Notice on the Processing of Personal Data

This Notice shall be effective for all Users on January 27, 2020.

***

[email protected] PLC, pursuant to the article 13 and 14 of the Regulation (EU) 679/2016 (hereinafter as the “GDPR”) and the relevant Maltese legislation in force with regard to the protection of personal data, in its capacity as Controller, inform you that it collects, processes and uses your Personal Data collected either with the submission of an application for the provision of a service, or at a later time,  including data derived from the signing of an User Agreement with [email protected] or contained in any attachment (collectively referred to hereinafter as “Data”) or in the framework of relations and transaction with [email protected], as set out below. This Notice describes our information handling practices when you access our services, which include our content on the websites located at https://emoney.mt, http://www.meinturbo.com, http://banking.emworld.eu, www.emoneyplc.eu, (the “Sites”) or when you use the [email protected] mobile app, the [email protected]  Card, the [email protected] prepaid Mastercard, any [email protected] API or third party applications relying on such an API, and related services (referred to collectively hereinafter as “Services”).

By accessing and using our Services, you signify acceptance to the terms of this Notice. We may modify this Notice from time to time which will be indicated by changing the date at the top of this page. If we make any material changes, we will notify you by message sent to your private help desk area by means of a notice on our Services prior to the change becoming effective, or as otherwise required by law.

ARTICLE 1- TYPE OF PERSONAL DATA PROCESSED

To establish an Account and access our Services, we will ask you to provide us with some important information about you. This information is either required by law (e.g. to verify your identity), necessary to provide the requested Services (e.g. you will need to provide your bank account number if you would like to link that account to [email protected], or is relevant for certain specified purposes, described in greater detail below). As we add new features and Services, you may be asked to provide additional information.

We may collect the following types of information from you:

Personal Identification Information: name and surname, date of birth, nationality, gender, signature, utility bills, photographs, phone or fax number, home address, and/or email address.   Special types of Personal Data (e.g. information about racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or sexual orientation) will not be requested. 

Formal Identification Information: Government issued identity document such as Passport, National Identity Card, Tax ID number, visa information, and/or any other information deemed necessary to comply with our legal obligations under financial or anti money laundering laws.

Financial Information: Bank account information, account number, transaction history, income tax declaration, asset declaration, salary statements.

Transaction Information: Information about the transactions you make on our Services, such as the name of the recipient, your name, the amount, and/or timestamp.

We receive and store certain types of information automatically, such as whenever you interact with the Sites or use the Services. This information helps us address customer support issues, improve the performance of our Sites and applications, provide you with a streamlined and personalized experience, and protect your account from fraud by detecting unauthorized access. Information collected automatically includes:

Online Identifiers: Geo location/tracking details, fingerprint, operating system, browser name and version, and/or personal IP addresses.

Usage Data: Authentication data, security questions, and other data collected via cookies and similar technologies. Please read our Cookie Policy for more information.

For example, we may automatically receive and record the following information on our server logs: (i) How you came to and use the Services; (ii) Device type and unique device identification numbers; (iii) Device event information (such as crashes, system activity and hardware settings, browser type, browser language, the date and time of your request and referral URL); (iv) How your device interacts with our Sites and Services, including pages accessed and links clicked; (v) Broad geographic location (e.g. country or city-level location); and (vi) Other technical data collected through cookies, pixel tags and other similar technologies that uniquely identify your browser.

From time to time, we may obtain information about you from third party sources as required or permitted by applicable law. These sources may include Public Databases, Credit Bureaus & ID Verification Partners. We obtain information about you from public databases and ID verification partners for purposes of verifying your identity in accordance with applicable law. ID verification partners like CREDIT REFORM use a combination of government records and publicly available information about you to verify your identity. Such information may include your name, address, job role, public employment profile, credit history, status on any sanctions lists maintained by public authorities, and other relevant data. We obtain such information to comply with our legal obligations, such as anti-money laundering laws. In some cases, we may process additional data about you to ensure our Services are not used fraudulently or for other illicit activities. In such instances, processing is necessary for us to continue to perform our contractual obligations with you and others. Credit Reform’s Privacy Policy describes its collection and use of Personal Data.

