Papaya Global Privacy Policy

8 December, 2023


Papaya Global Ltd (collectively with its affiliates, “Papaya”, “we”, “us” or “our”) provides a cloud-based SaaS platform designed to provide enterprises with end-to-end global workforce management solutions (the “Platform”). Through the Platform, Papaya assists its customers with cross-border onboarding, payrolls, employment of record, contractor management, workforce analytics and financial insights and additional cross-border payroll related services (the “Services”) via a network of local employment services located worldwide (the “In-Country Partners” or “ICPs”).

We are committed to protecting the personal information that is shared with us. Papaya respects the privacy of its customers, customers’ workers, Platform users, partners, vendors, service providers, Website and mobile application (the “Website”) visitors and employment candidates (these and any others with respect to whom we collect personal data shall collectively be referred to as the “Data Subjects” or “you”).

This Papaya Privacy and Data Protection Policy and Notice (the “Privacy Policy”) explains the types of information we collect from you, that we receive from you or on your behalf or that may be provided to us in the course of your interest in or use of our Services and Platform, business transactions, conferences or when you visit our Website or use our Platform. We are transparent about our practices in this Privacy Policy. Please read this Privacy Policy carefully in order to understand our practices regarding the processing of your personal data and how we will treat it.

For the purposes of the EU General Data Protection Regulation (the “GDPR”) and other applicable privacy laws, Papaya is a data controller (a “Controller”) in relation to the personal data of the representatives of our customers and prospective customers, employees, partners, vendors (including ICP representatives) and Website visitors. Likewise, Papaya is a Business (as defined under the California Consumer Privacy Act, as amended by the California Privacy Rights Act of 2020, the “CCPA”) regarding such data. Please note that we maintain a separate privacy policy concerning our processing of personal data of our employees.

For the purposes of the GDPR and other applicable privacy laws, Papaya is a data processor (a “Processor”) and a service provider (as defined under the CCPA) in relation to the processing of the personal data of our customers’ workers in connection with the Services. Therefore, when processing our customers’ workers’ and Platform users’ data on the Platform, we are doing so on behalf of our customers who are Controllers of such data and such processing is governed by Agreements with our customers. If you are a Platform user or a worker of our customer, please contact the relevant customer representative in order to receive additional information regarding the processing of your personal data as part of our Services.


Summary: We collect various categories of personal data in order to establish a business relationship with you, to provide our Services to our customers, maintain our Platform, meet our contractual obligations and various legitimate interests, such as fraud prevention and marketing.

One type of data collected by us is non-identifiable and anonymous information (“Non-Personal Data”). We also collect several categories of personal data (“Personal Data”) as described below:

  1. Business-Relationship Data:

We collect business relationship related Personal Data when you or your organization sends us Personal Data or when a vendor, distributor, ICP or other business partner sends it to us; we also collect Personal Data through our Website, social media platforms and through our interactions with you.

We collect Personal Data required in order to provide the Services when you register interest, provide us such information in meetings, conferences or in the course of preparing a contract, when you contact us or submit requests for information or support, including through your use of our Website, when you submit a request for the Services’ demo, by email, social media networks or other ways in which you communicate or interact with us. This Personal Data generally includes your name (first and last), address, email address, phone number, job title, company name, the content of your inquiry and any other information you may choose to provide us with.

Likewise, during our conduction of Know Your Customer (KYC) procedures prior to engagement with our customers, we collect potential customer representative data such as Ultimate Beneficial Owner (UBO), company director, shareholder and investor information. This includes personal information such as your name, address, e-mail address, date of birth, government-issued identification details, shareholding information and any other personal data contained in your company’s capitalization table and audited financial statements or otherwise relevant to our KYC procedures and compliance requirements.

You do not have any legal obligation to provide any information to us. However, we require certain information in order to establish a business relationship with you, fulfill our contract with you, to take steps prior to entering into a contract with you, or to process and respond to your inquiry so that we may provide services in accordance with applicable law. If you choose not to provide us with certain information, then we may not be able to establish a business relationship with you, respond to your inquiry or provide you or your organization with some or all of the Services.

We may record the video or phone meeting that you may have with our sales representatives so that we may analyze the call transcripts, including through automated means, so that we can improve our sales practices at large. Such data analysis will not have specific effect on you, but will rather be used only in order to produce general summaries and insights intended to improve our sales practices at large. If you do not wish your video or phone meeting to be recorded or analyzed for these purposes, simply inform the sales representative prior or during your meeting and your meeting will not be recorded.

