PRIVACY NOTICE

Last updated: 18.12.2024

1. Introduction

Read this privacy notice (“Privacy Notice”) carefully to understand our policies and practices regarding the collection, use and disclosure of Your Personal Information when You use the Website and what are Your rights.

This Privacy Notice (together with any terms of use applying to any specific service(s) that We may provide to You) applies to Us and our Affiliates: (i) upon You use the Website and (if applicable) its portal features and services provided by Us and/or our Affiliates to You when You visit our Website, and/or other of Our, or Our Affiliates’, systems; (ii) in our electronic and other type of communication between You and Us; (iii) upon requesting (applying) to use any of our services; (iv) when You use any software and/or hardware as may be provided to You by Us and/or our Affiliates from time to time, together all of these shall be referred to in this Privacy Notice as Orchestr Services.

2. Definitions

For the purposes of this Privacy Notice:

  • “Affiliate” means any entity that directly or indirectly, or through one or more intermediaries, Owns or Controls, is owned or Controlled by, or is under common Ownership or common Control with, such specific entity;
  • “Control” means the power to direct the management of affair of an entity either through minority rights or otherwise, and “Own” and “Ownership” means the beneficial ownership of 50% or more of the voting equity securities of the entity;
  • “Controller”, in respect of personal information, has the meaning given to it in the GDPR.
  • “Cookies” are small files that are placed on Your computer, mobile device or any other device containing the details of Your browsing history when You access and use our Website.
  • “EEA includes all current member states to the European Union and the European Economic Area.
  • “GDPR” means the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal information and on the free movement of such data.
  • “Orchestr” (referred to as well as “We”, “Us” or “Our” in this Agreement) means Payment Scope Limited, Registration Number: 207488230, registered at 22 Bigla Street, Sofia, Bulgaria, 1407
  • “Process”, in respect of personal information, has the meaning given to it in the GDPR.
  • “Processor” means a processor or a data processor (as such term is defined in the GDPR.
  • “Personal Information” is any information (as such term is defined in the GDPR) that relates to an identified or identifiable individual, such as a name, email, a telephone number, IP address, etc.
  • “Service Provider” means any natural or legal person who Processes information, including Personal Information, on behalf of Orchestr.
  • “Usage Data refers to data collected automatically, either generated by the use of the Website or from the Website infrastructure itself (for example, the duration of a page visit).
  • “Website” means https://orchestr.com/
  • “You” means the individual accessing or using the Website, or the company, or other legal entity on behalf of which such individual is accessing or using the Website, as applicable.

3. What Information We May Collect

We may collect and Process personal and non-personal information relating to You. Personal information is information that can be used to uniquely identify a single person, either directly or indirectly. Non-personal information is information that does not individualize a specific individual directly or indirectly. We may also anonymise any personal information to make it non-personal. We may collect, create, store, use, and/or disclose any non-personal information for reasonable business purposes. 

3.1 Personal Information provided by You via the Website

When accessing and using Our Website, We may ask You to provide Us with certain Personal Information for communication and identification purposes. Such Personal Information may include, but it is not limited to:

  • Your name(s), including first name and family name, data of birth, age, age billing address, username, password, and/or photograph, biometric information, address, occupation, nationality, and country of residence, a copy of your identification, such as Your driver’s license or passport, social security and/or other government identification information;
  • Information about Your use of the Orchestr Services;
  • Your e-mail address(es);
  • Your company’s website;
  • Other information You give us when using Our Website and information that You or Your customers provide or is generated in the context of using the Orchestr Services. 

3.2 Information that You Give Us

We receive and store any Personal Information (including financial information) You provide to us including when You (or Your business) ask for the Orchestr Services; register to use and/or use any Orchestr Services; upload and/or store information with us when using the Orchestr Services; and when you communicate with us by any means.

3.3 Usage Data

Usage Data may include information such as Your IP address, browser type, browser version, the pages of Our Website that You visit, the time and date of Your visit(s), the time spent on the Website, unique device identifiers, and other diagnostic data.

3.4 Cookies

We use Cookies to track the activity on Our Website and store certain information.

4. What We Use Your Personal Information For

4.1 When You Contact Us

When You contact Us via the Website, and/or email, and/or phone regarding questions about Your business needs, Your use of the Orchestr Services, comments, and/ or complaints. When You do so, We will collect the information that You provide Us with, including Your name(s), email address(s), your company’s details and website and the information that you have provided in your message to Us. We use this data for our legitimate interest of conducting business with You or to establish our future contract with You.

