top of page


Anchor 1


This Privacy Policy covers the following areas:

1. What personal data we collect.

2. How we may use your personal data and the lawful basis for doing so.

3. Who we may disclose your personal data to.

4. How we protect your personal data.

5. Your privacy rights.

6. How long we keep your personal data.

7. How changes to this Privacy Policy will be made.

8. Contacting us or the data protection authority.

PayDirect Billing Solutions Inc (“PayDirect”) is fully committed to protecting

your individual rights and keeping your personal data safe. This Policy

explains how we collect personal information about you when you use our

services, how we use that information and the conditions in which we may

disclose it to others, and how we keep it secure.

This Policy describes our obligations and your rights under applicable

Canadian privacy legislation as well as the General Data Protection

Regulation (the “GDPR”). For purposes of the GDPR, PayDirect is the data

controller that is processing your personal information. By using our services

and consenting to PayDirect processing your data, you are agreeing to this

Policy. If you have any questions, please email the following address:

1. What personal data we collect


Personal data is in most cases collected directly from you or generated as

part of the use of our services. Sometimes additional information is required

to keep information up to date or to verify information we collect.

The personal data we collect can be grouped into the following
  • Identification information including your full name, date of birth and

government issued identification such as passport, driver’s license,

national insurance or social security numbers.


  • Contact information including your home address, e-mail address and

phone numbers.

  • Financial information including your bank’s name, account number and

account type.

  • Payment transaction information including the name of the online

merchant you are using our services to pay and transaction history.

  • Information about you from third parties including credit bureaus and

identity verification services.

  • Information about your use of our systems.

  • Information related to legal requirements: customer due diligence and

anti-money laundering requirements.

Personal data we may collect from you:

We collect information you provide directly to us when you visit our website

or use any PayDirect service. For example, when you select one of our

payment services from a merchant’s payment page, we may collect personal

data, such as your name, address, government identification numbers, date

of birth, e-mail address, phone number and bank details to be able to provide

you with the payment service. We also collect information which you provide

us with, such as messages you have sent us, e.g. feedback or a request in

our digital channels. Calls and chat conversations with you may also be

recorded and logged for verification of transaction information,

documentation, and for quality and improvement purposes.

Personal data that we may collect from third parties:

  • Publicly available and other external sources; register held by

governmental agencies (such as company registration offices,

enforcement authorities, etc.), sanction lists (held by international

organizations such as the EU and UN as well as national organizations

such as Office of Foreign Assets Control (OFAC)), registers held by

credit-rating agencies and other commercial information providers

providing information on e.g. beneficial owners and politically exposed


  • In connection with payments, we collect information from remitters,

banks, payment service providers and others.

  • From other entities which we collaborate with.

2. How we may use your personal data and the lawful basis for doing so

We use your personal data to comply with legal and contractual obligations

as well as to provide you with services.

Performance of a contract

As a processor of payment transactions, we have entered into agreements

with online merchants to process online payment transactions on behalf of

their customers. The main purpose for using your personal data is to process

payments between you and these online merchants.

Examples of the performance of a contract:

  • Verify your identity and provide our services and process your


  • Provide customer service, including troubleshooting service issues you

are having.

  • Reconcile payments, settle transaction disputes or address errors.

Legal obligation

In addition to the performance of contract, we process your personal data to

fulfil our obligations under law, other regulations or as required by regulatory


Examples of processing due to legal obligations:

  • Preventing, detecting, and investigating money laundering, terrorist

financing, fraud or other potentially prohibited or illegal activities.

  • Reporting to police authorities, enforcements authorities or supervisory


  • Payment service requirements and obligations.

Legitimate interest

Personal data is processed in the context of marketing, product and customer

analyses. This processing forms the basis for marketing, process, business

and system development, including testing.

We have a legitimate interest to prevent or remediate violations of policies or

applicable agreements, to manage and protect our information technology

infrastructure and to use profiling for example when conducting customer

analysis for monitoring transactions in order to detect fraud.


There are situations when we will ask for your consent to process your

personal data. Examples of such situations are processing of payment

transaction data for marketing purposes, or for some processing of special

categories of data. The consent will contain information on that specific

processing activity. If you have given consent to a processing of your

personal data you can always withdraw the consent.

3. Who we may disclose your personal data to

We may share your personal data with others such as authorities, affiliated

companies, suppliers, payment service providers and business partners.

Before sharing we will always ensure that we respect relevant financial

industry secrecy obligations.

Third parties and affiliated companies

We may pass your information to our third party service providers, agents,

subcontractors and affiliated companies for the purpose of completing tasks

and providing services to you on our behalf. However, when we use third

party service providers, we disclose only the personal information that is

necessary to deliver the service that you need, and we have contracts in

place that requires each third party provider to keep your information secure

and not to use it for their own direct marketing purposes or any other

purpose. We will not release your information to third parties beyond those

that we have such a contractual relationship with - unless you have

specifically requested us to do so, or we are required to do so by law, for

example, by a court order or for the purposes of prevention of fraud or other

crime. In such circumstances, we will take steps with the aim of ensuring that

your privacy rights continue to be protected.

