Rapidz Pay’s App & Debit Card Privacy Notice
Welcome to UAB Rapidz Pay’s Privacy Notice (“Privacy Notice”).
Our commitment is to safeguard your personal information, and we value your privacy. This Privacy Notice explains how UAB Rapidz Pay, its affiliates, and the Rapidz Pay family of companies (collectively referred to as “Company”, “Rapidz Pay”, “we”, “us”, or “our“) collect, use, manage, disclose, or otherwise process your personal data in accordance with the GDPR, as updated periodically. This applies when you use any of our platforms, products, services, or applications (collectively referred to as the “Services“), or interact with our mobile application (“App”), site, or any of Rapidz Pay’s websites (collectively referred to as the “Website“).
This Privacy Notice is applicable to personal data that we have access to or manage, as well as personal data that is under the control of third-party organizations that we have authorized to collect, use, manage, disclose or process personal data on our behalf.
1. Important information
The purpose of this Privacy Notice is to inform you about the collection and handling of your personal data when you use our Services, visit our Website, or provide personal data during registration for or use of our Services, subscription to alerts or newsletters, contacting us with inquiries or requests for assistance, participating in promotions, renewals or surveys.
Our Website and the Services are not meant for minors below 21 and we do not knowingly collect data relating to minors.
To ensure that you have a comprehensive understanding of how and why we use your personal data, we recommend that you review this Privacy Notice in conjunction with any other privacy policies or fair processing notices that we may provide when collecting or processing your personal data. This Privacy Notice serves as an addition to other policies and privacy notices, and is not meant to replace them.
Our Website and App may contain links to “Third Party Websites“, including plug-ins and applications. When you click on these links or enable these connections, third parties may collect or share your data. We have no control over these Third-Party Websites and their privacy policies. Thus, we are not accountable for their practices. We strongly advise you to review the privacy policies of every Third-Party Website you visit or use after leaving our Website or App.
2. Personal Data
The personal data that we may gather, use, process, manage, store and transfer about you varies based on your interaction with us.
As previously mentioned in the Identity Data section, we will acquire an image of your face to verify your identity during the onboarding process. This will be done with the assistance of our KYC vendors. If you refuse to provide your consent, we will not be able to register you and provide you with our Services.
We gather, employ, and exchange Aggregated Data, such as demographic and statistical information, for various purposes. Although this information may be obtained from your personal data, it is not classified as personal data since it does not reveal your identity, either directly or indirectly. For instance, we may combine your Usage Data to determine the number of users who access a particular feature on the Website. Nevertheless, if we combine Aggregated Data with your personal data to identify you directly or indirectly, we will handle the combined data as personal data, and it will be employed in accordance with this Privacy Notice.
If you refuse to provide personal data
If we require you to provide personal data by law or under the terms of an agreement we have with you and you decline to provide such information, we may not be able to fulfill our obligations to you, such as providing you with services. Consequently, we may have to terminate a product or service that you have with us, but we will inform you beforehand if that’s the case.
3. Collection of personal data
We generally do not collect your personal data unless:
a) we may receive your personal data in one of three ways: directly from you, from an organization that has engaged us to provide services to you, or from a third party who has been authorized by you to disclose your personal data to us. In all cases, the provision of personal data is voluntary.
i) have been notified of the purposes for which the data is collected or processed, and
ii) have provided written consent to the collection, processing and usage of your personal data for those purposes, or
b) collection, processing and use of personal data without consent is permitted or required by the GDPR or other laws.
Before collecting or processing any additional personal data or using your personal data for a purpose that has not been previously communicated to you, we will either obtain your consent or obtain an undertaking from the organization that has engaged us to provide services to you, confirming that you have consented, unless such collection, processing, or use of personal data is authorized or required by law.
Depending on the nature of your interaction with us, we may collect information from and about you from various sources including through:
Direct interactions. You have the option to provide us with your Identity, Contact and Financial Data through different means such as completing forms, providing a visual image of yourself through the Service, email, or any other appropriate channel. This includes personal data you provide when you:
● apply for our products or services;
● create an account;
● subscribe to our service or publications;
● make use of any of our Services;
● request marketing to be sent to you;
● enter a competition, promotion or survey; or
● give us feedback or contact us.
Third parties or publicly available sources. We may receive information about you from third parties, including employers, credit reference agencies, and fraud prevention agencies. These third parties may verify your personal data against information stored in other databases.
