About this policy
Please do not use our services should you not agree to the statements laid out below. Data protection law mandates that the personal information we hold about you must be:
● Used lawfully, fairly and in a transparent way;
● Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
● Relevant to the purposes we have told you about and limited only to those
● Accurate and kept up to date;
● Kept only as long as necessary for the purposes we have told you about;
● Kept securely.
If you have any questions about this Policy or how we collect and use personal information about you please contact us at firstname.lastname@example.org
1. WHO ARE WE
1.1. Syspay (company registration number C 51532) with registered office at 3B Wied Ghomor Street, St Julians STJ 2041, Malta, Europe is a payment and e-money institution licensed and regulated by the Malta Financial Services Authority.
1.2. Receptio is a brand of Syspay catering for our hospitality software products and any payment services linked to it.
1.3. If you have any questions you may contact us at: email@example.com
2. INFORMATION WE COLLECT
2.1. When you visit our websites, apply to use one of our services, enter into a contract with us or you when use our services as a customer of our customers and partners, for example: if any of the merchants you have purchased goods or services from are using Syspay as a payment provider or if you run an accommodation rental business and you are contracting a property management software, a channel manager or reservation platform provider that partners with Syspay to enhance their payments processing and payment data security, we may collect and process the following information about you:
● Your email address, full names, residential address, date of birth, place of birth, nationality, phone numbers, current occupation details;
● Personal and business documentation related to confirming your business authenticity and status as well as your personal identity or that of any directors or ultimate beneficial owners of your business;
● Payment instrument details such as personal of company bank account or payment card details (this includes but is not limited to: bank account and payment account numbers, full names of the account holder, banking sort code, routing number or BIC, full card number and CVV/ CVC2 codes);
● Correspondence and official documents you may send us;
● Records of any calls any incoming or outgoing calls with you;
● Information we collect from cookies;
● Your IP address, login timestamp, operating system, browser type;
● Details of your visits to our websites including, but not limited to: location, traffic data, weblogs and other communication data which may be required for executing a service to you, for example: performing a payment attempt on our platforms and payment pages hosted by us, billing your payment details pertaining to an existing agreement or any other services you gain access to when visiting our websites.
We will keep and use that information to carry out our contract with you (if applicable), to comply with any legal and regulatory requirements for us to maintain certain records or carry out certain verifications, and/or for our legitimate interests in dealing with a complaint or enquiry and administering your (or your company’s) account or order and any services we offer, as well as to review and improve our offerings, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
2.2. If you work for one of our customers or business partners, the information we collect about you may include your contact information, details of your employment and our relationship with you, as well as your full names, date of birth, place of birth, nationality, residential address and personal identification document number, as well as any copies of personal identification documents and other documents used to confirm your residential address. This information may be collected directly from you, or provided by your organisation. Your organisation should have informed you that your information would be provided to us, and directed you to this policy. We use this as necessary for our legitimate interests in managing our relationship with your organisation. If we have a business relationship with you or your organisation, we may receive information about you from your organisation.
3. INFORMATION WE COLLECT FROM THIRD PARTIES ABOUT YOU
As a licensed financial services firm, we must adhere to national and international laws aiming to identify, prevent and fight money laundering and financing of terrorism. To satisfy the requirement of the above legislation, to ensure we run a fraud-free and safe service as well as to mitigate risks related to the provision of our service, we may obtain information about you from third party agencies, including your credit references, credit score, financial history, court judgments, bankruptcies, political exposure, personal and business conduct.
4. CONSENT TO USE YOUR PERSONAL INFORMATION
You understand and give your explicit consent to authorize Syspay to collect, hold and use any personal information for the following purposes:
● To allow you to interact with our websites;
● To improve our internal procedures;
● To improve our service offerings;
● To process your Account application and provide any services linked to your Account;
● To operate your Account with us and make use of any services linked to your account;
● To facilitate verification transactions linked to customer bookings you have collected;
● To secure payment card data received for the bookings of your customers;
● To view and process payment card data received for the bookings of your customers;
● To carry out instructions to make and receive payments and process transactions using our services;
● To receive payment settlements from us;
● To comply with any due diligence procedures, which require us to identify and verify your identity, the identity of your business’ directors and owners as well as the authenticity and current status of your business;
● To comply with requirements related to money-laundering and terrorism financing checks, credit checks and personal and business conduct checks;
● To comply with financial services regulations, including retention of your personal, business and financial transactions;
● To conform with any laws, rules and regulations imposed on us by any relevant authority, regulator or card schemes;
● To enhance the security and integrity of our services;
● To keep you informed of any changes to our services and contract with you, or for any new services that we may offer from time to time;
● For any marketing or promotion communications we may send you from time to time;
4.1. You agree to the processing of your information and personally identifiable
data for the purpose specified in this paragraph and consent to the disclosure of information given above to, and to the exchange thereof with other employees of Syspay Limited and the Syspay Group of Companes, our partners if any, our subsidiaries, agents, suppliers, competent authorities, credit institutions, payment acquirers, card schemes or other organisations and companies, which we may contract for the purpose of providing you with our services.
