Privacy Statement PayU Russia

The purpose of this privacy statement is to give you information on how PayU collects and processes your personal information when you use our Website, software applications (“Apps”) and/or payment platforms (“Platforms”).

Privacy and Data Protection Statement of PayU Russia

This Privacy and Data Protection Statement of PayU has been developed to keep you advised of how PayU Russia collects and processes your personal data when you access our websites (hereinafter the “Websites”), use our software applications (hereinafter the “Applications”), payment processing platforms (hereinafter the “Platforms”), or other financial and technological products or services offered by PayU Russia.

 

PayU Russia is a member of a multi-company group operating in the markets of various countries. As used herein, the terms “PayU”, “we” or “our” refer to the PayU business unit responsible for processing your personal data. This Privacy and Data Proteciton Statement applies to the PayU business unit operating in Russia, however, you can go here  to review the Global Privacy and Data Protection Statement of PayU. In case of any differences between this Privacy and Data Protection Statement and the Global Privacy and Data Protection Statement of PayU, the former shall prevail.

 

PayU is owned by Prosus Group, https://www.prosus.com/companies, i.e. Prosus N.V, registered in the trade register of Amsterdam under No. 34099856, and its affiliates.

 

Limited Liability Company Non-Banking Credit Organization “PayU” (www.payu.ru, www.nco-payu.ru), OGRN (primary state registration number) 1137711000052, engaged in the processing of personal data and marketing of PayU products in Russia (hereinbefore and after “PayU Russia”).

1. What is Personal Data and what are the grounds for their processing?

As defined in Federal Personal Data Law No. 152-FZ of July 27, 2006 (hereinafter the “Federal Law”), personal data is any information that directly or indirectly relates to an individual already identified or in the process of being identified (personal data holder). PayU Russia is authorized to collect and process personal data solely by virtue of a respective Personal Data Processing Consent Form and under the applicable law of Russia. For the Personal Data Processing Consent Form, and Terms of Use of the PayU Russia Services please go to https://www.nco-payu.ru/upload/iblock/53d/pravila-polzovaniya-servisami-payu.pdf. A consent to personal data processing shall be sought by PayU Russia from its customers, contractors, business partners or representatives at the time of making a respective contract. For every category of Personal Data that is collectable or processable by PayU Russia, please see the respective Personal Data Processing Consent Form.

 

Please note that whenever our Websites, or Applications feature links to third party websites, plugins, or applications (including cookies, tracking technologies, or widgets of third party advertisers), in clicking on such links or activating such applications you may consent to collection of processing of your data by third parties. PayU Russia has no control over such third party websites, nor can it held liable for processing of your Personal Data by any third parties.

2. How do we get your Personal Data?

  1. Your Personal Data can be provided directly by you.

We can receive your Personal Data from you personally through our Websites, Applications, Platforms or while offering you our products or services. E.g. you can provide us your Personal Data:

 

  • when you give us your contact details so that we can contact you in regard to our services and products;
  • at the time of making a contract with us, or when providing your ID details (whether by email, phone or through other electronic means of personal identification);
  • when you order our products or services directly from us or from our suppliers (e.g. through specific ecommerce platforms or financial institutions) or engage in interaction through bank accounts;
  • when you scan the QR code, following which the system requests you to provide your personal data to make payments on behalf of one of our merchants, or whenever you use one of our own payment products;
  • whenever you are asked to give your contact or payment details on our page to process your order/payment page or through similar channels;
  • whenever you are involved in a contest, promotion, or survey, or request us to send you promotional materials;
  • if you’ve filed a request with our support; or
  • if you are a user of our Websites, Applications, and Platforms. For more details please see our Cookie Policy.

 

  1. Your Personal Data can be provided by third parties or be a part of the public domain.

 

We can obtain Personal Data from third parties or public sources, if permitted to do so by the applicable law, including without limitation provision of such data by:

 