ARTICLE 2- HOW YOUR PERSONAL INFORMATION IS USED

Our primary purpose in collecting personal information is to provide you with a secure, efficient, and customized experience. We generally use personal information to create, develop, operate, deliver, and improve our Services, content and advertising; and for loss prevention and anti-fraud purposes.

Information collected via technical means such as cookies, webpage counters and other analytics tools is kept for a period of up to one year from expiry of the cookie.

ARTICLE 3- WHO ARE THE RECIPIENT OF YOUR DATA?

For the purpose of fulfilling its contractual and legal/regulatory obligation, of serving its legal interest as well as in cases where [email protected] is authorized or has received  Your consent, recipient of Your Personal Data may be the following:

a)      the [email protected]’s employees to fulfill their job responsibilities in relation of the evaluation of your request, the management and performance of the agreement with [email protected], the fulfillment of the obligation arising from it, as well as the relevant obligation imposed by law.

1. Entity to which [email protected] delegates the performance of specific task on its behalf (Processor) which may indicatively be professional advisors who provide banking, legal, compliance, insurance, accounting, or other consulting services in order to complete third party financial, technical, compliance and legal audits of our operations or otherwise comply with our legal obligations.
2. The Service Providers under contract who help with parts of our business operations. Our contracts require these service providers to only use your information in connection with the services they perform for us, and prohibit them from selling your information to anyone else. Examples of the types of service providers we may share personal information with (other than those mentioned above) include: (i) Network infrastructure; (ii) Cloud storage; (iii) Payment processing; (iv) Transaction monitoring;  (v) Security; (vi) Document repository services; (vii) Customer support; (viii) Internet (e.g. ISPs); (ix) Data analytics; (x) Information Technology; (xii) Marketing.
3. The third-party identity verification services in order to prevent fraud. This allows [email protected] to confirm your identity by comparing the information you provide us to public records and other third-party databases. These service providers may create derivative data based on your personal information that can be used solely in connection with the provision of identity verification and fraud prevention services.
4. The credit or financial institutions with which we partner to process payments you have authorized.
5. The credit institution, payment service provider and/or entities that are involved in the execution of contract with you or the execution of requested or activated transaction such as MASTERCARD.
6. The  law enforcement, officials, or other third parties when we are compelled to do so by a subpoena, court order, or similar legal procedure, or when we believe in good faith that the disclosure of personal information is necessary to prevent physical harm or financial loss, to report suspected illegal activity, or to investigate violations of the User Agreement or any other applicable policies.
7. The Company or other entities that we plan to merge with or be acquired by. We may process any information regarding your account and use of our Services as is necessary in the context of corporate acquisitions, mergers, or other corporate transactions. You have the option of closing your account if you do not wish to have your personal information processed for such purposes.
8. The companies or other entities that purchase [email protected] assets pursuant to a court approved sale or where we are required to share your information pursuant to insolvency law in any applicable jurisdiction.

If you authorize one or more third-party applications to access your [email protected] Services, then information you have provided to [email protected] may be shared with those third parties. A connection you authorize or enable between your [email protected] account and a non [email protected] account, payment instrument, or platform is considered an “account connection.” Unless you provide further authorisation, these third parties are not allowed to use this information for any purpose other than to facilitate your transactions using [email protected] Services. Please note that third parties you interact with may have their own privacy policies, and [email protected] is not responsible for their operations. Information collected by third parties, which may include such things as contact details or location data, is governed by their privacy practices. We encourage you to learn about the privacy practices of those third parties. Examples of account connections include: (I) Merchants: If you use your [email protected] account to conduct a transaction with a third-party merchant, the merchant may provide data about you and your transaction to us. (II) Your Financial Services Providers: For example, if you send us funds from your bank account, your bank will provide us with identifying information in addition to information about your account in order to complete the transaction. Information that we share with a third-party based on an account connection will be used and disclosed in accordance with the third-party’s privacy practices. Please review the privacy notice of any third-party that will gain access to your personal information.

ARTICLE 4 – SPECIAL PROVISION RELATED THE PREPAID [email protected] CARD USERS

With respect to the prepaid [email protected] Card Users, we have partnered with MASTERCARD, one of which will be used to enable your Card to operate as a normal prepaid card.