4.2. You understand that you have a right of access to, and the right to rectify, your personal data.
5. DATA RETENTION
We are required by law to keep records of data we collect from applicants for business for a period of a minimum five years after the close of the relationship. This means that we will keep your personal data such as your name, contact details, company documentation, personal documentation, transaction history, communications with us and etc. for at least five years after you no longer use our services. Provided that there are no regulatory requirements to retain your information we will delete and destroy all personal data that we keep about you when you terminate your relationship with us.
6. DATA SECURITY
Including the measures set out above in relation to sharing of your information, we have put in place appropriate internal security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. We have physical, electronic and operational procedures in place to keep your information safe.
7. WHERE DO WE STORE YOUR DATA
7.1. Our office headquarters are based in Malta, Europe and our main data centre is located in Haarlem, The Netherlands. Our backup servers are located in Malta, Europe.
7.2. It could be in order to perform our contract with you or for our wider
business purposes, the information that we hold about you may be
transferred to, and stored at, a destination outside the EU. It may also be
processed by staff operating outside the EU who work for us or for one of our
Some countries or organisations outside he EU which we may transfer your information to will have an “adequacy decision” in place, meaning the EU considers them to have an adequate data protection regime in place. Youmay find more information about what the “adequacy decision” measuresare on the European Commission website: https://ec.europa.e/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en.
7.4. If we transfer data to countries or organisations outside of the EU which the EU does not consider to have an adequate data protection regime in place, we will ensure that appropriate safeguards (for example, model clauses approved by the EU or a data protection authority) are put in place where required. To obtain more details of these safeguards, please contact us.
8. SHARING YOUR INFORMATION
8.1. As well as any sharing listed above, we may also share your information with third parties, including third-party service providers and other entities in our group. Third parties are required to respect the security of your personal information and to treat it in accordance with the law. We never sell your data to third parties.
8.2. Why do we share your personal information with third parties? We may share your personal information with third parties if we are under a duty to disclose or share your personal information in order to comply with any legal obligation, or in order to enforce or apply our agreements with you, or to protect the rights, property, or safety of us, our customers, or others or where we have another legitimate interest in doing so. This may include exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
8.3. Which third parties do we share your information with?
8.3.1. Group Companies
We may share your personal information with members of our group, which means other companies that are in the Syspay Group and that may be involved in theprovision of part of the services we offer, including but not limited to the provision ofhospitality software services, verification services and etc. This may be necessary inorder to process your application or provide you with the services linked to your Account with us, as well as to provide you with fraud prevention and antifraud monitoring services.
8.3.2. Credit Agencies, Fraud Prevention Companies, Company Registers
When you open a payment processing facility with us we must share certain information about you and your business, including but not limited to personal and business information, transaction history, financial situation with third parties, such as credit score agencies, fraud prevention companies, company registers and such in order to comply with anti-money laundering and financing of terrorism regulations, as well as local regulatory requirements that mandate us to measure and mitigate exposure to various risks linked to providing you with access to process payments, including but not limited to financial, regulatory and reputational risks. For this purpose, we may need to share your information with the above mentioned third parties in order to satisfy ongoing monitoring of your activities requirement as well to protect our business from the above mentioned risks.
8.3.3. Other Disclosures
We may also share your personal information with:
● Perspective buyer of our business or a buyer of a substantial shares in ourbusiness;
● Law enforcement agencies, government bodies, the police, the courts of justice, regulatory bodies if we are under a duty to disclose and share personal information we hold for you in order to protect the rights, property of safety of ourselves, our companies, our customers and others;
● Third parties who may have referred you to us and to whom we may own a commission payment as a result of the referral. Where commission amounts are calculated on the basis of the volumes and values you have processed with us, we may need to share the latter for the sake of providing a statement of the commission amounts.
9. HOW WILL WE COMMUNICATE WITH YOU
We may send you emails to the email address(es) registered in your Account with us, or call you on one of the numbers you have provided us with.
You can change the email address(es) you have registered in your profile by logging in to your Account and updating your personal settings. Should any personal information you have provided us with be unavailable for you to change, please contact us at firstname.lastname@example.org to request the changes you need to affect. We will ensure that any changes you require are done, if they are not in breach with any applicable laws and regulations and are done in accordance with any applicable procedures, laws and regulations. You may also receive automatically generated emails from us, pertaining to payment transactions, notifications, fraud monitoring activities, system changes, password expiries, information changes etc. which are necessary for the proper operation and administration of your Account.
