1.1. At Acquiring Technical Service Limited(‘our’, ‘us’ or ‘we’), we regard the fair and lawful treatment of personal data as a critical factor in the success of our operations and a key to the maintenance of the confidence that exists between those with whom we deal and ourselves. We, therefore, acknowledge our legal obligations under the General Data Protection Regulation (GDPR) and endorse its requirements.
2.1. This policy applies to your Personal Data when you visit our site(s) or use our services and does not apply to online websites or services that we do not own or control.
3.2. We may also require other identification information if you send or receive certain high-value transactions or high overall payment volumes through our services or as is otherwise required in order for us to comply with our financial crime prevention obligations under the respectively applicable regulatory requirements.
Information that you voluntarily provid
4.1. We collect personal data when you provide it to us: (a) information that you provide by filling in application forms and forms on our website, which includes information provided at the time of registering to use our services, subscribing to our newsletter(s), and reporting a problem; (b) information provided via electronic means of communication, i.e. when you communicate with us, contact our customer support teams or respond to a survey, we may keep a record of our correspondence; (c) information regarding an enquiry from you about our products or services; (d) information that you provide in the context of a job application.
Information received from third parties
4.2. We could receive your personal data through third parties: (a) information received by one of APG Worldwide Limited Group members; (b) information received by the card schemes (e.g. Visa, Mastercard, etc.), credit reference agencies, fraud prevention agencies, government and law enforcement agencies; (c) information received via public sources like company registers and filings.
4.3. When you use our payment services we collect information about the transaction, as well as other information associated with the transaction such as amount sent or requested, amount paid for products or services, participants associated with the transaction, merchant information, including information about any funding instruments used to complete the transaction, device information, technical usage data, and geolocation information.
Information collected from your computer or your electronic device by our website
4.4. As with most websites, the following non-personal data is routinely collected during visits to our website and use of our online resources. This information may include the name of your internet service provider (IP address), the website that directed you to our website, browser and/or device type, date, time and length of your visit. This information cannot be used to personally identify visitors. When collecting and processing your IP address, the latter will be fully anonymised right after collection by deleting the last three figures. That way we are no longer able to identify you as a person. We will delete the IP address within no more than 12 months.
5.2. Consistent with our commitment to protect your personal data, we only conduct such processing where a valid lawful basis exists. In particular, we use your personal data in line with our contractual and/or legal obligation, or when we have a legitimate interest. Where our reason for processing is based on your consent, you may withdraw that consent at any time.
6.1. We are committed to making sure your information is protected. Once we receive your information, we use various security features and strict procedures, taking into account industry standards, to ensure the privacy and confidentiality of data and personally identifiable information. We maintain physical, technical and administrative safeguards that comply with regulatory requirements. Specifically, we use a combination of firewall barriers, data encryption techniques and authentication procedures to prevent unauthorised access to your data and to our systems. We also enforce physical access controls to our buildings and files. We test our systems regularly and also contract with outside companies to audit and test our security systems and processes.
6.2. We authorise access to your personal data only for those employees who require it to fulfil their job responsibilities and provide benefits, goods or services to you. We educate our employees about the importance of confidentiality and maintaining the privacy and security of personal data.
6.3. Our security procedures are constantly revised based on new technological developments in order to ensure the highest level of protection of your personal information. However, there are also a number of things that you can help with. We encourage you to use a strong password and make sure it is not the same one for all your accounts. You may not share it with anyone. Our representatives will never ask you for your password, so any email or other communication containing such request should be treated as unauthorised or suspicious and forwarded to email@example.com.
7.1. We take appropriate technical and organisational measures, both at the time of the design of the processing system and at the time of the processing itself, in order to maintain security and prevent unauthorised processing. We adhere to internationally recognised security standards and our information security management system has been independently certified as complying with the requirements of PCI DSS Level 1.
7.2. Your personal data will be retained for the least amount of time necessary to fulfil our legal or egulatory obligations and for our business purposes. We may retain Personal Data for longer periods than required by applicable regulatory requirements if it is in our legitimate business interests and not explicitly prohibited.
7.5. When we no longer need personal information, we securely delete or destroy it.
8.1. In order to provide our services, some of the information we collect may be required to be disclosed to our affiliates or other entities.
9.1. Whenever we process your personal data, we take reasonable steps to ensure that it is kept accurate and up to date for the purposes for which it was collected. With respect to the information related to you that ends up in our possession, and recognising that it is your choice to provide it to us, we commit to giving you the ability to do all of the following: (a) Right to be informed. You have the right to be informed about the processing (collection and use) of your personal data. (b) Right to access. You have the right to obtain confirmation whether or not we are processing personal data about you. You may also request information about: the purpose of the processing; the categories of personal data concerned; who else within our group might have received the data; and how long it will be stored. (c) Right to correction. You have the right to review and amend the record of personal data maintained by us if you believe it may be out of date or inaccurate. (d) Right to ‘be forgotten’. You may request that we erase your personal data if such processing is not reasonably required for a legitimate business purpose as described in this policy or our compliance with law. (e) Right to restrict processing. You have the right to restrict the processing of your personal data, e.g. to limit the way that we use your data. (f) Right to portability. When technically feasible, we will, upon request, provide your personal data to you or transmit it directly to another data controller. (g) Right to opt-out. You can opt-out of receiving electronic marketing materials from us at any time. This can be done through your account settings, by clicking the ‘unsubscribe’ link in any email communications which we might send to you, or by contacting us. Please note that this might take a few days. (h) Right to withdraw consent. You are entitled to withdraw your consent to the processing of your data. (i) Right to complain. You have the right to lodge a complaint with the appropriate supervisory authority if you have concerns about how we process your personal data.
9.2. Reasonable access to your personal data will be provided at no cost within a month upon receiving your request to the firstname.lastname@example.org. If access cannot be provided within the aforementioned time frame, we will provide you with the exact date when the information will be provided.
9.3. We reserve the right to charge you a GBP10.00 fee for administrative costs if your requests are manifestly unfounded or excessive, in particular because of their repetitive character. In accordance with our security procedures we may occasionally request proof of identity before we disclose personal data to you.
9.4. Please bear in mind that there may be legal or other reasons why we cannot, or are not obliged to, fulfil a request to exercise your rights. We will confirm what they are if that is the case.
10.1. Our websites and our services are not directed to children under the age of majority. We do not knowingly collect information, including personal data, from children or other individuals who are not legally able to use our sites and services. If we obtain actual knowledge that we have collected personal data from a child under the age of majority, we will promptly delete it, unless we are legally obligated to retain such data. Contact us if you believe that we have mistakenly or unintentionally collected information from a child under the age of majority.
12.2. We encourage you to periodically review this page to be informed about any changes in how we are protecting your personal data.