At Paymentology, we value your privacy and are transparent about your Personal Data we process when interacting with you. This Privacy Notice explains how Paymentology (“we”, “us”, “our”) collects, uses, and protects Personal Data when you visit The Issuer Academy website (the “website”).

As a global company, we are committed to managing and processing your Personal Data in compliance with all applicable laws, including, but not limited to, the General Data Protection Regulation (“GDPR”). This includes ensuring the lawful, fair and transparent processing of your Personal Data for specified and legitimate purposes while respecting your right to privacy. We process Personal Data for numerous reasons and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each may differ depending on the reason for processing. We are committed to ensuring that Personal Data is processed lawfully, fairly, and transparently in accordance with applicable data protection laws.

Should we ask you to provide certain Personal Data when using this website (The Issuer Academy website) (the “website”) it will only be used per this Privacy Notice. By visiting our website, getting in touch with us or using the resources made available through it you are accepting and consenting to the practices described in this Privacy Notice. Please refer to our Cookie Policy which explains the use of cookies on our website.

This Privacy Notice describes:

1. Why We Collect and Process Personal Data
2. Who’s Your Data Controller
3. Personal Data We Process
4. Lawful Processing of Personal Data
5. Consequences of Your Refusal to Provide Personal Data
6. Persons who will Access your Personal Data
7. Transfers to Third Countries
8. Protection and Retention of your Personal Data
9. Marketing Activities
10. Receipt of Your Information from a Third-Party
11. Laws Authorizing or Requiring the Collection of Personal Data
12. Automated Decision Making
13. Your Rights
14. Data Protection Officer
15. Personal Data Regulators
16. Changes to this Privacy Notice
17. Third-Party Website Links
18. Definitions
19. Enquiries, Requests, Complaints and/ or Concerns

1. Why We Collect and Process Personal Data

In operating our website and making content and resources available through it, we collect and process Personal Data for several reasons, including to:

• respond to your enquiries and communications;
• provide you with requested information, content or resources;
• manage registrations or submissions made through the website;
• maintain and improve website functionality, performance and security;
• understand how visitors use the website; and
• send communications where you have consented or where otherwise permitted by law.

We may collect and process Personal Data when you interact with the website, submit information through forms, contact us, or otherwise engage with content made available through the website.

2. Who’s Your Data Controller

Paymentology is the “Data Controller” of your personal information that is processed in connection with this Privacy Notice, unless otherwise specified. Paymentology encompasses a range of companies that provide payment solutions and related services to individuals and legal entities. The Paymentology entity responsible for your Personal Data may depend on your location and the nature of your interaction with us through the website.

3. Personal Data We Process

The Personal Data we collect and/or process may differ depending on our purpose of collecting and processing your Personal Data. We may collect and/or process your Personal Data subject to the purpose above, which may include, but is not limited to:

PERSONAL DATA:

• Full name
• Contact details, including telephone numbers, email addresses, physical addresses, postal addresses etc.
• Company name and job title, where provided
• Country or region, where provided
• Video and voice recordings
• Company details

SPECIAL PERSONAL DATA:

We do not generally collect and/or process special Personal Data through this website. If we do collect and/or process special Personal Data then it will only be for a specific purpose and with consent.

We ask that you do not provide Special Personal Data to us through the website. If you choose to provide Special Personal Data to us for any reason, the act of doing so constitutes your explicit consent for us to collect and use that information in the ways described in this Privacy Notice or as described at the point where you choose to disclose this information.

We collect and/or Process Personal Data that you provide directly to us through our services and it will be apparent from the context in which you provide the information, which Personal Data we are collecting:

WHEN YOU CONTACT US:

1. Through this website:

We process:

• your name,
• contact details, and
• any other information you provide us with.

Where relevant, we may also process:

• company name;
• country;
• login or registration details you submit through the website; and
• any preferences or interests you choose to share with us.

1. Telephonically or over electronic platforms such as e-mail, instant messenger or video call:

We Process the information you choose to provide us with, for example:

• your name, and
• contact information, and
• any other information you choose to include in your communication.

We also process Personal Data automatically on our website and through cookies and other technologies. These technologies record information about you, including:

• Location, browser and device data, such as IP Address, device type, operating system and Internet browser type, operating system name and version, device manufacturer and model, language, plug-ins, and add-ons.
• Usage data, such as time spent on the website, pages visited, links clicked, the pages that led or referred you to our website, and methods used to browse away from our website.
• Website interaction data relating to registrations, downloads, content engagement, and similar activity on the website.

4. Lawful Processing of Personal Data

We only process your Personal Data, if such processing is necessary to carry out actions for the conclusion or performance of a contract to which you are a party, or such processing is needed to provide you with a better service, and in particular for the following reasons:

• Internal record keeping.
• To notify you about changes to our service.
• To ensure that the content from our website is presented most effectively for you and your computer.
• To administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
• As part of our efforts to keep our website safe and secure.
• To improve our products and services.
• If you have linked an email account to the website.
• To periodically update the above information to enable us to provide the best possible service.
• When you get in touch with us with a question, complaint, comment or feedback.
• Processing is required to fulfil a legal obligation such as providing information to regulators, professional bodies, supervisory authorities, statutory bodies, law enforcement.
• Processing protects your legitimate interest.
• Processing is necessary for pursuing our or a third-party’s legitimate request.
• Processing was agreed to by you in the form of consent.