10.1. We may collect your name and contact details (such as your email address, phone number or address) in order to send you information about our products and services. We may collect this directly from you, or through a third party. If a third party collected your name and contact details, we will process your personal data based on legitimate interests to send you a fair processing notice and then respect any communication preferences you give us.
10.2. You can always “opt out” of receiving our marketing communications. You can exercise the right at any time by contacting us at email@example.com or by clicking on the “unsubscribe” link on any promotional emails. If you “opt-out” of our marketing materials you will be added to our suppression list to ensure we do not accidentally send you further marketing
10.3. We may still need to contact you for administrative or operational purposes, but we will make sure that those communications don’t include direct marketing.
10.4. If you are an existing customer or are acting as a business we use your contact details as necessary for our legitimate interests in marketing to you and maintaining a list of potential customers.
10.5. If you are not an existing customer, and are not acting as a business, we will only contact you for marketing purposes with your consent (whether we have collected your details directly from you, or through a third party) or following an action from yourself to download our materials or contact us about our products.
10.6. We never share your name or contact details with third parties for marketing purposes. We may use third party service providers to send out our marketing, but we only allow them to use that information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
10.7. We keep your details on our marketing list until you “opt-out” at which point we add you to our suppression list. We keep that suppression list indefinitely to comply with our legal obligations to ensure we don’t accidentally send you any more marketing.
11. YOUR RIGHTS
Data protection law gives you a number of rights when it comes to personally identifiable information we hold about you. The main rights are laid out below. More information about your rights can be obtained from the Office of the Information and Data Protection Commissioner (IDPC) Malta – https://idpc.org.mt/en/Pages/Home.aspx. Under certain circumstances, by law you have the right to:
11.1. Be informed in a clear, transparent and easily understandable way about how we use your personal information and about your rights. This is why we are providing you with the information in this Policy. If you require any further information about how we use your personal information, please let us know.
11.2. Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
11.3. Request rectification of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
11.4. Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it (for instance, we may need to continue using your personal data to comply with our regulatory and legal obligations).
11.5. Object to the processing of your personal information where we are relying
on a legitimate interest (or those of a third party) and there is something that makes you want to object to us using your information and we do not have a legitimate basis for doing so, which overrides your rights, interests and freedoms (for instance, we may need it to defend a legal case). You also have the right to object where we are processing your personal information for direct marketing purposes.
11.6. Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
11.7. Request the transfer of your personal information to another party where you provided it to us and we are using it based on your consent, or to carry out a contract with you, and we process it using automated means.
11.8. Withdraw consent. In the limited circumstances where we are relying on your consent (as opposed to the other bases set out above) to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have a legitimate interest in doing so or we are bound by regulatory requirements to continue doing so for a defined period of time.
11.9. Lodge a complaint. If you think that we are using your information in a way which breaches data protection law, you have the right to lodge a complaint with your national data protection supervisory authority (if you are in Malta, this will be the Office of the IDPC).
11.10. If you want to review, verify, correct or request deletion of your personal information, object to the processing of your personal information, withdraw your consent to the processing of your personal information or request that we transfer a copy of your personal information to another party, please contact us at firstname.lastname@example.org.
11.11. What we may need from you in order to address your requests sent to email@example.com. We may need to request specific information from you to help us understand the nature of your complaint, to confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
11.12. Resolution timeframes. Please consider your request responsibly before submitting it. We will respond to your request as soon as we can. Generally,
this will be within twenty one days from when we receive your request but, if the request is going to take longer to deal with, we will let you know.
12. COOKIES AND OTHER TRACKING TECHNOLOGIES
12.2. When visiting our websites, a number of cookies will be set in your browser.
These cookies can be split in 2 categories:
12.2.1. SysPay originated cookies: These cookies are required to hold session information and maintain state and connection as you navigate from page to page within our websites. Such cookies are essential to be able to use our restricted areas. If you choose to reject such cookies, you will still be able to browse our public pages but you will not be able to log in to your account.
12.2.2. Analytics cookies: These cookies track information about visits to our various pages and collect activity data to help us improve user experience. SysPay uses Google Analytics for this purpose, and this purpose only (i.e. not for marketing nor advertising). No personal data are sent to google, and IP anonymization has been enabled. Google provides a way to opt out of this feature by installing a browser extension available at the following location: https://tools.google.com/dlpage/gaoptout
If you want to learn more about cookies and how to control, disable or delete them for a vast majority of browsers, please visit https://www.aboutcookies.org/
12.3. Logs: As most websites and services delivered over the Internet, we gather certain information and store it in log files when you interact with our websites and services. This information includes internet protocol (IP) addresses as well as browser type, internet service provider, URLs of referring/exit pages, operating system, date/time stamp, information you search for, locale and language preferences, identification numbers associated with your devices, your mobile carrier, and system configuration information. Occasionally, we connect personal information to information gathered in our log files as necessary to improve our websites and services. In such a case, we would treat the combined information in accordance with this Policy.