Conductor Privacy Notice
October 2024
This privacy notice (“Privacy Notice”) explains how we process your personal data (“Personal Data”) while you use our services, including when you browse our website (“Website”), perform a transaction with us, or visit our stores (collectively, “Services”) , whether as a customer, a visitor and/or a user of our Website, or however you might otherwise interact with us (collectively, “you”, “your” or “users”). In this Privacy Notice, we also describe whether your Personal Data is shared with other parties and the mechanisms we have in place to protect your data.
We encourage you to regularly review this Privacy Notice and check the Website for any updates. Updates to this Privacy Notice will be published on our Website, and by continuing to deal with us, you agree to this Privacy Notice and any future modifications.
Where local law requires additional details to be included in this Privacy Notice, such information has been included in the Regional Privacy Notices section below.
Content Regional Notices
What Personal Data is collected and why? Legitimate Interest How long do we keep Personal Data? Do we disclose Personal Data? Minors Data Security Description of Personal Data Rights Privacy Complaints | Notice to United States Consumers (CCPA) Notice to European (EEA) residents Notice for UK residents Notice for Argentinian residents Notice to Mexican residents Notice to Chilean residents Notice to Malaysian residents Notice to New Zealand residents Notice to Australian residents Notice to Indian residents |
Frequently asked questions (FAQs)
How can I contact the company regarding my Data? To make any request or consultation, you may contact us by email to dpo@euronetworldwide.com.
Who are we? We are Epay, a part of Euronet Worldwide group of companies.
What type of Personal Data is collected? We collect only the Personal Data necessary to provide you with the Service and to comply with applicable law.
Why do We collect Personal Data? We collect Personal Data for specific contractual and legal purposes. With your consent, we also collect data for additional purposes.
How long do we keep Personal Data? We keep Personal Data only for as long as necessary or as required by applicable law.
With whom we share Personal Data? We share Personal Data with other Euronet Group companies, legal authorities, and partners where necessary to meet regulatory requirements or contractual commitments.
Where do we store Personal Data? We store Personal Data in secure locations with strict security measures in place. If we need to transfer Personal Data to other locations, we take all necessary measures to comply with legal obligations and ensure a proper level of security.
What are your Personal Data rights? Depending on where you live, you may have rights in relation to your Personal Data under applicable law. A description of common Personal Data rights is set out in section 15 below.
- What Personal Data is collected and why?
The categories, sources, and reason for collecting Personal Data are listed below. Where the collection of Personal Data is based on your consent, you may withdraw your consent at any time. We do not and will not “sell” or “share” Personal Data, as those terms are defined under applicable laws. We retain Personal Data for as long as reasonably necessary to provide the Services and meet our legal obligations.
If you have questions or concerns regarding the processing of your Personal Data, you may contact us any time at dpo@euronetworldwide.com
We collect Personal Data from the following sources:
- Directly from you through direct interactions and forms.
1.1. Types of Personal Data
a) Identifiers or Identification Data
The Personal Data we collect from you may include name, email, telephone and/or fax numbers, residential and/or business address and other contact data (“Contact details”), title, date of birth, gender, images, videos, or signature.
Where necessary, Identification data is only used for the described purposes.
Purpose for Processing | Legal Basis |
To perform/supply the Services. | Contractual obligation |
To provide customer service and record customers’ instructions, we will monitor and record (via automated means or transcripts) our telephone calls, emails, and chat conversations with you. We will use transcripts of these calls to confirm the instructions provided to us. | Contractual obligation Legitimate interest |
To manage your account(s) (i.e.: registration, administration, maintenance and servicing accounts). | Pre-contractual/Contractual obligation |
To measure and evaluate your behavior using automated processing to provide you with a more personalized Service. | Consent |
Your participation in events or giveaways: You may wish to take part in events organized by us or in a specific giveaway. | Consent |
To meet our legal obligations related to record keeping we keep correspondence including e-mails, faxes, and any kind of electronic communication, together with any records of the customer’s account. We also keep customer service letters and other communications between us and any Euronet Group company as well as our partners and suppliers. | Legal Obligation |
b) Behavioral and Technical Information
IP address, internet, or other similar network, browsing, or search activity, behavioral information (to understand the way you behave while using our products and services), browser type and version, time zone setting, screen resolution settings, browser plug-in types and versions, operating system, and platform.
