Valid from January 2024
Handpoint is the entire legal and beneficial owner and/or licensee of certain software products and services and provides a managed payment service related to those products and you (the Customer) are using these services and/or may have applied through Handpoint for a merchant account through Handpoint which will be provided by a licensed acquiring bank within the European Economic Area.
You as the Customer are aware and acknowledge that as part of the sales and application process, and while you are a Handpoint customer using the Service, Handpoint may collect data about you and / or your business, including potential shareholders, directors, and ultimate beneficial owners and other relevant data required under act 140/2018 on anti-money laundering and counter terrorist financing where applicable, and store it securely.
- We need to collect personally identifiable information (PII), and reserve the right to collect location-based information by the use of GPS, to provide the service. We will collect the information we require by lawful and fair means, and you agree to provide us the necessary information required to provide you with the Service. We will manage all information collected in accordance with applicable laws and GDPR (General Data Protection Regulation).
- As the Service includes processing of card payments, Handpoint will also store and process payment card data. As Handpoint is a PCI-DSS certified payment provider, Handpoint will store the data securely in accordance with the PCI standard and only for the minimum amount of time required which is 12-months.
- We will collect and use personal information solely for fulfilling those purposes specified by us and not for other ancillary purposes, such as marketing, unless we obtain your consent or as required by law.
- Personal data will be relevant to the purposes for which it is to be used, and, to the extent necessary for those purposes, should be accurate, complete, and up to date.
You are the controller of the data (Data Controller) and can ask Handpoint as the data processor to erase any data about you or your business at any time by emailing firstname.lastname@example.org, provided it doesn’t prevent Handpoint from providing the Service under this agreement. If deleting your data impacts our ability to provide the service your request may result in termination of the service and license you have been previously granted.
Handpoint will share the data you give with members of acquiring banks-that will underwrite any merchant accounts you apply for through Handpoint (if applicable), and potentially other entities but only if necessary for review, underwriting and acceptance of your application and set up of your merchant account to comply with laws and regulations concerning anti-money laundering and counter terrorist financing measures.
Handpoint is further allowed to give an authorized reseller or software provider that has integrated the Handpoint card readers into its software, and that you are using as your point-of-sale software, access to a Handpoint web portal displaying all transactions made with the Handpoint card readers, to better support you. If you don’t want your software provider or reseller to have access to this data, please contact Handpoint and let us know.
No data about you and your business is sold or shared with any other persons or entities for any other purpose such as general marketing but Handpoint will from time to time use the contact information to contact you for general assistance or to share with you, news about Handpoint. You give your consent to Handpoint reaching out to you from time to time and include you on the Handpoint newsletter list. You will have the option of opting out of such communication from Handpoint in the future.Handpoint commitment
We are committed to ensure that the confidentiality of personal information is protected and maintained so we commit to:
- assisting you in securing all personal data and protect all personal information by using appropriate technical and organizational measures to ensure a level of security appropriate to the risk and to protect the relevant personal data against unauthorized or unlawful processing and against loss or theft, alteration or disclosure, as well as unauthorized access, disclosure, copying, use or modification. These measures will include, but are not limited to, using encryption, maintain resilience of all systems, maintaining ability for recovery in case of a disaster and regularly test and assess the effectiveness of Handpoint security measures.
- only retaining personal information for as long as necessary for the fulfilment of those purposes.
- not to engage any sub-processors, other than specified in this agreement, without your prior written (email will suffice) confirmation. Where a sub-processor (including any Approved Sub-Processor and whether approved by the Customer or not) fails to fulfil its obligations under this agreement or under Data Protection Law, Handpoint shall remain fully liable to the Customer for the performance of the sub-processor’s obligations and shall be fully liable for the acts or omissions of the sub-processor.
- keep all data collected as part of providing the Service, highly confidential and only provide access internally on a “need-to-know” basis.
- not to process the data in any way other than to provide the Service or based on written (electronic message will suffice) instructions from you.
- notify you promptly (and in any event within 24 hours) if Handpoint discovers any actual or suspected personal data breach involving any Relevant Personal Data or if Handpoint receives any complaint, request for Relevant Personal Data or any other communications relating directly or indirectly to the processing of any Relevant Personal Data in connection with this agreement. Where Handpoint receives a complaint, request or communication relating to the processing of Relevant Personal Data, it will respond to that request only on the documented instructions of Customer or as required by applicable laws, in which case Handpoint shall to the extent permitted by applicable laws inform Customer of that legal requirement before responding to the request.
- not transfer any Relevant Personal Data to any third country outside the European Economic Area (“EEA”), the UK or international organization, unless authorized in writing by the Customer and then subject to any reasonable conditions that may be imposed by the Customer. The Customer acknowledges that Handpoint will be storing its data in the AWS cloud in United States but that no processing of personal data shall be taking place and the Customer approves such storage of data under that paragraph outside the EEA. To the extent that AWS processes any personal data (as contemplated by the Data Protection Laws) following the date of this agreement, any transfer of data for such processing remains subject to these provisions.
- providing the Customer with any Relevant Personal Data it holds in relation to a data subject within the timescales required by the Customer.
- work with you after this contract terminates and at your, as the Data Controller, choice either delete or return all personal data Handpoint has been processing for you.
- make readily available to customers information about our policies and practices relating to the management of personal information.
All questions regarding these terms and conditions of service, your account and personal information shall be sent to email@example.com.