Privacy Policy

Introduction

Start 2 Pay Limited, legal form: private limited liability company, registered in the Cyprus Department of Registrar of Companies and Official Receiver on 2012-12-03, code: HE 316018, address: Spyrou Kyprianou, 79, PROTOPAPAS BLDG, 2nd floor, Flat/Office 201, 3076, Limassol, Cyprus (hereinafter – ‘we’, ‘us’, ‘our’, ‘the Company’) is a payment gateway, a technical platform that covers all the merchants’ needs quickly and easily. We successfully cooperate with companies from the following business categories in organizing receipt of payments: e-commerce, electronic goods and services etc.

When providing our services, we collect and use personal data (hereinafter – the Personal Data). Therefore, we are obligated to use and process your Personal Data only in accordance with this privacy policy (hereinafter – the Privacy Policy), as well as, applicable laws, including the General Data Protection Regulation (2016/679) (hereinafter – GDPR) and other applicable legal acts on protection of personal data.

This Privacy Policy provides basic rules for collecting, storing, processing and retention of your Personal Data and other information relating to you, as well as, the scope of processed Personal Data, the purposes, sources, recipients and other important aspects of data processing in using our services.

When writing ‘you’, we mean you as – a potential, existing and/or former client, our client’s employee or other parties, such as beneficial owners, authorised representatives, business partners, other associated parties and/or person contacting us using e–mail or other communication measures.

Please note that in case you provide us with the information about any person other than yourself, your employees, counterparties, advisers or suppliers, you must ensure that they understand how their information will be used.

Principles of processing Personal Data

The principles we follow in order to comply with the need to protect your Personal Data are the following:

  1. principle of legality, fairness and transparency – means that the Personal Data with respect to you is processed in a lawful, honest and transparent way;

  2. purpose limitation principle – means that the Personal Data is collected for specified, clearly defined and legitimate purposes and shall not be further processed in a way that is incompatible with those purposes;

  3. data reduction principle – means that the Personal Data must be adequate, appropriate and is only necessary for the purposes for which it is processed;

  4. accuracy principle – means that the Personal Data must be accurate and, if necessary, updated. All reasonable steps must be taken to ensure that Personal Data which is not accurate in relation to the purposes for which it is processed shall be immediately erased or corrected;

  5. the principle of limitation of the length of the storage –means that the Personal Data shall be kept in such a way that your identity can be determined for no longer than is necessary for the purposes for which the Personal Data is processed;

  6. integrity and confidentiality principle – means that the Personal Data shall be managed by applying appropriate technical or organizational measures in a way, which would ensure the proper security of the Personal Data, including the protection from an unauthorized processing or processing of an unauthorized data against accidental loss, destruction or damage.

Your Personal Data is considered as confidential information and may only be disclosed to third parties in accordance with the rules and procedure provided in this Privacy Policy and the applicable legal acts.

Types of information we collect

The categories of Personal data we may collect about you are as follows:
  • Basic Personal Data – name, surname, job title etc.

  • Identification information and other background verification data (your or your representative’s, ultimate beneficiary owner’s of legal entities) – name, surname, personal identity code, date of birth, address, nationality, gender, passport or ID card copy, evidence of beneficial ownership or the source of funds, number of shares held, voting rights or share capital part, title.

  • Transaction databeneficiary details, date, time, amount and currency which was used, name/IP address of sender and receiver, accounts, amount of transactions, income, location, etc.

  • Information related to legal requirementsdata resulting from enquiries made by the authorities, data that enables us to perform anti-money laundering requirements and ensure the compliance with international sanctions, including the purpose of the business relationship and whether you are a politically exposed person and other data that is required to be processed by us in order to comply with the legal obligation to “know your client”.

  • Contact Dataregistered/actual place of residence, phone number, e–mail address etc.

Purposes and legal basis for Personal Data processing

We collect personal data for the purposes listed below:

Conclusion of the contract or for performance of measures at your request prior to the conclusion of the contract (to get to know, identify and verify our clients).

