KoalaPays Privacy Policy

Safe Payments Solutions s.r.o. (hereinafter referred to only as the “KoalaPays”) with registered seat at Kameníčkova 1114/2, 616 00 Brno – Žabovřesky, company ID 06419526, registered at the Commercial Register held at the Regional Court in Brno, section C, insert 119406. KoalaPays is a small-scale electronic money issuer, defined in act No. 370/2017 Coll., on Payment Services.

When performing our activities, we observe the following legal rules and regulation: Czech act No. 101/2000 Coll., on the Protection of Personal Data and on Amendments to Certain Acts, as amended (hereinafter referred to only as the „DPA”), coming into effect on May 25, 2018, the General Data Protection Regulation (EU) 2016/679, on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/ES (hereinafter referred to only as the „GDPR”).

In KoalaPays, we perceive as important not only the clients, but also their personal data, the protection of which is paramount to us.

Based on this, we proceed with their protection with the utmost professionalism, care and always in accordance with legal rules and regulations.

Therefore, we would like to introduce you to the way data processing takes place in our company. In addition, you will learn what data we collect as part of our processes and also what rights you can exercise.

Principles, we observe in relation to the personal data, are the following two:

  1. Necessity – We collect data about you only on the basis of necessity. These are primarily your identification and contact information, which we need to meet legal requirements and are also important to ensure the quality of our services, because thus, we can identify our client and his individual requirements better.
  2. Security – with KoalaPays, you don’t have to be afraid of the security of your personal data.

  • I - Scope of Personal Data Processing
    • All data are processed for the purpose of execution and quality improvement of services provided by KoalaPays. Pursuant to act No. 101/2000 Coll. and the GDPR, we are entitled to process your personal data (hereinafter referred to as “PD”) within the following extent:

      • 1) for natural persons: name, surname, (middle name- if applicable), title, birth number, or date of birth, place of birth, gender; address of permanent residence or other residence and citizenship, telephone number, e-mail delivery address; copies of personal documents proving your identity
      • 2) for legal entity: company name, trading name, company type, reg. number/TIN, date of incorporation, company address, business sector/industry, (incl. licence details – if applicable), company website URL identification of directors, shareholders and ultimate beneficial owners incl. their personal data; copies of relevant corporate documents
      • 3) for natural persons engaged in business: trade name/brand (potentially, if different from company name), place of business, business registration details and identification number of the person
      • 4) data on executed and canceled payment transactions: bank account number incl. name of the account holder; details of any credit, debit or other payment card, including PAN number, expiration date and name of the payment card holder; copies of supporting documents requested for transaction monitoring purpose
      • 5) entire communication.
      • 6) information obtained from questionnaires or similar forms that you may be asked to complete
      • 7) IP address and connection times of your device
      • 8) data about your visits to our website, especially traffic data, location data, weblogs, etc., as well as data about your behavior in the Internet environment

      For the purpose of meeting mandatory requirements for data controller pursuant to sec. 9 of the Act No. 253/2008 Coll., on Certain Measures against the Legalization of Proceeds from Crime and the Financing of Terrorism (hereinafter referred to as the “AML Act”).

      The time of PD processing is 10 years from the execution of the transaction or from the termination of the business relationship between You and the data controller (whichever occurs later). As a data subject, you are aware that you cannot revoke this consent.

      Hereby you provide your consent to the fact that data controller is entitled to provide this data to the relevant state authorities upon request from them.

      Based on sec. 2 par. 1b) point 5 of the “AML Act”), we are an obliged entity.

      Pursuant to sec. 7, 8 of the AML Act, the obliged person shall identify its clients within the scope of the personal data listed herein in order to prevent abuse of the financial system for money laundering and terrorist financing, and in cases stipulated by law.

      When processing personal data, we make sure that the rights of individuals in connection with the processing of personal data are not impaired. At the same time, we are obliged to comply with the provisions of the relevant legal rules and to apply appropriate measures to protect the rule of law, democratic society and its specific important interests, as set out below.

      If a particular breach of personal data security is likely to result in a high risk to the rights and freedoms of the data subject, the data controller shall notify client of such breach without undue delay.

      As a data subject, you acknowledge the above and further acknowledge the instructions herein related to your rights.

      In the event that we wish to process other data or use the data for purposes other than those listed above, we may do so only on the basis of a valid consent to the processing of personal data. You provide us your consent to the processing of personal data obtained in this way separately.

  • II - Personal Data Processors and their Recipients
    • Personal data provided by you are stored by KoalaPays. We do not provide them to any other third party, as to those that support services and commercial communications (unless you have provided your consent to their sending).

      Based on the applicable legal rules, we are obliged to cooperate with the relevant authorities in cases of suspected criminal activity. We transfer the data stored by us to national administrative bodies or other authorities only if required by law.

