POLICY UPDATED ON JANUARY 10, 2019
This policy describes how AtomicPay ("we", "our" or "us") collect, store, use and protect Personal Data. The purpose of this policy is to ensure that AtomicPay complies with applicable Thailand (TH) regulations, and European Union (hereinafter, "EU") data protection laws such as the General Data Protection Regulation (hereinafter, "GDPR"). AtomicPay's Services include merchant processing services, products, and any other features, technologies or functionalities (hereinafter: "Services") offered by AtomicPay. Users accept this Policy by visiting our website and/or by using our Services.
There are three types of data subjects whose personal data we may process:
- Visitors of our website (atomicpay.io);
- Merchants that sign up and use our Services;
- Purchasers who indirectly interact with AtomicPay when paying a merchant's invoice that is hosted by AtomicPay during checkout (refer to Section 2.3 for more details
1. What is "personally identifiable information?"
"Personally Identifiable Information" (hereinafter: "Personal Data") is any information that can be directly associated with a specific person and can be used to identify that person. A prime example of identifiable information is a person's name.
2. What kind of personal data do we collect?
The Personal Data we collect depends on the type of user:
We may collect the following Personal Data from visitors to our website (https://atomicpay.io):
- IP address, device and browser information
- Email address (e.g. when you subscribe to our blog or opt in to receive other marketing materials)
- Phone number (e.g. when you contact our sales team or media team or opt in to our media list)
- Name (e.g. when you submit a support or enquiry request)
When opening an account or requesting KYC verification, we may collect the following types of Personal Data of the beneficial owner or any user that is added to the account:
- Email address
- Nationality (Optional)
- Date of birth (Optional)
- Identification documents (such as a passport) (Optional)
When a purchaser is paying an AtomicPay invoice, we may collect the following Personal Data:
- Email address (Optional)
- IP address, device and browser information
An email address is only captured if the merchant provides an email address of the purchaser during invoice generation. This collection feature enables our system to send email notifications to purchasers upon successful payments or if there is a payment exception (e.g. overpaid, underpaid, paid after an invoice expired etc.). This creates a more seamless payment experience for both the merchant and the purchaser. AtomicPay will never require purchaser's personal details, hence we do not process or store purchaser's sensitive data.
3. Sensitive or special categories of personal data
AtomicPay does not process any sensitive personal information, such as religion, race, ethnicity and/or political views.
4. Why we collect personal information
Our primary purpose for collecting Personal Data is to provide you with a secure, smooth, efficient, and customized experience. We may use your Personal Data to:
- Comply with applicable laws and regulations;
- Provide the AtomicPay Services and customer support you request;
- Process transactions and send notifications about your transactions;
- Resolve disputes, collect fees, and troubleshoot problems;
- Customize, measure, and improve the AtomicPay Services and the content and layout of our website and applications;
- Deliver service update notices, and promotional offers based on your communication preferences
5. How we protect and store personal information
We take security of data very seriously. We use computer safeguards such as firewalls and data encryption, we enforce physical access controls to files, and we authorize access to
Personal Data only for those key employees whom require it to fulfill their job responsibilities.
- IT Security Policy: This policy describes how we store and process your Personal Data on our servers in Thailand and elsewhere around the world where AtomicPay operations are located. It also describes how we protect Personal Data by maintaining physical, electronic and procedural safeguards in compliance with applicable Thailand regulations, and EU data protection laws.
- Incident Response Policy: This policy describes our response to an information security incident.
- Data Breach Policy: This policy specifically describes what steps will be taken by us in case of a data breach. This includes notifying the supervisory authorities and the affected data subjects when required.
- Business Continuity and Disaster Recovery Policy: This policy describes how we recover from a disaster and what steps will be taken to continue or resume routine business operations.
6. Data retention
As part of our policy, we will retain Personal Data that has been obtained as a part of merchant registration and usage of our Services for up to a period of 10 years after an account has been closed or become dormant.
7. How we share personal data with third parties
AtomicPay will never transfer information about you to third parties for the purpose of providing or facilitating third-party advertising to you. We will not sell information about you and your usage of our Services.
We may share your Personal and/or Account Data with third parties in some circumstances, with your consent:
- To a service provider or partner who meets our data protection standards;
- To academic or non-profit researchers, with aggregation, anonymization, or pseudonymization;
We will challenge improper requests for user information disclosure. In the event where we are required by law enforcement to share your personal or account data in response to a legal process, we will provide you with notice so that you may challenge the process (e.g. seeking court intervention or injunction), unless we're prohibited by law or in good faith belief, that the disclosure is necessary to prevent physical harm or financial loss to an individual or an entity.
8. How data subjects can access or change their personal data
Individuals located in the European Union have statutory rights in relation to their Personal Data. Subject to any exemptions provided by law, you may have the right to request
access to Information, as well as to seek to update, delete, correct, or restrict the processing of this Personal Data. If you are located in the European Union and would like
to exercise the right of access, you can make a request via our support email at email@example.com
Merchants can review and edit their information by logging in to their account and reviewing their Personal Data under the Settings tab on the Dashboard. If you wish to delete your account, you can send an email to firstname.lastname@example.org. If you choose to delete your AtomicPay account, we will mark your account in our database as "Closed". We will retain the information on the account in line with the data retention principles as outlined in Section 6.
9.1 What are cookies?
A cookie is a small piece of data that a website asks your browser to store on your computer or mobile device. The cookie allows the website to "remember" your actions or preferences over time. Most browsers support cookies, but you can set your browser to decline them and can delete them whenever you like.
9.2 What type of cookies do we use?
When you access our website, we, or third party services we use to track how our website is used, may place small data files called "cookies" on your computer. We and our service providers
We send a "session cookie" to your computer when you log in to your account or otherwise use the AtomicPay Services. This type of cookie helps us to recognize you if you visit multiple pages on our site during the same session, so that we do not need to ask you for your password on each page. Once you logout or close your browser, this cookie expires and no longer has any effect.
We also use longer-lasting cookies for other purposes such as to display your email address on our login page, so that you don't need to retype the email address each time you login to your account.
We encode our cookies so that only we can interpret the information stored in them. You are free to decline our cookies if your browser permits, but doing so may interfere with your use of our website. We may also collect information about your computer or other access device to mitigate risk and for fraud prevention purposes.
You may encounter cookies from third parties when using the AtomicPay Services on websites that we do not control (for example, if you view a web page created by a third party or use an application developed by a third party, there may be a cookie placed by that web page or application.)
9.3 Managing your cookie settings
You can manage cookies through the settings of your Internet browser. You can have the browser notify you when you receive a new cookie, delete individual cookies or delete all cookies. Please note that, if you choose to delete AtomicPay cookies, your access to some functionalities and areas of our website may be degraded or restricted.
10. Changes to this policy