OKTO
SURESWIPE
Privacy Policy Statement
1. Introduction
Sureswipe E.M.I. PLC (referred to as “we”, “us”, “our” or “Revsto”) is strongly committed towards protecting the User’s (referred to as “you” and “your”) privacy and the confidentiality of your Personal Data which we process as a data controller.
At Revsto, we always consider our customers as the cornerstone of everything that we do. As such we believe that the handling of your personal data and privacy should be dealt with in a transparent manner and our privacy practices should be easy to understand. The way we protect and handle the information you entrusted to us is described in our Privacy Policy Statement.
This Privacy Statement sets out our current policies and commitment to data protection and privacy. In line with this, we aim to collect and process only data strictly necessary in the context of our relationship with (prospective) customers, (future) partners, users/visitors of our website(s) and online resources, in order to provide services and/or information for specific and legitimate purposes.
Revsto is dedicated to protecting the privacy and confidentiality of information in its possession and is committed to appropriate use and protection of personal data, with transparency and respect for rights in accordance with EU Regulation 2016/679 the General Data Protection Regulation (GDPR) and applicable data protection legislation (“data protection law”).
We make our Privacy Notice available on our website www.revsto.com in its most recent version. Please review it carefully. It contains information on how we collect, use, share and protect the personal data that we obtain.
2. Who we are
Sureswipe E.M.I. PLC as a Cyprus-based limited liability public company, licensed by the Central Bank of Cyprus as an Electronic Money Institution (E.M.I.) with license number 115.1.3.26, provides professional services within the framework of the relevant Law and the corresponding Directive (EU 2015/2366) of the European Parliament and the European Council. Our registered office is located at: Victory Tower, 1st Floor, 18 Kyriakou Matsi Avenue, 1082 Nicosia, Cyprus. “Revsto” is the registered tradename of Sureswipe E.M.I. PLC.
3. Why personal data is collected
It is important that you know exactly what we do with the personal information you and others make available to us, why we collect it and what it means for you. This document outlines the Revsto approach to Data Privacy to fulfil our obligations under the EU General Data Protection Regulation (GDPR) 2018 of 25th May 2018. We also welcome it as an opportunity to reassure you of the importance we place on keeping your personal data secure, and of the strict guidelines we apply to its use.
Personal Data, also known as Personal Identifiable Information, means information that can be linked to a specific individual, such as name, address, telephone number and e-mail address. We encourage individuals who interact with Revsto to review our Privacy Policy Statement, and become familiar with it, but they should know that we do not sell or rent their Personal Data to third parties. We don’t require you to register or provide this information to us when you view our website or have access to its content.
We take your privacy seriously and this Privacy Policy explains the steps we take to ensure information about you is kept secure and confidential.
4. Legal grounds of processing
Our legal basis for processing the personal data are the following:
1. Receipt of your consent;
✓ Compliance with legal obligations that Revsto is required to meet.
2. Any legitimate interests pursued by us, or third parties we use, are as follows:
✓ Fraud Prevention;
✓ Anti-Money Laundering;
✓ Counter-terrorist financing;
✓ Combatting the misuse of the services.
3. National Legislation.
4. Performance of a contract where you are a party.
5. The Information we would like to collect from you
We will collect personal information about you which you provide to us when accepting the use of our services, contact us through our website, request information or otherwise provide personal information to us. You must ensure that the personal information you provide to us is accurate and complete. Personal Data may include (but is not limited to) the below:
1. For Natural Persons:
→ First Name and Surname with title;
→ Address;
→ Date of birth;
→ Gender;
→ Email;
→ Bank Account details;
→ Proof of address documents;
→ Telephone number;
→ ID Documents;
→ Transactional information;
→ Other personal information such as telephone recordings; security questions, user ID.
2. For Legal Persons:
→ Company Name;
→ Registration number;
→ Country;
→ Full address;
→ Company Email;
→ Phone/Fax Numbers;
→ Type of Industry;
→ Certificate of non-bankruptcy and
→ Any other information may require setting up the accounts.
