The version dated February 1, 2024

1. Who we are and what this document is about?

We are Mobilipay (CY) Limited, a Cyprus company, located at Pavlou Nirvana & Aipeias, Alpha Tower, 1st Floor, Office 11, Limassol, 3021, Cyprus, (hereinafter also referred to as the “Company” “we”, “us” or “our”) you can address us via e-mail contact.us@mobilipay.com

This privacy policy (hereinafter also referred to as the “Privacy Policy”) is a document that explains what kind of your personal data we use, how exactly we use it, for what reasons we need your personal data and what rights you have concerning your personal data.

The term “personal data” (hereinafter also referred to as “user data”, “data”) is used within the meaning outlined in the General Data Protection Regulation (hereinafter also referred to as “GDPR”), considering existing international practices on personal data protection in countries that provide an adequate level of such protection. It includes any information that relates to or identifies you directly or indirectly.

2. What did we develop this document for?

We developed this document to provide you with essential information concerning the personal data we collect through our website https://mobilipay.com/ (hereinafter also referred to as “Website”), meaning the website in which this Privacy Policy is placed, or in the course of providing our payment gateway and SMS and Flash-call validation services (hereinafter also referred to as the "Services"), information about which are placed on the Website.

By using or accessing the Website, you confirm that you have read, understood, and accepted this Privacy Policy. Please ensure you have read it carefully, particularly the section detailing your rights about the personal data that we collect about you. If you do not agree with our Privacy Policy, you should not use the Website.

Here are the basic provisions of how the Company views data privacy:

We do not collect any data without your consent, legitimate interest or performance of our contract with you;
We collect any data only on lawful grounds;
We collect only a minimum amount of information, only what is needed for the performance of a contract or to take steps before entering into a contract or protect our legal interest;
We do not monetize your data;
We do not check the user information received from you, except where such a check is necessary for us to fulfill our obligations to you;
We process your personal data as transparently as practically possible.

By providing access to the Website, we, acting reasonably and in good faith, believe that you:

have all necessary rights to use the Website;
provide true, accurate, current, and complete information about yourself;
are at least 16 years of age or under the minimum age in the relevant territory or your parents agree that you use the Website;
are aware of and accept this Privacy Policy.

3. Why do we collect personal data and for what purposes?

We collect personal data for specific purposes and we’ll use the collected data for the specified purposes alone. The purpose of the personal data we collect is so we can perform a contract, take steps before entering into a contract, or protect our legal interest. All the personal data we process is lawfully obtained and on a legal basis. If our relationship between us and you changes, we may need more information.

The list of the purposes for which we’ll request or use your data, the scope of such data, and other significant details are specified in Section 4 of this Privacy Policy.

We will normally collect personal data from you only where we have your consent to do so, where we need the personal data to perform a contract with you/your controller, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms.

If we ask you to provide personal data to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal data is mandatory or not (as well as of the possible consequences if you do not provide your personal data).

Similarly, if we collect and use your personal data in reliance on our or a third party’s legitimate interests and those interests are not already listed above, we will make clear to you at the relevant time what those legitimate interests are.

If you have questions about or need further information concerning the legal basis on which we collect and use your personal data, please contact us using the contact details provided in this Privacy Policy.

4. What personal data do we collect?

The Company requires the minimal amount of data necessary to provide you access to the Website. We use the information we collect and share it with our service providers primarily to provide you access to the Website, and as needed for our operational purposes. In addition, we may use data about our users to detect, prevent, or investigate security incidents, fraud, or abuse and misuse of the Website.

Depending on our relationship the personal data we collect may include:

Method and timing of processing
Processing of personal data is carried out with the use of automation tools.
Period of processing and storage of personal data - until the purpose of processing is achieved unless another period is stipulated by the agreement or applicable law, and/or until you request to delete the data.

Special category data
Certain categories of personal information have additional protection under GDPR. The categories include information about your health, racial or ethnic origin, etc.

We inform you that the Company does not store or process such a special category of your personal data.

5. Using cookies (Cookies Policy)

Cookies are small text files that websites often store on computer hard drives or mobile devices of visitors to their websites. A cookie contains a unique number, which is used to recognize your computer or mobile device when you return to our Website. Cookies can remain on your computer or mobile device for different periods of time. The cookies can be either “persistent” cookies or “session” cookies. Persistent cookies are stored by a web browser and remain valid until a set expiration date. Session cookies only exist while your internet browser is open and are automatically deleted once you close your browser.

Web beacons are small electronic files contained on pages of websites that permit companies to count users who have visited certain web pages on a website and are used for other related website statistics (e.g., recording the popularity of certain website content and verifying system and server integrity).