Where allowed under relevant national laws regulating the processing of Personal Data, as a business we process Personal Data about you. When we do so, we balance our legitimate interests against the interests and rights of the individuals whose Personal Data we process. The following list sets out the business purposes that we have identified as legitimate:

• Responding to enquiries and providing support in relation to the website and its content;
• Operating, maintaining and improving the website and related systems;
• Understanding website usage and engagement;
• Ensuring network and information security throughout Paymentology;
• Managing communications and relationships with website users.

Where applicable, we rely on consent and legitimate interests as our primary lawful bases for processing Personal Data through the website.

5. Consequences of Your Refusal to Provide Personal Data

It could hinder our ability to perform our duties and responsibilities if you refuse to provide or allow us to collect your Personal Data, where our purpose for such collection is based on a contractual requirement, legal obligation and/or our legitimate interest. In particular, we may be unable to respond to your enquiry, provide requested content, or enable certain website features.

Here is a clean, consolidated, GDPR-aligned rewrite, grouped into two clear chapters with reduced redundancy and improved legal precision:

6. Sharing of Personal Data with Third Parties

We may share your personal data with authorized persons and trusted third parties where necessary for the purposes described in this Privacy Notice.

This may include:

• Employees and authorized personnel who require access to personal data to operate, manage, and support the Website and related communications
• Service providers and sub-processors (such as hosting, analytics, and communication providers) who process personal data on our behalf under contractual arrangements and appropriate safeguards
• Professional advisers (such as legal, audit, or compliance advisers) where access is necessary for legitimate business purposes
• Regulatory authorities and law enforcement where disclosure is required by law or to protect our legal rights
• Corporate transactions, such as a merger, acquisition, or sale of assets, where personal data may be transferred as part of the transaction

All third parties are required to:

• process personal data only on our documented instructions
• implement appropriate technical and organizational security measures
• comply with applicable data protection laws

We do not sell your personal data.

A list of our sub-processors may be requested by contacting us using the details provided in this Privacy Notice.

7. Transfers to Third Countries

Some of the third parties and group entities we work with may process personal data outside the United Kingdom or the European Economic Area (“EEA”).

Where such transfers occur, we ensure that appropriate safeguards are in place to protect your personal data. These safeguards may include:

• Transfers to countries recognized by the European Commission as providing an adequate level of protection (Article 45 GDPR)
• The use of Standard Contractual Clauses (SCCs) or other approved transfer mechanisms (Article 46 GDPR)
• Additional technical and organizational measures, where required, following an assessment of the destination country

Whenever we transfer your Personal Data out of the EEA or countries approved by the European Commission as providing adequate protection pursuant to Article 45 of the GDPR, we will take reasonable steps to ensure that it is kept secure, including where relevant, by entering into appropriate contractual terms with the receiving party, such as the Standard Contractual Clauses approved by the EU Commission or issued by the UK Information Commissioner’s Office (as applicable) or any other approved mechanisms that may become available to us in the future. We will also carry out a risk assessment of the laws and practices of the destination country to identify any technical and organizational measures that need to be put in place to ensure that your personal information is fully protected when transferred to that country.

All recipients of personal data, including those located outside the EEA or UK, are required to process personal data in accordance with applicable data protection laws and appropriate security standards.

8. Protection and Retention of Your Personal Data

We will take the necessary steps to secure the integrity and confidentiality of Personal Data in our possession and under our control by taking appropriate, reasonable technical and organizational measures to prevent loss of, damage to or unauthorized destruction of your Personal Data and unlawful access to or Processing of Personal Data, regardless of the format in which it is held.

Data security is extremely important to us, and we have put in place appropriate security measures (such as encryption, confidentiality obligations of our personnel, log-in records, and vulnerability testing etc,) to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third-parties who have a business need to know.

We have put in place procedures and incident management policies to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

We will retain your Personal Data for a period as required to achieve the purpose of which the Personal Data was collected initially or subsequently Processed, unless retention is required or authorized for legal reasons, or we reasonably require the records for lawful purposes related to our functions or activities or is required by a contract or you have consented to the retention of the record.

We may retain your Personal Data for periods longer than these periods for historical, statistical or research purposes based on us maintaining appropriate safeguards against the records being used for any other purposes.

In the event in which we used your Personal Data record to decide whether to act for you or not, we shall retain the record for such a period that may be required or prescribed by law or code of conduct or if there is no law or code of conduct, retain the record for a period sufficient to afford you a reasonable opportunity, taking all considerations relating to the use of the Personal Data into account, to request access to the record.

9. Marketing Activities

We may contact you periodically to provide information regarding our services and content that may be of interest to you. If the relevant national law regulating the processing of Personal Data requires that we receive your consent before we send you certain types of marketing communications, we will only send such communications after receiving your consent.