6. Purposes for which we use your personal data
At our website, we collect both Personal Data and aggregate information that the individuals voluntarily provide on our website and/or in response to emails in relation to features provided on the website. When we collect Personal Data, it will be to provide the service required, with your consent or as required by law.
Aggregate information relates to such things as how many consumers visit the website, which pages they access, what information they download, the type of web browser and operating system you use, the name of your Internet Service Provider and so on. When you visit our website, we automatically collect this information, and combine it with similar information collected about all other visitors. By collecting this information, we learn how to best tailor our website to our visitors.
The User can visit our website without revealing the User’s identity or any Personal Data. We track the internet address of the domains from which people visit us and analyse this data for trends and statistics, but the User remains anonymous.
For better management of the website, we may
– Log the User’s browsing history;
– Log non-personally identifiable information, including IP address, profile information, aggregate User data, and browser type; and
– Record User IP addresses for security and monitoring purposes.
Your data is processed with the data minimization principle in mind. We aim to limit the processing of your data and the type of data processed to strictly the data needed for a lawful reason. Revsto uses data inter alia to:
✓ Providing e-wallet services to you;
✓ Providing prepaid card services to you as per our contractual obligations;
✓ Providing IBAN Account services to you;
✓ Processing your account information;
✓ To comply with our legal obligations for the prevention of fraud, money laundering, counter terrorist financing or misuse of services;
✓ Verifying your identity;
✓ Contacting you regarding our service to you;
✓ Monitoring and improving our website and its content;
✓ Sending you information about us if your request it;
✓ Otherwise with your consent or as permitted or required by law;
✓ Where requested by law enforcement for investigation of crime;
✓ We may use your information for marketing purposes; however we will only do this where you specifically ask us to do so. This might include using your data to identify products and services that may be of use to you.
7. Consent
By consenting to this privacy notice you are giving us permission to process your personal data specifically for the purposes identified above. Consent is required for Revsto to process personal data, but it must be explicitly given. Where we are asking you for sensitive personal data, we will always tell you why and how the information will be used.
8. Consent for Children under 18
Revsto services are not generally aimed at children. In the limited circumstances where we may collect and use personal information about children, please note that minors require specific protection concerning their personal data, since they might be less aware of the risks, consequences and safeguards it involves and of their rights in relation to the processing of personal data for the purpose of using these services. By accepting this privacy policy on behalf of a minor (Consent from a parent or Legal Guardian), you are granting permission to the use of their data for the purpose set out above.
9. Withdrawal of Consent Conditions
You may withdraw consent from direct marketing at any time by contacting our Data Protection Officer. Please note, that you may not withdraw your consent where you have consented to your data being used for carrying out financial transactions. As a payment service provider, Revsto is obliged to retain data concerning financial transactions in accordance with national law for the purpose of preventing, detecting and investigating, by the FIU or by other competent authorities, possible money laundering or terrorist financing.
10. Disclosure of Your Personal Data
In order for Revsto to perform and comply with its contractual and statutory obligations your personal data may be provided to various third parties only in cases that are necessary as required or permitted by law, or if we are authorized under our contractual and statutory obligations, or if you have given us your consent. Such third parties enter into contractual agreements with Revsto to ensure confidentiality and compliance with data protection regulations.
Under the circumstances referred to above, recipients of personal data may be, for example, disclose your Personal Data to our affiliates and to unaffiliated third parties that perform services on our behalf, for example, information technology and/or data hosting, processing services or those providing services or products connected to your e-wallet account.
We take reasonable measures to ensure that Personal Data that may be processed by our third party service providers on our behalf is protected and not used or disclosed for purposes other than as directed by us, subject to legal requirements applicable to Revsto’s affiliates, agents and service providers, for example, lawful requirements to disclose personal information to government authorities in those countries or subject to legal proceedings or potential legal proceedings or if otherwise required to do so by law or any other Governmental or law enforcement agency (including but not limited to Revsto, our issuing banks, our processors and our third-party partners.) We may need to disclose your account information and verify personal documents for regulatory obligations we have. This will be in accordance with Anti-Money Laundering and Fraud prevention checks.
