“DP Law” means data protection law as applicable to Paynote, including the EU General Data Protection Regulation 2016/679, its successors or implementing texts. “Personal Data” has the meaning set forth in DP Law. This notice covers our use of your Personal Data arising from use of the Paynote website (www.paynote.eu) as well as registering, subscribing, buying and using our products and Services. If you have any questions or need any further clarification please get in touch. Contact details are set out below in the Contact Us section.
- The types of Personal Data we collect and how it may be used;
- How and why we may disclose your Personal Data to third parties;
- The transfer of your Personal Data within of the European Economic Area (“EEA”);
- Your statutory rights concerning your Personal Data;
- The security measures we use to protect and prevent the loss, misuse or alteration of Personal Data; and
- Paynote’s retention of your Personal Data.
COLLECTION AND USE OF PERSONAL INFORMATION
- Personal Information We Collect
We collect the Personal Data which you provide directly to us or which we generate when you open a Paynote Account, perform any transactions on the Paynote Platform, or use other Paynote Services or our website. This may inсlude:
- Contact information, such as name, home address and email address;
- Account information, such as username, password, Account settings and preferences;
- Financial information, such as bank account numbers, bank statement and trading information;
- Identity verification information, such as images of your government-issued ID, passport, national ID card or driving licence.
- Residence verification information, such as utility bill details or similar information;
- Image in photo or video form (where required as part of our know-your-customer checks);
- Records of our discussions, if you contact us or we contact you (including records of phone and video calls);
- Information regarding the way in which you use our Services, such as when you used our Services, and the specific Services used; and
- Other information relating to communications with us, whether through the Paynote website or via e-mail, over the phone or via any other medium.
We also automatically collect certain computer, device and browsing information when you access the Paynote website or use Paynote Services. This information is aggregated to provide statistical data about our users’ browsing actions and patterns, and does not personally identify individuals. This information may inсlude:
- Computer or mobile device information, including IP address, operating system, network system, browser type and settings;
- Website usage information.
Finally, we may collect Personal Data from third-party partners and public sources, which inсlude:
- Reputational information;
- Financial information;
- Business activities of corporate customers.
We need to collect certain types of information for compliance with legal requirements relating to our anti-fraud/anti-money-laundering/counter-financing-of-terrorism/know-your-customer obligations. If this information is not provided we may not be able to provide a Service for you. Your Personal Data may also be processed if it is necessary on reasonable request by a law enforcement or regulatory authority, body or agency or in the defence of legal claims. We will not dеlete Personal Data if relevant to an investigation or a dispute. It will continue to be stored until those issues are fully resolved.
It is important to note that the Personal Data we collect on you when you create an Account will be retained for the mandatory retention period set forth by applicable law as it is necessary for us to maintain an exhaustive documentation of our operations as required from us as regulated financial sector professionals, even if your Account has not been successfully activated (e.g. if Account verification has not been completed) or no transaction has been made using it.
We use one or more third-party Service providers, to assist us in better understanding the use of our Site. Our Service provider(s) will place cookies on the hard drive of your computer and will receive information that we sеlect that will educate us on such things as how visitors navigate around our Site, what products are browsed and general Transaction information. Our Service provider(s) will analyse this information and provide us with aggregate reports. The information and analysis provided by our Service provider(s) will be used to assist us in better understanding our visitors’ interests in our Site and how to better serve those interests. The information collected by our Service provider(s) may be linked to and combined with information that we collect about you while you are using the Platform. Our Service provider(s) is/are contractually restricted from using the information they receive from our Site for any other purpose than to assist us.
If you want to avoid using cookies altogether, you can disable cookies in your browser. However, disabling cookies might make it impossible for you to use certain features of our website or Services, such as logging in to your Paynote Account or making Transactions.
For more information about cookies, the types of cookies we use and how we use them please see our coоkie Policy.
- How We Use Your Personal Information
We collect and use your information for a variety of reasons. We need some information to enter into and perform our contract – for example, your contact and payment details. Some information processing is required by law due to our anti-money laundering and anti-fraud screening obligations. Where we process special categories of personal data (for example, your biometric data during the verification process), we may ask for your consent, but may also, as permitted by law, rely on substantial public interest (regulatory requirements, preventing fraud, terrorist financing and/or money laundering) or our right to establish, exercise or defend legal claims.
