Paytech Achieves PCI DSS Level 1: Elevating Payment Security and Trust
Privacy policy
Last Update: September 1, 2023 at 1:54 PM
Introduction
PT SOFTWARE SOLUTIONS LIMITED values your privacy and is committed to protecting your personal information.
This Privacy Policy (‘Policy’) explains how PT SOFTWARE SOLUTIONS LIMITED (collectively, with its subsidiaries and affiliates, ‘PT Software, ‘we’, ‘us’, ‘our’), a Company incorporated under the laws of the Republic of Cyprus with registration number ΗΕ 440168, being a Data Controller, collects and processes your personal information, i.e. information collected online and offline, in accordance with the General Data Protection Regulation (2016/679) and the applicable Data Protection Laws of the Republic of Cyprus (‘the Law’).
Definitions
‘Data Controller’ means the person or organization which determines when, why and how to process Personal Data and implements appropriate technical and organizational measures to comply with the Law;
‘Data Protection Officer’ means the person who is formally appointed with the purpose of ensuring that we are aware of and comply with our data protection responsibilities and obligations according to the Law;
‘Data Subject’ means a living, identified or identifiable natural person about whom we hold Personal Data;
‘Personal data’ means data about the Data Subject who can be identified: (a) from that data; or (b) from that data and other information to which we have or are likely to have access.
‘Processing’ means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaption or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure or destruction;
‘Special Categories of Personal Data’ means the information revealing racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, biometric or genetic data.
The information that we process may include Special Categories of Personal Data. We always ensure that Processing is only carried out where a lawful basis for Processing exists and in accordance with the Law.
For the purposes of this Policy, Personal Data includes Special Categories of Personal Data;
‘the Law’ means the General Data Protection Regulation (2016/679) (GDPR) and the applicable Data Protection Laws of the Republic of Cyprus;
‘Third Party’ means the recipient of your Personal Data as defined below.
The Principals of Law
- Lawfulness, fairness and transparency: Personal Data shall be processed in a lawful, fair and transparent manner;
- Purpose Limitation: Personal Data shall be obtained only for specific, lawful purposes and not further processed in a way that is not compatible with those purposes;
- Data Minimization: Personal Data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which is processed (not excessive);
- Accuracy: Personal Dara shall be accurate and kept up to date; e. Storage Limitation: Personal Data shall not be held for any longer than necessary;
- Confidentiality and Integrity: Personal Data shall be processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, using appropriate technical or organizational measures.
The kind of information we collect about the Data Subjects
The purpose of the Processing of the Personal Data of the Data Subjects is largely based on each of the Services that the Data Subject has requested. In general, the Personal Data is processed, within the scope of the business relationship with the Data Subjects.
- Contact details (e.g. names, email address, telephone numbers);
- Demographic details (e.g. nationality, gender, age group);
- Personal Correspondence (e.g. emails that you send to us, information posted publicly on our social media channels);
- Insurance information and policies;
- Bank and account details (to process or collect payments made in connection with our Services to the client);
- IP address, when you log onto our website;
- Any additional information that can be necessary for the provision of particular Services.
On what legal basis do we process the Personal Data
We may collect, storage, use and disclose Personal Data for any or all of the following purposes:
- Are necessary for the performance of an agreement/contractual relationship between the Data Subject and PT Software (e.g. we need to process the Personal Data of a Client in order to fulfil the Services requested or to follow up on client’s case);
- The Data Subject has given consent to the processing of his/her Personal Data for a specific purpose – by email, by text etc. Consent may be withdrawn at any 4 time by contacting our Data Protection Officer at the contact details provided below.
- Processing of the Personal Data is necessary in order to protect the vital interests of the Data Subject or of another natural person;
- Are necessary for compliance with a legal obligation;
- Are necessary for the purposes of the legitimate interests pursued by PT Software or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject which require protection of Personal Data.
- Is required for complying with the Law and/or any applicable law or to assist in law enforcement and investigations and/or upon governmental/ competent authority requests. We do not carry out any decision-making activities, including profiling, using your Personal Data.
Who Receives your Personal Data
Your Personal Data are only accessible by the following Third Parties:
- The employees with a need for access to fulfill the purposes set out above;
- Any of our sub-contractors and/or service providers and/or associates, including but not limited to Accountant/Auditors, Legal Representatives, IT service providers, Credit/Debit Card Processing Companies which process credit/debit card payments, Feedback software providers;
In case of an absence of your consent, your Personal Data will not be disclosed to any Third Party, other than the above-mentioned, unless the disclosure is required and/or mandatory under the provisions of any legislation, regulation or upon governmental, supervisory, competent authority request.