 When you use the [email protected] Card Users, you agree to MASTERCARD’s own terms and conditions and Privacy Policy (available at https://www.mastercard.com/en-ke/about-mastercard/what-we-do/privacy.html) and as a result MASTERCARD will be an independent Data Controller in relation to the personal information they collect and hold related to you.

ARTICLE 5 – HOW WE PROTECT AND STORE PERSONAL INFORMATION – ANONYMIZED DATA AND ENCRYPTION

Personal Data will be processed manually and electronically in compliance with the security measures to exclude or reduce the risk of loss, alteration, prohibited transmission, dissemination, destruction, illegal use or any other form of unlawful processing.

Your Data is protected against unauthorized access through encrypted transmission and storage, a role and authorization concept, a data backup concept and physical security measures for the servers. Anonymization is a data processing technique that removes or modifies personal information so that it cannot be associated with a specific individual.  

[email protected] may use anonymized or aggregate User data for any business purpose, including to better understand User needs and behaviors, improve our Services, conduct business intelligence and marketing, and detect security threats. We may perform our own analytics on anonymized data or enable analytics provided by third parties. Types of Data we may anonymize include transaction data and fraud indicators.

ARTICLE 6- YOUR RIGHTS RELATING THE PROTECTION OF YOUR PERSONAL DATA

You may be able to assert certain rights related to your personal information identified below.

• Access and portability: You may request that we provide you a copy of your personal information held by us. This information will be provided without undue delay subject to a potential fee associated with gathering of the information (as permitted by law), unless such provision adversely affects the rights and freedoms of others. In certain circumstances, you may request to receive your personal information in a structured, commonly used and machine-readable format, and to have us transfer your personal information directly to another Data Controller.
• Rectification of incomplete or inaccurate personal information: You may request us to rectify or update any of your personal information held by [email protected] that is inaccurate. You may do this at any time by logging in to your Account and clicking the profile.
• Erasure: You may request to erase your personal information, subject to applicable law. If you close your [email protected] Account, we will mark your account in our database as “Closed,” but will keep certain account information, including your request to erase, in our database for a period of time as described above in the article 2. This is necessary to deter fraud, by ensuring that persons who try to commit fraud will not be able to avoid detection simply by closing their account and opening a new account, and to comply with [email protected]’s legal obligations. However, if you close your Account, your personal information will not be used by us for any further purposes, nor shared with third parties, except as necessary to prevent fraud and assist law enforcement, as required by law, or in accordance with this Notice.
• Withdraw consent: To the extent the processing of your personal information is based on your consent, you may withdraw your consent at any time. Your withdrawal will not affect the lawfulness of [email protected]’s processing based on consent before your withdrawal.
• Restriction of processing: We may continue to process your personal information if it is necessary for the defense of legal claims, or for any other exceptions permitted by applicable law.
• Automated individual decision-making, including profiling: [email protected] relies on automated tools to help determine whether a transaction or a customer account presents a fraud or legal risk.
• Right to be forgotten: obtain the cancellation of Your Personal Data from our database.
• Right to propose a complaint to the supervisory authority: If you believe that we have infringed your rights, we encourage you to first submit a request to Data Protection Authority-Level 2, Airways House, High Street Sliema SLM 1549 Malta.

For the exercise of your rights you may contact the Group’s DPO in writing or by sending an email to dpo (@)emoney.plc.com

ARTICLE 7 – CROSS BORDER TRANSFER

Your Data will be stored in encrypted form in a data center located in the European Union.
Your Personal Data cannot be transferred outside the EU, but they will be included in database shared and managed by [email protected] subsidiaries.

ARTICLE 8 – CONTROLLER- DATA PROTECTION OFFICER- PROCESSORS

The Controller is [email protected] PLC, with registered and operative Head Offices in Ix xatt Ta Xbiex, MSD1516, Msida, Malta
Data Protection Officer is Mr Francesco Maresca. You may contact the Data Protection Officer for any matter regarding the processing of your Personal Data at the address Ix xatt Ta Xbiex, MSD1516, Msida, Malta or by sending an email to dpo(@)emoney.plc.com

The updated list of Processors is available and can be consulted at the Company’s registered office.