Privacy Policy

‍
Effective Date: June 2, 2025

1. Who We Are

Paywhale is a company providing operational services to online merchants, including payment coordination, fulfillment support, customer service handling, and compliance assistance.

2. What Data We Collect

We may collect the following categories of personal data:

From Merchants:
- Business contact details (name, email, phone)
- Payment and billing information
- Merchant platform and account identifiers
- Communication history with our support or compliance team
From End-Customers (on behalf of Merchants):
- Name, shipping address, and contact details
- Order and transaction details
- Support tickets, complaints, and dispute information
- IP address, browser type, and device info (via our support/chat systems)

We only process end-customer data as a data processor on behalf of our merchant clients.

3. How We Use Your Data

We process personal data for the following purposes:

To provide our services to merchants and support their customers
To manage transactions, fulfill orders, and coordinate delivery
To respond to customer support or dispute inquiries
To monitor service performance and prevent fraud or abuse
To comply with legal or regulatory obligations

4. Legal Basis for Processing

Where the GDPR applies, we rely on the following lawful bases:

Contractual necessity – for providing services to merchants
Legitimate interests – for fraud prevention, internal reporting, and platform protection
Legal obligation – when required to share data with regulators or respond to legal claims

Under Dutch law, and in accordance with the GDPR, all data is collected lawfully, fairly, and transparently.

5. Sharing of Personal Data

We may share your personal data with:

Authorized sub-processors (e.g., fulfillment partners, cloud service providers)
Payment providers or logistics carriers, where applicable
Regulators, law enforcement, or legal advisors where required by law

A list of sub-processors is available upon request.

6. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this policy or to comply with legal obligations. After that, data is securely deleted or anonymized.

7. International Data Transfers

Where data is transferred outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses or other legally recognized mechanisms under the GDPR.

8. Your Rights

Depending on your location, you may have the right to:

Access a copy of your personal data
Request correction or deletion of your data
Object to or restrict certain types of processing
Lodge a complaint with a data protection authority

To exercise any of these rights, please contact us using the details below.

9. Data Security

We implement industry-standard security measures to protect your personal data against unauthorized access, disclosure, alteration, or destruction. This includes encryption, access control, and regular system audits.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated effective date. Continued use of our services constitutes acceptance of the updated policy.