Our Cookie Policy is available here
Purpose for Processing | Legal Basis |
To perform analytics to measure the use of our website and Services, including number of visits, average time spent on the Website, pages viewed, page interaction data (such as scrolling, clicks, and mouse-hovers), etc., and to improve the content we offer to you. | Consent |
To undertake activities to verify or maintain the quality of the Service, and to improve, upgrade, or enhance the Service, including to administer the Website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes. | Consent Legitimate Interest |
To help ensure the safety and security of our Website. | Legitimate Interest |
c) Non-Identifiable Data
Whenever possible, we use data where you cannot be directly identified (such as anonymous demographic and usage data) rather than Personal Data (“non-identifiable data”). This nonidentifiable data may be used to improve our internal processes or delivery of services, without further notice to you.
We may use aggregate data for a variety of purposes, including to analyze, evaluate and improve our Services.
1.2 Accuracy of Personal Data
We are committed to keeping your Personal Data accurate and up to date. We take reasonable steps to ensure the accuracy of your Personal Data by ensuring that the latest Personal Data we have received is accurately recorded and when considered necessary, we run periodic checks and request that you update your Personal Data. From time to time, we may send you an email asking you to confirm and/or update your Personal Data. This communication is based on our legitimate interest and legal obligation to maintain accurate and up to date information.
If you notice that your Personal Data is not accurate, you may request a correction or update your information by sending an email to dpo@euronetworldwide.com.
2. Legitimate Interest
When we use your Personal Data to pursue our legitimate interests, we will make every effort to match our interests with yours so that your Personal Data will only be used as permitted by relevant law, or when it will not adversely affect your rights. Upon request, customers may request information on any processing based on legitimate interest.
3. How long do we keep Personal Data?
Personal Data is kept for as long as it is necessary to provide the Services requested and to comply with applicable legal, accounting, or reporting obligations. The retention period is determined based on the applicable requirements and obligations, which may include:
- Legal and Regulatory Requirements: Your Personal Data is kept as long as necessary to comply with all our legal obligations including without limitation, commercial, tax and antimoney laundering laws and regulations. While we store your Personal Data only for the purposes of complying with legal obligations, your Personal Data will be restricted such that it cannot be used for any other purposes. While restricted, only when necessary, will your Personal Data be accessed. Whenever we receive a request for deletion, we will also maintain your Personal Data further to our legal obligations.
- Customer Service and Contractual relationship (administration of customer relationship, complaint handling, etc.): We will keep your Personal Data if you remain our customer. Once we consider our contractual relationship to be over, we will proceed to restrict your data to make it available only to comply with legal obligations as expressed above.
- Do We disclose Personal Data?
Epay´s disclosure of Personal Data for business purposes or to meet legal obligations are outlined below:
- Euronet Group
Types of Personal Data | Purpose | Legal Basis |
Identification Data Behavioral and technical Data | We disclose your Personal Data with Euronet and Euronet Group affiliates for our affiliates’ everyday business purposes and compliance with group obligations. As a result of a sale, acquisition, merger, or reorganization involving Euronet, a company within the Euronet Group, or any of their respective assets, we may transfer customer Personal Data to a third party. In doing so, we will take reasonable steps to ensure that their information is adequately protected. Your Personal Data is also disclosed to be able to provide you with customer service, regardless of when you require our help. To provide access to our 24/7 | Legal obligation Contractual obligation |
Identification data | customer service, we must share your Personal Data with the Group affiliates. |
- Third-Party Service Providers
Types of Personal Data | Purpose | Legal Basis |
Identification Data | To data analytics and ID verification providers to perform compliance verification (e-KYC) and fraud prevention services. | Legal Obligation Consent |
Contact Details | To our agents and correspondents to provide the Services. | Legitimate interest Legal obligation Consent |
Contact details. Behavioral and technical Data | To advertisers or advertising networks and social media companies to place personalize placed advertisements in digital services and to adapt to consumer preferences. | Consent Contractual Obligation |
*The legal meaning and list of “third-party service providers” may vary depending on the country you are based. For additional information regarding which providers have access and why they have access to your Personal Data you may reach us at dpo@euronetworldwide.com.