We also collect role-based Personal Data regarding potential customers, business partners, contractors and service providers from third parties, such as business affiliates or publicly available sources (e.g., LinkedIn). This data may include your full name, email address, job title, company, phone number and other public business-related information.

  1. Platform Data:

We process the following information on our Platform:

  • Account Information: When you sign-up for the Platform, you will be asked to create an account and provide us with login credentials, such as a username and password. Likewise, if our customer’s Platform admin asks us to create an account on your behalf, we will receive your account information from your admin.
  • Payroll Information: If you are our customer’s worker (employee, contractor, etc.) on behalf of which the Services are provided, we will collect from you and/or our customer data that is required in order to provide the relevant service to you. Such data may include, as relevant, the following:
Contact InformationE.g., email, telephone, physical address
IdentificationE.g., name, government-issued ID, passport ID, Social Security ID, driver’s license, gender, profile picture, birthdate, nationality
ProfessionalE.g., job title, company, education, contract type and duration
SocialE.g., marital status and number of dependents, children IDs, certificates, photos
FinancialE.g. bank accounts, salary, benefits, taxes, deductions, bank account information
Emergency ContactE.g. name, surname and contact details of emergency contact
Personal DocumentsE.g. worker contract, tax forms, certificates
Health & Insurance InfoE.g. Social Security ID, partner and children details, health related information
  • Voluntary Information: We may collect information which you provide to us voluntarily through your use of the Services, such as support communications, feedback, suggestions, complaints, bugs and reports which you send to us.
  1. Technical and Behavioral Data We Collect Through the Website and Platform:

When you access our Website or use the Platform, we are aware of it and may collect and process the information relating to such usage, either independently or through the help of third-party services (as described further below). This includes technical information and behavioral information, such as your Internet Protocol (IP) address used to connect your device to the internet, your Uniform Resource Locators (URL), operating system, type of browser, browser plug-in types and versions, screen resolution, Flash version, time zone setting, ‘clickstream’, the period of time you accessed the Website or Platform and methods used to browse away from a page. Additionally, we obtain location data related to the general geographic location of your computer, mobile device or other digital device through which you accessed our Website or used the Platform, for analytics and security purposes. We likewise may place cookies on your browsing devices (see ‘Cookies’ section below).

  1. Employment Candidate Data:

When you apply for a position at Papaya, you provide us with Personal Data, such as your name, contact information, any personal information contained in your resume or CV, your response(s) to any assessment(s), background check results (subject to applicable law) and any other personal information that you decide to provide us with. Please note that though in most cases we receive this information directly from you or record such information in interview records, we may also receive information from recruitment companies, references or background check companies. This information is necessary for our recruitment and hiring purposes. If you do not provide us with this data, we will be unable to assess you as a candidate and advance your recruitment process.


Summary: We process Personal Data to provide services to our customers, operate our Platform and Website, meet our obligations, protect our rights and manage our business.

We use Personal Data in order to provide and improve the Services and the Platform for our customers, operate our Website and meet our contractual, ethical and legal obligations. We strive to keep all Personal Data accurate, complete and relevant for the stated purposes for which they are processed, including for example:

  1. Processing that is necessary for the purpose of performing a contract to which you are a party or in order to take steps at your request prior to entering into a contract to which you will be a party:
    • Carrying out our obligations arising from any contracts entered into between you and Papaya and/or any contracts entered into with Papaya and to provide you with the information, support and Services that you request from Papaya;
    • Sending you contract-related communications; and
    • Verifying and carrying out financial transactions in relation to payments you make in connection with the Services.
  2. Processing that is necessary for the purpose of the legitimate interests of Papaya or of a third party of operating our business and providing an efficient and wide-ranging service to our customers:
    • Notifying you about changes to our Website, the Platform and the Services;
    • Establishing a business relationship with you;
    • Answering queries sent by you and contacting you upon your request;
    • verifying your identity, ensuring the legitimacy of our business relationship with you or your company, preventing fraudulent activities and operating our business operations efficiently;
    • Contacting you to give you commercial and marketing information which may be of interest to you (subject to your consent for such communications when required under applicable laws) – you may opt out of such communications at any point;
    • Soliciting feedback in connection with the Services;
    • Tracking use of our Website and the Platform to enable us to optimize them;
    • For security purposes and to identify and authenticate your access to the login zone;
    • Analyzing the transcripts of recorded calls between you and our sales representatives, including through automated means, in order to produce summaries and insights intended to improve our sales practices;
    • Sending you announcements in relation to security, privacy or administrative related communications (these communications are not marketing orientated, and we do not rely on consent, so you may not opt out); and
    • Assessing employment candidates.
  3. Processing which is based on your explicit consent (when required under applicable laws):
    • Processing which involves the use of cookies and other tracking technologies, for purposes which are not purely operational, such as for marketing and analytics purposes (for more information, see our Cookie Policy).
  4. Processing that is necessary for the purpose of compliance with legal obligations to which Papaya is subject:
    • Compliance and audit purposes, such as meeting our reporting obligations in the various jurisdictions within which we operate, anti-money laundering and tax-related obligations, and crime prevention and prosecution in so far as it relates to our staff, customers, potential customers, service providers, facilities, etc.
    • If necessary, we will use Personal Data to enforce our terms, policies and legal agreements, to comply with court orders and warrants and assist law enforcement agencies as required by law, to collect debts, to prevent fraud, infringements, identity theft and any other service misuse, and to take any action in any legal dispute and proceeding.

Please note that any Personal Data processed on the Platform on behalf of our customers as part of the Services is processed by Papaya as a Processor. As such, Papaya’s customers, the Controllers, determine the legal basis for the processing of such data. Depending on the instructions we receive from our customers, we process your data on their behalf in order to assist them with cross-border onboarding, payrolls, employment of record, contractor management, workforce analytics, financial insights and additional cross-border payroll related services.


Summary: We share Personal Data with our service providers, partners and group companies, and authorities where required.

We transfer Personal Data to:

Group Companies: We may share your Personal Data internally within our affiliated companies, to the extent necessary to fulfill the purposes listed above. Sharing Personal Data from the EEA, the United Kingdom and Switzerland to Papaya’s subsidiaries located outside these regions will always take place under an approved transfer mechanism, such as the relevant Standard Contractual Clauses (if required) and the European Commission’s Adequacy Decisions.

Third Parties: We transfer Personal Data to third parties under a variety of circumstances. We endeavor to ensure that these third parties use your Personal Data only to the extent necessary to perform their functions and to have a contract in place with such third parties to govern their processing on our behalf. These third parties include business partners, suppliers, affiliates, agents and/or subcontractors for the performance of any contract we enter into with you. They assist us in providing the Services we offer, processing transactions, fulfilling requests for information, receiving and sending communications, analyzing data, providing IT and other support services or in other tasks from time to time. These third parties also include analytics, search engine providers and sales-related generative artificial intelligence tool providers that assist us in the improvement and optimization of the Platform, our Website and our marketing.

We periodically add and remove third-party providers. At present, the services provided by third-party providers to whom we may transfer Personal Data, depending on the subject, our role as Processor or Controller, and the details of the processing, include the following:

  • Third party payment processors (for a full list, click here);
  • ICPs;
  • Website and Platform analytics;
  • Document management and sharing services;
  • Customer ticketing and support;
  • cloud-based database services;
  • CRM software;
  • Sales improvement services;
  • Data security, data backup, and data access control systems;
  • Our lawyers, accountants, and other standard business software and partners.

In addition, we may disclose your Personal Data to third parties if some or all of our companies or assets are acquired by a third party, including by way of a merger, share acquisition, asset purchase or any similar transaction in which case Personal Data will be one of the transferred assets. Likewise, we may transfer Personal Data to third parties if we are under a duty to disclose or share your Personal Data in order to comply with any legal, audit or compliance obligation in the course of any legal or regulatory proceeding or investigation, in order to enforce or apply our terms and other agreements with you or with a third party, or in order to assert or protect the rights, property or safety of Papaya, our customers or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection, credit risk reduction and in order to prevent cybercrime.


Summary: We store your Personal Data across multiple jurisdictions globally.

We store your Personal Data on servers owned or controlled by Papaya or processed by third parties on behalf of Papaya, such as reputable cloud service providers (see Section 5 (International Data Transfers) below).


Summary: We transfer Personal Data internationally with appropriate safeguards in place.