Revsto will only pass on your personal data to third parties, including internationally, once we have obtained your consent. Some of our service providers, like payment processors, risk management solutions and suppliers are based outside of the EEA. Where we authorize the processing or transfer of your personal information outside of the EEA, we require your personal information to be protected to data protection standards and we ensure that there are adequate safeguards in place for data protection. The GDPR prohibits transfers of personal data outside the European Economic Area to a third country that does not have adequate data protection. Where transfer occurs outside the EEA the following mechanisms and data protection laws are in place with the third parties:
✓ Data Protection clauses in our contracts and agreements with third-parties;
✓ EU-US Transatlantic Data Privacy Framework;
✓ Personal Information Protection and Electronic Documents Act (PIPEDA);
✓ Data Protection Act 2018;
✓ European Commission, 45 of Regulation (EU) 2016/679 GDPR Adequacy decisions.
11. Data retention Periods
Our retention period is primarily determined by our obligations under applicable legislation to retain data for a specific period of time. Destruction will not be possible prior to the lapse of this period. We are obliged to keep Customer data (including personal data) during the existence of the contractual relationship and for a minimum period of 5 years after its termination in accordance with AML legislation, unless legal or regulatory reasons prohibit us from destroying the data.
The retention period may be extended in case of other lawful reasons justifying longer retention (such as for complaints handling, legal proceedings, investigations, regulatory, tax, money laundering and crime and fraud prevention purposes).
For prospective Customers, personal data shall be kept for up to a year from the data of notification of the rejection of the application or from the data of withdrawal of the application, unless legal or regulatory reasons prohibit us from destroying the data or there is another lawful reason justifying longer retention (such as for complaints handling, legal proceedings, investigations, regulatory, tax, money laundering and crime and fraud prevention purposes).
12. Your data protection rights under the GDPR
You have the following rights in relation to the personal data we hold about you:
• Have Access to your personal data. (“Right of access”)
You have the right to request a copy of the information that we hold about you and a confirmation from us whether personal data is processed or not. If you would like a copy of some or all your personal information, please email DPO@revsto.com
• Right of Rectification
You have a right to correct data that we hold about you that is inaccurate or incomplete. In such a case, we may need to verify the accuracy of the data we have and data provided and take steps to correct our records.
• Right of Erasure (“right to be forgotten”)
This allows you to request that we delete your personal data when there is no valid reason for us to continue processing it.
In certain circumstances and depending on agreements in place, you can ask for the data we hold about you to be erased from our records where:
– Processing is no longer required for the reasons the data was collected or processed;
– We are relying on consent as a legal basis, and you withdraw your consent;
– You have objected to the processing of data;
– The data has been unlawfully processed (i.e. breach of legal basis requirement);
– Required by law.
We may continue to retain your data if another legitimate reason for doing so exists. Our requirements to comply with legal obligations (record-keeping requirements in particular) to process and retain certain data will supersede any right to erasure requests, and we may also continue to retain/use your data if another legitimate reason for doing so exists (for exercise of legal claims and or serving in the public interest). We are unable to proceed with erasure requests prior to the expiry of the five (5) year period following the closing of your account and/or the termination of our contract with you, as such action will affect our ability to comply with our anti-money laundering obligations under the European legislation framework.
Your data relating to financial transactions, accounts or cards cannot be deleted due to national law associated with the prevention of fraud, money laundering, counter terrorist financing or misuse of services for crime.
• Restriction of Processing of Personal Data
You can request that we restrict the use of your personal data a) if you disagree over the accuracy of the personal data and you requested a correction, b) when we process your data unlawfully but you don’t request erasure, c) if we no longer need to retain your data but you wish us to keep it for longer, e.g. to establish, exercise or defend a legal claim or; d) when you have objected to the processing of your data and we are examining your request/if our legitimate grounds override yours. In the event that such restriction prevents us from performing our contractual obligations to you; we will notify you accordingly.