If you do not wish to receive further marketing communications from us, you can click on the unsubscribe link in the marketing communication to withdraw your consent. Note that all withdrawal of your consent will not affect the lawfulness of processing based on the consent before its withdrawal. Upon withdrawal of your consent, we will no longer be able to inform you of our services, publishing topics etc.

10. Receipt of Your Information from a Third-Party

In some instances, we may receive your Personal Data (including your name and contact details) from a third-party and we will notify you of our collecting your Personal Data as soon as reasonably practicable after it has been collected. This may include, for example, information received through referral partners, event organisers, analytics providers, or marketing platforms, where permitted by applicable law.

11. Laws Authorizing or Requiring the Collection of Personal Data

Under certain circumstances, we are authorized or required for legal reasons to collect your Personal Data. We will only collect such Personal Data as we are required to collect in terms of such legal reasons and such collection, Processing, storing, and destruction will be done in compliance with any relevant national laws regulating the Processing of Personal Data.

We may also Process Personal Data where necessary to comply with applicable legal and regulatory obligations, including obligations relating to data protection, lawful disclosure requests, and the security and integrity of our website and systems.

12. Automated Decision Making

We do not use automated decision-making, including profiling, to make decisions about you that produce legal effects or similarly significant effects in connection with your use of this website.

13. Your Rights

You, as a Data Subject, have certain rights which you may exercise against us where applicable. You have the right to:

• have your Personal Data Processed in-line with the conditions of lawful Processing;
• be notified that your Personal Data is being collected;
• be notified that your Personal Data has been accessed or acquired by an unauthorized person;
• request confirmation of whether we hold Personal Data about you;
• request the record or a description of the Personal Data we hold about you, including information about the identity of all the third parties or categories of third parties who have or have had access to your information (right of access);
• request us to correct (right of rectification) or delete your Personal Data (right of erasure; ‘right to be forgotten’) in our possession or under our control that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or obtained unlawfully, or destroy or delete a record of your Personal Data we are no longer authorized to retain;
• object to the Processing of your Personal Data (right to object), subject to the relevant lawful purpose of processing, on reasonable grounds relating to your particular situation;
• object to the processing of Personal Data for direct marketing;
• request that the processing of your Personal Data is restricted under certain circumstances (right to restriction of processing), subject to relevant national law regulating the processing of Personal Data; and
  request that Personal Data held by us be transferred to another data controller (right to data portability).

Should you wish to exercise any of the above rights you may contact our Data Protection Officer.

No fee is usually required to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if a Data Subject request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with such request in these circumstances.

We may need specific information from you to help us confirm your identity and ensure you have the right to access the Personal Data (or to exercise any of your rights).

The time limit to respond, in cases of legitimate requests, is one month. Occasionally it may take us longer than one month if the request is particularly complex or there are multiple requests made by you. In this case, we will notify you and will keep you updated.

14. Data Protection Officer

Data Protection Officer

Email address:

privacy@paymentology.com

15. Personal Data Regulators

Should you believe that the processing of your Personal Data is in contravention with applicable data protection law, you can lodge a formal complaint with:

Republic of South Africa:

The Information Regulator (IRSA)
Follow the link for contact details: https://inforegulator.org.za/contact-us/

United Kingdom:

The Information Commissioner’s Office (ICO)
Follow the link for contact details: https://ico.org.uk/global/contact-us/

You may also have the right to lodge a complaint with the supervisory authority in the country where you live, work, or where the alleged infringement took place, where applicable.

16. Changes to this Privacy Notice

We will review this Privacy Notice and may amend or supplement this Privacy Notice from time to time, following regulatory changes, business strategies and new technology introduced into our operations. We will publish an updated version of this Privacy Notice, as and when amendments or supplements have been made on our website (theIssuerAcademy.com).

17. Third-party Website Links

Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third-parties to collect or share data about Data Subjects. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, you are encouraged to read the privacy notice of every website you visit.

Please refer to our Cookie Policy which explains the use of cookies on our website. 

18. Definitions

In this Privacy Notice, the following words will have the following meanings:

• “Data Subject” is the individual who is the subject of the relevant Personal Data.
• “Personal Data” is information that directly or indirectly relates to an identified or identifiable natural person or, where applicable, a juristic person, through an identifying factor.
• “Paymentology” depending on the context means either:
• Paymentology Ltd., Registration Number: 9670444 a United Kingdom registered and trading company.
• Paymentology DMCC, Registration Number: DMCC68141 a Dubai Multi Commodities Center company registered and trading in the United Arab Emirates, or
• Paymentology (Pty) Ltd., Registration Number: 1999/02004/07, a Republic of South Africa registered and trading company.
• “Processing” or “Process” means any operational activity concerning Personal data. This includes the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
• “we”, “our”, or “us” is the pronoun of Paymentology. 

19. Enquiries, Requests, Complaints and/or Concerns

To address any enquiries, requests, complaints and/or concerns regarding this Privacy Notice, the processing of your Personal Data, or to exercise the rights as stated in section 13, please contact our Data Protection Officer.