Our Platform data is stored by our cloud service provider in the EU. This data, as well as other data, may be accessed by our headquarters in Israel (a jurisdiction deemed adequate by the European Commission and the UK), as well as by our subsidiaries within the EEA/UK or outside of the EEA/UK.

Other Personal Data is transferred to and stored and processed at destinations located outside of the European Economic Area (EEA) and the UK. This includes transfers to our different subsidiaries and service providers.

If your Personal Data is transferred outside of the EEA or the UK, we will take all steps reasonably necessary to ensure that your Personal Data is subject to appropriate safeguards, including entering into contracts that require the recipients to adhere to data protection standards that are considered satisfactory under EU or UK law, as well as other applicable laws, and that such Personal Data is treated securely and in accordance with this Privacy Policy. Transfers from the EEA to Israel are made based on an adequacy ruling by the European Commission. Transfers from the EEA to the US are made based on Standard Contractual Clauses (SCCs) published by the European Commission. Transfers from the UK to the EEA or Israel are made based on the UK’s Adequacy Regulations. Transfers from the UK to the US or other non-adequate countries are made based on the UK’s International Data Transfer Addendum to the EU Commission Standard Contractual Clauses. For more information about these safeguards, please contact us as set forth below.

We transfer Personal Data to locations outside of the EEA and the UK, in order to:

  • Store or backup information;
  • Enable us to provide you with the Services and fulfill our contract with you;
  • Fulfill any legal, audit, ethical or compliance obligation which requires us to make such transfer;
  • Facilitate the operations of our group business where it is in our legitimate interests and we have concluded that such a transfer does not override your rights;
  • To serve our customers across multiple jurisdictions; and
  • To operate our affiliates in an efficient and optimal manner.

Summary: We retain Personal Data as required to meet our obligations, protect our rights and manage our business.

Papaya will retain Personal Data it processes only for as long as required in our view to provide the Services, as necessary to comply with our legal and other obligations, to resolve disputes and to enforce agreements (i.e., as long as such agreements are in force). We will also retain Personal Data to meet any audit, compliance and business best-practices.

Personal Data that is no longer retained will be anonymized or deleted. Likewise, some metadata and statistical information concerning the use of our Website and the Services are not subject to the deletion procedures in this Privacy Policy and will be retained by Papaya. We will not be able to identify you from this data. Some data may also be retained on our third-party service providers’ servers until deleted in accordance with their privacy policy and their retention policy, and in our backups until overwritten.


Summary: We place cookies on your device. You control our use of cookies through a cookie management tool on our Website or through your device and browser.

Papaya uses cookies, pixel tags and other forms of identification and local storage (collectively, “cookies”) to distinguish you from other users of our Website and the Platform. This helps us to provide you with an optimal user experience and allows us to provide and improve our Website and the Services and promote our marketing efforts. Functionality cookies do not require your consent. For other cookies, however, depending on your jurisdiction and applicable laws, we request your consent before placing them on your device.

Our detailed Cookie Policy is available here. You can choose to change your cookies settings for our Website at any time by following the instructions in the Cookie Policy.


Summary: We take data security very seriously, invest in security systems and train our staff. In the event of a breach, we make the appropriate notifications as required by law.

We take great care in implementing, enforcing and maintaining the security of the Personal Data we process. Papaya implements, enforces and maintains security measures, technologies and policies to handle the unauthorized or accidental access to or destruction, loss, modification, use or disclosure of Personal Data. We likewise take steps to monitor compliance of such policies on an ongoing basis. Where we deem it necessary in light of the nature of the data in question and the risks to Data Subjects, we encrypt data in transit and at rest. We use industry standard SSL (secure socket layer technology) for the encryption of Personal Data in transit and AES (Advanced Encryption Standard) for the encryption of the Personal Data at rest. Likewise, we take industry standard steps to ensure our Website and Services are safe and to prevent unauthorized access to our data bases. Other security safeguards include, but are not limited to, firewalls, anti-virus and EDR solutions, application penetration tests, access logs, breach detection, Security and Event Management System (SIEM) and physical access controls to buildings, systems and files.

Please note, however, that no data security measures are perfect or impenetrable and we cannot guarantee that unauthorized access, leaks, viruses and other data security breaches will never occur.

