PRIVACY POLICY

This Policy regulates the collection and processing of personal data collected by iPay See d.o.o. Beograd- Čukarica, with the registered office in Belgrade, Beogradskog bataljona 4, Corporate ID No. 21150711 (hereinafter: iPay).

The Policy relates to all iPay service users, our application and website users, our associates, business partners, representatives, distributors, clients, suppliers and the iPay job candidates.

The Privacy Policy describes the types of personal data or personal information we collect; how we use, process and protect, for how long we keep and with whom we share the collected information; and the rights exercisable by data subjects in respect of their personal data. ’

It also provides contact information in order to obtain additional information on our privacy protection procedures and how to exercise your rights. 

Collected data

We can collect data in various ways, for example via our websites, applications and social networks; in our events; by telephone, e-mail and fax; through job applications; in person; or through our interactions with clients and suppliers. 

We can collect a choice of personal data, depending on the nature of relationship, including, but not limited to:

• Contact information (such as athe first and family names, address, e-mail address and telephone number);
• User name and password, when you register on our websites and applications; 
• CV information and other employment and career data you provide when you apply for a job with us; 
• Your unique identification number; the number and the dates of issue and expiry of you personal identification document; date of birth; the personal identification document issuing authority; and scanned and/or photocopied personal identification document; 
• Your „selfies“;
• Data on the transactions performed when using our services, including a geographical location; 
• Computer and mobile device data; your computer IP address; date and time of access to our website; the internet address you use to connect to our website location;
• Data required for the purpose of compliance with the AML regulations 

All information you provide to iPay must be accurate and true.

If you are required to provide details of the recipient’s e-mail address or other means of identification, make sure to enter correct data on the money recipient. We shall not be liable for any errors made in entering the recipient’s identification data. 

When you provide personal data of any person (other than yourself) using our services, you claim that you have obtained that person’s consent to enter his/her personal data, and to have such data collected, used and disclosed for purposes set forth herein. 

PURPOSE OF DATA COLLECTION

iPay collects and uses data in accordance with the applicable regulations, in order to: 

1. Carry out payment transactions, including any electronic money transactions; 
2. Settle card transactions; 
3. If permitted by law and upon your consent, to send promotional materials, available product notices, offers, invitations to events and other communications;
4. Process data for employee recruitment purposes; 
5. Create and manage your orders on our websites and application;
6. Answer individual enquiries and requests;
7. Manage, evaluate and promote our business (including the development, improvement, analysis and promotion of our services, management of our communications, data analysis and accounting, audit and other internal functions); 
8. Protect against fraud; to identify and attempt to prevent fraud and any other illegal activities; to address claims and other liabilities; 
9. prevent money laundering and terrorism financing; 
10. Comply with, and apply the valid regulations and industrial standards, the financial institution and card organization regulations, contractual obligations and our policies. 

All data processing shall be carried out in accordance with the applicable regulations, and upon consent given either explicitly or implicitly (through concludent action) by the data subject, in order to ensure compliance with any legal and contractual requirements, or any requirements of entry into, and performance of agreements (for example, processing your personal data in order to enable a payment transaction you initiate), which is essential for iPay legitimate interests.

We can also use information in other ways of which we specifically inform you on or before the data collection date. 

Legitimate interest

iPay may process personal data for specific lawful business purposes, including some of the following:

• to improve, modify, personalize or otherwise improve our services to the benefit of our clients and associates; 

• to identify and prevent fraud and violation of regulations, particularly those on money laundering and terrorism financing;

• to improve safety of our network and information systems; 

• to better understand individual interactions with our websites; 

• for direct marketing purposes;

• to communicate what we think might be of interest to you; 

• to determine effectiveness of promotional campaigns and advertisements. 

We shall ensure that, whenever we process data for the above purposes, we maintain at a high level and take into consideration your rights. You have the right to object to such processing. If you wish to do so, please contact us at This email address is being protected from spambots. You need JavaScript enabled to view it..

Please keep in mind that, if you exercise your right to object, this may affect our ability to carry out and provide services to your benefit, including a possibility that we may not be able to provide you a service at all (for example, to carry out a transaction or to issue a requested payment instrument). 

How we process and protect personal data

The collected data is processed automatically and for a certain period of time, in order to ensure that personal data are not kept longer than necessary. 

We implement administrative, technical and physical protection measures designed to protect personal data you provide against accidental, unlawul or unauthorized destruction, loss, modification, access, disclosure or use. 

In order to ensure adequate safety and confidentiality of personal data, we have implemented the following safety measures: 

• Encoding data in transit;

• Intense authentication;

• Reinforced network infrastructure;

• Network monitoring solutions;

How long we keep the collected data

In our systems we keep personal data collected in a manner which allows for identification of a data subject for no longer than is necessary for purposes for which such data is collected or further processed. 

We determine this period of time by taking into account: 

• Necessity of retaining the stored personal data in order to provide the services established with a user; 
• Protection of iPay’s legitimate interests, as described in Purpose of data collection section above;
• Applicable regulations. 

Forwarded information

We do not publish the personal data collected on you, except as set forth herein or in special notices-policies provided in respect of certain activities. 

We may forward personal data to the payment transaction participants. 

We do not authorize the participants to use or publish information, unless that is necessary in order to provide services on our behalf and in accordance with regulations. 

Additionally, we may disclose your personal data if we are required to do so by law or any government authority in accordance with their statutory requirements, or when be believe that such disclosure is necessary or proper in order to prevent a physical damage or financial loss, or in connection with investigation of any suspected or actual fraudulent or unlawful activity. 

We also reserve the right to transfer your personal data in the event of disposal of our business or assets, or any part thereof. 

The countries to which we may transfer you personal data may be:

• Within the European Union

• Outside the European Union

Your rights as a data subject

Where provided for by law, a subject data may exercise the following special rights: 

• The right of access: The data subject has the right to access his/her personal data to verify whether such personal data is processed in accordance with law 
• The right to rectification: The data subject has the right to request to have his/her personal data rectified or completed, in order to protect accuracy of such information and data processing adaptation.
• The right to erasure: The data subject has the right to request iPay to erase and to no longer process his/her personal data.
• The right to restrict processing: The data subject has the right to request iPay to restrict processing of his/her personal data.
• The right to data portability: The data subject has the right to request data portability, which means that he/she can receive his/her personal data provided initially in a structured or customary format, or request transfer of personal data to another data controller. 
• The right to object: The data subject providing his/her personal data to iPay has the  right to object at any time to the processing of his/her personal data, without giving any reason for such decision.
• The right not to be subject to automated individual decision making: The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
• The right to lodge a complaint with an authority: Any data subject has the right to lodge a complaint with a competent authority, especially in any EU member state where he/she resides, or in the place of actual or alleged violation, if he/she believes that the processing of his/her personal data is in violation of the applicable regulations. 

Where data processing is based on consent, the subject data may at any time withdraw his/her consent. 

Privacy Policy update

This Privacy Policy (including any amendments hereto) may be updated from time to time in order to reflect any legislative changes or to comply with iPay good business practice. 

We shall inform you of any significant changes by posting a notice on our websites and applications, indicating the last update date thereof. 

ACCEPTANCE

By accepting this Policy and using iPay services, you acknowledge that you are aware of this Policy and that you give us your permission for access, process and keep any information you provide in the manner set forth herein.