Privacy Policy

Privacy Policy

of Payyo AG (as a Processor)

1. Data Processing Role and Contact Information

1.1 Data Processor Information

Payyo AG acts as a data processor within the meaning of Art. 4(8) of the General Data Protection Regulation (GDPR), processing personal data on behalf of and under the instructions of its merchants (the data controllers). 

Payyo AG
Hauptstraße 15,
3800 Matten b. Interlaken, Switzerland
Email: support@payyo.ch
Telephone: +41315391958

1.2 The Data Protection Officer 

The Data Protection Officer can be contacted at the above address or via email at support@payyo.ch.

Payyo AG processes personal data solely as instructed by its merchants (data controllers) and for the following purposes:

  • Payment Processing: Executing transactions on behalf of merchants (Art. 6(1)(b) GDPR – contract performance).
  • Know Your Customer (KYC) Compliance: Assisting merchants in verifying identities and meeting financial regulations (Art. 6(1)(c) GDPR – legal obligation).
  • Fraud Prevention and Security: Identifying and mitigating fraud risks as per controller instructions (Art. 6(1)(f) GDPR – legitimate interest).
  • Regulatory Compliance: Supporting compliance with anti-money laundering (AML) and financial laws (Art. 6(1)(c) GDPR).
  • Customer Support: Handling transaction-related inquiries on behalf of merchants (Art. 6(1)(b) GDPR).

As a processor, Payyo AG does not determine the purposes or legal bases for processing personal data—this responsibility lies with the merchant (the data controller).

3. Data Collection and Retention

Payyo AG processes the following categories of personal data strictly as required by the merchant:

  • Merchant Information: Business details, contact information, financial and banking data, identity verification documents.
  • Transaction Data: Payment details (date, amount, method, merchant ID, and customer details where required).
  • Compliance and Security Data: KYC documents, IP addresses, fraud detection information, and technical identifiers.

Data retention periods are determined by the merchant (controller). Payyo AG retains personal data only as long as instructed, subject to legal and regulatory obligations.

4. Data Sharing and International Transfers

Payyo AG only shares personal data as instructed by the merchant, which may include:

  • Regulatory and Financial Institutions: To fulfill legal compliance obligations.
  • Third-Party Service Providers: Such as payment gateways, fraud detection services, and identity verification partners.
  • Affiliated Companies: Payyo AG is owned by TrekkSoft AG, and data may be shared for operational purposes where authorized by the merchant.
  • Authorities: When required by law, upon instruction from the merchant or based on legal obligations applicable to processors.

For transfers outside the European Economic Area (EEA), Payyo AG implements appropriate safeguards, such as EU Standard Contractual Clauses, where instructed by the controller.

5. Data Subject Rights

As a processor, Payyo AG does not respond directly to direct data subject requests. Instead, we act on behalf of the merchant (the data controller), who is responsible for handling such requests in accordance with the General Data Protection Regulation (GDPR).

This includes rights relating to:

  • Access (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction of Processing (Art. 18 GDPR)
  • Data Portability (Art. 20 GDPR)
  • Objection to Processing (Art. 21 GDPR)
  • Withdrawal of Consent

If you wish to exercise any of these rights, please contact the relevant merchant directly. Payyo AG will support the merchant in responding to and fulfilling valid data subject requests. 

6. Security Measures

Payyo AG follows industry best practices to ensure data security, including:

  • PCI DSS compliance for secure payment processing.
  • Encryption of data during transmission and storage.
  • Access controls and authentication mechanisms.
  • Regular security assessments and monitoring.

7. Cookies and Tracking Technologies

Payyo AG may use cookies or tracking technologies on its website for technical purposes. However, when processing data on behalf of merchants, the use of such technologies is determined by the merchant’s privacy policy.

8. Updates to this Privacy Policy

This Privacy Policy may be updated periodically to reflect regulatory or operational changes. The latest version will always be available on our website. Any processing changes affecting merchants will be communicated in advance.

9. Third-Party Services

Insurance Services During Checkout

When customer choose to purchase optional insurance products at checkout(e.g. Refund protection), Payyo AG acts as a data controller for the processing of personal data required to facilitate the insurance offering. This includes sharing personal and transaction details. Such as name, email and booking reference) with our insurance partner CoverGenius, in order to issue the policy and manage claims. 

The processing is based on Art. 6(1)(b)GDPR (contract performance) and ART. 6(1)(f) GDPR (legitimate interest in enabling a seamless user experience and protecting customer bookings). For more information on how the insurance provider handles your data, please refer to their Privacy Policy.

10. Contact Information

For any inquiries regarding data processing, please contact:

Payyo AG
Hauptstraße 15,
3800 Matten b. Interlaken, Switzerland
Email: support@payyo.ch
Telephone: +41315391958

Is Payyo a fit for your business?

Get in touch now to talk to our team.

Close Bitnami banner
Bitnami