4.2 To Improve and Develop Our Business

To improve and develop Our business, including without limitation to optimise Our Website, the Orchestr Services and other products, for marketing purposes, and/or to develop new services and products. This may include using information that You provide in forms (including application forms) and other questionnaires. We may use this information (for example, Your business card) to follow-up with You regarding Our Website and Your questions. We rely upon Our legitimate interest of conducting business with You to Process such Personal Information.

4.3 Information We Collect Automatically

When You access and use Our Website, We may collect information automatically, including the Usage Data, Cookies, and others.

We collect such information on legitimate interest to improve and to maintain Our Website, including for data analysis, troubleshooting, statistical, and for survey purposes.

You can restrict Cookies on your browser, but please note that if You do not accept Cookies, You may not be able to partially or entirely use our Website.

For more information, please visit our Cookies Notice.

4.4 Information We Collect as a Gateway Provider

We may Process certain information, including Personal Information, referencing or relating to You or Your customers which may include, but not limited to, Your customers’ card primary account number, card expiry date, CVC/CVV details (card security code), account numbers, such as transaction data and other necessary to process payments.

Please note that it is Your primary responsibility as a Controller for the processing of Your customers’ Personal Information, including:

  • protect the Personal Information in accordance with applicable data protection regulations;
  • provide Your customers with the necessary information regarding the processing of their Personal Information and sharing it with Orchestr for the use of the Orchestr Services; and
  • ensuring that Your customers exercise their rights under the applicable data protection laws.

To the extent that We are acting as your data processor, We will process Your customers’ Personal Information in accordance with the terms of our agreement with You and Your lawful instructions.

5. Sharing Your Personal Information

5.1 We May Share Personal Information with Service Providers.

Where necessary, we may share Your Personal Information with Service Providers to monitor and analyse the use of our Website, the Orchestr Services, to store the Personal Information, to provide customer support services including marketing activities and others.

Where We share Your Personal Information with Service Provider we will conclude agreements to ensure Your Personal Information is protected.

5.2 During Merger, Acquisition, Reorganization, Assignment, Transfer, Change of Control, or Asset Sale.

Where Orchestr participates in a merger, acquisition, reorganization, assignment, transfer, change of control, or asset sale, Your Personal Information may be shared with third parties in connection with such transaction. We will provide notice before Your Personal Information is transferred and becomes subject to a different Privacy Notice.

5.3 With Business partners.

We may share Your information with Our business partners to offer You certain products, services, or promotions.

5.4 In Accordance with Applicable Laws or as Instructed by Regulators and Other Authorities.

We may be required to disclose information regarding You, including Personal Information, if we are required to do so by law or in response to valid requests by public authorities, including but not limited to, competent courts, government agency, regulators and others that have a mandate over Orchestr.

5.5 Other Legal Reasons.

We do not disclose information which could identify You personally, to anyone except as described in this Privacy Notice, as permitted, or required by law, and/or for the purposes described in this Privacy Notice, including:

  • With Affiliates which are bound by this Privacy Notice.
  • To recipients/senders of a payment in the context of the specific relevant transaction.
  • Fraud prevention agencies, including Action Fraud, Financial Fraud Action and the Financial Fraud Bureau and other organisations who assist us in managing fraud and business risk.
  • Where we provide services through third parties such as acquirers, banks, and other organisations, we may be required to disclose your information (including any ‘know your customer’ and ‘source of wealth’ information) with such organisations to assist their own regulatory obligations or risk assessments.
  • Third Party Service Providers, including suppliers who assist us with the provision of the Orchestr Services, including processing orders, fulfilling orders, processing payments, managing credit, security, sector and fraud risk, identity verification, and marketing, market research and survey activities carried out on behalf of Orchestr. Occasionally, we may utilise the services of third-party providers to assist with the provision of services that might require the use of Your Personal Information, including for the purposes of live data testing and to which suitable security arrangements will be implemented.
  • To third parties who do not act under our instructions as a service provider (but will be subject to their own legal obligations to keep data secure), to facilitate provision of the Orchestr Services. For example, banks, acquirers, and other financial institutions.
  • To prevent and/or detect fraud, financial crime, manage risk and to better protect ourselves and our customers; and
  • With Your permission, Your information, including Personal Information, may also be used for other purposes for which You give Your specific permission.

Except as necessary for the performance of Our services and as described herein, Orchestr does not sell, rent, share or otherwise disclose Personal Information about its customers to third parties for their own third-party marketing use without meeting any necessary legal obligations (e.g., consent, opt-out, or as otherwise permitted by law).

6. Personal Data Retention Period

We will retain Your Personal Information for as long as needed or permitted dependant on the context and purpose for which it was collected, the type of information, and in compliance with applicable local laws or regulations.

