Safe Payments Solutions s.r.o. (hereinafter referred to only as the “KoalaPays”) with registered seat at Kameníčkova 1114/2, 616 00 Brno – Žabovřesky, company ID 06419526, registered at the Commercial Register held at the Regional Court in Brno, section C, insert 119406. KoalaPays is a small-scale electronic money issuer, defined in act No. 370/2017 Coll., on Payment Services.
When performing our activities, we observe the following legal rules and regulation: Czech act No. 101/2000 Coll., on the Protection of Personal Data and on Amendments to Certain Acts, as amended (hereinafter referred to only as the „DPA”), coming into effect on May 25, 2018, the General Data Protection Regulation (EU) 2016/679, on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/ES (hereinafter referred to only as the „GDPR”).
In KoalaPays, we perceive as important not only the clients, but also their personal data, the protection of which is paramount to us.
Based on this, we proceed with their protection with the utmost professionalism, care and always in accordance with legal rules and regulations.
Therefore, we would like to introduce you to the way data processing takes place in our company. In addition, you will learn what data we collect as part of our processes and also what rights you can exercise.
Principles, we observe in relation to the personal data, are the following two:
All data are processed for the purpose of execution and quality improvement of services provided by KoalaPays. Pursuant to act No. 101/2000 Coll. and the GDPR, we are entitled to process your personal data (hereinafter referred to as “PD”) within the following extent:
For the purpose of meeting mandatory requirements for data controller pursuant to sec. 9 of the Act No. 253/2008 Coll., on Certain Measures against the Legalization of Proceeds from Crime and the Financing of Terrorism (hereinafter referred to as the “AML Act”).
The time of PD processing is 10 years from the execution of the transaction or from the termination of the business relationship between You and the data controller (whichever occurs later). As a data subject, you are aware that you cannot revoke this consent.
Hereby you provide your consent to the fact that data controller is entitled to provide this data to the relevant state authorities upon request from them.
Based on sec. 2 par. 1b) point 5 of the “AML Act”), we are an obliged entity.
Pursuant to sec. 7, 8 of the AML Act, the obliged person shall identify its clients within the scope of the personal data listed herein in order to prevent abuse of the financial system for money laundering and terrorist financing, and in cases stipulated by law.
When processing personal data, we make sure that the rights of individuals in connection with the processing of personal data are not impaired. At the same time, we are obliged to comply with the provisions of the relevant legal rules and to apply appropriate measures to protect the rule of law, democratic society and its specific important interests, as set out below.
If a particular breach of personal data security is likely to result in a high risk to the rights and freedoms of the data subject, the data controller shall notify client of such breach without undue delay.
As a data subject, you acknowledge the above and further acknowledge the instructions herein related to your rights.
In the event that we wish to process other data or use the data for purposes other than those listed above, we may do so only on the basis of a valid consent to the processing of personal data. You provide us your consent to the processing of personal data obtained in this way separately.
Personal data provided by you are stored by KoalaPays. We do not provide them to any other third party, as to those that support services and commercial communications (unless you have provided your consent to their sending).
Based on the applicable legal rules, we are obliged to cooperate with the relevant authorities in cases of suspected criminal activity. We transfer the data stored by us to national administrative bodies or other authorities only if required by law.
We do not transfer your personal data to third countries, unless it’s required on the basis of law or the provision of services or legitimate interest. Otherwise, we will require your consent.
For the purpose of sending commercial communications (only with your consent, you have provided by the agreement to these privacy policies), we provide your personal data, more specifically the name, surname (and the username selected by the user) and e-mail to the following processors:
These entities are bound by confidentiality and they may never use your personal data for any other purpose than the agreed one.
The period for which we are obliged to retain certain data, is determined by law. We store clients’ personal data for the duration of the contractual relationship and subsequently for 10 years after the termination of the contractual relationship. Other personal data that we process for the fulfillment of obligations arising from special legal regulations are processed only for the period specified by these regulations.
If necessary, personal data is used to protect the legitimate interests of KoalaPays. They are processed for the time necessary to exercise these rights.
1. Right of access to personal data
KoalaPays may issue confirmation to you stating if personal data is or is not processed (under sec. 12 of DPA). If we process your data, you have the right to get access to them as well as to the following information:
The right of erasure shall not apply where the processing is necessary for the meeting of legal obligations, for the determination, execution or defence of legal claims and other cases determined in the GDPR.
KoalaPays is obliged to notify individual recipients to whom personal data have been disclosed of any rectifications or erasures of personal data or restrictions on processing, except in cases where this proves impossible or requires an inadequate effort. If requested by the data subject, KoalaPays shall inform the data subject of these recipients.
You have the right to raise objection to the processing of personal data about yourself, which are processed by KoalaPays on the basis of a legitimate interest. In such case, at first, KoalaPays is obliged prove legitimate ground for processing, which outweighs the individual interests or rights of the client, and only then can it continue their processing or terminate it, if it does not prove legitimate grounds for processing.
If a particular breach of personal data security is likely to result in a high risk to the rights and freedoms of individuals, KoalaPays will report such breach to the data subject without undue delay.
2. Right to data portability
You have the right to obtain personal data that concerns you as a personal data subject and that you have provided to KoalaPays in a structured, commonly used and machine-readable format, and to pass this data on to another data controller without the original administrator’s consent.
At the same time, the data subject shall (if he or she requests so) have the right to have his or her personal data transmitted in a structured, commonly used and machine-readable format to another controller, if it’s technically feasible.
Common conditions for the application of the right to data portability:
When exercising the right to data portability, care must be taken to ensure that the rights and freedoms of others are not adversely affected.
3. Right to raise objection at supervisory body
If the data subject is convinced that KoalaPays does not process his personal data in compliance with legal rules, he/she has the right to raise objection with the supervisory authority – the Data Protection Authority (Úřad pro ochranu osobních údajů) with its registered seat at Pplk. Sochora 27, 170 00 Prague 7, e-mail: email@example.com, phone: 234 665 125.
If we process any of your personal data on the basis of your consent, you have the right to withdraw your consent to the processing of personal data at any time in writing by sending an e-mail to our e-mail address firstname.lastname@example.org.
In the meantime, why not check out our blog?