Privacy Policy Payment App (Demo application)
Last updated | Januari 2023 |
The identity of private individuals is known only to Quantoz who will not share it with anyone and where user and transaction data will never be used for other than compliance reasons.
Definitions
As used herein, “The Company” refers to the company Quantoz including without limitation thereby, its owners, directors, investors, employees, or other related parties. The Company is a company with limited liability, incorporated under the laws of the Netherlands. Depending upon context, “The Company” may also refer to the services, products, site, content, or other materials (collectively, “Materials”) provided by Quantoz.
The Company and its affiliates (hereinafter, “The Company”, “we”, “us” or “our”) are committed to protecting and respecting our customers privacy.
This Privacy and Data Protection Policy (together with our Terms of Use) governs our collection, processing and use of customers Personal Information. We define “Personal Information” as information that identifies directly or indirectly an individual, e.g. your name, address, e-mail address, transactions, banking details, etc.
The Company | Refers to the company Quantoz including without limitation thereby, its owners, directors, investors, employees, or other related parties |
GDPR | Means the General Data Protection Regulation. |
Responsible Person | Privacy Officer |
Data processing register | Means a register of which personal data The Company processes and how we share and process this data. |
1. Privacy and Data protection principles
You have the right to access your Personal Information and to require the correction, updating and blocking of inaccurate and/or incorrect data by sending an email to us at: Contact.
The company will action your request only where this is not inconsistent with its Terms of Use, legal and regulatory obligations. Upon your written request, we will provide you of the Personal Information relating to you that we hold and the use and general disclosure of your Personal Information. Such request will be accepted once per calendar quarter per Account Holder.
The Company is committed to process data in accordance with its responsibilities under the GDPR.
Article 5 of the GDPR requires that personal data shall be:
- processed lawfully, fairly and in a transparent manner in relation to individuals;
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.”
2. General provisions
-
- This policy applies to all personal data processed by The Company.
- The Responsible Person shall take responsibility for The Company’s ongoing compliance with this policy.
- This policy shall be reviewed at least annually.
3. Lawful, fair and transparent processing
-
-
- To ensure its processing of data is lawful, fair and transparent, The Company shall maintain a Data processing register.
- The Data processing register shall be reviewed at least annually.
- Individuals have the right to inspect, correct, delete, limit, transfer or object to the personal data that The Company processes, unless The Company cannot exercise these rights on the basis of a legal obligation or when exceptions apply.
-
4. Lawful purposes
-
-
- All data processed by The Company must be done on one of the following lawful bases: consent, contract, legal obligation, vital interests, public task or legitimate interests.
- If you use te company services as a Consumer (meaning that you make a transaction to a Merchant via the company’s platform), we will process the following personal data:The Company collects and processes Personal Information on its Site, in order for our customers to open an Account, to use the Platform or perform any Transactions on the Platform. The types of Personal Information that we collect are the following (depending on Tier level):
-
- Customer name;
- Customer photographic identification, including a high-quality image of your government issued ID; passport, and national ID card;
- Customer address;
- Customer mobile phone number;
- Customer e-mail address;
- Customer banking details including account numbers;
- Customer date of birth;
- Customer transactions;
- Customer utility bill or bank statement for confirming of customer’s residential address.
- If you use the company’s services as a Merchant, we will process the following personal data:The Company collects and processes Personal Information on its Site, in order for our merchants to open an Account, to use the Platform or perform any Transactions on the Platform. The types of Personal Information that we collect are the following:
-
- Company name;
- Company registration number;
- Company licenses;
- Company address;
- Company phone number
- Company banking details including account numbers;
- Company transactions;
- Company representative’s photographic identification, including a high-quality image of your government issued ID; passport, and national ID card;
- Company representative’s mobile phone number;
- Company representative’s e-mail address;
- Company representative’s date of birth;
- Customer utility bill or bank statement for confirming of customer’s residential address.
-
Note: If you use the company’s services as a Merchant and decide to give your employees access to the platform, you must inform them that you released personal data to the company.
4. Processing purposes
-
-
- The Company uses customers personal data for the following purposes:
- To personalize the customer experience (this information helps us to better respond to our customers individual needs);
- To improve our website or app (we continually strive to improve our website or app offerings based on the information and feedback we receive from our customers);
- To analyse the use of our Site/App;
- To improve customer service (this information helps us to respond to our customers service requests and support needs) more effectively
- To undertake a verification of our customers identity in accordance with our AML/KYC and Identity Verification Policy;
- To process transactions.
