Privacy policy – XPAYE

This Privacy Policy describes how XPAYE collects, uses, processes and protects personal data in the context of its payment orchestration and processing services.

XPAYE applies high standards of data protection in accordance with the requirements of the competent African regulators and applicable international frameworks.

Depending on the nature of the service and the jurisdiction concerned:

• Paiement Pro SA (Côte d'Ivoire) acts as data controller for payment processing and redistribution services in Africa;
• Entities of the Amira Global Technologies group may act as data controller for international operations and card acquisition.

The applicable contracting entity depends on the service used and the merchant's location.

XPAYE may collect and process in particular:

• Identification data (name, company name, legal representative)
• Contact data (email, phone)
• KYC/KYB documents
• Transaction data
• Technical data (IP address, logs, device information)
• Browsing data

XPAYE does not store complete bank card data.

Card payments are processed via certified partners using hosted secure payment pages.

Data is collected in order to:

• Provide payment services
• Execute and secure transactions
• Prevent fraud
• Comply with legal and regulatory obligations
• Improve platform performance and security

Processing is based on:

• Contract performance
• Compliance with legal obligations
• Legitimate interest in securing transactions
• Consent when required

Data may be shared with:

• Acquiring partners and payment service providers
• Financial institutions
• Technical service providers
• Competent authorities when required

Data is never sold to third parties.

Data is hosted in secure infrastructures located in jurisdictions offering a high level of data protection, notably in Europe, with secure replication mechanisms in Africa to ensure operational continuity and service resilience.

Personal data is retained for the period necessary for the performance of services and compliance with applicable legal and regulatory obligations.

Certain data, in particular that relating to customer identification (KYC), financial transactions and accounting or anti-money laundering obligations, may be retained for a period of up to ten (10) years from the end of the contractual relationship, in accordance with applicable regulatory requirements.

Other data is retained for a period proportionate to its purpose.

XPAYE implements appropriate technical and organisational measures to protect data against unauthorised access, loss, alteration or disclosure.

In accordance with applicable data protection regulations in the jurisdictions concerned, data subjects have in particular the following rights:

• Right of access to their personal data
• Right to rectification of inaccurate data
• Right to erasure where legally possible
• Right to object to or limit processing
• Right to data portability where applicable

The exercise of these rights may be limited when the retention of data is necessary to comply with legal or regulatory obligations, in particular in the financial sector or anti-money laundering.

Requests may be sent to:

privacy@xpaye.africa

The use of cookies is described in the Cookie policy accessible on the site.

For any questions regarding data protection:

privacy@xpaye.africa