | See "International Transfer" in the Privacy Policy | Transmitted from time to time | Transaction data and notification of payment and/or transaction status. | To enable transaction processing and order fulfilment for purchases. | See retention periods in the privacy policy: |
Proxima Beta Pte. Limited | Transmitted from time to time | Transaction data and notification of payment and/or transaction status. | To enable transaction processing and order fulfilment for purchases. | ||
Top Range Mobile Limited | See "How We Store and Share Your Personal Information" in the Privacy Policy | Transmitted from time to time | Transaction data and notification of payment and/or transaction status. | To enable transaction processing and order fulfilment for purchases. | See retention periods in the privacy policy: |
High Morale Developments Limited | Singapore | Transmitted from time to time | Transaction data and notification of payment and/or transaction status. | To enable transaction processing and order fulfilment for purchases. | See retention periods in the privacy policy: |
Data Destruction
Personal information is retained in accordance with the data retention periods as detailed in section “Data Retention”. With the exception of the personal information set out below, personal information, which has fulfilled the purpose for which it was collected or used, and has reached the period of time during which personal information was to be possessed, will be destroyed in an irreversible way. Personal information stored in electronic files will be deleted safely in an irreversible way by using technical methods, and printed information will be destroyed by shredding or incinerating such information.
The personal information detailed in section “Data Retention” are required to be retained pursuant to the following laws:
Act on the Consumer Protection in Electronic Commerce, Etc. | Article 6 of the Act on the Consumer Protection in Electronic Commerce | In an electronic commerce or a mail-order sale: · Records regarding labelling and advertising (6 months) · Records regarding execution or withdrawal of a contract (5 years) · Records regarding the payment of a price and the supply of goods and services (5 years) · Records regarding customer services or dispute resolution (3 years) |
Protection of Communications Secrets Act | Article 41 of the Decree of the Act, Article 15-2 of the Protection of Communications Secrets Act | · Log records, IP address (3 months) · The date of telecommunications by users, the time that the telecommunications start and end, the frequency of use (12 months) |
You may exercise rights related to the protection of personal information by requesting access to your personal information or the correction, deletion or suspension of processing of your personal information, etc. pursuant to applicable laws such as the Personal Information Protection Act (“PIPA”). You may also exercise these rights through your legal guardian or someone who has been authorized by you to exercise the right. However, in this case, you must submit a power of attorney to us in accordance with the Enforcement Regulations of the PIPA. You can also withdraw your consent or demand a suspension of the personal information processing at any time.
Additional Use and Provision of Personal Information
In accordance with the PIPA, we may use or provide personal information within the scope of reasonably related to the initial purpose of the collection, in consideration of whether disadvantages have been caused to data subjects and whether necessary measures have been taken to secure such as encryption, etc. We will determine with due care whether to use or provide personal information in consideration of general circumstances including relevant laws and regulations such as the PIPA, purpose of use or provision of personal information, how personal information will be used or provided, items of personal information to be used or provided, matters to which data subjects provided consent or which were notified/disclosed to data subjects, impact on data subjects upon the use or provision, and measures taken to protect subject information. Specific considerations are as follows:
· whether the additional use/provision is related to the initial purpose of the collection;
· whether the additional use/provision is foreseeable in light of the circumstances under which personal information was collected and practices regarding processing;
· whether the additional use/provision unfairly infringe on the interests of the data subject; and
· whether the necessary security measures such as pseudonymization or encryption were taken.
Domestic Privacy Representative
Pursuant to the Article 32-5 of Network Act and Article 39-11 of the amended PIPA, the information regarding the domestic agent is as follows:
· Name: Tencent Korea Yuhan Hoesa
· Address: 152 Taeheran-ro, Gangnam-gu (Gangnam Finance Center, Yeoksam-dong), Seoul, Korea
· Telephone: +82-2-2185-0902
· Email: specified in Section 8 (Contact)
Contact
To protect your personal information and handle complaints relating to your personal information, we have appointed the following department responsible for managing and protecting your personal information.
· Data Protection Department, responsible for the management and safety of your personal information
· Telephone: +82-2-2185-0902
· Email: specified in Section 8 (Contact)
Singapore
By clicking “accept”, you consent to the cross-border transfer of your information to any country where we have databases or affiliates and, in particular, the locations specified in Section 4 (How We Store and Share Your Personal Information).
