“Controller” shall mean the Company;
“Personal Data” or “Information” shall mean any information relating to an identified or identifiable Client including legal persons such as Merchant entities and which will be provided in relation to receiving the Company services. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity;
“Personal Data Filing System” or “Filing System” shall mean the Company system where the personal data of the Client is stored;
“Policy Update” shall mean any notice given to the Client in relation to policy changes prior to them taking effect;
“Processing of Personal Data” or “Processing” shall mean any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction;
“Processor” shall mean a natural or legal person, public authority, agency or any other body which processes personal data on behalf of The Company;
“Recipient” shall mean a natural or legal person, public authority, agency or any other body to whom data are disclosed, whether a third party or not; however, authorities which may receive data in the framework of a particular inquiry shall not be regarded as recipients;
“Third Party” shall mean any natural or legal person, public authority, agency or any other body other than the Client, The Company, and the persons who, under the direct authority of The Company, are authorized to process the data;
“the Client’s Consent” shall mean any freely given specific and informed indication of his wishes by which the Client signifies his agreement to personal data relating to him being processed.
References to a specific gender and the use of “he”, “him”, “his” should also be construed as references to another gender for the purposes of this policy.
Collection of Information
The Company requires Clients to provide information following the engagement of its services and for providing the services the Client has contracted that include:
- Passport or National ID details;
- Daytime phone number and personal mobile phone number;
- Background information including CVs and academic records;
- Certificates or other documentation that relate to bankruptcy or criminal records;
- Country of residence and residential address;
- Confirmation of personal wealth, sources of funds, operational information;
- Company financial statements including bank account confirmations and reconciliation records.
The Company may use a variety of information sources that do not violate any personal information privacy rules, in its legal entity assessment process.
All communication between the Client and the Company will be recorded and retained for reference purposes when and if required by the Company or the regulatory authority that supervises the Client operations.
Information collected from Clients are primarily used for the provision of the Company services in a manner that the Company deems fit. Information collected is stored and backed up at servers hosted in in the European Economic Area (EEA) in accordance with the European data protection laws, while it is being processed locally at the Company facilities (unless the jurisdictional laws provide otherwise).
The Client acknowledges and agrees that personal information provided for the Company service (in the beginning and during the relationship), can be used by the Company for the purposes of providing the services stipulated in the Engagement Agreement with the Client:
The Company communicates with its clients regularly through direct email communication and through general announcements/postings on its website. It also reaches Clients via telephone/skype or other similar telecommunication means for even more direct communication for a variety of reasons
The Company may also send other email notifications which are of a promotional or general information nature, such as news and third-party promotions, and are therefore not compulsory giving Clients the option to stop receiving them. The option to receive or stop such email communication can be managed by contacting one of the Company’s representatives and asking them to opt-out of such email service.
Information may also be provided to the Company auditors who may request such information during reconciliation exercises and for contacting clients to confirm the accuracy of the Company’s records.
To offer the services, the Company deals with third party service providers (either to delegate important functions or to enhance the quality of the service. During these arrangements, the Company may disclose Client data to such third-party service providers so that they can provide the services they were engaged to provide.
- Reveal to regulatory authorities, competent governmental authorities and agencies (other than tax authorities), law enforcement agencies, intergovernmental or supranational bodies, and other third parties with the requisite authority to request such information;
- Reveal information in response to criminal or civil legal process as requested by the competent courts of the relevant jurisdiction and as permitted under Cyprus Laws;
- Disclose information that is essential to auditors, commercial partners, operational partners, support services partners including public relations providers, and the Company affiliates for the complete provision of the Company services to the Clients;
- Provide information to the Client’s authorized representative;
- Provide information for statistical purposes that do not include personal identification information but are of rather aggregate nature.
Control of information
The Company intends to maintain the data residency within the EEA and will try to ensure that any information or personal data that must be exported out of the EEA as a result of any above-mentioned reasons, will be appropriately protected. The Company will not export any personal data to third countries that do not enforce EU equivalent measures for the protection of personal data.
Security of Information
Security of Client information is of outmost importance to the Company, which has adopted commercially reasonable standards to ensure that the personal information is protected. The Company uses a range of safeguards to insulate information from unauthorized access.
The information provided will be kept by the Company for a period of five years after a Client decides to terminate its Engagement Agreement with the Company. The Company will not use this information after termination in any way related to its services, but will only use it as necessary to assist with any law enforcement investigation, to honor any court sanctioned warrant, and for the prevention of any fraudulent action.
The Company responsibility