Payulot values your privacy and complies with Bermuda privacy laws as well as international standards including the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) principles.
Device Data: NFC identifiers, card numbers, login timestamps, IP addresses.
Parent-Student Links: Information connecting parents/guardians to minors.
2. Legal Basis for Processing
We process data under the following bases:
Contractual necessity: To provide payment services.
Legal obligation: Compliance with AML/KYC regulations.
Legitimate interests: Fraud prevention, auditing, service improvement.
Consent: Where required (e.g., for minors, marketing communications).
3. Use of Data
We use collected data to:
Operate wallets, payments, and vendor integrations.
Verify identity and comply with AML/KYC requirements.
Detect, prevent, and investigate fraud or suspicious activity.
Provide support and resolve disputes.
Share aggregated or anonymized insights (never personal data).
4. Sharing of Data
Government & Regulators: For compliance with Bermuda law, AML, and audit purposes.
Vendors: Limited data to complete transactions.
Service Providers: Hosting, security, and operational support under strict contracts.
Blockchain: Only cryptographic hashes (no personal data) are recorded on-chain.
5. Minors
Children under 18 require verified parental consent to use Payulot.
Parents remain responsible for all activity under linked student accounts.
Payulot applies heightened data protection for minors’ information.
6. International Transfers
Data may be processed outside Bermuda, subject to safeguards ensuring compliance with GDPR/CCPA principles (e.g., contractual clauses, secure hosting).
7. Data Retention
We retain data as long as required for legal, regulatory, and business purposes, after which it will be securely deleted or anonymized.
8. User Rights
Subject to applicable law, Users may request:
Access to personal data.
Correction of inaccurate data.
Deletion (“right to be forgotten”).
Restriction or objection to processing.
Data portability (export of their data).
Requests can be submitted to: [Insert Contact Information].
9. Security
We implement encryption, role-based access controls, and audit trails to safeguard user data. No system is fully secure, and users must protect their credentials.
10. Updates
We may update this Privacy Policy to reflect operational, legal, or regulatory changes. Users will be notified of material changes.