Effective Date: 26-June-2023
Last Updated: 26-June-2023

This Payments Policy is intended to provide a general overview of PushinP.es security, as well as answer questions you may have.

It touches on the General Data Protection Regulation (GDPR) protecting EU citizens’ data, as well as PCI-DSS compliance (Payment Card Industry Data Security Standard), which sets consistent security measures with the aim of reducing credit card fraud.

What customer information does PushinP.es retain?

By default, PushinP.es retains:

  • What tickets a customer ordered and when
  • Name and e-mail address provided by the customer
  • A note about payment method used by the customer

Can I get a copy of my personal data?

Yes. You can request it from us anytime. You need first to log in to your account and visit this page.

How does PushinP.es collect customer information and take payment at checkout?

PushinP.es allows customers to pay for orders via an automatic payment gateway we’ve set up and enabled on our site.

  • An automatic payment gateway is an application that securely requests information from customers and relays it to a third-party payment processing service, e.g., A credit card processor or PayPal.
  • An automatic payment gateway allows a third-party payment service to:
    1. Verify the customer’s billing information
    2. Verify if funds are available
    3. Transfer funds from the customer to the vendor
    4. Send confirmation of payment back to PushinP.es site

Does PushinP.es site retain customers’ credit card information?

No. By design, your customer’s credit card number and security code are N-E-V-E-R stored on our website. The payment gateway gives this sensitive information directly to the payment processor. The payment gateway use by PushinP.es is designed to ensure credit card data never enters or passes through our website’s database. This means PushinP.es will N-E-V-E-R need to store customers’ credit card numbers.

We give our customers the option to “store” credit cards on our site via a secure method called tokenization. Tokenized payment methods can be used for recurring payments, pre-orders or for convenience in future purchases by the logged-in customer. Credit card tokens include the last four digits of a card, the card brand/type, and its expiration date, mostly so the customer can identify which token is for which card.

🛡️ For security standards purposes PushinP.es advises their customers to not save their credits cards details for future payments. 🛡️

How secure is tokenization?

Extremely. With tokenization, customers’ actual credit card information is stored on the servers of the payment processor.

The only data saved on our site is in the form of a string of characters called a token. These tokens are designed to be useless outside the precise context they’re created for. Imagine if, when you exchanged your money for chips at a casino or ride tickets at a fair, those chips or tickets not only couldn’t be spent on anything outside the casino or fair but couldn’t be spent by anyone but you.

Tokens are super-specific — specific to the customer, specific to your website, specific to the payment gateway’s payment processor, and specific to our merchant account with that processor. If any of those factors aren’t precise, the token won’t work as a placeholder for a customer’s payment information. Many gateways that allow tokenization also require the customer to enter their Card Security Code for each new purchase.

🛡️ For security standards purposes PushinP.es advises their customers to not save their credits cards details for future payments. 🛡️

NB: Our payment gateway couldn’t work if our site doesn’t meet their security standards and non-security considerations like customer checkout experience.

Offsite Hosted Payment Gateways.

In terms of user experience, an offsite payment gateway means the customer is sent from our checkout page to the payment processor’s site (e.g., PayPal.com), along with an encoded version of the customer’s basic order information. Depending on the gateway, this information could be just the total cost of the order and an order number; it can include an itemized breakdown of the order’s tickets.

Once the payment is complete, the payment processor then sends the customer back to our site along with confirmation that the payment was made. This payment flow means minimal security concerns for the customers and PushinP.es site, since the whole payment portion takes place on the payment processor’s site and servers.

Coinbase 

Coinbase Commerce is a platform that helps merchants anywhere in the world accept cryptocurrency payments in a fully decentralized way. How it works: When you want to pay a merchant, we’ll display instructions on how to send funds directly to this merchant, and monitor the blockchain for your transaction.

PayPal

PayPal is a payment platform with a website and a phone app that enables payments between parties through online money transfers. PayPal customers create an account and connect it to a checking account, a credit card, or both. PayPal also offers credit and debit cards branded with the PayPal name.

Google Pay

Similar to Venmo or Zelle, Google Pay allows you to send or request payments from other people via its mobile app. In the app, you can search for people by their name, email address, phone number or even using a QR code. You then have the option to start a chat, pay that person or request a payment from them.

Apple Pay

Apple Pay is a mobile payment service by Apple Inc. that allows users to make payments in person, in iOS apps, and on the web. It is supported on iPhone, Apple Watch, iPad, and Mac. It digitizes and can replace a credit or debit card chip and PIN transaction at a contactless-capable point-of-sale terminal. It does not require Apple Pay-specific contactless payment terminals; it can work with any merchant that accepts contactless payments.

Integrated Payment Gateways.

Integrated payment gateways offer a slicker, more seamless method of checkout. Through various means including encryption and secure form fields hosted elsewhere but appearing on our site, the customer is able to check out without ever having to leave PushinP.es site.

Each payment gateway all demand security standards, PCI compliance, i.e., and a valid HTTPS/SSL.

Stripe 

Stripe is a payment services provider that lets merchants accept credit and debit cards or other payments. Stripe payments are best suited for businesses that make most of their sales online, as most of its unique features are primarily geared toward online sales.

American Express

American Express Company (Amex) is an American multinational financial services corporation that specializes in payment cards. Headquartered in New York City, it is one of the most valuable companies in the world and one of the 30 components of the Dow Jones Industrial Average.

Discover

Discover® Global Network, the global payments brand of Discover Financial Services, processes millions of cardholder transactions each day. Discover Global Network has alliances with 18 payment networks around the world and is led by three Discover businesses: Discover Network, PULSE® and Diners Club International®.

Visa

Visa is a trusted world leader in digital payment technology that connects and enables individuals, businesses, and economies to thrive. It facilitates electronic funds transfers throughout the world, most commonly through Visa-branded credit cards, debit cards and prepaid cards. 

Mastercard

Mastercard is a payment network processor. Mastercard partners with financial institutions that issue Mastercard payment cards processed exclusively on the Mastercard network. Mastercard’s primary source of revenue comes from the fees that it charges issuers based on each card’s gross dollar volume.

NB: Some integrated Payment Gateways (like Stripe for example) required the users to be registered on PushinP.es!

Is PushinP.es site PCI compliant?

It certainly is, because we are using an integrated payment gateway, it has to be.

Is PushinP.es site GPDR compliant?

It is! Europe’s General Data Protection Regulation (GDPR) takes effect on 25 May 2018. If we sell any products to customers based in the EU, or have EU visitors to our site, we need to make sure our site complies with GDPR.

🎟️ PushinP.es is a site selling official ticketing and curated by Party Play Pleasure™ Barcelona. 🎟️