For EU residents: Transferring your information outside of European Economic Area

As part of our services to you, the information which you provide to us may

be transferred to countries outside the European Economic Area (“EEA”). By

way of example, this may happen if any of our servers are from time to time

located in a country outside of the EU. These countries may not have

equivalent data protection laws. By submitting your personal data, you are

agreeing to this transfer, storing and/or processing. If we transfer your

information outside of the EEA in this way, we will take steps to ensure that

appropriate security measures are taken and we remain compliant with the

GDPR, with the aim of ensuring that your privacy rights continue to be

protected as outlined in this Policy.

If you use our services while you are outside the EU, your information may be

transferred outside the EEA in order to provide you with those services.

4. How we protect your personal data

Keeping your personal data safe and secure is at the centre of how we do

business. We use appropriate technical, organizational and administrative

security measures to protect any information we hold from loss, misuse, and

unauthorized access, disclosure, alteration and destruction.

5. Your privacy rights

You as a data subject have rights in respect of personal data we hold on you.

You have the following rights:

  • The right of access to your personal data. You have a right to access the

personal data we are keeping about you. Your right to access may, however, be restricted by legislation, protection of other persons’ privacy and consideration for PayDirect’s business concept and business practices. If there are exceptional circumstances that mean we can refuse to provide the information, we will explain them. If requests are frivolous or vexatious, we reserve the right to refuse them. If answering requests is likely to require additional time or occasions unreasonable expense (which you may have to meet), we will inform you.

  • The right of rectification to request correction of incorrect or

incomplete data. When you believe we hold inaccurate or incomplete

personal information about you, you may exercise your right to correct

or complete this data. This may be used with the right to restrict

processing to make sure that incorrect/incomplete information is not

processed until it is corrected.

  • The right to erasure (the ‘right to be forgotten’). Where no

overriding legal basis or legitimate reason continues to exist for

processing personal data, you may request that we delete the personal

data. This includes personal data that may have been unlawfully

processed. We will take all reasonable steps to ensure erasure.

  • The right to withdraw your consent. You have the right to withdraw

any consent you have previously given us to handle your information.

Examples include where-


  • you object to the processing and there is no justified reason for

continuing the processing,

  • you object to processing for direct marketing, or

  • processing is unlawful or

If you withdraw your consent, this will not affect the lawfulness of our

use of your information prior to the withdrawal of your consent.

Right to restrict processing of your personal data. You may ask us to stop

processing your personal data. We will still hold the data, but

will not process it any further. This right is an alternative to the right to

erasure. If one of the following conditions applies you may exercise the

right to restrict processing:

  • The accuracy of the personal data is contested.

  • Processing of the personal data is unlawful.

  • We no longer need the personal data for processing but the

personal data is required for part of a legal process.

  • The right to object has been exercised and processing is

restricted pending a decision on the status of the processing.

  • Right to object to processing of your personal data where we are relying on

a legitimate interest to process your data. You can always object to the processing of personal data about you for direct marketing and profiling in connection to such marketing.


  • The right to data portability. You have a right to ask for information you have

made available to us to be transferred to you or a third party in machine-readable formats. This right is only available if the original processing was on the basis of consent, the processing is by automated means and if the processing is based on the fulfilment of a contractual obligation.

These rights are not absolute: they do not always apply and exemptions

may be engaged. We may, in response to a request, ask you to verify your

identity and to provide information that helps us to understand your

request better. If we do not comply with your request, we will explain why.

6. How long we keep your personal data

We will hold your personal information on our systems for the longest of the

following periods:


  • a minimum of six years;

  • as long as is necessary for the relevant activity or as long as is set out

in any relevant agreement;

  • the length of time it is reasonable to keep records to demonstrate

compliance with professional or legal obligations;

  • any retention period that is required by law; or

  • the end of the period in which litigation or investigations might arise in

respect of the services that we provide to you.

7. How changes to this Privacy Policy will be made

We are constantly working on improving and developing our services,

products and websites, so we may change this Privacy Policy from time to

time. We will not diminish your rights under this Privacy Policy or under

applicable data protection laws in the jurisdictions we operate. Please review

this Privacy Policy from time to time to stay updated on any changes.

8. Contacting us or the data protection authority

If you have any questions or concerns regarding our Privacy Policy, you can

always contact PayDirect’s customer service at

You can also lodge a complaint or contact the data protection authority in any

of the countries, states or provinces where we provide services or products to


Last Updated: January 2020

bottom of page