This means that when using the Website and the Orchestr Services, we will retain Your Personal Information as necessary for the provision of the services and for any linked legitimate business purpose. This includes the use and retention of Your Personal Information when You commence an application for the Orchestr Services, irrespective of whether You complete such application or are accepted as a customer.

We will also retain Personal Information as evidence of our dealings with You regardless of whether there were any financial transactions, for audit and compliance purposes, to manage any queries or disputes, including to defend or initiate any legal claims. We can also continue marketing and sending You direct marketing, subject to local laws and where You have not objected to such marketing.

We may also use data minimisation techniques to better protect Your information, known as pseudonymisation. Once Your information is no longer needed, We may anonymise or aggregate it with other information to make it unidentifiable, as an alternative to deletion.

7. Transfer of Personal Information to third countries

We will take all steps reasonably necessary to ensure that Your Personal Information is treated securely and in accordance with this Privacy Notice and no transfer of Your Personal Information will take place to an organization or a country unless there are adequate controls in place including the security of Your Personal Information and other information.

Your Personal Information may be shared with other companies outside of the EEA, when this is necessary for the purposes of providing Our Website and/or the Orchestr Services. It may include the countries in which some of Our Affiliates and/or Service Providers are located. In case of such transfer we comply with applicable laws to provide an adequate level of data protection for the transfer of your Personal Information to third countries. We rely on Standard Contractual Clauses as approved by the European Commission in order to offer sufficient safeguards on data protection for the data to be transferred internationally.

8. Security of Your Personal Information

We have implemented technical, physical, and organisational/administrative measures designed to secure your personal information from accidental loss and from unauthorised access, use, alteration and disclosure. These measures include: PCI DSS, SSL Secure, GDPR Compliant.

9. Your rights

You may have the following rights with regard to Your Personal Information:

  • to obtain confirmation as to whether or not We process Your Personal Information, and, where that is the case, the information about such processing;
  • to request rectification of inaccurate Personal Information;
  • to request erasure of Your Personal Information in certain circumstances provided by law;
  • to restrict the processing, for example when the processing is unlawful;
  • to object to processing of Your Personal Information which is based on a legitimate interest;
  • to receive Your Personal Information We process in a structured, commonly used and machine-readable format and to transmit those data to another controller;
  • to withdraw any consent that was given at any time.

If You wish to exercise any of the rights set out above, please contact Us by email: [email protected]. You also have the right to file a complaint with a supervisory authority of the country You reside.

10. California residents

10.1 Information on Our privacy practices.

You may find in this Privacy Notice and in Our Cookies Notice the information on Our privacy practices and access information as required by the California Consumer Privacy Act (“CCPA”), in particular the information about:

  • the categories of Personal Information to be collected;
  • the purposes for which the categories of Personal Information shall be used;
  • the categories of sources from which the Personal Information are being collected;
  • the categories of third parties with whom We may share Personal Information.

10.2 Access to Your Personal Information.

We may also provide You with specific pieces of Personal Information We have collected about You but no more than twice in a year. To obtain this information from Us, please send an email to  [email protected] which includes “Request for California Privacy Information” on the subject line and Your state of residence and email address in the body of your message. If You are a California resident, We will provide the requested information to You at Your email address in response.

10.3 We do not sell Your Personal Information.

10.4 Your right to deletion.

You can request that We delete any Personal Information about You which We have collected from You, except for the cases explicitly provided for by the CCPA (e.g., when We need such data to detect security incidents, protect against illegal activity, comply with a legal obligation, etc).

10.5 Non-discrimination.

The Company does not discriminate against You in case You exercise any of the consumer’s rights under this Privacy Notice and/or the CCPA in any way.

If you wish to exercise any of the rights set out above, please contact Us by email: [email protected]

11. Links to Third-Party Websites

Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers, and affiliates. If you follow such a link, please note that these websites have their own privacy and cookies policies and Paysafe does not accept any responsibility or liability for these third-party websites.

12. Changes to this Privacy Notice

We may, from time to time, change our Privacy Notice. If we make material changes to how we treat Your information, we will notify You through a notice on this website/portal. The date the Privacy Notice was last modified is stated on this notice. Please ensure You periodically visit Our Website and this Privacy Notice to check for any changes. However, if We are required by law to give You advance notice of any changes to this Privacy Notice and/or seek Your consent to changes in our uses of Your Personal Information, then we will do so.

13. Contact Us

If you have any comments or questions about this Privacy Notice or our data protection practices, You can contact us by email: [email protected]

Add a link to the cookies notice

We need to list what security measures you’ve implemented, e.g. PCI DSS, etc.