• Data Portability
You have the right to request us to provide your personal data to you directly in an easily re-used machine-readable format or to a third party if technically possible.
This right applies only to personal information provided by you to us for the performance of the contractual relationship with us, or which we process based on your consent. This right may not be fully applicable in cases where the processing is done due to a legal obligation of the Company.
• Object to the Processing of Personal data
You can object to processing of your personal data and request us to stop a) in case we are relying on lawful and legitimate interest you can object based on a particular situation or b) if we are processing your personal data for direct marketing. If you lodge an objection, we will no longer process your personal data unless we can demonstrate we have compelling legal grounds for the processing which override your interests, rights and freedoms. In case such objection affects our ability to perform our contractual obligations, we will notify you.
• Withdrawal of Consent
If we are relying on the lawful basis of your consent (i.e. we requested and you provided your consent), you can withdraw your consent at any time, subject to contractual and legal restrictions and reasonable written notice.
We may continue to process your information if another lawful basis exists for doing so. If we are unable to provide you with services due to the withdrawal of consent, we will inform you accordingly.
• Automated Processing
Right to object to any decision based on the automated processing of your personal data, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
• Right to Judicial Review
In the event that Revsto refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined below.
All of the above requests will be forwarded on should there be a third party involved in the processing of your personal data.
13. Exercising your rights
Please contact the authorized DPO directly at contact details indicted below to exercise your rights or if you have questions about the use of your personal data.
You may be subject to identification procedures and measures in order to ensure that no personal data is disclosed to unauthorized persons. We may also request additional information / clarifications to process your request as rapidly and efficiently as possible.
All requests must be in English in a comprehensive manner and contain a clear description of the object of the request. We will not be able to process requests which are incomprehensive or in languages other than Greek or English, as mentioned above.
We will not normally charge a fee to access your personal data (or exercise other rights). We may charge a fee where your request is clearly unfounded, excessive, or repetitive. Alternatively, we may reject such a request as manifestly or excessively burdensome, unfounded, and not submitted in good faith.
Depending on the complexity of your request and volume of data associated with it, we will aim to satisfy all legitimate requests within one month of receipt or to inform you of refusal, or of an extension period of up to three months to satisfy your request. We will notify you appropriately if your request requires more than one month to fulfill.
14. Right to file a complaint
In the event that you wish to make a complaint about how your personal data is being processed by Revsto (or third parties as above), exercise of your rights or how your complaint has been handled, please notify and/or file a complaint with our DPO directly at the contact details indicted below or fill out and submit to complaints@revsto.com the relevant form available on the Revsto’s website: www.revsto.com. We will immediately investigate and inform you in regard to your complaint.
Complaints must be made in English in a comprehensive manner and contain sufficient details and a clear description of the complaint. We will not be able to process requests which are incomprehensive or in languages other than English.
If you are unhappy with our response or if you need any advice you should contact the Commissioner for Personal Data protection. Information on filing a complaint is available on the Data Commissioner’s website.
15. Data Protection Officer Contact details
Revsto has appointed a Data Protection Officer at its headquarters, who can address questions and concerns and can be contacted as follows:
To: Data Protection Officer
Sureswipe E.M.I. PLC
1st Floor, Victory Tower,
18 Kyriakou Matsi Avenue
1082 Nicosia Cyprus
Tel.: +357 22376006
Fax.: +357 22376024
Email: dpo@revsto.com
16. Member Communications and Email
We employ a strict policy against sending unsolicited email. Please note that opting not to receive email does not exempt the User from receiving administrative emails.
Revsto may contact the Users in response to the User’s inquiries, to provide services at the User’s request and to manage the User requirement.
Our website and emails may contain links to various other websites. While we make every effort to ensure that our advertisers post clear and complete Privacy statement and observe appropriate data protection practices, each of these websites has a privacy statement that may differ from that of ours. The privacy practices of other websites and companies are not covered by this policy.
