Slovenia – Privacy policy
PAYWISER PRIVACY POLICY
Last updated: October 1, 2022
This Privacy Policy includes important information about your personal data and we encourage you to read it carefully.
1. INTRODUCTION
PAYWISER d.o.o., Bravničarjeva ulica 13, 1000 Ljubljana, Slovenia (or “PAYWISER”) obtained an authorization to provide electronic money issuance and payment services in EEA from the Bank of Slovenia in accordance with the Slovenian Payment Services, Services of Issuing Electronic Money and Payment Systems Act.
We provide technical solutions for payment processing and issuing for personal and commercial use (PAYWISER issuing service). Businesses of all sizes use our software and services to accept payments and manage their businesses online (PAYWISER acquiring service).
While providing products and services, PAYWISER processes personal data with utmost care and responsibility and in compliance with the national and EU Data Protection Regulation, specially the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter the Regulation or GDPR).
PAYWISER commits to safety and privacy of your personal data. GDPR does not apply to information about legal entities (e.g., limited liability companies), yet it does apply to individuals that are related to legal entities.
This Privacy Policy (hereinafter Policy) provides general information about our personal data processing activities. This document describes how we collect and use your personal data and how we share it, your rights, especially your data subject rights, including the right to object to some uses of your personal data by us, and how you can contact us about our privacy terms and measures.
We may provide this notice in languages other than English. If there are any discrepancies between other language versions and the English language version, the English language version is authoritative.
If you have concerns about how we use your personal data, you can contact the person authorized for the data protection (“DPO”) on privacy@paywiser.eu.
1.1 DEFINITION OF TERMS WE USE IN THIS POLICY
“PAYWISER” or “we / our / us” stands for the Paywiser d.o.o. entity responsible for the collection and processing of personal data under this Privacy Policy in the frame of providing our Services.
“Personal data” means any information that relates to an identified or identifiable individual and can include information related to you which: (a) we know about you (for example, if you are an individual or a director of a company applying for a business relationship with PAYWISER, we may ask you to provide identification documents) and (b) can be used to personally identify you (for example, a combination of your name and postal address).
“Services” stands for all PAYWISER-provided products (devices, applications, such as web-application, mobile app, Merchant Dashboardb etc.) and services (e.g., issuing, acquiring, payment processing, payment gateway services etc.).
“Service Provider” refers to PAYWISER.
“Business Relationship” means any of PAYWISER-provided Services based relationship between PAYWISER and you (such as business relationship between PAYWISER and Merchant for providing of acquiring services, business relationship between End User and PAYWISER for providing of payment card, etc).
“Merchant’ or ‘you / your” refers to any legal entity entering into business relationship with us and, where applicable, it’s duly authorized representatives and successors.
“Service User” or “you” is the user of products and/or services provided by PAYWISER. Since we provide services for commercial and/or personal use, depending on the context, “you” can relate to the Merchant and can also relate to:
- (i) the Representative, when you are acting on behalf of the Service User (e.g., you are a founder of a company, or administering a business relationship with PAYWISER for a Merchant, who is a Service User);
- (ii) the End User, when you directly use a PAYWISER-provided Services for your individual personal use;
- (iii) the Customer, when you do business with, or otherwise transact with a Service User (typically a Merchant using Services);
- (iv) the Potential Service User, when you visit our website or web-application (e.g., you send us a message asking for more information because you are considering being a user of our products or services).
2. WHO IS THE CONTROLLER OF YOUR PERSONAL DATA?
PAYWISER d.o.o., with its registered office at the address Bravničarjeva ulica 13, 1000 Ljubljana, Slovenia. The Data Protection Officer is available via paper post on the registered office address and via e-mail: privacy@paywiser.eu.
Depending on the activity, PAYWISER acts as a “Data Controller” or “Data Processor”.
PAYWISER is the ‘Processor’, processing your personal data on behalf of the ‘controller, if you are a Customer of a certain company (e.g. Merchant) that uses PAYWISER-provided Services, or one of its employees who uses the Services, when we provide to the Merchant integration and access to Gateway Software and technical support necessary for acceptance of the Cards on Merchant Website and settling payment transactions. In this case the Merchant as the Service User is the controller of your personal data and should provide you appropriate information about how it processes your personal data and the appropriate contact to receive your Data Subject Right Requests such as request to get information on the processing of your personal data, request to access, correction, deletion or portability of their personal data and objection to processing including objecting to processing for direct marketing purposes, which includes profiling to the extent that it is related to such direct marketing.
3. HOW DO WE COLLECT YOUR PERSONAL DATA AND WHICH DATA CATEGORIES WE PROCESS?
We collect your personal data when (a) you use our website at www.paywiser.eu (b) you use one of our business applications (such as E-commerce website, internet payment pages, mobile app etc.) and (c) you use any of the Services available to you through the our business applications or website.
We may also collect your personal data from other people or companies or other sources.
| Type of personal data | We collect information, when: | We collect the following data categories: |
|---|---|---|
| Information you give us |
|
|
| Information collected from your use of our products and services | you use our website or the business application (e.g., mobile app, Paywiser Dashboard etc.) |
|
| Information from your employer | a company that has a business relationship with PAYWISER (e.g., a Merchant as your employer) nominates you as an account holder or Representative |
|
| Information from websites or social media | if you make information about you publicly available on websites, social media websites or business applications, we do this as part of our KYB and KYC checks only |
|
| Information from others | We collect personal data from third parties or other people, such as financial institutions, official registers and databases, fraud prevention agencies and partners who help us to provide our Services. |
|
| Information from publicly available sources | personal data that are accessible to PAYWISER from publicly available sources |