- To send periodic emails. The email address our customers provide for order processing, may be used to also send information and updates
- The Company uses customers personal data for the following purposes:
-
pertaining a customer’s order or request, in addition to receiving occasional company news, updates, promotions, related product or service information, etc.;
- To administer a contest, promotion, survey, or other site feature.
-
-
- The Company will process the personal data only for the purpose(s) for which it has been provided to us.
- The Company shall note the appropriate lawful basis in the Data processing register.
- Where consent is relied upon as a lawful basis for processing data, evidence of opt-in consent shall be kept with the personal data.
- Where communications are sent to individuals based on their consent, the option for the individual to revoke their consent should be clearly available and systems should be in place to ensure such revocation is reflected accurately in The Company’s systems.
-
5. Data minimisation
-
-
- The Company shall ensure that personal data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
-
6. Accuracy
-
-
- The Company shall take reasonable steps to ensure personal data is accurate.
- Where necessary for the lawful basis on which data is processed, steps shall be put in place to ensure that personal data is kept up to date.
-
7. Archiving / removal
-
-
- The Company holds its customers Personal Information only for as long as it is necessary to do so, having regard to the purposes described in this Data Protection Policy and our own legal and regulatory obligations. In accordance with our record keeping obligations we will retain Accounts and Personal Information for, at least a period of seven years after they are closed by Users.
-
8. Security
The Company shall ensure that
-
-
- personal data is stored securely using modern software that is kept-up-to-date.
- Access to personal data shall be limited to personnel who need access and appropriate security should be in place to avoid unauthorised sharing of information.
- When personal data is deleted this should be done safely such that the data is irrecoverable.
- Appropriate back-up and disaster recovery solutions shall be in place.
- Transaction history and personal data are processed by the backend system of The Company (SaaS platform NEXUS) in the cloud of Microsoft Azure. A DPA has been concluded with NEXUS which is certified for ISO 27001.
- Customer data is processed and stored in European data centers.
- Customer support team is internal/external trained in GDPR awareness.
-
9. Breach
-
-
- In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, The Company shall promptly assess the risk to people’s rights and freedoms and if appropriate report this breach to the appropriate regulator (AV)
- The Company has a data breach “Datalek” Protocol
- The Company has a register for data breach “Datalek” incidents
-
10. IP addresses
-
-
- The Company may collect information about customers devices, including where available the IP address, operating system and browser type, for system administration. This is statistical data about our users’ browsing actions and patterns and does not identify any individual.
-
11. Cookies
-
-
- The Company’s site and app may use “cookies”. When The Company uses “cookies” it will mention it on its “Privacy Policy” on its website/App.
- The purpose of collecting such information is to evaluate the effectiveness of our Site, analyze trends, and administer the Platform. The information collected from cookies allows us to improve our visitors experience in accessing our Site.
- When using a third part service providers for placing the “cookies” they are contractually restricted from using information they receive from our Site other than to assist us.
-
12. Disclosure of Personal Information
-
-
-
- Any third party that receives or has access to Personal Information shall be required by us to protect such Personal Information and to use it only to carry out the services they are performing for our customers or for The Company, unless otherwise required or permitted by law.
- The Company ensures that any such third party is aware of our obligations under this Data Protection Policy and we will enter into contracts with such third parties by which they are bound by terms no less protective of any Personal Information disclosed to them than the obligations we undertake to our customers under this Data Protection Policy or which are imposed on us under applicable data protection laws.
-
-
13 Cross-border data transfer
-
-
-
- The Company uses data-centres in the EU to store its Personal Information.
-
-
14 Third-party links
-
-
-
- Occasionally, at our discretion, we may include or offer third party products or services on our website. These third party sites have separate and independent privacy policies. We encourage you to review all policies, rules, terms and regulations, including the privacy policies, of each site that you visit. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.
- We do not control those third party sites or any of the content contained therein and you agree that we are in no way responsible or liable for any of those third party sites, including, without limitation, their content, policies, failures, promotions, products, services or actions and/or any damages, losses, failures or problems caused by, related to or arising from those sites.
-
-
END OF POLICY