Satispay Limited (“Satispay”), according to Regulation EU 2016/679 on the protection of natural persons with regard to the processing of personal data (the “Regulation”), wishes to inform you about the way the information referring to users of the website and the Satispay services (the “Services”) is processed.
Satispay is the data controller of the processing of the User / Merchant personal data. Satispay has also appointed a data protection officer that the User / Merchant can contact at the email address firstname.lastname@example.org for information on the processing of his or her personal data or the rights that can be exercised.
As a fintech company under the English law, operating from the United Kingdom but with services in a number of European Economic Area (EEA) countries, Satispay will only process (i.e. collect, store and use) personal data of the User / Merchant in a manner that is compatible with the applicable law fairly and lawfully.
Satispay aims to collect data and information in an accurate, relevant and appropriate manner to the purpose for which this collection is necessary, without requiring unnecessary information.
This policy applies to the processing of personal data of Satispay Users / Merchants within all the services (present and future).
To ensure that we process your personal data fairly and lawfully we want to inform the User / Merchant:
Satispay is authorised as an Electronic Money Institution (“EMI”) by the Financial Conduct Authority (the details of which can be checked atwww.fsa.gov.uk/register/home.do).
Personal data that Satispay collects about the User / Merchant come from:
With the consent of the User / Merchant, Satispay may access information about his/her contacts of the phonebook or recorded in the context of the email, messaging, social network services joined by the same and provided by third party companies (for example Gmail, WhatsApp, Facebook or other social network contacts) in order to allow the User / Merchant to invite other people to download the Satispay app and request the Services offered by Satispay. In this case, Satispay will process this information for the sole purpose of sending the invitation. Satispay will only process information relating to the contacts chosen by the User / Merchant.
“Personal data” refers to any information useful to identify a natural person directly or indirectly, that is already held by Satispay or which the latter could come into possession of.
Examples of personal data include:
Data generated through the use of our Services are personal data as well, such as: information on the browser and on the device;
Satispay does not handle sensitive personal data but it processes the other types of data mentioned above. In particular, in order to carry out its duties as EMI, Satispay is required to request personal data such as names, dates of birth, addresses, telephone numbers, email addresses, bank account details and other useful documents to verify the identity of the User / Merchant.
Satispay uses the other information mentioned in the previous paragraph to provide its Services.
In relation to the use of data of the User / Merchant for direct marketing purposes, Satispay adopts the principle of minimization. Satispay may propose promotional offers based on data such as, for instance, your place of residence or the volume of transactions carried out in a certain period. These activities have been carefully evaluated and considered as not invasive and detrimental to the rights and fundamental freedoms of the User / Merchant.
In order to allow Users / Merchants to invite their contacts of the phonebook or recorded in the context of the email, messaging, social network services joined by the same and provided by third party companies (for example Gmail, WhatsApp, Facebook or other social network contacts), Satispay will use only the minimum identification and contact information of the subjects chosen by the User / Merchant (name, surname, email and / or telephone number). The minimum dataset may change in relation to the terms and conditions of the third party company providing the relevant email, messaging, social network service.
Satispay processes data of the User / Merchant for the following purposes:
The personal data collected may also be processed in the context of any corporate events (sale of the company or going concerns), due diligence exercises, in the event of defense of legal claims and related prodromal activities.
Satispay also makes available to Users / Merchants the opportunity to invite some or all their contacts to download the Satispay app and request the services offered by Satispay. In this case, where the User / Merchant has granted his / her consent, the third party personal data recorder in the context of the phonebook or of the email, messaging, social network services joined by the same and provided by third party companies (for example Gmail, WhatsApp, Facebook or other social network contacts), can be processed in order to send a communication concerning the invitation to download the Satispay app and request the Services offered by Satispay to the contacts chosen by the User / Merchant. The aforementioned processing is carried out to allow the User / Merchant to select the contacts as addressees of the invitation. Contacts that have not been selected by the User / Merchant will not be saved and further processed by Satispay.