|
4. HOW DO WE USE YOUR PERSONAL DATA?
| We use your personal data for | Our legal basis for using your personal data |
|---|---|
|
Providing our Services If you apply to use a PAYWISER product or service, we use your personal data to check your identity before we decide whether or not to approve your application. We must comply with fraud monitoring, prevention and detection obligations, laws associated with the identification and reporting of illegal and illicit activity, such as “Anti- Money Laundering (“AML”) and Know-Your-Customer (“KYC”)” or Know-Your-Business (“KYB”) obligations, and financial reporting obligations (e.g., recording and verifying User’s identity for the purpose of compliance with legislation intended to prevent money laundering and financial crimes). We use your personal data to:
|
|
| Protecting against fraud We use your personal data to check your identity and to protect against fraud, keep to financial crime laws and to confirm that you are eligible to use our Services. We also use it to help us better understand your as an individual or your company’s financial circumstances and manage fraud risks related to your use of PAYWISER Services (e.g. PAYWISER account etc.). |
|
Marketing and promotion of our products and services We use your personal data to do the following:
|
|
Keeping our services up and running We use your personal data to manage our website and our applications, (including troubleshooting, data analysis, testing, research, statistical and survey purposes), and to make sure that content is presented in the most effective way for you and your device. We also use your personal data to:
|
|
Improving our products and services We ask you for your opinion about our products or services Meeting our legal obligations, enforcing our rights and other legal uses We use your personal data:
|
|
|
Helping you to provide services to your customers We may provide payment processing services to you or your company (e.g., the Merchant). Where this happens, you, or your company, are responsible for deciding:
|
|
Preparing anonymous statistical datasets. We prepare anonymous statistical datasets about spending patterns: (i) for forecasting purposes; (ii) to understand how you use PAYWISER business applications or account and (iii) to comply with governmental requirements and requests. These datasets may be shared internally or externally with others, including non-PAYWISER companies/institutions. We produce these reports using information about you, HOWEVER, the information used and shared in this way is never personal data and you will never be identifiable from it.
Whenever your personal data is processed based on our legitimate interest or based on your explicit consent, you have the right to object to such processing and to withdraw your consent at any time without affecting the lawfulness of processing based on such consent before the consent is withdrawn. We will always offer you a possibility to manage your choices for receiving our messages with promotional and other content.
Compliance with Legal Obligations. We use personal data to meet our contractual and legal obligations related to anti-money laundering, Know-Your-Customer (“KYC”) and Know-Your-Business (“KYB”) laws, anti-terrorism, anti-fraud, export control and prohibitions on doing business with restricted persons or in certain business areas, and other legal obligations. We strive to make our Services safe, secure and compliant, and the collection and use of personal data is critical to this effort. For example, we may monitor patterns of Payment Transactions andother online signals and use those insights to reduce the risk of fraud, money laundering and other activity that is harmful to PAYWISER or you.
Minors. PAYWISER-provided Services are not directed to minors, including children under the age of 15, and we request that they do not provide personal data through the Services. In some countries, we may impose higher age limits as required by applicable law.
5. WHO ARE YOUR PERSONAL DATA SHARED WITH?
In the scope of PAYWISER-provided Services your personal data is used by:
- PAYWISER. Your personal data are shared within PAYWISER entity and are available to authorizedpersonnel, responsible for providing our products and services. These persons are legally and contractuallyobliged to protect the confidentiality of personal data.
- Service Providers or Processors that use your personal data on our behalf and based on our instructions.PAYWISER uses their services in order to provide Services to you as our Service Users and to communicate, market and advertise regarding our Services. Service providers provide a variety of critical services, such as hosting (storing and delivering), analytics to assess the speed, accuracy and/or security of our Services, identity verification, customer service, email and auditing. We authorize such service providers to use or disclose your personal data that we make available to perform services on our behalf and to comply with applicable legal requirements. We require such service providers to contractually commit to protect the security and confidentiality of personal data they process on our behalf. Our service providers are predominantly located in the EEA and Hong Kong.In order to adequately fulfill our contractual and legal obligations, we must also disclose your personal data to third parties:
- Financial Partners. “Financial Partners” are financial institutions that we partner with to offer the Services(including Card Schemes, Banks etc.).
- Compliance and Harm Prevention. We share personal data: (i) to competent state authorities and authoritiesresponsible for financial, tax or banking supervision (e.g., the Office for the Prevention of Money Laundering, the Financial Administration, courts, etc.) in order to comply with applicable law; (ii) to payment method providers, to comply with rules imposed by payment method in connection with use of that payment method (e.g. network rules for Mastercard, UnionPay or other); (iii) to enforce our contractual rights; (iv) to secure or protect the Services, rights, privacy, safety and property of PAYWISER, you or others, including against other malicious or fraudulent activity and security incidents; (v) to respond to valid legal process requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include authorities outside your country of residence and (vi) to natural and legal persons who demonstrate an appropriate legal basis for receiving personal data, based on their reasoned written request or natural and legal persons who present themselves with the authorization of the individual to whom the personal data refer.
- Corporate Transactions. In the event that we enter into, or intend to enter into, a transaction that alters the structure of our business, such as a reorganization, merger, sale, joint venture, assignment, transfer, change of control, or other disposition of all or any portion of our business, assets or stock, we may share personal data with third parties in connection with such transaction. Any other entity which buys us or part of our business will have the right to continue to use your personal data, but subject to the terms of this Policy.
- Others with Consent. In some cases, we might refer you to, or enable you to engage with our other Partners for certain services to be provided to you. In these cases, we will clearly disclose the identity of the third party and your personal data and information related to you will be shared with them only based on your prior explicit consent.
All users of your personal data are obliged to respect and protect personal data in accordance with the applicable legislation on the protection of personal data and other legal regulations.
We will never sell your personal data.