4. Use of personal data
We may collect, process, manage and/or use your personal data for any or all of the following purposes:
a. registering you as our new customer or user in connection with your request;
b. creating and delivering Services and features, either directly provided by us or through us, such as:
i) executing the Services, commercial or other transactions and requests;
ii) carrying out research, planning and statistical analysis;
iii) analytics for the purposes of developing our websites, products, services, security, service quality, advertising or customization strategies; or
iv) delivering relevant Website content and advertisements to you and measuring or assessing the effectiveness of the advertising we serve;
c. carrying out tasks as part of or related to providing the Services you have requested from us.
d. enforcing obligations owed to us;
e. verifying your identity before providing our Services, or responding to any of your queries, applications, requests, feedbacks and complaints;
f. conducting credit checks, screenings or due diligence checks as may be required under applicable law, regulation or directive;
g. risk, fraud, and crime prevention and detection measures, such as anti-money laundering, counter-terrorism, and sanction screening, to detect, investigate, report, and prevent financial crimes in a broader sense. We also abide by applicable laws and regulations, respond to complaints, and resolve them;
h. identifying and preventing any instances of misuse or abuse of services.
i. handling, responding to, assessing and processing applications, requests, instructions, queries, complaints, and feedback from you;
j. complying with any applicable laws, regulations, guidelines, codes of practice, rules, or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority;
k. managing your relationship with us or the organisation which have engaged or partnered with us;
l. managing, processing, collecting and/or transferring payment or credit transactions;
m. monitoring Services provided by or made available through us;
n. communicating with you, including providing you with updates on changes to Services (whether made available by us or through us) including any additions, expansions, suspensions and replacements of or to such Services and their terms and conditions;
o. sending you marketing information about our services and inform you about our marketing events, promotions, membership and rewards schemes, and other related initiatives.
p. managing our business operations and complying with internal policies and procedures;
q. reporting purposes including regulatory reporting, management reporting, audit and record keeping purposes;
r. administering and protecting our business, Website and App(s) including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data;
s. any other purposes for which you have provided the information;
t. sharing your personal data with third-party service providers, agents, and relevant governmental and regulatory authorities, who are not affiliated with us, for the purposes mentioned above.
u. to allow you to participate in a contest, competition, or complete a survey.
v. for purposes set out in the terms and conditions that govern our relationship with you or our customer; and
w. any other incidental business purposes related to or in connection with the above.
We aim to provide you options regarding how we use your personal data, specifically in regards to marketing and advertising.
Promotional offers from us
We may analyse your Identity, Contact, Technical, Transactional, Usage, and Profile Data to gain insight into your preferences and interests. Based on this analysis, we determine which products, services, and offers may be of interest to you.
You will receive marketing communications from us if you have requested information from us or purchased from us and you have not opted out of receiving that marketing.
We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
You have the option to stop receiving marketing messages from us or third parties at any time. To do so, you can click on the opt-out links included in any marketing message that has been sent to you.
If you choose to opt-out of marketing messages, this action will not affect the personal data that you provided to us in connection with a purchase, warranty registration, or any other transaction involving our products or services.
You have the option to configure your browser to reject or restrict certain types of cookies or to be notified when a website uses or sets cookies. If you decide to disable or block cookies, please keep in mind that certain parts of the Services or Websites may no longer be available or may not work as intended. If you want to know more about the cookies we use, please refer to our main Website.
Change of purpose
We will limit the use of your personal data to the original purpose for which we collected it, except in cases where we determine that using it for another purpose is compatible with the original purpose.
Even if your relationship with us has ended or changed, the purposes mentioned earlier may still apply for a reasonable period afterward, including enforcing any contracts with you or protecting our rights.
5. Disclosure of personal data
We may disclose your personal data:
a. where such disclosure is required for performing obligations in the course of or in connection with the provision of the services requested by you;
b. to third-party service providers, subcontractors, agents, UAB Rapidz Pay and other organisations we have engaged to perform any of the functions listed in clause 4 above for us; or
c. to other organisations which have engaged us to perform any of the functions listed in clause 4 above for and on their behalf pursuant to your request.
Third-party service providers are required to respect the security of your personal data and comply with the law by having written agreements with them. We don’t permit them to use your personal data for their own purposes and they are only allowed to process your personal data according to our instructions and for specific purposes.
We may pass your personal data to the following entities:
companies and organisations that assist us in verifying, processing or refunding transactions you make via our App or the Debit Card and in providing any of the Services that you have requested;
identity verification agencies to undertake required verification checks;
fraud prevention agencies to help fight against financial crime including fraud, money- laundering and terrorist financing;
mobile application developers;
organisations which assist us with customer service facilities;
anyone to whom we lawfully transfer or may transfer our rights and duties under the relevant Terms & Conditions governing the use of any of the Services;
any third party as a result of any restructure, sale or acquisition of our group or any Affiliates, provided that any recipient uses your information for the same purposes as it was originally supplied to us and/or used by us; and
regulatory and law enforcement authorities, whether they are outside or inside of the EEA, where the law allows or requires us to do so.
6. Deemed Consent by Notification
We may collect or use your personal data, or disclose existing personal data for secondary purposes that differ from the primary purpose which it had originally collected for pursuant to clauses 4 and 5. If we intend to rely on deemed consent by notification for such secondary purposes, we will notify you of the proposed collection, use or disclosure of your personal data through appropriate mode(s) of communication.
We will evaluate and confirm that collecting, using, or disclosing your personal data for secondary purposes will not have a negative impact on you before relying on implied consent through notification. If we do rely on implied consent, we will notify you through appropriate communication channels and provide you with a reasonable period to opt-out of the collection, use, and disclosure of your personal data for such purposes
After the opt-out period has ended, you have the option to withdraw your consent for the collection, use, or disclosure of your personal data in relation to those purposes that were deemed by notification, by notifying us that you no longer wish to consent to those purposes.