Our employees are compliant with our internal Data Protection Policies and Procedures and have signed a Confidentiality and Non – Disclosure Agreement.
When we enter to an engagement with a Third Party pursuant to which your Personal Data may be processed by that party, we enter into a processing agreement with that party in order to ensure that this Third Party processes the Personal Data strictly according to our instructions and implements the appropriate administrative, physical and technical measures to protect the Personal Data from unauthorized or accidental use, collection, access, damage, loss or disclosure.
Transferring your Personal Data outside European Union (‘EU’) and European Economic Area (‘EEA’)
We generally do not transfer your Personal Data to countries outside of EU and EEA (‘Third Countries’), except where required by the purposes set out in this Policy. If we need to transfer any Personal Data to Third Countries, we always ensure that the transfer meets the relevant requirements of the Law and we take all steps required to ensure that your Personal Data continues to receive our standards of protection.
When can Personal Data be transferred outside of the EU and the EEA
- If the European Commission has made a finding that the Third Country, territory or sectors within the Third Country ensures an adequate level of privacy protection (Adequacy Decision).
- The Third Party has signed the standard data protection clauses (i.e. contract) adopted by the European Commission and agreed to apply the privacy standards of protection of the European Union.
- The Data Subject has provided consent to the transfer.
Retention of Personal Data
We will retain the Personal Data of the Data Subjects for as long as it is necessary to fulfil the purpose for which it was collected (including for the purposes of satisfying any legal, accounting or reporting requirements). We will cease to retain Personal Data of the Data Subjects or remove the means by which the Personal Data can be associated with them (i.e. anonymize the Personal Data*) as soon as this retention no longer serves the purposes for which the Personal Data were collected (except where retention is required by applicable laws).
*Anonymize the Personal Data=The Personal Data has been de-identified by removing certain identifiers, making it unlikely that any person could be identified.
Protection of Personal Data
To safeguard all Personal Data from unauthorized access, collection, use, damage, loss disclosure, copying or similar risks, we have introduced appropriate administrative, physical and technical measures such as up to date antivirus protection, encryption and the use of privacy filters to secure all storage and transmission of Personal Data to Third Parties. We also allow access to Personal Data only to those employees who need to know such data and they will only process Personal Data on our instructions. However, no method of transmission over the internet or method of electronic storage is completely secure. While security cannot be guarantee, we try to protect the security of the Data Subject’s Personal Data and we constantly review and enhance our information security measures.
The rights of the Data Subjects in relation to their Personal Data
- Right to access:
Request access to their Personal Data (commonly referred to as a “data subject access request”). This enables the Data Subjects to receive a copy of their Personal Data PT Software holds about them and to check that Pt Software is lawfully processing it; - Right to rectification:
Request to correct or update any of their Personal Data which PT Software holds. This enables the Data Subjects to have any incomplete or inaccurate information PT Software holds about them corrected; c. Right to data portability: Request the transfer of the Personal Data to another party; - Right to erasure:
Request erasure of their Personal Data. This enables the Data Subjects to ask PT Software to delete Personal Data where there is no good reason for us continuing to process it (e.g. where there is a legal obligation to keep that data, e.g. compliance with the obligation of keeping medical records). - Right to restrict processing:
Request to restrict the use of their Personal Data; f. Right to object: Data Subjects have the right to object to the collection and use of their Personal Data; - Right to lodge a complaint:
Data Subjects have the right to lodge a complaint about the use of their Personal Data directly with us by contacting our Data Protection Officer on one of the contact details below or directly with the Office of the Commissioner for Personal Data Protection in Cyprus at the contact details below:
Office address: Iasonos 1, 1082 Nicosia, Cyprus
Postal address: P.O. Box 23378, 1682 Nicosia, Cyprus
Tel: +357 22818456
Fax: +357 22304565
Email: commissionerdataprotection.gov.cy
How can you exercise your rights in relation to your Personal Data
If you wish to exercise any of your rights, you may contact our Data Protection Officer in writing or via email at the contact details provided below:
Name: PANAYIOTIS Z. TOULOURAS LLC
Address: Rafail Santi 58, NEFELI COURT 11, Ground Floor, 6052, Larnaca, Cyprus
Email: [email protected]
The Data Protection Officer has the right to require the individual making the request to provide certain identification documents/information to be able to verify his/her identity.
The Data Protection Officer will respond to your requests within thirty (30) days after receiving your email/letter.
Effect of Policy and Changes to Policy
We keep this Policy under review, and we may modify it from time to time without any prior notice. You should review our Policy on our website periodically to ensure that you are aware of any such modifications/updates.