Last updated: 15th July, 2018
"personal information" means information that identifies you personally, either alone or in combination with other information available to us.
Collection of Information
We collect personal information you provide when you use this website. This may include, but is not limited to, the following situations: where you are providing information when you request information about, or use, a product or service available through this website, or information you provide when you purchase a product or service through this website; where you are entering a contest or a promotion, ordering a newsletter or utilizing other informational tools; and where you are submitting an order or purchasing, downloading and/or registering products and/or signing up for additional services.
The information we collect may include, but is not limited to, your name, email address, IP address, billing and/or shipping address, phone number, payment account information, and other information about you submitted to verify who you are or to prevent fraud. If you call our customer service, we may collect personal information you knowingly and voluntarily provide through your contact with our customer service representatives.
We furthermore collect information that is sent to us automatically by your web browser, which may include without limitation information that does not identify you personally (such as the date and time of your visit). The information we receive in such manner depends on the settings on your web browser. If you have created a user identity on one of your visits to this website, we may link the information provided by your browser to information that identifies you personally and use it for the purposes described below. Please review the settings of your web browser if you want to learn what information your browser sends or how to change your settings.
We may also receive certain personal information about you from third parties where you have agreed to share such information with us, such as through your use of a social network authentication to sign in to this website.
A Merchant is a business that contracts with DalPay Gateway Services to utilise our payment gateway services to store, process and transmit an end customer's payment card or electronic cheque data to acquiring banks for charging against their account.
Cookies. When you visit this website, your computer may receive one or more "cookies" in order to help personalise and support your use of this website, our services, and/or the services of our service providers. A "cookie" is a small text file that is transferred to your computer's web browser by a web server, and can be read by a web server in the same domain at a later time. If you do not wish to receive cookies or wish to manage when you accept cookies in general, you may set your browser to reject cookies or to alert you when a cookie is placed on your computer. We provide more information on this in the "Your Choices" section, below. Although you are not required to accept our cookies, if you set your browser to reject cookies, you may not be able to use all of the features and functionality of this website.
Cookies allow a website to customize information that is presented to you through your use of this website (such as to display personalised content and targeted advertising to you on your future visits to this website), and to save time by storing information so you do not need to re-enter it during a later use of our website. We may place cookies on this site directly, and may place cookies on behalf of the partner whose advertisement appears on this website or its service providers and allow that partner to utilize the data collected. In general, cookies do not identify you personally. However if you have created a user identity on one of your visits to this website, we may link the cookie to information that identifies you personally. We may use a combination of "session cookies" and "persistent cookies" on this website, further described below.
Session Cookies. A "session cookie" is a temporary cookie that expires when you close your browser. A session cookie assigns a randomly-generated, unique identification number to your computer when you access this website. Assigning your computer a number facilitates the proper functioning of the features of our websites by permitting us to maintain a persistent "state" for your session, such as maintaining the contents of your shopping cart during checkout. We also use session cookies to collect anonymous information (i.e., information that does not identify you personally) about the ways visitors use this website - which pages they visit, which links they use, and how long they stay on each page. We analyze this information (known as "click-stream information") to better understand our visitors' interests and needs and to improve the content and functionality of this website.
Persistent Cookies. Unlike a session cookie, a "persistent cookie" does not expire when you close your browser. It stays on your computer until the expiration date set in the cookie (for example, at the end of a calendar month) or until you delete it. Persistent cookies can be used to "tag" your computer so that the next time you visit (or someone using your computer visits), our server will recognize you, not by name, but by the "tag" on your computer. This will enable us to provide you with a personalised experience even if we do not know who you are. It will also allow us to collect more accurate information about the ways people use this website, for example, how people use this website on their first visit and how often they return. Using persistent cookies permits us to provide you with a more personalised shopping experience and, in some cases, may save you the trouble of re-entering information already in our database.
Local Shared Objects. Local shared objects (also known as "super cookies", or "Flash cookies"), when deployed, are used to store the same information as can be found inside traditional persistent cookies. Our global anti-fraud network partners use them to identify devices that have been previously used to place orders with us, or with other merchants that are part of the global anti-fraud networks, that have resulted in an outstanding financial loss.
