GDPR

General Data Protection Regulation.

Terms and Conditions

  • Last Updated: 27 February 2023
  • Effective Date: 1 July 2022

The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens’ data privacy, and to reshape the way organizations across the region approach data privacy.

Key articles of the GDPR and information on its business impact can be found here.

This page contains a brief overview of key features and processes we have implemented to support GDPR compliance.

  • This overview is not meant to be legal advice;
  • It is not meant to assure your organization is in compliance with GDPR regulations; and
  • It is not meant to serve as a checklist of comprehensive GDPR compliance.

This brief overview illustrates our standard operating procedures around some key components of the GDPR regulation that we feel will be most applicable to our customers and business partners.

Lawfulness of Processing

Requirement: MassPay will need to have a lawful reason to use your data. Lawfulness of Processing may be enacted via consent, via notice and/or via execution of a contract (e.g. becoming a customer or partner).

Remedy: MassPay has added the ability to track and audit the grant of Lawfulness of Processing within our CRM and Marketing platform. Effective 1 January 2023, all new records created will be in compliance with this requirement. If your record was created prior to 1 January 2023, we will make a best effort to provide you with this information.

Consent

Requirement: MassPay shall be able to demonstrate that you have consented to the processing of your information for business communications.

Remedy: MassPay has defined processes for the ability to respond to requests for consent verification. Effective 1 January 2023, all new records created will be in compliance with this requirement. If your record was created prior to 1 January 2023, we will make a best effort to provide you with this information.

Withdrawal of Consent (Opt-Out)

Requirement: MassPay shall be able to illustrate which communications you have provided consent to receive and provide the ability for this consent to be withdrawn upon your request.

Remedy: MassPay has defined processes for the ability to Opt-Out of business communications in part or in total.

Rectification

Requirement: MassPay shall be able to provide you with verification of any incomplete or inaccurate personal data upon request.

Remedy: MassPay has defined processes for rectifying incomplete or inaccurate personal data, upon request.

Access & Portability

Requirement: MassPay shall be able to provide you with the personal data you have provided to MassPay in a structured, commonly used and machine-readable format.

Remedy: MassPay has defined processes for providing individuals with the personal data they have provided to our company in a structured, commonly used and machine-readable format.

Right To Be Forgotten

Requirement: MassPay shall be able to permanently delete all personal data the company has about you including, but not limited to, emails, call records, support ticket submissions, etc.

Remedy: MassPay has defined processes for permanently deleting all personal data the company has about an individual including, but not limited to, emails, call records, support ticket submissions, etc.

However, certain personal data may be retained if such data is required for execution of the contract between the individual, the individual’s company and MassPay or if the information is required by state, federal or international governing laws that supersede a RightTo Be Forgotten request.

Questions

If you have questions regarding MassPay’s GDPR Policy or Procedures, please contact us at compliance@masspay.io.