The use of cookies is designed to make the Website work correctly.

We use a variety of cookies for different purposes. Specifically, we use cookies to enhance the experience of our visitors to our Website and to better understand how the Website is used. Cookies may tell us, for example, whether you have visited the Website before or whether you are a new visitor.

We also use cookies to prevent unlawful actions performed by malicious software.

There are several categories of cookies that we may use. Specifically:

· Essential and security cookies, web beacons, and other tracking technologies are necessary for the operation of the Website. These tracking technologies enable you to move around on the Website and use the Website’s features. You may not opt out of these types of cookies because they are required to operate the Website and service.

· Analytics cookies, web beacons, and other tracking technologies collect information about how you have used the Website. These items help us to understand how the Website performs, how visitors interact with the site, and whether there may be technical issues. This storage type usually doesn’t collect information that identifies a visitor.

· Personalization cookies web beacons and other tracking technologies. These items allow the Website to remember the choices you make (such as your user name, language, or the region you are in) and provide enhanced, more personal features. We use personalization cookies, web beacons, and other tracking technologies to improve the user experience with our Website.

· Marketing cookies, web beacons, and other tracking technologies are used on our Website by third-party service providers. These cookies help measure the effectiveness of our advertising campaigns. They are used to make advertising more relevant to your preferences as well as to analyze Website visits and ad conversions from third-party websites.

The table below lists cookies used by the Company and third-party service providers. The list of cookies and third-party service providers is subject to change at any time:

It is your choice as to whether or not to accept cookies. Most browsers allow you to configure the browser settings so that cookies from websites cannot be placed on your computer or mobile device. If you choose not to accept cookies, then you may be able to continue browsing our Website, but we may not be able to provide you with certain features.

Please note, that if cookies are blocked, the Website will malfunction.

6. Transfer and storage of your personal data

Personal data we collect may be stored and processed for the purposes set out in this Privacy Policy in any country in which we operate and your personal data may be transferred, stored, and processed by recipients in various countries around the world where our servers are located and our databases are operated. We do all necessary to make sure all recipients of your personal data understand the necessity to process personal data only on a legal basis considering any and all applicable legislation.

Our servers are located in the European Economic Area (EEA).

We do not sell your personal information or the personal information of your end users. We also do not allow any personal information to be used by third parties for their own marketing purposes (except in cases where you explicitly request or provide consent for us to do. However, we do need to share personal data in order to provide our Services to you/your controller. Below are the different scenarios under which we may share your data with third parties.

We may transfer your personal data to the following third parties’ categories:

any third party to whom we assign or novate any of our rights or obligations under a relevant agreement;
any national or international regulatory, enforcement, exchange body, central or local government department and other statutory or public bodies or court where we are required to do so by applicable law or regulation at their request;
third parties, if you expressed your consent to such transfer or transfer of your personal data, is required for your use of certain services or performance of a particular agreement or contract with you;
third parties involved in the fulfillment of our obligations (including hosting providers, etc.).

7. International data transfers

The use of our Website or providing Services often involves the transfer of personal data to recipients and third parties both inside and outside the European Economic Area (EEA). We take care to ensure our partners regardless of location have sufficient safeguards in place to properly process and protect your personal data in line with our own data protection and information security standards.

One of the important steps we take when it comes to international data transfers involving third parties is due diligence and vetting. As part of the third-party vetting process, we ensure that personal data will only be transferred to a third party located outside the EEA with the required cross-border transfer mechanism and safeguards in place. This means that when we engage a third party that is located outside of the EEA, we agree on the appropriate level of data protection, including additional contractual, technical, and organizational measures and the execution of a transfer impact assessment where necessary, to ensure the ongoing protection of the rights and freedoms of all individuals, inside and outside the EU. We consistently monitor changes to the international transfer mechanisms permitted under applicable privacy laws to ensure ongoing compliance with international data protection standards.

We may transfer and store your personal data to third-party data processors located in countries outside of the EEA. We only transfer your personal data to those third parties where we can be sure that we can protect your privacy and your rights, for example, the third party is located in a country which the EU has deemed to have adequate data protection laws in place or to a country which has not been recognized by the European Commission as providing an adequate level of personal data protection but where we have a contract in place with that third party which includes the European Commission’s standard data protection clauses.

Whenever we are sending data to countries that are not providing the same level of protection as the GDPR (to countries that have not been recognized by the European Commission as providing an adequate level of personal data protection), we are going to use appropriate safeguards to protect your personal data, including but not limited to Standard Contractual Clauses for Processors.