Web beacons. When you visit this website, your computer may receive one or more "web beacons" in order to assist us with delivering cookies on this website, to collect anonymous information about the use of this website by our visitors, and to deliver customized or targeted content to you on this website and through our partners. Web beacons (also referred to as "tracking pixels," "1x1 gifs," "single-pixel gifs," "pixel tags," or "action tags") are graphic images, usually no larger than a 1x1 pixel, placed at various locations on this website. They also help us identify browser types, search terms that bring visitors to our website, and the domain names of websites that refer traffic to us. We may place web beacons on this site directly, and may place web beacons on behalf of the partner whose branding appears on this website or its service providers and allow that partner to utilize the data collected. They also help us identify your IP address. The information collected by web beacons does not identify you personally. However, if you have created a user identity on one of your visits to this website, for example, by making a purchase, we may link the information we collect using web beacons to the information that identifies you personally and use it in the same ways as we use the information we collect using cookies. We also utilize web beacons to provide us with more information on any emails we send out. In particular, a web beacon in an email communication will send us information to let us know that you have received, opened, or acted upon an email you have chosen to receive from us.
Storage, Use and Sharing of Information
Your personal information provided to us will be processed on our computer servers. In some cases (where it is necessary to do so in order to fulfill our contractual obligations to you) such information may also be transmitted or made available to third-parties providing services to DalPay Gateway.
Our Use of personal information. We may use personal information collected by us for the following purposes:
to contact you if you have requested information or communication from us;
to determine the country in which you are located for compliance purposes (including without limitation sanctions and export compliance) and for security, anti-piracy, and fraud prevention purposes;
to help verify that existing personal information about you in our possession is accurate and complete;
to provide you with product updates and upgrades, special offers, pricing information, newsletters, and other information, either on our own behalf or in some cases on behalf of a partner or supplier acting as their agent, where you have consented to receive it;
to undertake any other promotional activities where you have consented to such promotional activities;
in connection with keys, access codes or other information as may be required to permit you to access the websites or services of our partners to receive products, updates or services;
for the purposes identified in a specific Supplemental Privacy Notice posted on the page or area of this website where you provided that information;
to verify compliance with applicable laws, rules and regulations;
if you visit this website for the purposes of conducting a purchase transaction with a Merchant via our hosted payment page:
to take, verify, process or deliver your order, process or obtain payment, verify your tax or tax exempt status, contest chargebacks, determine your eligibility for a line of credit, or notify you of the status of your order;
for fraud and piracy prevention purposes;
to provide you, to the extent permitted by law, with a personalised shopping experience;
to facilitate the renewal of subscriptions for products or services; and
Applying For a Merchant Account
When you submit an application to obtain a merchant account through the website, you will be required to provide personal information. Furthermore, DalPay Gateway may also obtain information about you and parties related to you from third party sources, including, without limitation, consumer reporting and credit agencies for underwriting and due diligence purposes.
When we receive an application from a business, we may perform a search with a credit reference agency, or due diligence agency, on the company, and any individual directors, partners, and/or beneficial owners.
Use of Gateway Services
As a Merchant
When you apply to use DalPay Gateway's payment processing services, in order to process and manage transactions for merchant accounts you will be required to provide personal information and to enter into a written agreement with DalPay Gateway.
As a Customer of a Merchant
If you ordered any products or services from one of the Merchants that use our payment gateway services for example through our hosted payment page you are required to submit personal information ("Transaction Information"). Such end customers interact with DalPay's secure servers that transmit Transaction Information to DalPay over Transport Layer Security connections (at least 128-bit) for the purpose of processing these transactions. Transaction Information is maintained on hardened PCI DSS compliant servers located around the world, depending on where the order originates, or the geographic location of the customer. DalPay may retain Transaction Information for a certain period of time to comply with card scheme/association rules, or for disaster recovery purposes, but will always retain such information according to industry security standards, and the requirements of the card schemes/associations.
Our Use of Anonymous Information. We may use anonymous information collected by us:
to personalise and support your use of this website, our services, and/or the services of our partners;
to improve this website, the customer experience, our advertising systems, and our products and services;
to identify actions or transactions as originating through an affiliate marketing or referral program;
to deliver targeted advertisements on this website;
for other historical, statistical or research and analysis purposes.
In addition, we may "de-identify" personal information by removing any information that identifies you specifically, and use the rest for the purposes set forth above.