Within Papaya, we endeavor to limit access to Personal Data to those of our personnel who: (i) require access in order for Papaya to fulfill its obligations, including also under its agreements, and as described in this Privacy Policy, (ii) have been appropriately and periodically trained with respect to the requirements applicable to the processing, care and handling of the Personal Data, and (iii) are under confidentiality obligations as may be required under applicable law.

Papaya shall act in accordance with its policies and with applicable law to promptly notify the relevant authorities and Data Subjects in the event that any Personal Data processed by Papaya is lost, stolen, or where there has been any unauthorized access to it, all in accordance with applicable law and on the instructions of qualified authority. Papaya shall promptly take reasonable remedial measures.


Summary: Depending on the law applicable to your Personal Data, you may have various data subject rights, such as a right to access, erasure and rectification, as well as certain information rights. We will respect any lawful request to exercise such rights.

Data Subjects in certain jurisdictions, such as in the EU, the UK, have rights granted pursuant to local laws under certain circumstances and with certain exceptions, including:

  • Access – the right to receive confirmation whether your Personal Data is being processed by us, what types of Personal Data, for what purposes, with whom is it or will it be shared (if at all) and for how long will it be stored.
  • Rectification – the right to correct your Personal Data held by us that may be inaccurate or incomplete.
  • Erasure – the right to have your Personal Data held by us deleted.
  • Restriction of Processing – the right to require us to cease processing your Personal Data.
  • Portability – the right to receive a copy of any of your Personal Data held by us in a convenient format and to have any of your Personal Data held by us transferred to a third party.
  • Objection – the right to object to the processing of your Personal Data by us. This includes your right to object, on grounds relating to your particular situation, to processing your personal data based on our legitimate interests.
  • Objection to Direct Marketing – the right to object to the processing of your Personal Data by us for the purposes of direct marketing, including profiling – this can be achieved by opting out using the unsubscribe/opt-out feature displayed in our communications with you.
  • Withdrawal of Consent – where we rely upon your consent in order to process your Personal Data, you have the right to withdraw such consent at any time.

For the sake of clarity, please note that where Personal Data is processed by Papaya as a Processor on behalf of its customers, such as when we process our customers’ workers’ data (whether they are authorized Platform users or workers on behalf which our Services our provided), such Data Subject rights will have to be exercised directly via the applicable customer, who is the Controller of such data. However, some of your rights, such as your right to access and/or rectify your data, may be exercised by you directly through your Platform account settings.

In order to exercise any of your rights regarding data we process as a Controller (e.g. website user data, business relationship data, employment candidate data), you can contact us at We will do our best efforts to respond to requests to exercise your rights without undue delay as required by applicable law. Please note that Papaya may have to undertake a process to identify a Data Subject prior to facilitating the exercise of such Data Subject’s right(s). Papaya may keep details of right(s) exercised for our own compliance and audit requirements. Furthermore, please note that Personal Data provided to us may be either deleted or retained in an aggregated manner without being linked to any personal identifiers depending on technical and commercial capabilities. Such data may continue to be used by Papaya.

Please note that these rights only apply under certain circumstances and may be limited by law, as well as be subject to exceptions. For example, where accepting your request to exercise a right would adversely affect other individuals, expose our trade secrets or intellectual property, where there are overriding public interests, or where we are required by law to retain your Personal Data. In addition, Data Subjects’ rights cannot be exercised in a manner inconsistent with the rights of Papaya employees and staff or third-party rights. As such, job references, reviews, internal notes and assessments, documents and notes, including proprietary information or forms of intellectual property, cannot be accessed, erased or rectified by Data Subjects. In addition, these rights may not be exercisable where they relate to data that is not in a structured form, such as emails, or where other exceptions apply.

Data Subjects in the EU, the UK and other jurisdictions have the right to lodge a complaint with a local data protection supervisory authority. If such supervisory authority fails to respond to such a complaint, such Data Subjects may have the right to an effective judicial remedy.

  1. US State Privacy Rights (California, Virginia, Colorado, Connecticut and Utah):

Summary: We do not sell the personal information we collect. We share limited website user data for advertising purposes. California and other US State consumers have certain rights in relation to their personal information. They can exercise those rights by contacting us. 

This section provides additional details about the personal information we collect about consumers in California, Virginia, Colorado, Connecticut, Utah and other applicable US states and the rights afforded to them under the California Consumer Privacy Act, as amended by the California Privacy Rights Act of 2020 (“CCPA”), the Virginia Consumer Data Protection Act (“VCDPA”), the Colorado Privacy Act (“CPA”), the Connecticut Data Privacy Act (“CTDPA”), the Utah Consumer Privacy Act (“UCPA”) and other applicable laws.