Accordingly, by using our Website, you authorize the transfer of your information to countries that have not been recognized by the European Commission as providing an adequate level of personal data protection, where our service providers process data for customer care, account management and service provisioning, and to other locations where we and/or our service providers operate, and to its (and their) storage and use as specified in this Privacy Policy and any applicable terms of service or other agreement between you and Company or between you and our customers.

8. How we protect your personal data

We apply a variety of measures to safeguard the collection, transmission, and storage of the information we collect. These measures vary based on the sensitivity of the information that we collect, process, and store and the current state of technology. Even so, no security measure is 100% perfect. Therefore, while we strive to employ reasonable protections for your information that are appropriate to its sensitivity, we cannot guarantee the security of your information and do not assume any responsibility for the unauthorized use or access to your information under our control.

Notwithstanding the foregoing, to protect your personal data we have the physical, electronic, and procedural means of protection in accordance with international standards. We use encryption to keep your data confidential during transfer. We review, verify, and update our methods for collecting, storing, and processing information, including physical security measures, to prevent unauthorized access to our systems. We restrict access to personal data to our employees who need this information to process it. Anyone who has such access is subject to strict contractual obligations regarding confidentiality and may be subject to disciplinary action if he does not fulfill these obligations.

9. Уour rights in relation to personal data

You have many rights over your personal information and how it is used. Here are set out the major rights, which are available to you (depending on how we collected your personal data) and how to make use of those rights:

Right to access your personal data: at any time, you can ask us about what your personal data do we have, what we do with it, why we process them, who we have told about you, etc. You also can ask us to give you a copy of the personal data processing, if you like. To request access, send us an email at mail contact.us@mobilipay.com headed “Subject Access Request”;
Right to rectify your personal data: at any time, you can request that we update, block, or delete your personal data if the data is incomplete, outdated, incorrect, unlawfully received or there is no need to proceed it anymore. If you do not provide correct personal data, we may suspend access to our services due to the lack of necessary data;
Right to erasure: at any time, you can ask us to delete all the personal data that we have about you – it is your right to be forgotten as if we have never met before.

However, we have the right not to erasure your personal data and process it insofar as the processing is permitted by the applicable law on personal data (including, but not limited to, the purposes of settling claims and disputes, sending responses to requests from state authorities);

Right to restrict the use of your personal data: for example, if you think, that your personal data is not accurate and we need time to check it, we can make a pause in processing your personal data enough to clarify, whether is it so or not;
Right to object to the processing of your personal data: at any time, you can tell us to stop and we will no longer process your personal data, but we can still keep them if there is legitimate ground for that. If you do so, you will no longer have access to our services;
Right to data portability (in certain specific circumstances): if you wish, you can ask us to download (export) all personal data that we have in the format acceptable to give it to someone else or ask us to give them your data directly;
Right not to be subject to an automated decision: if we process your personal data automatically and we make some decisions according to it, and it affects you in any serious way, you can express your point of view and contest such a decision. But in reality, we do not do this;
Right to lodge a complaint with a supervisory authority: you always can complain about us and about the way, we are processing your personal data.

Before we process any request, we may ask you for certain information in order to verify your identity. Where permitted by local law, we may reject requests that are unreasonable or impractical. We will respond to your requests in a reasonable timeframe.

If you are a resident of the European Union, you have data protection rights no less than what is specified by GDPR.

10. Retention periods

We will retain your personal information for as long as required to perform the purposes for which the data was collected depending on the legal basis for which that data was obtained and/or whether additional legal/regulatory obligations mandate that we retain your personal information during the term that is required and/or permissible under applicable/relevant law.

Also, we may keep information on how we think we may need to resolve any disputes, enforce our agreements with you, and provide you/your controller with the possibility to use our Services, protect our or your legal rights, and comply with technical and legal requirements and constraints related to the security, integrity, and operation of our Website.

11. Changes to our policy

We may update this Privacy Policy from time to time. The new version of this Privacy Policy will be published on our Website. We recommend you regularly review this page to ensure that you are always aware of our information practices and any changes. Also, we may notify you via any applicable communication channels.

Your continued use of the Website means that you accept and agree to the changes.

12. Contact us

If you have a complaint or question about this Privacy Policy, if you would like to make a request concerning your personal data, or withdraw your consent, you may at any time contact us at mail contact.us@mobilipay.com. We will aim to respond to you within a maximum of 30 calendar days from receipt of the request.

All correspondence received by us from you (written or electronic inquiries) is classified as restricted-access information and may not be disclosed without your written consent. The personal data and other information about you may not be used without your consent for any purpose other than for response to the inquiry, except as expressly provided by law.