6. ARE YOUR PERSONAL DATA TRANSFERRED OUTSIDE EU /EEA?
We are a global business, providing an international Services, so we may need to transfer your personal data outside the European Economic Area (EEA). Personal data may be stored and processed in any country where we do business; or where our service providers do business; or if you use an international payment method or financial partner service, the countries in which that payment method or financial partner operates, when: (i) the
We may transfer your personal data to countries other than your own country. These countries may have data protection rules that are different from your country. When transferring data across borders, we take measures to comply with applicable data protection laws related to such transfer. Where applicable law requires a data transfer mechanism, we use one or more of the following: (i) sign with a data recipient outside the EEA EU Standard Contractual Clauses, approved by the European Commission, to ensure an adequate level of protection for the transfer of your personal data to those entities outside the EEA; (ii) verification that the recipient has implemented Binding Corporate Rules, or (iii) other legal methods available to us under applicable law.
7. FOR HOW LONG DO WE STORE YOUR PERSONAL DATA?
We retain your personal data as long as we are providing the Services to you or our Service Users. Even after we stop providing Services directly to you or a Service User with which you are doing business, and even if you terminate your business relationship with PAYWISER or complete a Transaction with a Service User, we retain your personal data in order to comply with our legal and regulatory obligations, such as fraud monitoring, detection and prevention activities; to comply with our tax, accounting, and financial reporting obligations, where we are required to retain the data by our contractual commitments to our financial partners, and where data retention is mandated by the payment methods you used.
We keep personal data in accordance with limitation periods and retention obligations that are imposed by applicable law. As a rule, your personal data is kept for ten (10) years after the termination of the business relationship or execution of the transaction. Data processed on the basis of your consent are kept until your cancellation or requests for data deletion, but no longer than ten (10) years after the termination of the business relationship or until the purpose for which they were acquired is fulfilled.
After the expiration of the retention period, personal data are deleted, destroyed or anonymized – unless there is another legal basis or if this is necessary to enforce or defend legal claims.
8. WHAT ARE YOUR DATA SUBJECT RIGHTS?
You may have choices regarding our collection, use and disclosure of your personal data:
a. Opting out of receiving electronic communications from us
If you no longer want to receive marketing-related emails from us, you may opt-out via the unsubscribe link included in such emails or by requesting the exercising of your right. We will try to comply with your request(s)
as soon as reasonably practicable. Please note that if you opt-out of receiving marketing-related emails from us, our partners may still send you messages and direct us to send you messages on their behalf.
b. Your data protection rights
You may have the following rights with regard to the personal data PAYWISER processes as the Controller:
- the right to request confirmation of whether PAYWISER processes personal data relating to you, and ifso, to request a copy of that personal data (Right to access);
- the right to request that PAYWISER corrects or updates your personal data that is inaccurate,incomplete or outdated (Right to rectification);
- the right to request that PAYWISER erase your personal data in certain circumstances provided by law(Right to deletion / erasure or Right to be forgotten);
- the right to request that PAYWISER restrict the use of your personal data in certain circumstances,such as while we consider another request that you have submitted (Right to restrict processing);
- the right to request that we export your Personal Data that we hold to another company, wheretechnically feasible (Right to portability);
- where the processing of your personal data is based on your previously given consent, you have theright to withdraw your consent at any time (Right to withdraw consent);
- where we process your information based on our legitimate interests, you may also have the right toobject to the processing of your personal data (Right to object to processing). Unless we have compelling legitimate grounds or where it is needed for legal reasons, we will cease processing your information when you object.
c. Process for exercising your data protection rights
To exercise your data protection rights please contact us by sending your message to the following e-mail address: privacy@paywiser.eu.
PAYWISER will decide on the individual request of the individual without undue delay, or at the latest within the statutory period of 30 days from the receipt of the request.
For all questions regarding data processing or your rights, or in case of misuse of your data, please contact the authorized person for data protection: privacy@paywiser.eu.
When resolving complaints related to the processing of personal data, which we cannot resolve directly with you, we cooperate with the competent regulatory authorities. You have the right to legal protection. You can contact the Information Commissioner of the Republic of Slovenia. Before each application, please contact us so that we can solve your problem together.
If you are an individual/Customer doing business or transacting with our Service User (e.g., Merchant using PAYWISER-provided Services), please refer to the privacy policy or notice of the Service User or contact the Service User directly.
9. DO YOU MAKE AUTOMATED DECISIONS ABOUT ME?
PAYWISER does not use means to make automated decisions that could have legal consequences for you. In the event of an automated decision, we will notify you beforehand and give you the right to personal intervention by the controller; the right to express your point of view; the right to get an explanation of the decision made in this way and the right to challenge such a decision.
10. UPDATES AND NOTIFICATIONS
We may change this Policy from time to time to reflect new services, changes in our privacy practices or relevant laws. The “Last updated” legend at the top of this Policy indicates when this Policy was last revised. Any changes are effective when we post the revised Policy.
We may provide you with disclosures and alerts regarding the Policy or personal data collected by posting them on our website.
If applicable law requires that we provide notice in a specified manner prior to making any changes to this Policy applicable to you, we will provide such required notice.
We make reasonable efforts to provide a level of security appropriate to the risk associated with the processing of your personal data. We maintain organizational, technical and administrative measures designed to protect personal data covered by this Policy against unauthorized access, destruction, loss, alteration or misuse. Personal data is only accessed by a limited number of personnel who need access to the information to perform their duties. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure.
If you have reason to believe that your interaction with us is no longer secure, please contact us.
If you have any questions or complaints about this Policy, please contact us by sending your message to privacy@paywiser.eu.
Slovenia – Codes of Etics and Business Conduct
Last updated: October 1, 2022
This Privacy Policy includes important information about your personal data and we encourage you to read it carefully.