7. Reliance on Legitimate Interests Exception
In compliance with the GDPR, we may collect, use or disclose your personal data without your consent for our legitimate interests or for the legitimate interests of another. In relying on the legitimate interests exception of the GDPR, we will assess the likely adverse effects on the individual and determine that the legitimate interests outweigh any adverse effect.
8. International transfers
We have the right to transfer, store, process and handle your personal data by sharing it with UAB Rapidz Pay or external third-party service providers. This may require transferring your personal data to a location outside of where it was originally collected.
Regardless, we will adhere to the GDPR and other relevant laws governing data protection and privacy. We will take measures to ensure that your personal data is protected to a level that is at least equivalent to the protection provided under the GDPR, even if it is transferred outside the jurisdiction where it was originally collected.
9. Your rights
Under certain circumstances, you have rights under the GDPR in relation to your personal data.
Access to and correction of personal data
If you wish to make: a) an access request for access to a copy of the personal data which we hold or process about you or information about the ways in which we use, process or disclose your personal data; or b) a correction request to correct or update any of your personal data which we hold or process about you; you may submit your request in writing or via email to our Data Protection Officer.
Please note that a reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your request.
We will respond to your request as soon as reasonably possible. Should we not be able to respond to your request within forty-five (45) days after receiving your request, we will inform you in writing within forty-five (45) days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the GDPR).
As a security measure to ensure that personal data is not disclosed to any unauthorized person, we may need to request some personal data or information so that we can verify your identity when you request access to your personal data.
We may also contact you to ask you for further information in relation to your request to speed up our response.
Withdrawing your consent
Your consent for the collection, use, processing, and disclosure of your personal data will be effective until you decide to withdraw it in writing. You have the right to withdraw your consent and request us to cease using, processing, and/or disclosing your personal data for any or all of the purposes mentioned above by sending a written request or email to our Data Protection Officer using the contact details provided below.
When you send us a written request to withdraw your consent, we may need some time to process your request and to inform you of any potential consequences of doing so. The amount of time we need will depend on the complexity of the request and its impact on our relationship with you. Usually, we will process your request within forty-five (45) business days from the date of receiving it. However, we may take longer if the request is complicated. We will inform you of any legal implications that may affect your rights and obligations to us.
We respect your decision to withdraw your consent, but please be aware that this may impact the services you have requested from us. If this is the case, we will let you know before we proceed with your request. If you change your mind and want to cancel your withdrawal of consent, please let us know in writing using the methods described above.
Please note that withdrawing consent does not affect our right to continue to collect, use, process and/or disclose personal data where such collection, use, processing and/or disclosure without consent is permitted or required under applicable laws.
10. Protection of Personal Data
To safeguard your personal data from unauthorized access, collection, use, disclosure, copying, modification, disposal or similar risks, we have introduced appropriate administrative, physical, security and technical measures such as up-to-date antivirus protection, encryption and the adoption of privacy filters to secure all storage and transmission of personal data by us, and disclosing personal data both internally and to our authorized third party service providers and agents only on a need-to-know basis.
Depending on the nature of the risks presented by the proposed processing of your personal data, we will have in place the following appropriate security measures:
organisational measures (including but not limited to staff training and policy development);
technical measures (including but not limited to physical protection of data, pseudonymization and encryption); and
securing ongoing availability, integrity and accessibility (including but not limited to ensuring appropriate back-ups of personal data are held).
You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.
We have put in place procedures to deal with any suspected personal data breach and will notify you and/or GDPR of a breach where we are legally required to do so.
11. Accuracy of Personal Data
We primarily use the personal data provided by you or your authorized representative, so it’s essential that you keep us informed of any changes to your personal information. Please notify our Data Protection Officer in writing or via email using the contact details provided below to ensure that your personal data is up-to-date, complete and accurate.
12. Retention of Personal Data
We will store your personal data only for as long as necessary to achieve the purpose for which we collected it, or as permitted or required by the applicable laws. This may include complying with legal, regulatory, tax, accounting or reporting requirements. We may keep your personal data for a more extended period if there is a complaint or if we believe that litigation is likely regarding our relationship with you.
We will stop keeping your personal information, or eliminate the way in which the information can be connected to you, as soon as we think it’s reasonable to do so and it no longer serves the reason for which it was gathered, and there is no longer a legal or business justification to keep it.
13. Data Protection Officer
We have appointed a Data Protection Officer (DPO) who is responsible for overseeing enquiries in relation to this Privacy Notice. If you have any enquiries or feedback about this Privacy Notice, our privacy practices or if you wish to make any request pertaining to your rights in respect of your personal data, please contact our DPO Team in the following manner:
14. Effect of Privacy Notice and Changes to Privacy Notice
This Privacy Notice applies alongside any other relevant notices, clauses, or agreements that pertain to the collection, usage, disclosure, management, and processing of your personal data by us.
We may make changes to this Privacy Notice periodically and without prior notice. You can check the date of the last update to see if any changes have been made. Your continued use of our Services means that you accept and acknowledge any changes made to this Privacy Notice.