For this purpose, we may process your Basic Personal Data, Identification and other background verification Data, Contact Information and other Personal Data (in order to identify the possibility of providing services).

The legal basis for the processing of the above-mentioned data are the following: concluding a contract with you, to fulfilling our legitimate interests and/or fulfilling the legal obligations applicable to us.

For the fulfilment of a contract concluded with you.

For this purpose, we may process your Basic Personal Data, Identification and other background verification Data, Transaction Data, Information which is related to legal requirements, Contact Information and other Personal Data provided to us by or on behalf of you or generated by us in the course of providing services.

The legal basis for the processing of the above-mentioned data are the following: performance of a contract signed with you, fulfilling our or third parties’ legitimate interests and/or compliance with legal obligations applicable to us.

To comply with legal obligations.

For this purpose, we may process your Basic Personal Data, Identification and other background verification Data, Transaction Data, Information which is related to legal requirements, Contact Information and other Personal Data provided to us by or on behalf of you or generated by us in the course of providing services.

The legal basis for the processing of the above-mentioned data are the following: fulfilling our or third parties’ legitimate interests and/or compliance with legal obligations applicable to us.

To provide an answer when you contact us through our website or other communication measures

For this purpose, we may process your Basic Personal Data, Contact Information and other Personal Data provided to us by or on behalf of you.

The legal basis for the processing of the above-mentioned data are the following: your consent, fulfilling our or third parties’ legitimate interests.

What do we mean when we say:
  1. Contract performance: processing your Personal Data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.

  2. Legitimate Interest: the interest of ours as a business in conducting and managing our services to enable us to provide to you and offer the most secure experience.

  3. Legal Obligation: processing your Personal Data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.

Direct marketing

We may use our existing clients’ e–mail for our similar goods or services marketing. In case you do not object to the use of your e-mail for the marketing of our similar goods and services and you are granted with clear, free of charge and easily realisable possibility to object or withdraw from such use of your contact details by sending each message.

We may also provide the information to you being our client about our products or services by sending the messages in the application and such messages may be viewed in the notification center, in case you do not choose the “opt-out” function in our application.

In other cases, we may use your Personal Data for the purpose of direct marketing, if you give us your prior consent regarding such use of data.

We are entitled to offer the services provided by our business partners or other third parties to you or find out your opinion on different issues in relation to our business partners or other third parties on the legal basis for this, i.e. on the basis of a prior consent.

In case you do not agree to receive these marketing messages and/or calls offered by us, our business partners or third parties, this will not have any impact on the provision of services to you as the client.

We provide a clear, free-of-charge and easily realisable possibility for you at any time not to give your consent or to withdraw your given consent for sending proposals put forward by us. We shall state in each notification sent by e-mail that you are entitled to object to the processing of the Personal Data or refuse to receive notifications from us. You shall be entitled to refuse to receive notifications from us by clicking on the respective link in each e-mail notification.

How do we obtain your Personal Data?

We collect information you provide directly to us. For example, when becoming a new client (if you have entered into or seek to enter into an agreement with us). The Company also collects information which you provide to us, such as messages that you have sent to us, by access and use of our website or mobile application, by setting up an account with us, when you subscribe to our electronic publications (e.g. newsletters).

Personal Data that we may collect from third parties:

  1. when it is provided to us by a third party which is connected to you and/or is dealing with us, for example, business partners, subcontractors, service providers, merchants etc.;

  2. third party sources, for example, register held by governmental agencies or where we collect information about you to assist with “know your client” check-ups as part of our client acceptance procedures;

  3. from publicly available sources – we may, for example, use sources to help us keep your contact details that we already possess accurate and up to date or for professional networking purposes or for providing our services;

  4. from other entities which we collaborate with. 

Who do we share your Personal Data with?