- Legal and Regulatory Authorities
Types of Personal Data | Purpose | Legal Basis |
Identification Data | We may need to disclose your Personal Data (including Sensitive Personal Data, as described above) if requested by a legal authority. We may share your Personal Data with legal authorities to enforce or apply our Terms and Conditions or any other agreement or understanding we may have with you. | Legal obligation Contractual obligation |
- Strategic Partners
Types of Personal Data | Purpose | Legal Basis |
Identification Data | We will share your Personal Data when necessary, with strategic partners in order to provide you with our Services. | Legal obligation |
- Professional Partners
Types of Personal Data | Purpose | Legal Basis |
Identification Data | We will share your Personal Data with advisers, lawyers, consultants, auditors, or accountants in order to comply with our legal obligations and to provide our Services and our contractual obligations and best practices. | Legitimate interest |
5. Minors
We do not provide services directly to minors, as defined by applicable local legislation, or proactively collect their personal information. If you are considered a minor under your local laws, ensure to have the necessary authorizations from your legal guardian to use the Sites or Offerings or share personal data with us. If you learn that a minor has unlawfully provided us personal data, please contact us at dpo@euronetworldwide.com.
6. Data Security
We are committed to protecting your Personal Data and have put in place commercially reasonable and appropriate safeguards to prevent any loss, abuse, and alteration of the information you have entrusted us. At Epay, we will always strive to ensure your Personal Data is well protected, in accordance with international best practices. We maintain this commitment to data security by implementing appropriate physical, electronic, and managerial measures to safeguard and secure your personal information.
To safeguard our systems from illegal access we use secure, cutting-edge physical and organizational security measures which are continuously enhanced to ensure the highest level of security in accordance with international best practices and cost efficiency. All Personal Data is kept in a secure location protected by firewalls and other sophisticated security mechanisms with limited administrative access.
Personnel who have access to your Personal Data as well as the processing activities surrounding your Personal Data are contractually bound to keep your data private and adhere to the Privacy Policy we have implemented in our organization.
7. Description of Personal Data Rights
Depending on where you live, your Personal Data Rights under applicable law may include:
- Right to Access: the right to request access to a copy of your Personal Data.
- Right to Correct Inaccuracies: the right to request correction of inaccuracies in your Personal Data.
- Right to Deletion: the right to request deletion of your Personal Data where certain conditions apply.
- Opt-Out Rights:
- The right to opt-out of the processing of Personal Data for the purposes of targeted advertising.
- The right to opt-out of the processing of Sensitive Personal Data.
- The right to opt out of the processing of personal data for profiling in furtherance of decisions that produce legal or similarly significant effects concerning the Data Subject.
- The right to limit sensitive personal data use and disclosures to specifically permitted purposes.
- Right to Restrict Processing: the right to restrict processing where certain conditions apply.
We will respond to your request as soon as possible and within the timeframe stated in the applicable law.
For applicable rights please refer to the Regional Privacy Notice section below.
To exercise any of your rights, you must send an email to dpo@euronetworldwide.com. To help protect your privacy and maintain security we will take necessary steps to verify your identity and may ask you to provide other details before granting you access to your Personal Data or initiating a modification of any Personal Data. When required, if we don’t have a copy of your ID or any legal valid document that proves your identity, we will not be able to answer your request.
Be aware that some rights may not be enforceable due to business necessities or legal obligations while providing you with the Service. Your rights may be limited to comply with other legal obligations such as anti-money laundering, contractual and compliance obligations. Notwithstanding that you will always be responded to when exercising any of the rights stated above and/or any additional right you may have depending on your jurisdiction. If your rights can’t be enforced, you will always receive a proper explanation.
8. Privacy Complaints
If you have a complaint regarding our processing of your Personal Data, you may contact us at dpo@euronetworldwide.com.
Depending on the applicable privacy law, you may have the right to make a complaint to a Data Protection Authority or other regulatory body if you believe we have failed to comply with our obligations under this Privacy Notice or the applicable law:
- Europe (EEA): Members | European Data Protection Board (europa.eu)
- UK: Information Commissioner Officer (ICO)
- Switzerland: Federal Data Protection and Information Commissioner (FDPIC)
- India: Department of Electronics and Information Technology
- Singapore: Personal Data Protection Commission
- Philippines: National Privacy Commission
- Malaysia: Department of Personal Data Protection
- New Zealand: Office of the Privacy Commissioner
- Australia: Office of the Australian Information Commissioner
- Canada: Office of the Privacy Commissioner of Canada
- México: Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales
- Chile: Consejo para la Transparencia
9. Regional Privacy Notices
9.1. Notice to United States Consumers
This Notice is provided to United States consumers and customers (including former customers) to meet the requirements of the federal Gramm-Leach-Bliley Act (“GLBA”), where applicable, related to the collection, disclosure, and protection of “nonpublic personal information” (“NPI”) as defined by the GLBA. For the purposes of this Notice, NPI means personally identifiable information about an individual that is collected by Us as a financial institution under the GLBA in connection with providing a financial product or service, unless the information is lawfully made publicly available. NPI collected by Us may include any:
- information an individual gives Us to get a financial product or service.