1. INTRODUCTION
PAYWISER d.o.o., Bravničarjeva ulica 13, 1000 Ljubljana, Slovenia (or “PAYWISER”) obtained an authorization to provide electronic money issuance and payment services in EEA from the Bank of Slovenia in accordance with the Slovenian Payment Services, Services of Issuing Electronic Money and Payment Systems Act.
We provide technical solutions for payment processing and issuing for personal and commercial use (PAYWISER issuing service). Businesses of all sizes use our software and services to accept payments and manage their businesses online (PAYWISER acquiring service).
While providing products and services, PAYWISER processes personal data with utmost care and responsibility and in compliance with the national and EU Data Protection Regulation, specially the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter the Regulation or GDPR).
PAYWISER commits to safety and privacy of your personal data. GDPR does not apply to information about legal entities (e.g., limited liability companies), yet it does apply to individuals that are related to legal entities.
This Privacy Policy (hereinafter Policy) provides general information about our personal data processing activities. This document describes how we collect and use your personal data and how we share it, your rights, especially your data subject rights, including the right to object to some uses of your personal data by us, and how you can contact us about our privacy terms and measures.
We may provide this notice in languages other than English. If there are any discrepancies between other language versions and the English language version, the English language version is authoritative.
If you have concerns about how we use your personal data, you can contact the person authorized for the data protection (“DPO”) on privacy@paywiser.eu.
1.1 DEFINITION OF TERMS WE USE IN THIS POLICY
“PAYWISER” or “we / our / us” stands for the Paywiser d.o.o. entity responsible for the collection and processing of personal data under this Privacy Policy in the frame of providing our Services.
“Personal data” means any information that relates to an identified or identifiable individual and can include information related to you which: (a) we know about you (for example, if you are an individual or a director of a company applying for a business relationship with PAYWISER, we may ask you to provide identification documents) and (b) can be used to personally identify you (for example, a combination of your name and postal address).
“Services” stands for all PAYWISER-provided products (devices, applications, such as web-application, mobile app, Merchant Dashboardb etc.) and services (e.g., issuing, acquiring, payment processing, payment gateway services etc.).
“Service Provider” refers to PAYWISER.
“Business Relationship” means any of PAYWISER-provided Services based relationship between PAYWISER and you (such as business relationship between PAYWISER and Merchant for providing of acquiring services, business relationship between End User and PAYWISER for providing of payment card, etc).
“Merchant’ or ‘you / your” refers to any legal entity entering into business relationship with us and, where applicable, it’s duly authorized representatives and successors.
“Service User” or “you” is the user of products and/or services provided by PAYWISER. Since we provide services for commercial and/or personal use, depending on the context, “you” can relate to the Merchant and can also relate to:
- (i) the Representative, when you are acting on behalf of the Service User (e.g., you are a founder of a company, or administering a business relationship with PAYWISER for a Merchant, who is a Service User);
- (ii) the End User, when you directly use a PAYWISER-provided Services for your individual personal use;
- (iii) the Customer, when you do business with, or otherwise transact with a Service User (typically a Merchant using Services);
- (iv) the Potential Service User, when you visit our website or web-application (e.g., you send us a message asking for more information because you are considering being a user of our products or services).
2. WHO IS THE CONTROLLER OF YOUR PERSONAL DATA?
PAYWISER d.o.o., with its registered office at the address Bravničarjeva ulica 13, 1000 Ljubljana, Slovenia. The Data Protection Officer is available via paper post on the registered office address and via e-mail: privacy@paywiser.eu.
Depending on the activity, PAYWISER acts as a “Data Controller” or “Data Processor”.
PAYWISER is the ‘Processor’, processing your personal data on behalf of the ‘controller, if you are a Customer of a certain company (e.g. Merchant) that uses PAYWISER-provided Services, or one of its employees who uses the Services, when we provide to the Merchant integration and access to Gateway Software and technical support necessary for acceptance of the Cards on Merchant Website and settling payment transactions. In this case the Merchant as the Service User is the controller of your personal data and should provide you appropriate information about how it processes your personal data and the appropriate contact to receive your Data Subject Right Requests such as request to get information on the processing of your personal data, request to access, correction, deletion or portability of their personal data and objection to processing including objecting to processing for direct marketing purposes, which includes profiling to the extent that it is related to such direct marketing.
3. HOW DO WE COLLECT YOUR PERSONAL DATA AND WHICH DATA CATEGORIES WE PROCESS?
We collect your personal data when (a) you use our website at www.paywiser.eu (b) you use one of our business applications (such as E-commerce website, internet payment pages, mobile app etc.) and (c) you use any of the Services available to you through the our business applications or website.
We may also collect your personal data from other people or companies or other sources.
| Type of personal data | We collect information, when: | We collect the following data categories: |
|---|---|---|
| Information you give us |
|
|
| Information collected from your use of our products and services | you use our website or the business application (e.g., mobile app, Paywiser Dashboard etc.) |
|
| Information from your employer | a company that has a business relationship with PAYWISER (e.g., a Merchant as your employer) nominates you as an account holder or Representative |
|
| Information from websites or social media | if you make information about you publicly available on websites, social media websites or business applications, we do this as part of our KYB and KYC checks only |
|
| Information from others | We collect personal data from third parties or other people, such as financial institutions, official registers and databases, fraud prevention agencies and partners who help us to provide our Services. |
|
| Information from publicly available sources | personal data that are accessible to PAYWISER from publicly available sources |
