2C2P
The Company agrees and undertakes that any collection, use or disclosure of personal data (as defined in the Personal Data Protection Act B.E. 2562 (“PDPA”)) shall be strictly for the performance of the Company’s obligations under this Agreement and in compliance with PDPA and any other relevant legislations. The Company shall employ administrative, physical, and technical safeguards to ensure that personal data is afforded protection and shall as soon as practicable notify the Applicant of any confirmed breaches of security that may result in the unauthorized collection, access, use or disclosure of personal data.
Apple Pay
If you choose the ‘Apple Pay’ payment method from Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland (hereinafter referred to as ‘Apple‘) payment will be processed via the ‘Apple Pay’ function of your iOS, watchOS or macOS-powered device by charging a payment card on file with ‘Apple Pay’. Apple Pay uses security features built into the hardware and software of your device to protect your transactions. To authorise a payment, you must enter a code that you have previously defined and verify it using the ‘Face ID’ or ‘Touch ID’ function of your device.
For the purpose of payment processing, the information you provide during the ordering process, along with information about your order, is passed on to Apple in encrypted form. Apple then re-encrypts this data with a developer-specific key before the data is transmitted to the payment service provider of the payment card stored in Apple Pay to process the payment. The encryption ensures that only the website through which the purchase was made can access the payment data. After the payment has been made, Apple sends your device account number and a transaction-specific dynamic security code to the originating website to confirm that the payment has been successful.
If personal data is processed during the transfers described, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 (1) lit. b GDPR.
Apple stores anonymised transaction data, including the approximate purchase amount, the approximate date and time, and whether the transaction was successfully completed. Anonymisation completely rules out any personal reference. Apple uses the anonymised data to improve Apple Pay and other Apple products and services.
If you use Apple Pay on your iPhone or Apple Watch to complete a purchase you have made via Safari on your Mac, the Mac and the authorisation device communicate via an encrypted channel on the Apple servers. Apple does not process or store any of this information in a format that can be used to identify you. You can disable the ability to use Apple Pay on your Mac in your iPhone settings. Go to ‘Wallet & Apple Pay’ and disable ‘Allow payments on Mac’.
For more information about Apple Pay's privacy practices, please see the web address below: https://support.apple.com/us-en/HT203027
Google Pay
If you choose the ‘Google Pay’ payment method from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter referred to as ‘Google’), payment will be processed via the ‘Google Pay’ application on your mobile device that is operated with at least Android 4.4 (‘KitKat’) and has an NFC function by debiting a payment card stored with Google Pay or a payment system verified there (e.g. PayPal). To authorise a payment via Google Pay in excess of €25, your mobile device must first be unlocked using the verification measure set up for this purpose (e.g. facial recognition, password, fingerprint or pattern).
For the purpose of payment processing, the information you provide during the ordering process, along with information about your order, will be passed on to Google. Google then transmits the payment information stored in Google Pay in the form of a uniquely assigned transaction number to the originating website, which is used to verify that payment has been made. This transaction number does not contain any information about the real payment data of your means of payment stored with Google Pay, but is created and transmitted as a one-time valid numeric token. For all transactions via Google Pay, Google only acts as an agent to process the payment process. The transaction is carried out exclusively in the relationship between the user and the initial website by debiting the means of payment stored with Google Pay.
If personal data is processed in the course of the transfers described, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 (1) lit. b GDPR.
Google reserves the right to collect, store and evaluate certain transaction-specific information for each transaction carried out via Google Pay. This includes the date, time and amount of the transaction, merchant location and description, a description of the purchased goods or services provided by the merchant, photos you have attached to the transaction, the name and email address of the seller and buyer or sender and recipient, the payment method used, your description of the reason for the transaction and, if applicable, the offer associated with the transaction.
According to Google, this processing is carried out exclusively in accordance with Art. 6 (1) lit. f GDPR, on the basis of a legitimate interest in proper accounting, verification of transaction data and optimisation and maintenance of the functionality of the Google Pay service.
Google also reserves the right to combine the processed transaction data with other information that is collected and stored by Google when using other Google services.
The Google Pay terms of use can be found here:
https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=en
Further information on data protection at Google Pay can be found at the following Internet address:
https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en
Paypal
When you pay via PayPal, credit card via PayPal, direct debit via PayPal or – if offered – ‘purchase on account’ or ‘payment by instalments’ via PayPal, we will forward your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as ‘PayPal’) for payment processing. The transfer is carried out in accordance with Art. 6 (1) lit. b GDPR, and only insofar as it is necessary for payment processing.
PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or – if offered – ‘purchase on account’ or ‘payment by instalments’ via PayPal. For this purpose, your payment data may be passed on to credit reference agencies in accordance with Art. 6 (1) lit. f GDPR, on the basis of PayPal's legitimate interest in determining your solvency. PayPal uses the result of the credit check in relation to the statistical probability of non-payment for the purpose of deciding whether to provide the respective payment method. The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit check, they are based on a scientifically recognised mathematical-statistical procedure. Among other things, but not exclusively, address data is included in the calculation of the score values. For further information on data protection, including information on the credit reference agencies used, please refer to PayPal's data protection declaration: https://www.paypal.com/us/legalhub/paypal/privacy-full
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the contractual processing of payments.
Adyen
Other Payments are processed by the payment service provider Adyen N.V., Simon Carmiggeltstraat 6-50, 1011 DJ Amsterdam, Netherlands (hereinafter referred to as ‘Adyen’). We have concluded an agreement with Adyen for order processing in accordance with Article 28 GDPR.
We transmit your IP address to Adyen for the purposes of fraud prevention and detection. All data is transmitted in encrypted form. Adyen collects and stores the data and only passes it on to the companies involved in the payment process. We do not collect or store payment data.
When you select the ‘credit card’ payment method, personal data is automatically transmitted to Adyen. By selecting this payment option, you consent to the transfer of personal data to our payment service provider that is necessary for payment processing and for identity and credit checks.
The personal data transmitted to Adyen is usually the card type (Mastercard or VISA), the name of the cardholder, the card number, the check digit and the expiry date.
The ‘3-D Secure’ procedure is used for credit card payments to confirm the identity of the buyer using two-factor authentication.
You have the option to revoke your consent to the handling of personal data at any time with effect for the future.
Information on data protection at Adyen can be found at https://www.adyen.help/hc/en-us/categories/360002679940-Adyen-on-my-bank-statement
Adyen may use affiliated companies and authorized third-party subprocessors to provide these services. These subprocessors process personal data only on Adyen's behalf and under appropriate contractual and technical safeguards. Information about updates to Adyen's subprocessor list is available on Adyen's website: https://help.adyen.com/en_US/updates/adyen-sub-processor-update
Mollie
When you pay via Mollie we will forward you to mollie B.V., Keizersgracht 121, 1015 CJ Amsterdam, the Netherlands (hereinafter referred to as ‘Mollie’) as our payment service provider for the processing of payments, regardless of which payment method you use. The payment data you enter is recorded and stored by mollie B.V. in accordance with Art. 6 (1) lit.b GDPR and is only passed on to the companies involved in the payment process. As a company based in the EU, mollie is subject to the provisions of the European General Data Protection Regulation (GDPR). For more information about data protection by mollie, please refer to the Mollie privacy policy: https://www.mollie.com/de/privacy.
You can object to the processing of your data at any time by sending a message to mollie. However, mollie may still be entitled to process your personal data if this is necessary for the contractual processing of payments. A revocation has no effect on the effectiveness of data processing operations in the past.
CartDNA
We use CartDNA (Nabeyond Ltd) to provide the technical integration between our Shopify store and our selected payment service provider(s).
CartDNA acts as a Data Processor on our behalf where applicable and processes personal data solely for the purpose of providing payment integration services, routing payment requests, maintaining transaction logs, providing reconciliation and technical support, and ensuring the secure operation of the integration.
CartDNA does not collect, access, process, or store sensitive payment card information, including card numbers, CVV/CVC security codes, expiry dates, or full payment authentication data. All sensitive payment information is processed directly by our selected payment service provider within secure, PCI DSS-certified payment environments.
CartDNA may process limited information necessary to operate the integration, such as transaction identifiers, order reference numbers, customer billing country, payment status information, merchant account details, and limited transaction metadata. This information is processed only for the purposes of providing the payment integration service and in accordance with applicable data protection laws, including the UK GDPR and, where applicable, the EU GDPR.
For additional information, please refer CartDNA public documentation:
Privacy Policy: https://cartdna.com/en/legal/privacy-policy
Security & Compliance: https://cartdna.com/en/product/security-and-compliance
Legal & Compliance Hub: https://cartdna.com/en/legal