- information We get about an individual from a transaction involving financial products or services (i.e., the fact that the individual is a customer/consumer of Epay, account numbers, payment history, etc.); or
- information We get about an individual in connection with providing a financial product or service (i.e., information from a consumer report or court record).
The categories of NPI that may be collected by Us are listed in section 1 of this Privacy Notice.
The categories of NPI that may be disclosed by Us are listed in section 9 of this Privacy Notice.
The categories of affiliates and nonaffiliated third parties to whom NPI is disclosed or may be disclosed in the future are listed in section 9 of this Privacy Notice. Where We disclose NPI to nonaffiliated third parties pursuant to the exceptions under the GLBA, all such disclosures are made as permitted by law. A “nonaffiliated third party” is any person except a financial institution’s affiliate or a person employed jointly by a financial institution and a company that is not the institution’s affiliate.
The categories of information disclosed and to whom under joint marketing/service provider exception of the Privacy Rule are listed in section 9 of this Privacy Notice.
If NPI may be disclosed to nonaffiliated third parties, and that disclosure does not fall within any of the exceptions of the Privacy Rule under the GLBA, consumers’ and customers’ have the right to opt out of these disclosures and an opt-out mechanism will be provided to the consumer or customer.
Notice of Epay´s information sharing among Euronet Group and its affiliates is provided in section 9 of this Privacy Notice in accordance with the Fair Credit Reporting Act.
Epay´s policies and practices with respect to protecting the confidentiality and security of NPI are set out in section 11 of this Privacy Notice.
Internal Appeals Process If you receive notice from us that your Personal Data rights request has been refused, you may appeal the refusal within a reasonable period after receiving the notice by sending an email to dpo@euronetworldwide.com.
California Consumers
In accordance with the California Consumer Privacy Act, residents of California may exercise the following rights:
- Right to Access
- Right to Correct Inaccuracies
- Right to Deletion
- Right to opt Out of Sale or Sharing of Personal Data for cross-contextual behavioral advertising purposes
- Right to limit sensitive personal data use and disclosures to specifically permitted purposes.
9.2. Notice to European (EEA) residents.
In accordance with the General data protection Regulation (GDPR) and in addition to the rights state in section 15 above, all resident of the Economic European Area (EEA) may exercise the following rights:
- Right to Access
- Right to Correct Inaccuracies
- Right to Deletion
- Right to Restrict Processing
- Right to Data Portability
- Right to Object
To exercise any of the rights listed above, you shall comply with the obligations set in section 15 of this Privacy Notice.
From the day we receive your request, we will respond to you within a maximum time of 30 days, unless an extension is requested.
9.3. Notice to UK residents.
In accordance with the UK General data protection Regulation (UK GDPR) and the Data Protection Act 2018, all resident of the UK may exercise the following rights:
- Right to Access
- Right to Correct Inaccuracies
- Right to Deletion
- Right to Restrict Processing
- Right to Data Portability
- Right to Object
To exercise any of the rights listed above, you shall comply with the obligations set in section 15 of this Privacy Notice.
9.4. Notice to Argentinian residents.
In accordance with the Law Ley de Protección de Datos Personales 25.326, you have the following rights, according to the definitions stated above in section 15:
- Right to Access
- Right to Correct Inaccuracies
- Right to Deletion
To exercise your Rights or your right to revoke or to make any doubt or complaint regarding the processing of your Personal Data you can contact us at dpo@euronetworlwide.com following the instruction set in Section 15.
You are hereby informed that there are options available for you to limit the way we use or disclose your personal information for specific treatment.
From the day we receive your request, we will respond to you within a maximum time of 5 days (for requests related to deleting and updating your Personal Data) or within a maximum time of 10 days (for the request relating to accessing your Personal Data).
9.5. Notice to Mexican residents.
With domicile to hear and receive notifications for privacy and Personal Data protection purposes indicated in Section 13, and in compliance with the Ley Federal de Protección de Datos Personales en Posesión de los Particulares (the “Mexican Law”), its Regulations, and Guidelines, makes available to its users or potential users in their capacity as data subjects, the present Privacy Notice, prior to the collection of Personal Data, in strict compliance with the principles of legality, consent, information, quality, purpose, loyalty, proportionality and responsibility required by the Mexican Law.
