Policy Effective Date: 25 May 2018
This policy relates to the privacy of your information at Masterpayment GmbH (hereinafter referred to as Masterpayment). Masterpayment is committed to keeping your information private. By ‘your information’ we mean any information about you that you or third parties provide to us. This policy relates to the privacy of your information at Masterpayment and explains the principles that Masterpayment applies to the processing of personal information, the rights that you have pertaining to your personal information, what personal information is collected, why we are processing it and who we are sharing it with.
Masterpayment is committed to safeguarding the privacy of your information in the following ways:
- We will only collect and use your information where we have lawful grounds and legitimate business reasons to do so
- We will be transparent in our dealings with you and will tell you about how we will collect and use your information
- If we have collected your information for a particular purpose, we will not use it for anything else unless you have been informed and, where relevant, your permission obtained
- We will not ask for more information than we need for the purposes for which we are collecting it
- We will update our records when you inform us that your details have changed
- We will continue to review and assess the quality of our information
- We will implement and adhere to information retention policies relating to your information, and will ensure that your information is securely disposed of at the end of the appropriate retention period
- We will observe the rights granted to you under applicable privacy and data protection laws, and will ensure that queries relating to privacy issues are promptly and transparently dealt with
- We will train our staff on their privacy obligations
- We will ensure we have appropriate physical and technological security measures to protect your information regardless of where it is held
- We will ensure that when we outsource any processes, the supplier has appropriate security measures in place and will contractually require them to comply with these privacy principles
- We will ensure that suitable safeguards are in place before personal information is transferred to other countries.
If you have any questions about privacy at Masterpayment please contact us at:
Masterpayment Privacy Team
Petersbrunner Str. 1B
Tel: +49 8151 18759 – 0
or email us at Privacyadmin@Masterpayment.com
Right to be Informed
Right of access to your personal data
You have the right to access information held about you. In order to exercise this right, you must complete a subject access request that should be submitted to Privacyadmin@Masterpayment.com. Once received, Masterpayment will respond within 28 days confirming whether or not we are processing your personal data and will give you access to that data in electronic format. No fee will apply for such requests.
Right to rectification of your personal data
Masterpayment endeavors to ensure that all personal information is complete and accurate at all times. If, however, you determine that the personal information we hold about you is incomplete or inaccurate, you have the right to request correction of that personal information.
Right to have your personal data erased
You have the right to be forgotten and can request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
Right to restrict processing of your personal data
You have the right to request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example, if you want us to establish its accuracy or the reason for processing it.
Right to portability of your personal data
You have the right to request the transfer of your personal information to another party in certain formats, if practicable. This allows you to obtain and reuse your personal data for your own purposes across different services.
Right to make a complaint
If we fall short of your expectations in processing your personal information or you wish to make a complaint about our privacy practices, please tell us because it gives us an opportunity to fix the problem. You may contact us by submitted your complaint to Privacyadmin@Masterpayment.com.To assist us in responding to your request, please give full details of the issue.
You also have the right to make a complaint to an independent supervisory body, the contact details of which are:
Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
The competence for complaints is split among different data protection supervisory authorities in Germany. Competent authorities can be identified according to the list provided under:
INFORMATION THAT WE COLLECT
The types of personal information we may obtain or you may choose to provide include:
- Contact information (such as name, postal or e-mail address, and phone number)
- Your identification details (such as copies of identification documents, passport, proof of address)
- Proof of wealth and/or source of funds
- Username and password
- Payment account information
- Content you make available through social media accounts or memberships with third parties
- Mobile device unique identifier
- Website usage through cookies and logs of activities during visits
- Geo-location data (such as the place that you connect to our systems or initiate transactions)
- Other information (such as language preference, age, date of birth, gender and family status)
THE PURPOSES OF PROCESSING OF PERSONAL INFORMATION WE COLLECTAND LEGAL BASIS
Masterpayment processes personal data for the following purposes and lawful bases:
|Purpose of processing of personal information||Legal basis for processing|
|Customer onboarding processes include the identification and verification of customer identity and address, the purpose and nature of the business relationship; ultimate beneficial ownership; and the sources of funds and wealth.||Processing is necessary in order to fulfill Masterpayment’s legal obligation to comply with applicable anti- money laundering and terrorist financing regulations.|
|Screening processes include checking of customer relationships against lists of sanctions, politically exposed persons and high risk jurisdictions.||Processing is necessary in order to fulfill Masterpayment’s legal obligation to comply with applicable anti- money laundering and terrorist financing regulations.|
|Account opening processes include the setup of customer communications details, account details, security credentials, bank details and the execution of legal agreements and terms and conditions.||Processing is necessary in order to perform Masterpayment’s contractual obligations under the related products’ terms and conditions.|
|Card issuance processes, for our card related businesses, include records of customer address and card specific data and involves card creation, printing, fulfilment and shipping including the provision of sensitive payment data.||Processing is necessary in order to perform Masterpayment’s contractual obligations under the related products’ terms and conditions.|
|Customer communications processes include records of communications requests and authentication of customer identification; records of email, on-line, SMS and other forms of electronic communications; and website usage through cookies and logs of activities, duration of visits, IP addresses, dates, times and geo-location data.||Processing is necessary in order to perform Masterpayment’s contractual obligations under the related products’ terms and conditions.|
|Customer complaints processes include the receipt, acknowledgement and resolution of customer complaints including records of associated investigation and communications with the complainant.||Processing is necessary in order to fulfill Masterpayment’s legal obligation to management customer complaints under applicable payment services regulations and data protection regulations.|
|Transaction processing includes the processing of payment debit and credit transactions, chargebacks and refunds related to customer accounts.|
|Transaction monitoring includes monitoring of individual customer transactions and patterns of transactions for purposes ofdetecting and / or preventing fraud and also for the purposes of detecting suspicion of, or preventing suspicious money laundering or terrorist financing activities.||Processing is necessary in order to fulfill Masterpayment’s legal obligation to comply with applicable anti- money laundering and terrorist financing regulations.