|
4. HOW DO WE USE YOUR PERSONAL DATA?
| We use your personal data for | Our legal basis for using your personal data |
|---|---|
|
Providing our Services If you apply to use a PAYWISER product or service, we use your personal data to check your identity before we decide whether or not to approve your application. We must comply with fraud monitoring, prevention and detection obligations, laws associated with the identification and reporting of illegal and illicit activity, such as “Anti- Money Laundering (“AML”) and Know-Your-Customer (“KYC”)” or Know-Your-Business (“KYB”) obligations, and financial reporting obligations (e.g., recording and verifying User’s identity for the purpose of compliance with legislation intended to prevent money laundering and financial crimes). We use your personal data to:
|
|
|
Protecting against fraud We use your personal data to check your identity and to protect against fraud, keep to financial crime laws and to confirm that you are eligible to use our Services. We also use it to help us better understand your as an individual or your company’s financial circumstances and manage fraud risks related to your use of PAYWISER Services (e.g. PAYWISER account etc.). |
|
|
Marketing and promotion of our products and services We use your personal data to do the following:
|
|
|
Keeping our services up and running We use your personal data to manage our website and our applications, (including troubleshooting, data analysis, testing, research, statistical and survey purposes), and to make sure that content is presented in the most effective way for you and your device. We also use your personal data to:
|
|
|
Improving our products and services We ask you for your opinion about our products or services |
our legitimate interests (to understand customers’ expectations for being able to improve the quality of our existing products and services and to develop now ones) |
|
Meeting our legal obligations, enforcing our rights and other legal uses We use your personal data:
|
|
|
Helping you to provide services to your customers We may provide payment processing services to you or your company (e.g., the Merchant). Where this happens, you, or your company, are responsible for deciding:
|
|
Preparing anonymous statistical datasets. We prepare anonymous statistical datasets about spending patterns: (i) for forecasting purposes; (ii) to understand how you use PAYWISER business applications or account and (iii) to comply with governmental requirements and requests. These datasets may be shared internally or externally with others, including non-PAYWISER companies/institutions. We produce these reports using information about you, HOWEVER, the information used and shared in this way is never personal data and you will never be identifiable from it.
Whenever your personal data is processed based on our legitimate interest or based on your explicit consent, you have the right to object to such processing and to withdraw your consent at any time without affecting the lawfulness of processing based on such consent before the consent is withdrawn. We will always offer you a possibility to manage your choices for receiving our messages with promotional and other content.
Compliance with Legal Obligations. We use personal data to meet our contractual and legal obligations related to anti-money laundering, Know-Your-Customer (“KYC”) and Know-Your-Business (“KYB”) laws, anti-terrorism, anti-fraud, export control and prohibitions on doing business with restricted persons or in certain business areas, and other legal obligations. We strive to make our Services safe, secure and compliant, and the collection and use of personal data is critical to this effort. For example, we may monitor patterns of Payment Transactions and other online signals and use those insights to reduce the risk of fraud, money laundering and other activity that is harmful to PAYWISER or you.
Minors. PAYWISER-provided Services are not directed to minors, including children under the age of 15, and we request that they do not provide personal data through the Services. In some countries, we may impose higher age limits as required by applicable law.
5. WHO ARE YOUR PERSONAL DATA SHARED WITH?
In the scope of PAYWISER-provided Services your personal data is used by:
- PAYWISER. Your personal data are shared within PAYWISER entity and are available to authorizedpersonnel, responsible for providing our products and services. These persons are legally and contractuallyobliged to protect the confidentiality of personal data.
- Service Providers or Processors that use your personal data on our behalf and based on our instructions.PAYWISER uses their services in order to provide Services to you as our Service Users and to communicate, market and advertise regarding our Services. Service providers provide a variety of critical services, such as hosting (storing and delivering), analytics to assess the speed, accuracy and/or security of our Services, identity verification, customer service, email and auditing. We authorize such service providers to use or disclose your personal data that we make available to perform services on our behalf and to comply with applicable legal requirements. We require such service providers to contractually commit to protect the security and confidentiality of personal data they process on our behalf. Our service providers are predominantly located in the EEA and Hong Kong.In order to adequately fulfill our contractual and legal obligations, we must also disclose your personal data to third parties:
- Financial Partners. “Financial Partners” are financial institutions that we partner with to offer the Services(including Card Schemes, Banks etc.).
- Compliance and Harm Prevention. We share personal data: (i) to competent state authorities and authoritiesresponsible for financial, tax or banking supervision (e.g., the Office for the Prevention of Money Laundering, the Financial Administration, courts, etc.) in order to comply with applicable law; (ii) to payment method providers, to comply with rules imposed by payment method in connection with use of that payment method (e.g. network rules for Mastercard, UnionPay or other); (iii) to enforce our contractual rights; (iv) to secure or protect the Services, rights, privacy, safety and property of PAYWISER, you or others, including against other malicious or fraudulent activity and security incidents; (v) to respond to valid legal process requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include authorities outside your country of residence and (vi) to natural and legal persons who demonstrate an appropriate legal basis for receiving personal data, based on their reasoned written request or natural and legal persons who present themselves with the authorization of the individual to whom the personal data refer.
- Corporate Transactions. In the event that we enter into, or intend to enter into, a transaction that alters the structure of our business, such as a reorganization, merger, sale, joint venture, assignment, transfer, change of control, or other disposition of all or any portion of our business, assets or stock, we may share personal data with third parties in connection with such transaction. Any other entity which buys us or part of our business will have the right to continue to use your personal data, but subject to the terms of this Policy.
- Others with Consent. In some cases, we might refer you to, or enable you to engage with our other Partners for certain services to be provided to you. In these cases, we will clearly disclose the identity of the third party and your personal data and information related to you will be shared with them only based on your prior explicit consent.
All users of your personal data are obliged to respect and protect personal data in accordance with the applicable legislation on the protection of personal data and other legal regulations. We will never sell your personal data.