Our designated data protection officer for the purposes of compliance with the Personal Data Protection Act 2012 can be contacted as set out in Section 8 (Contact).
South Africa
You have the right to lodge a complaint with the Information Regulator (South Africa) by emailing it at inforeg@justice.gov.za. The Information Regulator (South Africa)’s physical address is 33 Hoofd Street Forum III, 3rd Floor Braampark, Braamfontein, Johannesburg, South Africa.
Thailand
In certain circumstances, you may request us to discontinue, to restrict the use or provision of, and/or to request for data portability of any and all of your personal information which is stored by us, to the extent provided by the Act on the applicable data privacy laws and regulations in Thailand, including the Thai Personal Data Protection Act. These rights may not be available to all users and some of these only apply in certain circumstances. When you wish to make such requests, please contact us as set out in Section 8 (Contact).
Türkiye
You have legal rights, which are set forth in Article 11 of the DPL, in relation to the personal information data we hold about you. As a Turkish data subject, you may have the right to apply to the data controller and (to the extent permitted under applicable laws and regulations):
· learn whether or not your personal data has been processed;
· request information about processing if your personal data has been processed;
· learn the purpose of processing of your personal data and whether they have been used accordingly;
· know the third parties in the country or abroad to whom personal data has been transferred;
· request rectification in the event personal data is incomplete or inaccurate and to demand the operations in this regard be reported to third parties your personal data has been transferred to;
· request deletion or destruction of personal data within the framework of the conditions set forth under Article 7 of the DPL and to demand the operations in this regard be reported to third parties your personal data has been transferred to;
· object the occurrence of any consequence that is to your detriment by means of analysis of personal data solely through automated systems; and
· demand compensation for the damages that you have suffered as a result of unlawful processing of your personal data.
In accordance with Article 9 of the DPL, your personal data may be transferred abroad as follows:
Identity of the overseas recipient | Location of the recipient (or as otherwise stated in the recipient’s privacy policy) | Purposes of use of Personal Information by the recipient | Items of Personal Information to be provided |
Adyen Hong Kong Limited | See “Where do we transfer this information?” in the Privacy Policy | To facilitate payment transactions in connection with the provision of services to support payment transactions. | Transaction data and payment information. |
Centauri Dynamic Pte. Ltd. | Singapore | To provide technical infrastructures to enable the services. | Transaction data and payment information. |
Centauri Technology Pte. Ltd. | Singapore | To facilitate payment transactions in connection with the provision of services to support payment transactions. | Transaction data and payment information. |
Evonet Global Corporation Limited | See "Data Processing Activities" in the Protection Policy | To facilitate payment transactions in connection with the provision of services to support payment transactions. | Transaction data and payment information. |
Mastercard Asia/Pacific Pte. Ltd | Singapore | Risk management. | Transaction Data. |
MP Centauri Technology Europe B.V. | Germany | To facilitate payment transactions in connection with the provision of services to support payment transactions. | Transaction data and payment information. |
Ping Pong Global Holdings Limited | See “DO WE ENGAGE IN CROSS-BORDER DATA TRANSFERS?” in the Privacy Policy | To facilitate payment transactions in connection with the provision of services to support payment transactions. | Transaction data and payment information. |
PMmax Technology Limited | Singapore | To facilitate payment transactions in connection with the provision of services to support payment transactions. | Transaction data and payment information. |
Razer Online Pte. Ltd. | Singapore | To facilitate payment transactions in connection with the provision of services to support payment transactions. | Transaction data and payment information. |
Red Dot Payment Pte Ltd | Singapore | To facilitate payment transactions in connection with the provision of services to support payment transactions. | Transaction data and payment information. |
Tencent Cloud International Ltd | Singapore | Data processor: Processes and stores data on behalf of Midaspay. | All personal information collected |
UniPin (Labuan) Limited | See "Where We Process Your Data" in the privacy policy | To facilitate payment transactions in connection with the provision of services to support payment transactions. | Transaction data and payment information. |
Vietnam
By accepting this Privacy Policy, you expressly agree and authorise us to collect, use, store, and process your personal information, including, lawfully disclosing and transferring it to third parties, as described in this Privacy Policy.
Where we permit any third parties to collect and use your personal information, we shall take reasonable measures to ensure that the third parties do not further disclose the personal information.