Our Service Providers. We utilize other companies, including but not limited to our corporate affiliates, to provide joint services or certain services to us or on our behalf and help us to operate our business. For example, to the extent permitted by applicable law we may use our corporate affiliates and/or other companies to host or maintain this website, to process credit or debit card payments, to provide fraud screening and/or detection services, to perform data integrity checks, to provide website optimization services, to fulfill your order, for payment collection, to deliver advertisements on this website and third party websites, to send mail or email, and/or to provide customer service. We may share your information with our service providers in connection with their provision of services to us. These companies are required by contract to use any information we share with them only to perform services to us or on our behalf and to protect the confidentiality of your personal information. We will not share your personal information with our affiliates or unrelated third parties to use for their own marketing purposes without your consent.
To Comply With Legal Requirements, Cooperate With Law Enforcement, Prevent Fraud and Other Crimes, and Protect Legal Rights, Property, You and Others. To the extent permitted by applicable law, we may disclose the personal information we collect on this website without notifying you when we, in good faith, believe disclosure is appropriate to comply with the law or a regulatory requirement; to comply with governmental, administrative or judicial process, requirement or order, such as a subpoena or court order; to cooperate with law enforcement or other governmental investigations (without necessarily requiring the law enforcement or government agency requesting the information to formally serve us with a subpoena); to prevent or investigate a possible crime, such as fraud or identity theft; to enforce a contract; to protect the legal rights, property or safety of DalPay Gateway, its corporate affiliates, and their respective employees, and agents, other users or the public in general; or to protect your vital interests if determined necessary by us. In addition, we may review our server logs for security purposes, such as detecting intrusions into our network. If we suspect criminal activity, we may share our server logs - which contain visitors' IP addresses - with the appropriate investigative authorities who may use that information to trace and identify individuals. We also reserve the right to report to appropriate law enforcement or government agencies any activities that we, in good faith, believe are or may be in violation of applicable laws, rules or regulations without providing notice to you.
DalPay Gateway respects your right to make choices about the ways we collect, use and disclose information about you. We generally ask you to indicate your choices at the time and on the page where you provide your personal information.
When you provide personal information, we may offer you a choice as to whether you would like to receive further communications from us and/or from our partners, such as communications related to updates, upgrades, special offers and pricing. You have the right to withdraw your consent at any time. If you decide you no longer want to receive promotional messages from us, you may let us know by following any unsubscribe link in our emails. Please note, however, if you give us permission to add your contact information to our Partner's mailing list and later withdraw your permission, you will have to contact our Partner (or use the "opt-out" provided in the emails our Partner sends you) to have your name removed from our Partner's mailing lists.
If you accept a session or persistent cookie, you can delete it at any time through your web browser (e.g., as soon as you leave our website). If you do not wish to receive cookies or wish to manage when you accept cookies in general, you may set your browser to reject cookies or to alert you when a cookie is placed on your computer. Although you are not required to accept our cookies, if you set your browser to reject cookies, you may not be able to use all of the features and functionality of this website.
Regarding browser plug-ins to manage local shared objects, you can configure your web browser to accept local shared objects, to prevent your browser from accepting local shared objects that last beyond the current session, to have the browser notify you when you receive a new local shared object, or to disable local shared objects altogether.
We use third party service providers, which may use a pixel tag or other web technologies. We may use this anonymous information to provide targeted advertisements to you for goods and services. (If you would like more general information about this practice and to know your choices about not having this anonymous information used, please visit http://www.networkadvertising.org/choices/. You may view a general list of third party service providers who collect anonymous information, and/or opt-out of such collection of anonymous information about you, by visiting http://www.networkadvertising.org/participating-networks.) If after initially opting in, you opt out of having your information collected through cookies, web beacons and other tools, your existing display advertising cookie(s) will be deleted and new cookie will attempt to be placed that instructs service providers not to track your future activities when that cookie is detected (a "no-track" cookie). If your browsers are configured to reject cookies when you visit our opt-out page, a "no-track" cookie cannot be set on your computer. Also, if you subsequently erase "no-track" cookies, use a different computer or change web browsers, you will need to opt-out again.
Security of Information
We are committed to keeping personal information secure. We have implemented physical, technical and administrative safeguards reasonably designed to protect your personal information from unauthorized access and disclosure. When we collect or transmit sensitive information such as a financial account number, we use industry standard security methods to protect that information. It is important that you understand, however, that no website, database or system is completely secure or "hacker proof." You are also responsible for taking reasonable steps to protect your personal information against unauthorized disclosure or misuse, for example, by protecting your password.