6. ARE YOUR PERSONAL DATA TRANSFERRED OUTSIDE EU /EEA?
We are a global business, providing an international Services, so we may need to transfer your personal data outside the European Economic Area (EEA). Personal data may be stored and processed in any country where we do business; or where our service providers do business; or if you use an international payment method or financial partner service, the countries in which that payment method or financial partner operates, when: (i) the
We may transfer your personal data to countries other than your own country. These countries may have data protection rules that are different from your country. When transferring data across borders, we take measures to comply with applicable data protection laws related to such transfer. Where applicable law requires a data transfer mechanism, we use one or more of the following: (i) sign with a data recipient outside the EEA EU Standard Contractual Clauses, approved by the European Commission, to ensure an adequate level of protection for the transfer of your personal data to those entities outside the EEA; (ii) verification that the recipient has implemented Binding Corporate Rules, or (iii) other legal methods available to us under applicable law.
7. FOR HOW LONG DO WE STORE YOUR PERSONAL DATA?
We retain your personal data as long as we are providing the Services to you or our Service Users. Even after we stop providing Services directly to you or a Service User with which you are doing business, and even if you terminate your business relationship with PAYWISER or complete a Transaction with a Service User, we retain your personal data in order to comply with our legal and regulatory obligations, such as fraud monitoring, detection and prevention activities; to comply with our tax, accounting, and financial reporting obligations, where we are required to retain the data by our contractual commitments to our financial partners, and where data retention is mandated by the payment methods you used.
We keep personal data in accordance with limitation periods and retention obligations that are imposed by applicable law. As a rule, your personal data is kept for ten (10) years after the termination of the business relationship or execution of the transaction. Data processed on the basis of your consent are kept until your cancellation or requests for data deletion, but no longer than ten (10) years after the termination of the business relationship or until the purpose for which they were acquired is fulfilled.
After the expiration of the retention period, personal data are deleted, destroyed or anonymized – unless there is another legal basis or if this is necessary to enforce or defend legal claims.
8. WHAT ARE YOUR DATA SUBJECT RIGHTS?
You may have choices regarding our collection, use and disclosure of your personal data:
- a. Opting out of receiving electronic communications from us If you no longer want to receive marketing-related emails from us, you may opt-out via the unsubscribe link included in such emails or by requesting the exercising of your right. We will try to comply with your request(s) transfer is necessary for the performance of a contract with you or in the case of negotiations to conclude a contract with you (e.g. in the case of Transactions to or from a third country); (ii) the transfer is necessary for the conclusion or implementation of a contract between the PAYWISER and another natural or legal person that is in your interest (e.g. in the case of providing Services in the territory of a third country); (iii) PAYWISER receives a legal request to provide data to administrative authorities for the implementation of measures to prevent money laundering and measures against the financing of terrorist activities. as soon as reasonably practicable. Please note that if you opt-out of receiving marketing-related emails from us, our partners may still send you messages and direct us to send you messages on their behalf.
- b. Your data protection rights You may have the following rights with regard to the personal data PAYWISER processes as the Controller:
- the right to request confirmation of whether PAYWISER processes personal data relating to you, and ifso, to request a copy of that personal data (Right to access);
- the right to request that PAYWISER corrects or updates your personal data that is inaccurate,incomplete or outdated (Right to rectification);
- the right to request that PAYWISER erase your personal data in certain circumstances provided by law(Right to deletion / erasure or Right to be forgotten);
- the right to request that PAYWISER restrict the use of your personal data in certain circumstances,such as while we consider another request that you have submitted (Right to restrict processing);
- the right to request that we export your Personal Data that we hold to another company, wheretechnically feasible (Right to portability);
- where the processing of your personal data is based on your previously given consent, you have theright to withdraw your consent at any time (Right to withdraw consent);
- where we process your information based on our legitimate interests, you may also have the right toobject to the processing of your personal data (Right to object to processing). Unless we have compelling legitimate grounds or where it is needed for legal reasons, we will cease processing your information when you object.c. Process for exercising your data protection rightsTo exercise your data protection rights please contact us by sending your message to the following e-mail address: privacy@paywiser.eu.PAYWISER will decide on the individual request of the individual without undue delay, or at the latest within the statutory period of 30 days from the receipt of the request.For all questions regarding data processing or your rights, or in case of misuse of your data, please contact the authorized person for data protection: privacy@paywiser.eu. When resolving complaints related to the processing of personal data, which we cannot resolve directly with you, we cooperate with the competent regulatory authorities. You have the right to legal protection. You can contact the Information Commissioner of the Republic of Slovenia. Before each application, please contact us so that we can solve your problem together.If you are an individual/Customer doing business or transacting with our Service User (e.g., Merchant using PAYWISER-provided Services), please refer to the privacy policy or notice of the Service User or contact the Service User directly.
9. DO YOU MAKE AUTOMATED DECISIONS ABOUT ME?
PAYWISER does not use means to make automated decisions that could have legal consequences for you. In the event of an automated decision, we will notify you beforehand and give you the right to personal intervention by the controller; the right to express your point of view; the right to get an explanation of the decision made in this way and the right to challenge such a decision.
10. UPDATES AND NOTIFICATIONS
We may change this Policy from time to time to reflect new services, changes in our privacy practices or relevant laws. The “Last updated” legend at the top of this Policy indicates when this Policy was last revised. Any changes are effective when we post the revised Policy.
We may provide you with disclosures and alerts regarding the Policy or personal data collected by posting them on our website.
If applicable law requires that we provide notice in a specified manner prior to making any changes to this Policy applicable to you, we will provide such required notice.
We make reasonable efforts to provide a level of security appropriate to the risk associated with the processing of your personal data. We maintain organizational, technical and administrative measures designed to protect personal data covered by this Policy against unauthorized access, destruction, loss, alteration or misuse. Personal data is only accessed by a limited number of personnel who need access to the information to perform their duties. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure.
If you have reason to believe that your interaction with us is no longer secure, please contact us.
If you have any questions or complaints about this Policy, please contact us by sending your message to privacy@paywiser.eu.