For the sake of clarity, please note that where personal information is processed by Papaya as a service provider (as defined under the CCPA) on behalf of its customers, such as when we process our customers’ workers’ data (whether they are authorized Platform users or workers on behalf which our Services are provided), such consumer rights will have to be exercised directly via the applicable customer, who is the business provider that controls such data. However, some of your rights, such as your right to access and/or correct your data, may be exercised by you directly through your Platform account settings.

For details about the personal information we have collected as a business over the last 12 months, please see section 1 of this policy‎ (“Which Information Do We Collect”). We collect this information for the business and commercial purposes described in section 2 (“What are the Purposes for which we Collect Personal Data”). We share this information with the categories of third parties described in section3 (Sharing Personal Data with Third Parties). We do not sell (as such term is defined in the CCPA or other US privacy state laws) the personal information we collect (and will not sell it without providing a right to opt out). We do not process Sensitive Personal Information (as such term is defined in the CCPA or other US privacy state laws) as a business (as defined in the CCPA).

Please note that we do share information with third parties for the purpose of cross-context behavioral advertising (as defined in the CCPA) or targeted advertising (as defined in other applicable US state laws), and use third-party cookies for such purposes as further described in our Cookie Page. If you are a resident of California, Virginia, Colorado, Utah, Connecticut and other applicable jurisdictions, You may opt out of the sharing of your data for such purposes by clicking “Necessary Cookies Only” on the “Cookie Setting” of our cookie banner, or by clicking the “Essential Cookies” link in the Privacy Preference Center. We do not knowingly or willingly share data of users under 16-years-old.

Subject to certain limitations, the CCPA and other applicable US state laws provide consumers the right to request to know more details about the categories or specific pieces of personal information we collect (including how we use and disclose this information), to access their  information in a portable format, to correct or delete their personal information, to opt out of any “sales, cross-contextual behavioral advertising or targeted advertising” that may be occurring, and to not be discriminated against for exercising these rights. To make such requests, please send an email to Government identification may be required. Consumers can also designate an authorized agent to exercise these rights on their behalf.


Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers in order to inform websites that they do not wish to be tracked. We do not respond to or honor DNT signals.


We do not knowingly collect or solicit information or data from or about children under the age of 16 without parental consent or unknowingly allow children under the age of 16 to register for the Services. If you are under 16 years of age, do not register or attempt to register for any of the Services or send any information about yourself to us. If we learn that we have collected or have been sent personal information from a child under the age of 16 without the appropriate permissions, we will delete such personal information as soon as reasonably practicable without assuming any liability to Papaya. If you believe that we might have collected or been sent information from a child under the age of 16, please contact as immediately at


We may include third-party links on our Website and allow registration and login to our Platform through third-party accounts. Please note that this Privacy Policy only applies to the Personal Data that we (or third parties on our behalf) collect from or about you and we cannot be responsible for Personal Data collected or stored by third parties. Third parties have their own terms and conditions and privacy policies and you should read these carefully before you submit any Personal Data to such parties. We do not endorse or otherwise accept any responsibility or liability for the content of such third-party websites or terms and conditions or policies.


The terms of this Privacy Policy will govern the use of our Website, the Platform and any data collected in connection with Papaya’s contractual obligations. Papaya may amend or update this Privacy Policy from time to time. The most current version of this Privacy Policy will be available at: Changes to this Privacy Policy are effective as of the stated “Last Revised” data and your continued use of our Services will constitute your active acceptance of and consent to the changes to the terms of the Privacy Policy.


Papaya aims to process only adequate, accurate and relevant data limited to the needs and purposes for which it is gathered. We also aim to store data only for the time period necessary in order to fulfill the purpose for which the data is gathered. Papaya only collects data in connection with a specific lawful purpose and only processes data in accordance with this Privacy Policy. Our policies and practices are constantly evolving and improving and we invite any suggestions for improvements, questions, complaints or comments concerning this Privacy Policy. You are welcome to contact us (details below) and we will make an effort to reply within a reasonable timeframe.

Papaya’s Data Protection Officer (DPO) may be contacted at

*              *              *              *              *              *              *              *

Last Revised: November 1, 2023