      We do not transfer your personal data to third countries, unless it’s required on the basis of law or the provision of services or legitimate interest. Otherwise, we will require your consent.

      For the purpose of sending commercial communications (only with your consent, you have provided by the agreement to these privacy policies), we provide your personal data, more specifically the name, surname (and the username selected by the user) and e-mail to the following processors:

      • Sendinblue

      These entities are bound by confidentiality and they may never use your personal data for any other purpose than the agreed one.

  • III - Period of Data Retention
    • The period for which we are obliged to retain certain data, is determined by law. We store clients’ personal data for the duration of the contractual relationship and subsequently for 10 years after the termination of the contractual relationship. Other personal data that we process for the fulfillment of obligations arising from special legal regulations are processed only for the period specified by these regulations.

      If necessary, personal data is used to protect the legitimate interests of KoalaPays. They are processed for the time necessary to exercise these rights.

  • IV - Rights of the Client
    • 1. Right of access to personal data

      KoalaPays may issue confirmation to you stating if personal data is or is not processed (under sec. 12 of DPA). If we process your data, you have the right to get access to them as well as to the following information:

      • 1) the purpose of personal data processing
      • 2) categories of personal data and the information available on their source
      • 3) recipients to whom the personal data will be or have been made available
      • 4) planned retention period for personal data
      • 5) right to request an explanation of personal data processing (personal data controller or processor on the basis of sec. 21 of the DPA)
      • 6) right to request the personal data controller to rectify or erase personal data. Erasure is related to client’s personal data, where personal data are no longer needed for the purposes for which they were collected or otherwise processed, the client has revoked the consent for processing (and KoalaPays no longer has a legal ground (justification) to process them), they were processed against the law, following the objection raised it’s proved that there’s no legitimate reason for their processing, they must be erased to fulfill mandatory requirements under the EU or Czech law
      • 7) the right to ask the controller to restrict the processing of personal data or to raise an objection to such processing
      • 8) the right to request the controller to rectify incorrect or inaccurate personal data in relation to the client
      • 9) the right to lodge a complaint with supervisory authority
      • 10) obtain available information about the source of personal data if it is not obtained from yourself
      • 11) right to request a copy of processed personal data

      The right of erasure shall not apply where the processing is necessary for the meeting of legal obligations, for the determination, execution or defence of legal claims and other cases determined in the GDPR.

      KoalaPays is obliged to notify individual recipients to whom personal data have been disclosed of any rectifications or erasures of personal data or restrictions on processing, except in cases where this proves impossible or requires an inadequate effort. If requested by the data subject, KoalaPays shall inform the data subject of these recipients.

      You have the right to raise objection to the processing of personal data about yourself, which are processed by KoalaPays on the basis of a legitimate interest. In such case, at first, KoalaPays is obliged prove legitimate ground for processing, which outweighs the individual interests or rights of the client, and only then can it continue their processing or terminate it, if it does not prove legitimate grounds for processing.

      If a particular breach of personal data security is likely to result in a high risk to the rights and freedoms of individuals, KoalaPays will report such breach to the data subject without undue delay.

      2. Right to data portability

      You have the right to obtain personal data that concerns you as a personal data subject and that you have provided to KoalaPays in a structured, commonly used and machine-readable format, and to pass this data on to another data controller without the original administrator’s consent.

      At the same time, the data subject shall (if he or she requests so) have the right to have his or her personal data transmitted in a structured, commonly used and machine-readable format to another controller, if it’s technically feasible.

      Common conditions for the application of the right to data portability:

      • 1) it must be processed based on a legal ground, consent or contract
      • 2) processing is performed automatically.

      When exercising the right to data portability, care must be taken to ensure that the rights and freedoms of others are not adversely affected.

      3. Right to raise objection at supervisory body

      If the data subject is convinced that KoalaPays does not process his personal data in compliance with legal rules, he/she has the right to raise objection with the supervisory authority – the Data Protection Authority (Úřad pro ochranu osobních údajů) with its registered seat at Pplk. Sochora 27, 170 00 Prague 7, e-mail: posta@uoou.cz, phone: 234 665 125.

  • V - Up-to-date version of Privacy Policy
    • An up-to-date version of Privacy Policy will always be available at www.koalapays.com. If there is a material change in the way personal data is handled under this Privacy Policy, KoalaPays will inform the data subjects by visibly publishing a notice prior to the implementation of these changes. KoalaPays recommends that you review the Privacy Policy on an ongoing basis.

  • VI - Right to withdraw consent to personal data processing
    • If we process any of your personal data on the basis of your consent, you have the right to withdraw your consent to the processing of personal data at any time in writing by sending an e-mail to our e-mail address legal@koalapays.com.

Thank you for contacting us

We have received your enquiry and will respond to you as soon as possible.

In the meantime, why not check out our blog?