We may transfer your Personal Data to some of following categories of recipients:

  1. our business partners, agents or intermediaries who are a necessary part of the provision of our products and services of the company;

  2. public authorities;

  3. commercial banks, other financial institutions;

  4. Law, finance, tax, business management, personnel administration, accounting advisors, etc.

  5. group companies of the Company;

  6. external service providers (that provide such services as, for example, system development and/or improvement, audit services);

  7. other persons with whom the Company intends to conclude or has concluded a contract (s);

  8. other persons who are required access to the data in order to exercise their legal obligations, by a legitimate interest or with the consent of the shareholders or the beneficiary

International transfer of Personal Data

As we provide international services your Personal Data may be transferred and processed outside the European Union (hereinafter – the EU) and the European Economic Area (hereinafter – the EEA).

The transfer of Personal Data may be considered as needed in such situations as, e.g.:

  1. in order to conclude the contract between you and us and/or to fulfill the obligations under such contract;

  2. in cases indicated in laws and regulations for protection of our lawful interests, e.g. in order to bring proceedings in court/other governmental bodies;

  3. in order to fulfill legal requirements or in order to realize public interest.

In case your Personal Data is transferred outside the EU and the EEA, we will take all steps to ensure that your data is treated securely and in accordance with this Privacy Policy and we will ensure that it is protected and transferred in a manner consistent with the legal requirements applicable to the Personal Data.

This can be done in a number of different ways, for example:

  1. the country to which we send the Personal Data, a territory or one or more specified sectors within that third country, or the international organization is approved by the European Commission as having an adequate level of protection;

  2. the recipient has signed standard data protection clauses which are approved by the European Commission;

  3. if the recipient is located in the US, it shall be a certified member of the EU–US Privacy Shield scheme;

  4. special permission has been obtained from a supervisory authority.

We may transfer Personal Data to a third country by taking other measures if it ensures appropriate safeguards as indicated in the GDPR.

How do we protect your Personal Data?

We ensure the implementation of appropriate technical, organizational and administrative security measures required to ensure the security of your Personal Data processing, in order to protect your Personal Data from loss, misuse, accidental or unlawful destruction, modification, disclosure, unauthorized access or any other unlawful handling.

The Company and any third-party service providers that may engage in the processing of Personal Data on our behalf (for the purposes indicated above) are also contractually obligated to respect the confidentiality of the Personal Data.

Retention terms of Personal Data processing

We will keep your Personal Data for as long as it is needed for the purposes for which your data was collected and processed but no longer than it is required by the applicable laws and regulations. This means that we store your data for as long as it is necessary for providing services and as required by retention requirements in laws and regulations. If the legislation of the Republic of Cyprus does not provide any period of retention of Personal Data, this period shall be determined by us, considering the legitimate purpose of the data retention, the legal basis and the principles of lawful processing of Personal Data as well as following the principle of storage limitation.

The terms of data retention of the Personal Data for the purposes of the processing of the Personal Data as specified in this Privacy Policy are as follows:

  1. as long as your consent remains in force, if there are no other legal requirements which shall be fulfilled with regard to the Personal Data processing;

  2. in case of the conclusion and execution of contracts – until the contract concluded between you and the Company remains in force and up to 10 years after the relationship between the client and the Company has ended;

  3. the Personal Data submitted by you through our website is kept for an extent necessary for the fulfilment of your request and to maintain further cooperation, but no longer than 6 months after the last day of the communication, if there are no legal requirements to keep them longer.

In cases when the terms of data retention are provided by the applicable laws and regulations, such terms of retention shall apply.

Your Personal Data might be stored longer if:

    1. it is necessary in order for us to defend ourselves against claims, demands or action and exercise our rights;

    2. there is a reasonable suspicion of an unlawful act that is being investigated;

    3. your Personal Data is necessary for the proper resolution of a dispute/ complaint;

    4. under other statutory grounds.

What rights do you have in relation to your Personal Data?

