GDPR
Sub-Processors
General Data Protection Regulation (GDPR)
GDPR is the EU data protection regulation which has been effective across Europe since 25 May 2018. It strengthens individuals' data protection rights and is designed to create a culture of responsible data protection practices across all organisations. Accountability and evidencing good data protection policies and practices, on an ongoing basis, are key foundations of the GDPR.
1. Why are PAYA Group concerned about GDPR?
The GDPR applies to any organisations that provide goods or services to European residents and therefore as our services are available to cardholders globally it is important for us to comply with GDPR.
2. GDPR Preparations
At PAYA Group, our GDPR compliance is a priority for the business. The obligations created by GDPR provide a standard that puts data protection at the forefront of our business activities.
We have implemented a data protection programme with key stakeholders, designed to consolidate our approach to data protection, whilst identifying and mitigating any risk to the personal data that we are responsible for. This is a key focus of the PAYA senior management, who engage with external advisors and auditors to ensure the highest standards are being met.
Accountability is at the forefront of this programme with ongoing processes being developed to ensure that we are able to evidence our commitment to data protection, which includes mapping our data flows and understanding where data is shared, stored and accessed.
We are working to increase awareness at all levels within PAYA Group to embed a culture of responsible data protection throughout the business.
Sub-Processors
PAYA Group engages several Sub-Processors to assist us with data processing activities.
Last updated: June 2024
1. What is a Sub-processor?
When PAYA Group engages third party service providers in our capacity as a data processor for our customers personal data, the General Data Protection Regulation (“GDPR”) and a number of other global privacy frameworks call these third-party service providers Sub-Processors. Sub-processors are service providers who have or potentially will have, access to the personal data that PAYA Group processes on behalf of it's customers.
This page outlines which Sub-Processors we utilise, the type of data we send them, the function they provide to us, and their residency.
2. Updates to this list
Due to the nature of our international business, services providers may change from time to time.
We will periodically update this page to reflect the changes in our list of Sub-Processors and Affiliates.
Under the terms of our Data Processing Addendum (DPA), if you are a contracting party with PAYA Group, you may reasonably object, in writing, to the processing of your personal data by a new Sub-Processor within 14 days following the update of this page.
If you do not object during the 14 day time period, the appointment of the new Sub-Processor shall be deemed accepted.
For more information on PAYA Group privacy practices, you can view our Privacy Policy here. If you have any questions regarding this page, please contact us.
3. List of Sub-processors
| Name | Data Type | Purpose | Entity Residency |
|---|---|---|---|
| AIBMS | Transaction Data Required To Complete Transaction | Acquirer Solution Provider | EU |
| Amazon Web Services | All Customer Data | Infrastructure Hosting Provider | EU |
| American Express | Transaction Data Required To Complete Transaction | Acquirer Solution Provider | EU |
| ATOS | Transaction Data Required To Complete Transaction | Acquirer Solution Provider | EU |
| Aura Techologies | Transaction Data Required To Complete Transaction | IT Solution Provider | EU |
| ANS | All Customer Data | Infrastructure Hosting Provider | EU |
| Bambora | Transaction Data Required To Complete Transaction | Acquirer Solution Provider | EU |
| Barclays | Transaction Data Required To Complete Transaction | Acquirer Solution Provider | EU |
| BNP | Transaction Data Required To Complete Transaction | Acquirer Solution Provider | EU |
| BT Cardway | Transaction Data Required To Complete Transaction | IT Solution Provider | EU |
| Cardstream | Transaction Data Required To Complete Transaction | Payment Solution Provider | EU |
| Castles | Transaction Data Required For Terminal Management | Terminal Solution Provider | EU |
| CreditCall/NMI | Transaction Data Required To Complete Transaction | Payment Solution Provider | EU |
| Credit Mutual | Transaction Data Required To Complete Transaction | Acquirer Solution Provider | EU |
| E Merchant Pay | Transaction Data Required To Complete Transaction | Acquirer Solution Provider | EU |
| EE | Transaction Data Required To Complete Transaction | Solution Provider | EU |
| Elavon | Transaction Data Required To Complete Transaction | Payment Solution Provider | EU |
| Endeavour | Transaction Data Required To Complete 3D Secure | Payment Solution Provider | EU |
| Finaro/Shift4 | Transaction Data Required To Complete Transaction | Acquirer Solution Provider | EU |
| FiServe | Transaction Data Required To Complete Transaction | Acquirer Solution Provider | EU |
| Freshworks | Data Required To Administer Services | IT Solution Provider | EU |
| Global Payments | Transaction Data Required To Complete Transaction | Acquirer Solution Provider | EU |
| Go Cardless | Transaction Data Required To Complete Transaction | IT Solution Provider | EU |
| Google (Acceptacard) | Data Required To Administer Services | IT Solution Provider | EU |
| Google (Toucan) | Data Required To Administer Services | IT Solution Provider | EU |
| Google Cloud (Toucan) | All Customer Data | Infrastructure Hosting Provider | EU |
| HIPS Payment Group | Transaction Data Required To Complete Transaction | Payment Solution Provider | EU |
| Lyra | Transaction Data Required To Complete Transaction | IT Solution Provider | EU |
| Mastercard | Transaction Data Required To Complete Transaction | Acquirer Solution Provider | EU |
| Microsoft | Data Required To Administer Services | IT Solution Provider | EU |
| Newlands Terminals | Transaction Data Required For Terminal Management | Terminal Solution Provider | EU |
| Optomany | Transaction Data Required To Complete Transaction | Payment Solution Provider | EU & US |
| QuickBooks (Accounts) | Data Required To Administer Services | IT Solution Provider | EU |
| PAX Terminals | Transaction Data Required For Terminal Management | Terminal Solution Provider | EU |
| PAYA ITS | Transaction Data Required To Complete Transaction | Payment Solution Provider | EU |
| Payter | Transaction Data Required For Terminal Management | Terminal Solution Provider | EU |
| Realex | Transaction Data Required To Complete Transaction | Payment Solution Provider | EU |
| Rubean | Transaction Data Required For Terminal Management | Terminal Solution Provider | EU |
| Safe Data Storage | Data Required To Administer Services | IT Solution Provider | EU |
| Secure Retail | Data Required To Administer Services | IT Solution Provider | EU |
| SendGrid | Data Required To Administer Services | IT Solution Provider | EU |
| Service Logistics | Transaction Data Required For Terminal Management | Terminal Solution Provider | EU |
| WorldPay | Transaction Data Required To Complete Transaction | Acquirer Solution Provider | EU |
Version GGDPR-0624-AT
To find out more about generating additional revenue from referrals, co-branding or white labelling, call a member of our Business Development team.