  • merchants, partner payment processors or financial institutions. E.g. a merchant may offer you various products or services payment options (i.e. credit, debit, or hybrid card, wire transfer, e-wallet transfer, mobile banking, loyalty points) and the payment amount gets credited to such merchant’s bank account with the authorized financial institution. In such case, the responsibility for keeping your Personal Data protected shall rest with merchants, partner payment processors, and financial institutions, however we are authorized to collect such Personal Data for the purposes of effecting a payment transaction. For more details on how such third parties process your Personal Data, please review their privacy and personal data protection regulations.
  • from social platforms or media provided that you authorized us to do so. E.g. depending on the social media settings, if you elect to have your social media account linked to a PayU product, we will receive some of the data stored in your social media account (including info in your profile);
  • from financial institutions or anti-fraud agencies to evaluate and analyze the risk of fraud or other risks. E.g., prior to providing you services, products, or funds, we run various checks to prevent fraud or money laundering, as well as check your ID. To complete such checks, we have to collect information about you from:
  • third parties that are our counterparties and do business with us;
  • any sources within the public domain under the applicable Russian law;
  • credit information agencies, credit bureaus or banks under the applicable law;
  • third parties within the PayU Group i.e. Prosus N.V. Group, https://www.prosus.com/, including its affiliates and subsidiaries under the applicable law.

 

If third parties disclosing your Personal Data are located in the Russian Federation, your Personal Data may only be processed and disclosed by such parties solely on the basis of a Personal Data Processing Consent Form. Our recommendation is that you closely review the Personal Data Processing Consent Form to make sure that your Personal Data is duly and properly processed by third parties.

3. What are the legal grounds for Personal Data processing?

PayU Russia processes Personal Data by virtue of Personal Data Processing Consent Forms and in accordance with the applicable Russian law. As is stipulated in the Federal Law, Article 6, Personal Data can be processed in the following cases:

 

1) personal data processing takes place upon the personal data holder’s consent to such processing;

 

2) personal data processing is required to achieve the goals established by an international treaty to which the Russian Federation is a party, or by law, to perform/exercise functions, powers and responsibilities assigned to the operator by the Russian law;

 

3) personal data processing takes place in constitutional, civil, administrative, or criminal or arbitration proceedings;

 

3.1) personal data processing is required to enforce a court ruling, or rulings by other authorities or officials enforceable under the Russian laws that govern enforcement proceedings (hereinafter “enforcement of court rulings”);

 

4) personal data processing is required in the exercise of their powers by federal executive authorities, bodies of state-owned off-budget funds, executive governmental authorities in the Russian subjects, municipal authorities, or functions of entities engaged in the provision of governmental or municipal services, as contemplated in Federal Law No. 210-FZ “On Managing the Provision of Governmental and Municipal Services” of July 27, 2010, including registration of personal data holders on the unified governmental and/or municipal services website and/or regional governmental and/or municipal services websites;

 

5) personal data processing is required in the discharge of a contract, whereto the personal data holder is a party, or under which it is a beneficiary or guarantor, or to make a contract upon the personal data holder’s request or a contract, whereto the personal data holder is to be a party, or under which it is to become a beneficiary or guarantor;

 

6) personal data processing is required to protect the life, health, or other vital interests of the personal data holder, whenever there’s no way of obtaining his/her consent;

 

7) personal data processing is required to exercise the rights or pursue legitimate interests of the operator or third parties in the cases, listed in the Federal Law “On the Protection of Rights and Legitimate Interests of Individuals Whilst Recovering Overdue Debts and Making Amendments to the Federal Law “On Microfinance Activities and Microfinance Entities”, or to accomplish socially desirable goals provided that no rights or freedoms of the personal data holder are being violated;

 

8) personal data processing is required in the professional reporter activities and/or legal mass media activities, or in other creative activities provided that no rights or freedoms of the personal data holder are being violated;

 

9) personal data processing is carried out for statistical or other research purposes, other than for the purposes listed in Article 15 of this Federal Law, provided that such personal data is at all times anonymized;

 

10) the processing involves personal data to which the personal data holder has granted unrestricted access, or takes place upon such holder’s request (hereinafter referred to as personal data made publicly available by the personal data holder);

 

11) the processing involves personal data that has to be published or disclosed under the federal law.

5. Goals behind Personal Data processing

For the goals and cases when PayU Russia processes Personal Data, please see the respective Personal Data Processing Consent Form and the Federal Law. In particular, Personal Data processing may be carried out to:

  • Complete a check, authentication, or authorization of you as a user of our products or services;
  • Make payment transactions;
  • Defend the company’s interests and comply with the applicable law;
  • Deal with you;
  • Share information on our products and services;
  • Conduct research to develop and improve our products or services.

6. Personal Data disclosures

No Personal Data disclosure is permitted, unless otherwise stipulated in a respective Personal Data Processing Consent Form, or provided by the applicable Russian law.