In order to carry out our duties as an EMI, Satispay processes personal data from a range of individuals. This includes:
In addition, in order to allow the delivery of the invitation to download the Satispay app and request the Services offered by Satispay to the contacts in the phonebook or recorded in the context of the email, messaging, social network services joined by the User / Merchant and provided by third party companies (for example Gmail, WhatsApp, Facebook or other social network contacts), Satispay processes the personal data of:
Satispay obtains and shares personal data by and with several entities, which include:
All these entities act as autonomous data controllers or have been authorized by Satispay where they act on its behalf.
If this is instrumental to the pursuit of the purposes set out above, personal data may also be transferred abroad to companies located both within and outside the European Union. Some of these jurisdictions may not guarantee the same level of data protection guaranteed by the country in which the data subject resides. In this case, Satispay undertakes to ensure that the data is processed with the utmost confidentiality, stipulating, if necessary, agreements that guarantee an adequate level of protection and / or adopting the standard contractual clauses provided by the European Commission.
Information held is only shared with those entities which have a “need to know basis”.
Satispay takes the security of the User / Merchant personal data held very serious. For this purpose, Satispay has set up data security procedures and an Information Security Policy to ensure that all data is protected from accidental loss or misuse. Satispay only permits access to information where there is a legitimate reason to do so.
It is important that the data held by Satispay is accurate and up to date. If the data provided to Satispay will change, please contact Satispay (email@example.com or via social media) immediately so that it can update its records.
Personal data will be stored in compliance with the applicable laws, for a period of time not exceeding what is necessary to achieve the purposes for which they are processed. The criteria for determining the data retention period take into account the lawful processing period and applicable laws (for example, tax or anti-money laundering laws), the statute of limitation periods and the nature of legitimate interests where they are the legal basis of the processing.
Personal data may be stored for a longer period than the one originally planned, in the event of any disputes or requests by the relevant Authorities.
Your information is only held for as long as necessary and will be disposed of in a secure manner when it is no longer needed.
The User / Merchant may exercise specific rights, including to obtain from the data controller:
The User / Merchant has the right to withdraw the consent to the processing of his or her personal data (if this was given) at any time, without prejudice to the lawfulness of the processing based on consent before its withdrawal.
Furthermore, the User / Merchant has the right to object to the direct marketing activities carried out by Satispay, including any segmentation for marketing purposes. As regards the management of push notifications, this must be done through the settings of the devices of the User / Merchant.
To exercise his or her rights, the User / Merchant can write to the email address firstname.lastname@example.org or use the dedicated tools in the app.
Sometimes Satispay will not be able to provide with all the requested information and follow up the User / Merchant requests, due to the obligations deriving from the EMI qualification. Anyway Satispay will make every reasonable effort to follow-up to the requests of the Users / Merchants.
According to the Regulation, Satispay is not authorized to charge costs for fulfilling one of the requests set out in this paragraph, unless they are manifestly unfounded or excessive, in particular because of their repetitive character. In cases where the User / Merchant requires more than one copy of his or her personal data, or in cases of excessive or unfounded requests, Satispay may (i) charge a reasonable fee, taking into account the administrative costs of providing the information or (ii) refuse to act on the request. In these cases, Satispay will inform the User / Merchant of the costs before processing the request.
Satispay may request further information before processing requests if it needs to verify the identity of the individual who does the submission.
Without prejudice to any other administrative or judicial appeal, the User / Merchant shall also have the right to lodge a complaint with the competent Supervisory Authority (Information Commissioner), if he or she considers that the processing concerning him or her is done in violation of the Regulation. Further information is available on the website www.ico.org.uk.
In any case, Satispay is interested in being informed of any grounds for complaint and invites the User / Merchant to use the above mentioned contact channels before referring to the supervisory authority, so as to be able to prevent and resolve any disputes in a friendly and timely manner, with the utmost courtesy, seriousness and discretion.
Satispay may provide links to other content such as websites, web apps and downloadable apps. Unless expressly stated, this content is not under Our control. Satispay neither assumes nor accepts responsibility or liability for such third party content. The provision of a link by Satispay is for reference only and does not imply any endorsement of the linked content or of those in control of it.