SCHEDULE 1- Notice on the processing of personal data
Effective for all Users from March 16th, 2020.
[email protected] PLC (hereinafter as “[email protected] “), pursuant to the article 13 and 14 of the Regulation (EU) 679/2016 (hereinafter as the “GDPR”) and the relevant Maltese legislation in force with regard to the protection of personal data, in its capacity as Controller, inform you that it collects, processes and uses your personal data collected either with the submission of an application for the provision of a service, or at a later time, including data derived from the signing of an User Agreement with [email protected] or contained in any schedule or in the framework of relations and transaction with [email protected], as set out below. This Notice describes our information handling practices when you access our services, which include our content on the websites located at https://emoney.mt, http://www.meinturbo.com, http://banking.emworld.eu, www.emoneyplc.eu, (the “Sites”) or when you use the Mobile Apps and the Cards (referred to collectively hereinafter as “Services”).
We may modify this Notice from time to time which will be indicated by changing the date at the top of this page.If we make any material changes, we will notify you by a ticket sent via internal message as per the article 5 of the User Terms and Condition prior to the change becoming effective.
ARTICLE 1: TYPE OF PERSONAL DATA PROCESSED
To establish a Payment User Account and access our Services, we will ask you to provide us with some important information about you. This information is either required by law (e.g. to verify your identity), necessary to provide the requested Services, or is relevant for certain specified purposes, described in greater detail below.
We may collect the following types of information from you:
Personal Identification Information : name and surname, date of birth, nationality, gender, signature, utility bills, photographs, phone or fax number, home address, and/or email address. ** ** Special types of personal data (e.g. information about racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or sexual orientation) will not be requested.
Formal Identification Information : Government issued identity document such as Passport, ational Identity Card, Tax ID number, Visa information, and/or any other information deemed necessary to comply with our legal obligations under financial or anti money laundering laws.
Financial Information : Bank account information, account number, transaction history, income tax declaration, asset declaration, salary statements.
Transaction Information : Information about the transactions you make on our Services, such as the name of the recipient, your name, the amount, and/or timestamp.
ARTICLE 2: HOW YOUR PERSONAL INFORMATION IS USED
Our primary purpose in collecting personal information is to provide you with a secure, efficient, and customized experience. We generally use personal information to create, develop, operate, deliver, and improve our Services, content and advertising and for loss prevention and anti-fraud purposes.
We may use your personal data with the following purpose:
1) To carry out our precontractual obligation upon your request and to provide Services as per the article 6, par. 1 lett. b) GDPR
We process your personal information to provide the Services to you.
For example, when you want to store funds on our Sites, we require certain information as your identification, contact information, and payment information. If you do not wish to have your personal information processed for such purposes, we will have to close your Payment User Account.
The period of retention of personal data collected for such purpose will be 10 years as of the termination agreement.
2) To maintain legal and regulatory compliance check as per the article 6, par. 1 lett. c) GDPR
We shall identify you in order to comply with our legal obligations such as anti-money laundering laws and terrorist financing law across jurisdictions by monitoring, investigating, preventing any potentially prohibited or illegal activities. This includes collection and storage of your photo identification. In some cases, we process your personal data in order to help detect, prevent, and mitigate fraud and abuse of our Services and to protect you against account compromise or funds loss. The period of retention of personal data collected for such purposes will be 10 years as of the termination agreement.
For data collected via technical means such as cookies, webpage counters and other analytics tools, we may automatically receive and record the following information on our server logs: (i) How you came to and use the Services; (ii) Device type and unique device identification numbers; (iii) Device event information (such as crashes, system activity and hardware settings, browser type, browser language, the date and time of your request and referral URL); (iv) How your device interacts with our Sites and Services, including pages accessed and links clicked; (v) Broad geographic location (e.g. country or city-level location); and (vi) Other technical data collected through cookies, pixel tags and other similar technologies that uniquely identify your browser. The period of retention will be 1 year from expiry of the cookies.
We shall terminate your Payment User Account if you do not wish to have your personal information processed for the above purposes.
3) For promotional and marketing purposes as per the article 6 par. 1 lett. a) GDPR
Based on your communication preferences, we may send you marketing communications (e.g. e-mails or mobile notifications) to inform you about our events; to deliver targeted marketing; and to provide you with promotional offers. Our marketing will be conducted in accordance with your advertising marketing preferences and as permitted by applicable law. The period of retention of those data collected for such purposes will be 1 year as of the termination agreement.
We may provide Services although you do not wish to have your personal information processed for such purposes.
ARTICLE 3: WHO ARE THE RECEIPIENT OF YOUR DATA?
For the purpose of fulfilling its contractual and legal/regulatory obligation, of serving its legal interest as well as in cases where [email protected] is authorized or has received your consent, recipient of your personal data may be the following:
- The [email protected]’s employees to fulfill their job responsibilities in relation of the evaluation of your request, the management and performance of the User Agreement with [email protected], the fulfilment of the obligation arising from it, as well as the relevant obligation imposed by law.
- Entity to which [email protected] delegates the performance of specific task on its behalf (Processor) which may indicatively be professional advisors who provide banking, legal, compliance, insurance, accounting, introducers, brokers, or other consulting services in order to complete third party financial, technical, compliance and legal audits of our operations or otherwise comply with our legal obligations.