7. Advertising

PayU Russia may only send you promotional content if you have expressly agreed to be provided with such content, and the Federal Advertising Law No.38-FZ of March 13, 2006 does not require otherwise. Any such consent to be provided with promotional content may be revoked at any time.

8. Cookies and similar technology

PayU uses cookies, web beacons and similar techniques (“cookies”) when you access our Websites or Apps.

 

A   cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts.

 

We explain how we use cookies on each of our applicable Websites or Apps and the choices you, as a visitor to each Website or App, have when it comes to our use of cookies here.

 

Did you know? You can always check your cookie preferences by clicking on the blue and white shield in the left hand corner of the bottom of our websites. We display all our cookies in our cookie list that we drop globally on all our websites. Some of these cookies may not be dropped in the country where you are.

 

To check which cookies are dropped on the specific website where you are, click on the lock icon in the top left corner of your browser and click on Cookies. Look for the folder with the subdomain name corresponding to the website you’re visiting (e.g. poland.payu.com). If you are on PayU’s international page, click on the folder corporate.payu.com. As per our Cookie Policy, clicking the payu.com folder will show you all Cookies dropped across the entire payu.com domain.

 

(Please note: The above tip may vary depending on your browser).

 

9. What are the grounds for cross-boundary transmission of Personal Data?

Cross-boundary transmission of Personal Data takes place under the Federal Law, Article 12.  PayU Russia may engage in cross-boundary transmission of Personal Data in the cases listed in a respective Personal Data Processing Consent Form and in the manner prescribed by the Federal Law.

10. Storing of Personal Data

PayU Russia may store your Personal Data for as long as it needs to accomplish the goals listed in a respective Personal Data Processing Consent Form. The Personal Data storage period may be extended, as provided by the applicable law.

11. Rights of the personal data holder

We hereby represent that you can exercise you rights as a personal data holder, as stipulated in the applicable laws, specifically Article 14 of the Federal Law.

12. Competent authority defending the rights of personal data holders

The Federal Service for Supervision in the Sphere of Telecom, Information Technologies and Mass Communications (Roskomnadzor) shall act as a competent authority defending the rights of personal data holders (https://rkn.gov.ru/)

13. Security: how do we provide security and store Personal Data

The security of your personal data is key to PayU. PayU takes legal, technical, and organizational measures to maintain confidentiality and security of your Personal Data, assuming the applicable obligations and reservations, as stipulated in the applicable laws.

Moreover, PayU maintains industry-specific protection standards for payment card data. Each local business unit of PayU undergoes regular certification by the Payment Card Industry (PCI) Data Security Standards Council, thus ensuring the highest level of security certification as regards payment card data protection.

PayU makes regular updates to its Personal Data gathering, storage, and processing policies, incorporating physical security measures designed to avert alteration, loss, unauthorized use of or access to the Personal Data.

14. Individuals under legal age

Whenever PayU Russia has to process the Personal Data of individuals that do not have a full legal capacity, the consent for such processing shall be sought and obtained from their legal guardians.

15. Revision of the Privacy and Data Protection Statement and sharing of information in regard to changes in Personal Data

This Privacy and Data Protection Statement may be revised and amended. The current version of the Privacy and Data Protection Statement is available on the PayU website.

 

Current version date: May 14, 2020, last revised on: 21 December 2020

 

We will keep you advised of any changes to this Statement by publishing it on our website. You can print out or save this Privacy and Personal Data Protection Statement by downloading a copy thereof in your browser.

 

It is essential that all and any Personal Data previously submitted to us, is true and accurate. Please keep us informed of any changes in your Personal Data. 

 

If and when needed, you can find more detailed information on the processing of Personal Data by PayU Russia in the Public Personal Data Processing and Protection Policy of NBCO PayU LLC (https://www.nco-payu.ru/upload/iblock/016/20160701-pp-po-obrabotke-i-zashchite-pdn-klientov.pdf), or contact us at privacy@payu.com.

 

In case of any differences between this Statement and the Public Personal Data Processing and Protection Policy of NBCO PayU LLC, the latter shall control.

This Privacy Statement may change over time. The recent version of this Privacy Statement is published on this Website.

This version was issued  on May 14, 2020 and last changed on December 21, 2020 .

We will notify you of any changes to this Privacy Statement by publishing this on our Website. You can print or store this Privacy Statement by downloading a copy from your browser.

To view PayU Global privacy terms required under applicable law, please click here.

16