Slovenia – Rules of internal appeal procedure
PAYWISER d.o.o., Bravničarjeva ulica 13, 1000 Ljubljana, registration number: 8640084000, on the basis of the Act on Payment Services, Electronic Money Issuing Services and Payment Systems (ZPlaSSIED) accepts the following
Rules on the internal appeal procedure and out-of-court dispute resolution
I. Preliminary provisions
Article 1
With the Rules on the internal appeal procedure and out-of-court dispute resolution (hereinafter: the Rules), PAYWISER d.o.o. determines the internal procedure for resolving complaints and the out-of-court dispute resolution scheme between PAYWISER d.o.o. and to the complainant, which can be any natural or legal person who is believed to be entitled to the consideration of the complaint and has filed a complaint.
Article 2
The internal complaint procedure is used when the complainant expresses dissatisfaction due to unfulfilled expectations in connection with the company PAYWISER d.o.o. With the complaint, the complainant requests the elimination of the irregularities that have occurred in his opinion and the establishment of a correct or different situation, and may also request the reimbursement of direct or indirect damage. The complainant can file a complaint against the PAYWISER d.o.o. or its employees or against a document issued by PAYWISER d.o.o.. The complainant can file a complaint even if PAYWISER d.o.o. does not perform a certain act, but in the opinion of the complainant should have performed it.
A complaint should be distinguished from an inquiry, which is a standard or general question related to a particular product or service. General, unspecified complaints against the company PAYWISER d.o.o. are not considered a complaint.
If the complaint relates to the area of data protection, the provisions of the Privacy Policy, which regulate the right to appeal, which the complainant asserts at PAYWISER d.o.o., are also taken into account in the internal appeal procedure and at the supervisory authority. The privacy policy is available on the paywiser.com website.
Financial complaints, i.e. the user's request to correct an error in the execution of a payment transaction, are dealt with special or additional conditions. In the case of financial complaints, the customer must also take into account the applicable general terms and conditions of the individual product or services that more precisely determine the procedure for resolving such complaints.
The out-of-court dispute resolution procedure can be used if the complainant does not agree with the decision of PAYWISER d.o.o. in the appeal procedure at the second level and in the event that the appellant in the appeal procedure referred to in the first paragraph of this article does not receive a decision that PAYWISER d.o.o. had to issue in the appeal procedure in accordance with these regulations.
II. Internal appeals procedure
Article 3
The internal appeal procedure is based on the following principles:
- equal treatment of all applicants,
- the order in which complaints are dealt with (complaints received earlier are dealt with before complaints received later),
- quick and efficient resolution of complaints.
Complaints are resolved quickly and efficiently and in accordance with applicable legislation, general terms and conditions of business valid at the time of the dispute, the concluded contract for the provision of services and good business practices. In each consideration of a customer's complaint, PAYWISER d.o.o. strives to reach an amicable solution to the complaint with the customer.
Article 4
The complainant can submit his complaint at level 1 in writing:
- by mail to the address: PAYWISER d.o.o., OE Reklamacije, Bravničarjeva ulica 13, 1000 Ljubljana, Slovenia
- via e-mail to the address: complaints.europe@paywiser.com
- via an online form at https://paywiser.com/contacts/complaint/.
PAYWISER d.o.o. is required to respond in writing only to complaints submitted in writing.
The appeal must be understandable and clear and must contain the facts on which the appeal claim is based. It must contain at least the following:
- information about the complainant (name and surname of a natural person, or title and registered office of a legal entity or business operator, as well as address, e-mail address and telephone or other contact information),
- explanation of the reasons for appeal, description of the event and indication of key facts and date of the event,
- submission of evidence to confirm the facts on which the claimant's claim is based, if the claimant has it,
- the address for sending the reply, if it is different from the address of the customer's permanent or temporary residence or the company's headquarters, or provided email address,
- claim of the complainant (if relevant),
- signature of the complainant (in the case of submission of the complaint by mail to the address of the registered office of PAYWISER d.o.o.).
An appeal that does not contain all the elements from the third paragraph of this article does not meet the conditions for its consideration and is dismissed.
Article 5
The complaint handling system is two-tiered. Complaints are handled in the first instance by the complaints department. The procedure for dealing with a complaint includes: receiving, considering and deciding on the complaint and forwarding the answer to the complainant.
Article 6
PAYWISER d.o.o. only handles complaints that are complete and properly submitted. If the complaint is incomplete, incomprehensible or unclear, the complaint department invites the complainant to complete the complaint and sets him an 8-day deadline for completing the complaint. Supplementing the complaint cancels the deadline for sending a response to the complainant. In this case, the appeal procedure, and thus the deadline for resolving the appeal and sending a response to the appellant, begins the next day from the date of receipt of the complete appeal.
If the complainant does not complete the complaint within the given period, PAYWISER d.o.o. discards it.
Article 7
PAYWISER d.o.o. must respond to the complaint to the complainant in the shortest possible time, but mandatory within 8 working days in the first tier and within 15 working days in the second tier. PAYWISER d.o.o. informs the complainant in writing (via e-mail or regular mail) about the receipt of the complaint, the appeal procedure and the approximate deadline for submitting an answer (unless the response to the complaint or the request for additions is sent to the complainant within 2 working days after its receipt). The deadline for the resolution of the complaint begins on the following day from the date of receipt of the complete complaint.
If it is not possible to submit an answer to the complainant within the periods stated above or when the content is more demanding, PAYWISER d.o.o. informs the complainant about the reasons for extending the deadline for the response and when he can expect a response within the deadline set for the resolution of the complaint. If the complaint relates to payment services, the deadline for receiving a final answer must not exceed 35 working days.
