How Satispay uses your information
Satispay Limited (“Satispay”), according to Regulation EU 2016/679 on the protection of natural persons with regard to the processing of personal data (the “Regulation”), wishes to inform you about the way the information referring to users of the website and the Satispay services (the “Services”) is processed.
Satispay is the data controller of the processing of the User / Merchant personal data. Satispay has also appointed a data protection officer that the User / Merchant can contact at the email address firstname.lastname@example.org for information on the processing of his or her personal data or the rights that can be exercised.
As a fintech company under the English law, operating from the United Kingdom but with services in a number of European Economic Area (EEA) countries, Satispay will only process (i.e. collect, store and use) personal data of the User / Merchant in a manner that is compatible with the applicable law fairly and lawfully.
Satispay aims to collect data and information in an accurate, relevant and appropriate manner to the purpose for which this collection is necessary, without requiring unnecessary information.
This policy applies to the processing of personal data of Satispay Users / Merchants within all the services (present and future).
To ensure that we process your personal data fairly and lawfully we want to inform the User / Merchant:
- why we need your data;
- how it will be used; and
- who it will be shared with.
Satispay is authorised as an Electronic Money Institution (“EMI”) by the Financial Conduct Authority (the details of which can be checked at www.fsa.gov.uk/register/home.do).
How does Satispay collect personal data?
Personal data that Satispay collects about the User / Merchant come from:
- information given to us as part of the sign-up application process to allow to give the User / Merchant access to the Satispay services;
- information that the User / Merchant has given us over the telephone, via email or social media; and
- details of any checks Satispay has made to ensure the accuracy of the information held.
What is “personal data”?
“Personal data” refers to any information useful to identify a natural person directly or indirectly, that is already held by Satispay or which the latter could come into possession of.
Examples of personal data include:
- names and surname;
- home address details;
- bank account details;
- date of birth;
- telephone number;
- information contained in the identity card;
- email address;
Data generated through the use of our Services are personal data as well, such as:
- information on the browser and on the device;
- IP address;
- data on the use of the app and the Services;
- information collected through cookies and other technologies, provided by you and that do not reveal your specific identity;
- demographic information and other information provided by you that does not disclose your specific identity.
What types of personal data does Satispay handle?
Satispay does not handle sensitive personal data but it processes the other types of data mentioned above. In particular, in order to carry out its duties as EMI, Satispay is required to request personal data such as names, dates of birth, addresses, telephone numbers, email addresses, bank account details and other useful documents to verify the identity of the User / Merchant.
Satispay uses the other information mentioned in the previous paragraph to provide its Services.
In relation to the use of data of the User / Merchant for direct marketing purposes, Satispay adopts the principle of minimization. Satispay may propose promotional offers based on data such as, for instance, your place of residence or the volume of transactions carried out in a certain period. These activities have been carefully evaluated and considered as not invasive and detrimental to the rights and fundamental freedoms of the User / Merchant.
Why does Satispay process personal data?
Satispay processes data of the User / Merchant for the following purposes:
- to provide the e-money transfer service requested by the User / Merchant and therefore to fulfil the obligations assumed under the agreement for the provision of Services (including the geolocation of the device);
- to prevent and detect financial crime and fraud and therefore to fulfil legal obligations and also under a legitimate interest of Satispay;
- to comply with the legal obligations established for all the EMIs, entities acting in a regulated market (for example in order to verify the user’s identity and report any suspicious activity to the competent authorities);
- to promote Satispay services via email and push notifications (or any other channels) on the basis of Satispay’s legitimate interest and according to the criteria of minimum segmentation, having assessed that the User / Merchant is interested in obtaining information from the Service provider and that this does not have a particular impact on his or her rights and freedom;
- to fulfil legal obligations (for example, tax and anti-money laundering laws);
- to improve the Services and functionality of the website and the app on the basis of a legitimate commercial interest of Satispay that does not have significant impacts on the User / Merchant.
The personal data collected may also be processed in the context of any corporate events (sale of the company or going concerns), due diligence exercises, in the event of defense of legal claims and related prodromal activities.
Whose personal data does Satispay handle?
In order to carry out our duties as an EMI, Satispay processes personal data from a range of individuals. This includes:
- relatives, guardians and associates of the individual concerned;
- staff including volunteers, agents, temporary casual workers, members, self-employed and other persons contracted to work on Satispay’s behalf;
Whom may personal data being shared with?