17. Security
We follow generally accepted industry standards to protect the Personal Data processed by us, since it is collected, transmitted, used and finally disposed. No method of transmission over the internet, or method of electronic storage, is 100% secure, therefore while we strive to use commercially acceptable means to protect the User’s Personal Data, we cannot guarantee its absolute security. We reserve the right to disclose the User’s Personal Data as required by law and when we believe that disclosure is necessary to protect our rights and/or comply with a judicial proceeding, court order, or legal process served on our website.
Revsto will take all steps reasonably necessary to ensure that the User’s data is treated securely and in accordance with this privacy policy. All information the User provides to Revsto is stored on Revsto’s secure servers. Where Revsto has given the User (or where the User has chosen) a password which enables the User to access certain parts of Revsto’s website, the User is responsible for keeping this password confidential.
Revsto asks the User not to share their password with anyone. Unfortunately, the transmission of information via the Internet is not completely secure. Although Revsto will do its best to protect the User’s personal data with the use of strict procedures and security features to prevent unauthorised access, Revsto cannot guarantee the security of the User’s data during transmission to Revsto’s website; any transmission is at the User’s own risk.
18. Cookies
A cookie consists of information sent by a web server to a web browser and stored by the browser. The information is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser.
Revsto may collect information about the User’s computer, including, where available, the User’s IP address, operating system, and browser type for system administration and to report aggregate information.
This is statistical data about Revsto’s User’s browsing actions and patterns and does not identify any individual. Cookies contain information that is transferred to the User’s computer hard drive, they help Revsto to improve its website and to deliver a better and more tailored service. They enable Revsto to:
1. Estimate Revsto’s audience size and usage pattern;
2. Store information about the User’s preferences, and so allow Revsto to customise its website according to the User’s individual interests;
3. Speed up the User’s searches; and
4. Recognize the User when the User returns to the Revsto website.
The User may refuse to accept cookies by activating the setting on the User’s browser which allows the User to refuse the setting of cookies. However, if the User selects this setting the User may be unable to access certain parts of the Revsto website. Unless the User has adjusted the User’s browser setting so that it will refuse cookies, Revsto system will issue cookies when the User logs on to the website.
The typical information our cookies collect are as follow:
• IP Address (Maybe Domain Information);
• Host Information; • Information on type of SSL;
• Host Location;
• User activity tracking on Revsto website.
The User accepts cookies by turning them on, when visiting the website for the first time. However, the User is not required to turn on cookies in order to have a functioning website. Only after accepting to turn on the cookies, Personal Data will be processed. A different option is that the User sets his browser to warn him/her with a message for each cookie, only the cookies that have been accepted will be processing Personal Data.
19. Violation of this Policy
We may need to disclose your personal information if you breach this Privacy Policy and/or our Terms of Use or in connection with legal proceedings or potential legal proceedings or if otherwise required to do so by law or any other Governmental or law enforcement agency.
20. Your Responsibilities
You are responsible for ensuring that the information provided to Revsto by you/about you or on your behalf is accurate and up to date, and you must inform us if anything changes as soon as possible.
21. Changes to this Privacy Statement
Please note that we review our Privacy Statement from time to time, and we may make periodic changes to it in connection with that review. Therefore, the User may wish to bookmark this page and/or periodically review this page.
22. Procedures and Guidelines
This Policy supports the provision of a structure to assist in Revsto’s compliance with the Data Protection legislation, including the provision of best practice guidelines and procedures in relation to all aspects of Data Protection.
This Policy will be reviewed annually by the DPO, subject for approval by the BoD, in light of any legislative or other relevant developments including guidance from Data Protection Commissioner, or the EU Commission. It shall be the responsibility of the DPO to keep this policy updated.
23. Acceptance and Consent
You hereby state that you have been informed about the personal data protection terms and conditions and you accept and consent to the processing of said personal data by REVSTO in the way and for the purposes set out in this Privacy Policy.
24. Contact Us
Questions, comments, and requests regarding this privacy policy are welcomed and should be addressed by the following methods:
Email: DPO@revsto.com
Telephone at +357 22376006,
By post: 18 Kyriakou Matsi, Victory Tower, 1st floor, 1082, Nicosia, Cyprus.