Monitoring to prevent or detect fraud is considered to be a task carried out in the public interest
|Relationship monitoring includes monitoring of individual customer relationships necessary for the purposes of detecting suspicion of, or preventing suspicious money laundering or terrorist financing activities.||Processing is necessary in order to fulfill Masterpayment’s legal obligation to comply with applicable anti- money laundering and terrorist financing regulations.|
|Safeguarding of customer funds includes processing of all customer related receipts, deposits and transfers into and out of segregated funds accounts.||Processing is necessary in order to fulfill Masterpayment’s legal obligation to safeguard customer funds under applicable payment services regulations.|
|Sensitive payment data processing is required in order to provide secure payment processing and protect against fraud. Sensitive payment data may include account data, identification data and authentication data such as security credentials|
Where the provision of personal data is a statutory requirement for purposes of Masterpayment meeting its obligations under applicable Payment Services Regulations or applicable Anti- Money Laundering and Terrorist Financing Regulations; or is a requirement necessary for Masterpayment to fulfill its contractual obligations, the possible consequences of failure to provide such data include Masterpayment terminating our relationship with you.
Processing personal data by Masterpayment for the purposes of preventing Money Laundering and Terrorist Financing is considered to be necessary for the exercise of (a) a function of a public nature in the public interest and (b) a function conferred by or under an enactment i.e. the relevant national money laundering regulations. Masterpayment will make no other use of such personal data unless (a) use of the data is permitted by or under an enactment other than the National MLTF Regulations, for example relevant National Payment Services Regulations; or (b) Masterpayment has obtained your express consent to the proposed use of the data.
Masterpayment does not process personal information in a manner that constitutes the existence of automated decision-making, including profiling.
We may also use personal information in other lawful ways for which we will provide specific notice at the time of collection.
WHO WE SHARE YOUR PERSONAL INFORMATION WITH
We will not sell personal information we collect about you.
We share personal information with third party providers of due diligence and screening services in order to verify customer identity and manage exposures to money laundering and terrorist financing risks.
We share personal information with third party providers of transaction processing services and transaction monitoring services in order to process payment transactions and guard against exposures to fraud and money laundering and terrorist financing risks.
Where we share information with our service providers, who perform services on our behalf, we authorize these service providers to use or disclose the information only as necessary to perform services on our behalf or comply with legal requirements. We require these service providers under contract to safeguard the privacy and security of personal information they process on our behalf.
We may share personal information we collect with our affiliates.
We may disclose information about you (i) if we are required to do so by law or legal process, (ii) when we believe disclosure is necessary to prevent harm or financial loss, or (iii) in connection with an investigation of suspected or actual fraudulent or illegal activity.
INTERNATIONAL DATA TRANSFERS
To offer our services, we may need to transfer your personal information to affiliated entities in several countries, including to Germany, Hong Kong, Malta, Mauritius, South Africa and the United States. We use group Data Protection Policies and Procedures as a means of ensuring consistent Data Protection Standards are operational throughout all affiliated entities. We also provide adequate safeguards for the transfer of personal information to countries outside of the European Economic Area (“EEA”) by using standard enforceable clauses in any inter-company legal agreements that are compliant with the requirements of EEA Data Protection Regulations.
HOW LONG WE KEEP YOUR PERSONAL INFORMATION
Masterpayment stores personal information only for as long as it is necessary for the fulfillment of the purpose for which the personal information was collected, unless otherwise required or authorised by applicable law. We take measures to destroy or permanently de-identify personal information if required by law or if the personal information is no longer required for the purpose for which we collected it.
We will keep your personal information for as long as you are a customer of Masterpayment. After you stop being a customer, we may keep your data for up to 5 years for one of these reasons:
- To respond to any questions or complaints.
- To show that we treated you fairly.
- To maintain records according to rules that apply to us.
We may keep your data for longer than 5 years if we cannot delete it for legal, regulatory or technical reasons.
HOW WE HOLD AND PROTECT PERSONAL INFORMATION
The security of your personal information is important to Masterpayment. We are committed to protecting the information we collect. We maintain administrative, technical and physical safeguards designed to protect the personal information you provide or we collect against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use.