Retention and Access
Any information that DalPay collects from visitors to this Website or via our secure web services, apps, or hosted payment page will be used, stored, or processed, in whole or in part, in the Republic of Iceland. Iceland is a sovereign nation that is a member of the European Economic Area but not the EU (in the same way as Norway and the Principality of Liechtenstein, or Switzerland if that nation might join the EEA). The principal place in which we hold Personal Information is Dalvík, Iceland.
We will take reasonable steps to keep your Personal Information accurate, complete, current, and relevant to its intended use. We keep your Personal Information only as long as we need it for the reasons it was collected. When your Personal Information is no longer required for our purposes, we have procedures to destroy, delete, or erase it, or to convert it to an anonymous form according to industry security standards. Depending on the service, we will retain your personal data for between two and five years, upon which we will delete your personal data unless you have consented to further processing or we have legitimate interests to retain it.
Accessing or Correcting Your Personal Information
We strive to maintain the accuracy and integrity of the personal information in our databases and to keep that information up-to-date.
If you would like to review, request correction/erasure or restriction of processing of your personal data, please contact us.
At your request, we will provide you with reasonable access to your personal information, so that you can review what we have stored and, if you choose, request corrections to it. After you request access, we will provide the personal information that you request as soon as practically possible and generally no later than thirty days following the request. If you wish to correct your personal information, please send us a written explanation of the particular information that you believe should be corrected. Where information will not or cannot be disclosed, we will tell you the reasons for non-disclosure as we are permitted by law. Please make such requests in English or Icelandic.
For complaints that cannot be resolved between us, we will make available to you an independent dispute resolution process. You have the right to lodge a complaint with the applicable supervisory authority - in our case the Icelandic Data Protection Authority - Persónuvernd.
Links to Third Party Websites
This website is not directed at nor targeted to children. If you have not reached the age of majority or are not able to enter into legally binding agreements in your country, you may not use this website unless supervised by an adult. Our goal is to comply with applicable laws and regulations relating to collection and use of information from children as such term is defined by applicable laws. If you believe that we have received information from a child or other person protected under such laws, please notify us immediately as explained below, and we will take reasonable steps to remove that information from our databases.
Via the Contact Us link at www.dalpay.com. (Please add firstname.lastname@example.org to your email system's 'address whitelist' to ensure that our reply will reach you.);
By Postal Mail: You may contact us by postal mail addressed to DalPay Gateway Services ATTN: Privacy Officer, Snorrason Holdings ehf, Postholf 76, 620 Dalvík, Iceland.
You may write to us in English or Icelandic.
Countries in the European Economic Area ("EEA")
DalPay Gateway is a service of Snorrason Holdings ehf (Icelandic Register of Enterprises no. 570305-0180), Hafnartorg, 620 Dalvík, Iceland, who is also the data controller.
Our main establishment (and place of central administration) for data processing purposes is Iceland, and the lead supervisory authority is the Icelandic Data Protection Authority - Persónuvernd.
DalPay Gateway is subject to the requirements of the Icelandic Act on the Protection of Privacy and Processing of Personal Data No. 90/2018, as may be amended, which implements the requirements of Regulation (EU) 2016/679 "General Data Protection Regulation".
DalPay Gateway is currently hosted on servers located within the EEA, but the locations of our servers may change from time-to-time. Depending on the service, your personal information may be stored on servers located within the United States. In addition, DalPay Gateway may transfer your personal information to service providers and partners, located in the United States or another country located outside the European Economic Area ("EEA") provided that they provide "adequate protection" for personal information.
You should note that, at the time of writing, countries outside the EEA (except for Andorra, Argentina, Canada (commercial organisations), the Faeroe Islands, Guernsey, the State of Israel, the Isle of Man, Jersey, New Zealand, Switzerland, Uruguay, and the United States) have not been approved by the European Commission as providing "adequate protection" for personal information within the meaning of the EU General Data Protection Directive, and as notified in Notices on Transborder Flows of Personal Data by the Icelandic Data Protection Authority (such as advertisement No 228/2010). Further, regarding air passenger name record data, the EU has signed bilateral passenger name record (PNR) agreements with the United States, Canada and Australia.