When dealing with financial complaints, due to their nature and the rules of card schemes, different deadlines may apply. The user is informed about them through the general conditions of the individual product or services that more precisely determine the procedure for resolving such complaints.
Article 8
The complainant, who is not satisfied with the response to the complaint of the first-tier authority or does not receive a response within the forseen period, can file a complaint at the second level within 8 working days from the date of receiving the response, or after the deadline for receiving the response, if the response is not received within the time limit, and it is mandatory in writing with a note for the Appeals Commitee.
At the second tier, the Complaints Commitee is responsible for handling complaints. The Complaints Commitee is appointed by the management and consists of PAYWISER d.o.o. professionals.
Article 9
Decision of the first and second tier on the appeal of PAYWISER d.o.o. is sent to the complainant in writing via electronic, regular or registered mail.
III. Familiarization with the out-of-court dispute resolution process
Article 10
If the complainant, who is a consumer, does not agree with the decision on the appeal issued in the internal appeal procedure, or if he does not receive an answer to the appeal within 30 days from the filing of the appeal with the second-tier authority, he may, within a maximum period of 13 months from the filing of the appeal with PAYWISER d.o.o., file an initiative for out-of-court settlement of consumer disputes at Attorney Simona Goriup (Miklošičeva cesta 26, 1000 – Ljubljana, www.goriup.si) against the decision of PAYWISER d.o.o., in the manner determined by the Rules for the out-of-court settlement of consumer disputes (hereinafter: IRPS Rules), which are annex to this policy. The procedure for the out-of-court resolution of consumer disputes is carried out in the conditionally binding expedited arbitration procedure. The IRPS provider allows the consumer to file an initiative to start the procedure on its website, by regular mail (Advetnica Simona Goriup, Miklošičeva cesta 26, 1000 – Ljubljana) and by e-mail (advetnica.simona@goriup.si). The initiative to start the procedure is submitted on a form that is available in electronic form on the website of the IRPS provider (https://goriup.si/irps-zacetek-postopka/) and in paper form at the headquarters of the IRPS provider.
More information about the IRPS provider, about filing an initiative and about the method and procedure of the IRPS at Attorney Simona Goriup is available on the website https://goriup.si/irps/, https://goriup.si/wp-content/uploads/2016/06/Rules-procedure- IRPS.pdf).
Article 11
If the complainant, who is a payee – »Merchant«, does not agree with the decision on the appeal in relation to alleged violations of obligations of PAYWISER d.o.o. under the Regulation (EU) 2015/751 of the European Parliament and of the Council of 29 April 2015 on interchange fees for card-based payment transactions, issued in the internal appeal procedure, or if he does not receive an answer to the appeal within 30 days from the filing of the appeal with the second-tier authority, he may, within a maximum period of 13 months from the filing of the appeal with PAYWISER d.o.o., file an initiative for out-of-court settlement of disputes at Attorney Simona Goriup (Miklošičeva cesta 26, 1000 – Ljubljana, www.goriup.si) against the decision of PAYWISER d.o.o., in the manner determined by the Rules for the out-of-court settlement of disputes (hereinafter: IRS Rules), which are annex to this policy. The procedure for the out-of-court resolution of disputes is carried out via the mediation procedure. The IRS provider allows the complainant to file an initiative to start the procedure by regular mail (Odvetnica Simona Goriup, Miklošičeva cesta 26, 1000 – Ljubljana) and by e-mail (odvetnica.simona@goriup.si).
PAYWISER d.o.o. is obliged to participate in the mediation process.
The procedure is conducted in accordance with the IRS Rules.
Article 12
The complainant can file a complaint regarding alleged violations of the Act on Payment Services, Electronic Money Issuing Services and Payment Systems by payment service providers also with Banka of Slovenia.
Despite the complaint with the IRPS, IRS provider or the Bank of Slovenia, the complainant has the right to file a lawsuit at any time to resolve the dispute regarding the provision of payment services between him and PAYWISER d.o.o. at the competent court.
IV. Final Provisions
Article 13
PAYWISER d.o.o. informs complainants about the appeals procedure and the out-of-court dispute resolution scheme. It is considered that the complainant is familiar with the latter if these Regulations and IRPS, IRS Rules are published on the website of PAYWISER d.o.o. (www.paywiser.eu).
Complainants are also informed about the existence of the Rules through the general terms and conditions.
Amendment of the policy
Article 14
The complainant and PAYWISER d.o.o. they themselves bear the costs incurred by them as a result of the complaint procedure. The PAYWISER d.o.o. is entitled to compensation for damages and all costs incurred as a result of the complaint procedure, in the event that the complainant withdraws the complaint and in the event that the complainant caused the costs and damages intentionally or through negligence.
In the proceedings before the IRPS, IRS provider, the complainant and PAYWISER d.o.o. bear its costs of the procedure, in accordance with the provisions of the IRPS, IRS Rules.
Article 15
All participants in the appeal procedure must keep all information about the complainants in the procedure as confidential.
The content of the appeal, regardless of the stage of the appeal procedure in which it is located and all information relating to the course of the appeal procedure, constitute a business secret, whereby the complainant is liable for damages to PAYWISER d.o.o. in case of violation thereof.
In the case of resolving the dispute in question in the out-of-court consumer dispute resolution procedure at Attorney Simona Goriup, PAYWISER d.o.o. forwards all relevant documentation to the aforementioned contractor.
Amendment ofthe policy
Article 16
About changes to the Rules and/or Rules of IRPS, IRS, PAYWISER d.o.o. publishes a notice on the website www.paywiser.eu.
Final provision
Article 17
These Regulations enter into force on 05.10.2023.
Ljubljana, 2.10.2023
PAYWISER d.o.o.
Janez Stajnko, CEO
Annex 1: Rules of the out-of-court settlement of consumer disputes
Annex 2: Rules of the out-of-court settlement of disputes