For the purpose of providing the services in its capacity as money transmitter in terms of Article 81A Bis of Ley General de Organizaciones y Actividades Auxiliares del Crédito, We will collect Personal Data, if applicable, in accordance with the legal bases mentioned in Section 1, and in connection with the following purposes:
- Verify that the Personal Data contained in the voting credential submitted to Us matches those contained in the registry of the Instituto Nacional Electoral.
- Verify that the CURP data provided to Us matches with the data registered in the Registro Nacional de Población.
Additionally, and when necessary, in order to comply with articles 4 and 4 Bis of the General Provisions referred to in article 95 bis of the Ley General de Organizaciones y Actividades Auxiliares del Crédito applicable to money transmitters referred to in article 81-A Bis of the same law (the “Provisions”), We are legally obliged to obtain information about your geolocation as well as recordings of your voice and facial image in order to identify its users or potential users in a nonface-to-face manner, and to obtain other relevant data that will be explained in detail in the specific form available in the application required by the Provisions. We will always process such information based on your consent.
You have following rights (the “ARCO Rights”):
- Right to Access
- Right to Correct Inaccuracies
- Right to Deletion
- Right to Object
Similarly, you also have the right to limit or revoke at any time the consent granted for the processing of your Personal Data, to the extent permitted by law. To exercise any of your ARCO Rights, to revoke your consent, or to submit any questions or complaints about the processing of your Personal Data, you may contact us at: dpo@euronetworlwide.com following the instructions in section 15.
We will respond to you no later than 20 days from the date we receive your request, and it will be effective no later than 15 business days after we notify you our response.
9.6. Notice to Chilean residents.
In accordance with the Law, you have the following rights (the “ARCO Rights”):
- Right to Access
- Right to Correct Inaccuracies
- Right to Deletion
- Right to Object
Likewise, you have the right to revoke at any time the consent granted for the processing of your Personal Data to the extent that the Law allows it. To exercise your ARCO Rights or your right to revoke or to ask any question or complaint regarding the processing of your Personal Data you can contact us at dpo@euronetworlwide.com following the instruction set in Section 15.
You are hereby informed that there are options available for you to limit the way we use or disclose your Personal Information for specific treatment.
From the day we receive your request, we will respond to you within a maximum time of 2 days.
9.7. Notice to Malaysian residents.
In accordance with the Personal Data Protection Act 2010 (the “PDPA”), customers may provide us with their Personal Data for any of the purposes establish in Section 1 of this Privacy Notice. If we were to process your Personal Data for any additional purpose, we will previously inform you or ask for your express consent.
At any time, you may exercise the rights set forth in Section 15. You may also withdraw your consent unless the processing activity is necessary to fulfil any legal obligation or to provide you with any of our Services. You may also object to processing if you consider such processing activity may cause any damage or distress to yourself.
From the day we receive your request, we will respond to you within a maximum time of 21 days.
In accordance with the terms of the PDPA, We have the right to charge a fee for the processing of any data access request.
9.8. Notice to New Zealand residents
To all resident in New Zealand, the rights you may exercise regarding the processing of your Personal Data are the following:
- Right to Access
- Right to Correct Inaccuracies
- Right to Deletion
- Right to Restrict Processing
To exercise any of the rights listed above, you shall comply with the obligations set in section 15 of this Privacy Notice.
From the day we receive your request, we will respond to you in a maximum time of 20 days.
9.9. Notice to Australian residents.
To all residents in Australia, the rights you may exercise regarding the processing of your Personal Data are the following:
- Right to Access
- Right to Correct Inaccuracies
- Right to Deletion
- Right to Restrict Processing
You may also ask us to explain our data policies and practices according to the applicable law.
From the day we receive your request, we will respond to you within a maximum time of 30 days.
While processing your Personal Data, we need to share your Personal Data according to the following:
Types of data | Purpose | Legal basis | Recipient |
Identification data | To provide identity matching Services that help verify and protect your identity | Consent | Australian Government – Department of Home Affairs |
9.10. Notice to Indian residents.
To all residents in India, the rights you may exercise regarding the processing of your Personal Data are the rights listed in Section 15. Please note that for the exercise of any of your rights you need to follow the instructions set out in Section 15.
You may exercise your right to data portability and the right to not be subjected to automated decision-making producing legal effects such as profiling, if such profiling is not necessary to provide you with any of our Services.
From the day we receive your request, we will respond to you within a maximum time of 30 days.
You can always submit a request to our Data Protection Officer by sending an email to the following address: dpo@euronetworldwide.com.
10. Our companies by service
How can I contact the company regarding my Data? To make any request or consultation, you may contact us by email to dpo@euronetworldwide.com.