You as a data subject have rights in respect of Personal Data, we hold on you. Under certain circumstances and in accordance with EU or other applicable data protection laws, you may have the right to:

    1. get familiar with your Personal Data and how it is processed – you have the right to obtain information about scope and kind of Personal Data we process on you. Your right to access may, however, be restricted by legislation, protection of other persons’ privacy and consideration for the Company’s business concept and business practices. The Company’s know-how, business secrets as well as internal assessments and material may restrict your right of access;

    2. demand rectifying incorrect or incomplete data – if it turns out that we process Personal Data about you that is inaccurate, you have the right to request a rectification of such Personal Data. You have the right to request us to absolute your incomplete Personal Data that is possessed by us;

    3. erasing your Personal Data – you have the right to have any or all of your Personal Data to be erased. In certain cases, we cannot erase all of your Personal Data. In such case this would be due to our contractual obligations or requirements of applicable laws;

    4. restricting the processing of your Personal Data – you have the right to demand that our processing of your Personal Data be restricted for a period of time. This can pertain, for example, to a situation where you believe that your Personal Data is inaccurate and we need to verify it. It can also pertain to a situation where you object to processing that we base on a legitimate interest. In such case we must verify if our grounds override yours;

    5. transfer your Personal Data to another data controller or provide directly to you in a convenient format (NOTE: applicable to Personal Data which is provided by you and which is processed by automated means on the basis of consent or on the basis of conclusion and performance of the contract);

    6. object to any processing based on the legitimate interests ground unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights;

    7. to withdraw your consent so that we stop that particular processing, when the processing is based on consent. However, such consent withdrawal does not affect the lawfulness of processing based on consent before its withdrawal;

    8. not to be subject to a decision based solely on automated processing;

    9. lodge an appeal to the office of the Commissioner for Personal Data Protection if you have an objection about how we have processed your Personal Data, you can turn to the supervisory authority concerned.

We will exercise your rights only after we receive your written request to exercise a particular right indicated above and only after confirming the validity of your identity. The written request shall be submitted to us by ordinary mail or by e-mail support@start2pay.com.

Your requests shall be fulfilled or fulfilment of your requests shall be refused by specifying the reasons for such refusal within 30 (thirty) calendar days from the date of submission of the request meeting our internal rules, GDPR and/or other data protection legislation. The afore-mentioned time frame may be extended for 30 (thirty) calendar days by giving a prior notice to you if the request is related to a great scope of Personal Data or other simultaneously examined requests. A response to you will be provided in a form of your choosing as the requester.

The right to lodge a complaint

You can file a complaint regarding the Personal Data in the same manner as specified above.

You can also address the Office of the Commissioner for Personal Data Protection with a claim regarding the processing of your Personal Data if you believe that the Personal Data is processed in a way that violates your rights and legitimate interests stipulated by applicable laws. You may apply in accordance with the procedures for handling complaints that are established by the Office of the Commissioner for Personal Data Protection and which may be found by this link:  http://www.dataprotection.gov.cy/dataprotection/dataprotection.nsf/page1i_en/page1i_en?opendocument .

How changes to this Privacy Policy will be made?

We regularly review this Privacy Policy and reserve the right to modify it at any time in accordance with applicable laws and regulations. Any changes and clarifications will take effect immediately upon their publication on our website: https://start2pay.com/.

Please review this Privacy Policy from time to time to stay updated on any changes.

Cookies Policy

If you access our information or services through our website, you should be aware that we use Cookies. For more information on how to control your Cookie settings and browser settings or how to delete Cookies on your hard drive, please read the Cookies Policy available at: https://start2pay.com/cookie-policy/

Contact us

You can contact us by writing to us at support@start2pay.com or post us at Start2Pay Limited – Spyrou Kyprianou, 79, PROTOPAPAS BLDG, 2nd floor, Flat/Office 201, 3076, Limassol, Cyprus.