Satispay obtains and shares personal data by and with several entities, which include:
- Merchants (as part of the provision of the Services requested by Users; in particular, for security reasons, at the time of payment only a minimum dataset of the User is disclosed to the Merchant);
- other Satispay’s Users;
- IT service providers;
- personnel, including volunteers, agents, casual workers, partners, self-employed workers and persons working under contract on Satispay’s behalf;
- suppliers of commercial information;
- service providers for adequate customer verification;
- companies of the Satispay group;
- any Satispay business partners in the provision of the Services requested by the User / Merchant;
- relatives, guardians or associated people with the data subject;
- Ombudsman and other regulatory authorities;
- licensing authorities;
- financial institutions e.g. Banks;
- law enforcement agencies (including the Police);
- third party data processors that work on Satispay’s behalf.
All these entities act as autonomous data controllers or have been authorized by Satispay where they act on its behalf.
If this is instrumental to the pursuit of the purposes set out above, personal data may also be transferred abroad to companies located both within and outside the European Union. Some of these jurisdictions may not guarantee the same level of data protection guaranteed by the country in which the data subject resides. In this case, Satispay undertakes to ensure that the data is processed with the utmost confidentiality, stipulating, if necessary, agreements that guarantee an adequate level of protection and / or adopting the standard contractual clauses provided by the European Commission.
Information held is only shared with those entities which have a “need to know basis”.
How does Satispay ensure the security of personal data?
Satispay takes the security of the User / Merchant personal data held very serious. For this purpose, Satispay has set up data security procedures and an Information Security Policy to ensure that all data is protected from accidental loss or misuse. Satispay only permits access to information where there is a legitimate reason to do so.
What if the data Satispay holds about you is incorrect?
It is important that the data held by Satispay is accurate and up to date. If the data provided to Satispay will change, please contact Satispay (email@example.com or via social media) immediately so that it can update its records.
How long does Satispay store the data?
Personal data will be stored in compliance with the applicable laws, for a period of time not exceeding what is necessary to achieve the purposes for which they are processed. The criteria for determining the data retention period take into account the lawful processing period and applicable laws (for example, tax or anti-money laundering laws), the statute of limitation periods and the nature of legitimate interests where they are the legal basis of the processing.
Personal data may be stored for a longer period than the one originally planned, in the event of any disputes or requests by the relevant Authorities.
Your information is only held for as long as necessary and will be disposed of in a secure manner when it is no longer needed.
Which rights can the User / Merchant exercise in relation to the information processed by Satispay?
The User / Merchant may exercise specific rights, including to obtain from the data controller:
- confirmation as to whether or not personal data concerning him or her are being processed, and, should this be the case, access to the personal data (right of access);
- the rectification of inaccurate personal data concerning him or her (right to rectification);
- the erasure of personal data concerning him or her, in the event that one of the grounds provided for by art. 17 of the Regulation applies (right to erasure);
- the restriction of processing where one of the grounds provided for by art. 18 of the Regulation applies (right to restriction of processing);
- to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller from the controller to which the personal data have been provided (right to data portability).
The User / Merchant has the right to withdraw the consent to the processing of his or her personal data (if this was given) at any time, without prejudice to the lawfulness of the processing based on consent before its withdrawal.
Furthermore, the User / Merchant has the right to object to the direct marketing activities carried out by Satispay, including any segmentation for marketing purposes. As regards the management of push notifications, this must be done through the settings of the devices of the User / Merchant.
To exercise his or her rights, the User / Merchant can write to the email address firstname.lastname@example.org or use the dedicated tools in the app.
Sometimes Satispay will not be able to provide with all the requested information and follow up the User / Merchant requests, due to the obligations deriving from the EMI qualification. Anyway Satispay will make every reasonable effort to follow-up to the requests of the Users / Merchants.
According to the Regulation, Satispay is not authorized to charge costs for fulfilling one of the requests set out in this paragraph, unless they are manifestly unfounded or excessive, in particular because of their repetitive character. In cases where the User / Merchant requires more than one copy of his or her personal data, or in cases of excessive or unfounded requests, Satispay may (i) charge a reasonable fee, taking into account the administrative costs of providing the information or (ii) refuse to act on the request. In these cases, Satispay will inform the User / Merchant of the costs before processing the request.
Satispay may request further information before processing requests if it needs to verify the identity of the individual who does the submission.
Without prejudice to any other administrative or judicial appeal, the User / Merchant shall also have the right to lodge a complaint with the competent Supervisory Authority (Information Commissioner), if he or she considers that the processing concerning him or her is done in violation of the Regulation. Further information is available on the website www.ico.org.uk
In any case, Satispay is interested in being informed of any grounds for complaint and invites the User / Merchant to use the above mentioned contact channels before referring to the supervisory authority, so as to be able to prevent and resolve any disputes in a friendly and timely manner, with the utmost courtesy, seriousness and discretion.
Links to external websites
Satispay may provide links to other content such as websites, web apps and downloadable apps. Unless expressly stated, this content is not under Our control. Satispay neither assumes nor accepts responsibility or liability for such third party content. The provision of a link by Satispay is for reference only and does not imply any endorsement of the linked content or of those in control of it.