- The service providers under contract who help with parts of our business operations. Examples of the types of service providers we may share personal information with include:
- Network infrastructure;
- Payment processing;
- Transaction monitoring;
- Document repository services;
- Customer support;
- Internet (e.g. ISPs);
- Data analytics;
- Information Technology;
- The third party identity verification services in order to prevent fraud and anti-money laundering. This allows [email protected] to confirm your identity by comparing the information you provide us to public records and other third-party databases. These service providers may create derivative data based on your personal information that can be used solely in connection with the provision of identity verification and fraud prevention services.
- The credit institution, payment service provider and/or entities that are involved in the execution of contract with you or the execution of requested or activated transaction.
- The law enforcement, officials, or other third parties when we are compelled to do so by a subpoena, court order, or similar legal procedure, or when we believe in good faith that the disclosure of personal information is necessary to prevent physical harm or financial loss, to report suspected illegal activity, or to investigate violations of the User Agreement or any other applicable policies.
- The company or other entities that we plan to merge with or be acquired by. We may process any information regarding your Payment User Account and use of our Services as is necessary in the context of corporate acquisitions, mergers, or other corporate transactions.
- The Merchants, if you use your Payment User Account to conduct a transaction with a Merchant. In that case the Merchant may provide data about you and your transaction to us. Please review the privacy notice of Merchant that will gain access to your personal information.
- The companies or other entities that purchase [email protected] assets pursuant to a court approved sale or where we are required to share your information pursuant to insolvency law in any applicable jurisdiction.
ARTICLE 4: HOW WE PROTECT AND STORE PERSONAL INFORMATION – ANONYMIZED DATA AND ENCRYPTION
Personal data will be processed manually and electronically in compliance with the security measures to exclude or reduce the risk of loss, alteration, prohibited transmission, dissemination, destruction, illegal use or any other form of unlawful processing.
Your data is protected against unauthorized access through encrypted transmission and storage, a role and authorization concept, a data backup concept and physical security measures forthe servers. Anonymization is a data processing technique that removes or modifies personal information so that it cannot be associated with a specific individual.
We may perform our own analytics on anonymized data or enable analytics provided by third parties. Types of data we may anonymize include transaction data and fraud indicators.
ARTICLE 5: YOUR RIGHTS RELATING THE PROTECTION OF YOUR PERSONAL DATA
You may be able to assert certain rights related to your personal information identified below.
- Access and portability: You may request that we provide you a copy of your personal information held by us. This information will be provided without undue delay subject to a potential fee associated with gathering of the information (as permitted by law), unless such provision adversely affects the rights and freedoms of others. In certain circumstances, you may request to receive your personal information in a structured, commonly used and machine-readable format, and to have us transfer your personal information directly to another data controller.
- Rectification of incomplete or inaccurate personal information : You may request us to rectify or update any of your personal information held by [email protected] that is inaccurate. You may do this at any time by logging in to your Payment User Account and clicking the profile.
- Erasure: You may request to erase your personal information, subject to applicable law. If you close your Payment User Account, we will mark your account in our database as “Closed,” but will keep certain account information, including your request to erase, in our database for a period of time as described above in the article 2 above. This is necessary to deter fraud, by ensuring that persons who try to commit fraud will not be able to avoid detection simply by closing their account and opening a new account, and to comply with [email protected]’s legal obligations. However, if you close your Payment User Account, your personal information will not be used by us for any further purposes, nor shared with third parties, except as necessary to prevent fraud and assist law enforcement, as required by law, or in accordance with this Notice.
- Withdraw consent : To the extent the processing of your personal information is based on your consent, you may withdraw your consent at any time. Your withdrawal will not affect the lawfulness of EM@NEY’s processing based on consent before your withdrawal.
- Restriction of processing: We may continue to process your personal information if it is necessary for the defense of legal claims, or for any other exceptions permitted by applicable law.
- Automated individual decision-making, including profiling: [email protected] relies on automated tools to help determine whether a transaction or a Payment User Account presents a fraud or legal risk.
- Right to be forgotten: you may obtain the cancellation of your personal data from our database.
- Right to propose a complaint to the supervisory authority: If you believe that we have infringed your rights, we encourage you to first submit a request to Data Protection Authority, Level 2, Airways House, High Street Sliema SLM 1549 Malta.
For the exercise of your rights you may contact the [email protected]’s DPO by sending an email to [email protected].
ARTICLE 6: CROSS BORDER TRANSFER
Your data will be stored in encrypted form in a data center located in the European Union. Your personal data cannot be transferred outside the EU, but they will be included in database shared and managed by [email protected] subsidiaries.
ARTICLE 7: CONTROLLER DATA PROTECTION OFFICER – PROCESSORS
The Controller is [email protected] PLC, with registered and operative Head Offices in Ix xatt, ta Xbiex, MSD1516, MSIDA, Malta. Data Protection Officer is Mr. Francesco Maresca. You may contact the Data Protection Officer for any matter regarding the processing of your personal data at the address Ix xatt, ta Xbiex, MSD1516, MSIDA, Malta or by sending an email to [email protected].
The updated list of Processors is available at the [email protected]’s registered office address.