Some information is processed because you have given your consent, which can be withdrawn. Other information we collect and use because we have legitimate business interests to do so, having taken into account your rights, interests and freedoms.
We may use your Personal Information to:
- Create and administer your Paynote Account and generally for accounting, billing, maintenance of legal documentation and claim and dispute management. Related processing operations are necessary for the performance of a contract with you (or to take steps at your request prior to entering into a contract) and for compliance with legal obligations to which we are subject;
- Process your Paynote transactions. Related processing operations are necessary for the performance of a contract with you and for compliance with legal obligations to which we are subject;
- Prevent fraud and other financial crimes. Related processing operations are necessary for compliance with legal obligations to which we are subject and for purposes of our legitimate interests (that is, developing and improving our anti-fraud system and meeting our legal responsibilities);
- Personalise your Paynote Services experience. Related processing operations are necessary for purposes of our legitimate interests (that is, improving our Services);
- Analyse Paynote website usage and improve our website and website offerings. Related processing operations are necessary for purposes of our legitimate interests (that is, improving and promoting our Services);
- Help us respond to your customer Service requests and support needs. Related processing operations are necessary for the performance of a contract with you and for purposes of our legitimate interests (that is, improving our Services and offering you the best experience);
- Contact you about Paynote Services. The email address you provide may be used to communicate information and updates related to your use of Paynote Services.
Automated Decision Making
We may make automated decisions on certain matters. For example, we may do this to decide whether we can provide our Services to you based on a credit check/risk profiling. Depending on the outcome of the credit check/risk profiling, a decision is reached automatically as to whether we are able to provide products or Services to you based on your credit worthiness.
If you disagree with the decision you are entitled to contest this by contacting us at the following email address: firstname.lastname@example.org
We may also occasionally communicate company news, updates, promotions and information relating to similar products and Services provided by Paynote. We may also administer a contest, promotion, survey or another site feature as is further explained on the website. We shall only do this where you have given us your consent or otherwise where we are permitted to do so under DP Law in pursuit of our legitimate interests (that is, promoting our Services).
We may share Personal Data with third parties to help us with our marketing and promotional projects, or sending marketing communications.
If you want to opt out of receiving promotional and marketing emails, text messages, posts and other forms of communication from us (or our promotional partners), which you might receive in accordance with this section, you can choose one of the following ways:
- Contact us at email@example.com and request to opt out.
If you do opt out of receiving promotional and marketing messages, we can still contact you regarding our business relationship with you, such as Account status and activity updates, survey requests in respect of products and Services we have provided to you after you have opted out, reservation confirmations or respond to your inquiries or complaints, and similar communications.
DISCLOSING AND TRANSFERRING PERSONAL DATA
We may disclose your Personal Data to third parties and legal and regulatory authorities and transfer your Personal Data outside the EEA, as described below.
- Disclosures to Third Parties
There are certain circumstances where we may transfer your Personal Data to employees, contractors and to other parties.
- We may use a processor to process personal and formal identification data for the purpose of verifying the identity of our users by using ID document verification and facial biometrics technologies. The processor may collect your full name, nationality, date of birth, gender, social security number, tax ID number, email address, phone number, IP address, passport details, driver’s license details and national identity card details. Additionally, the processor may collect a photograph or video of you to perform a facial or liveness check. Your biometric data will be destroyed immediately after the completion of the identity verification process;
- We may also share your information with certain contractors or Service providers. They may process your Personal Data for us, for example, if we use a marketing agency. Other recipients/Service providers inсlude advertising agencies, IT specialists, database providers, backup and disaster recovery specialists, email providers or outsourced call centres. Our suppliers and Service providers are required to meet our standards on processing information and security. The information we provide them, including your information, will only be provided in relation to the performance of their function;
- We may also share your information with certain other third parties. We will do this either when we receive your consent or because we need them to see your information to provide products or Services to you. These inсlude credit reference agencies, anti-fraud databases, screening agencies and other partners we do business with.
Your Personal Data may be transferred to other third-party organisations in certain scenarios:
- If we are discussing selling or transferring a part or all of our business – the information may be transferred to prospective purchasers under suitable confidentiality terms;
- If we are reorganised or sold, information may be transferred to a buyer who can continue to provide Services to you;
- If we are required to by law, or under any regulatory code or practice we follow, or if we are asked by any public or regulatory authority – for example law enforcement; and
- If we are defending a legal claim, your information may be transferred as required in relation to defending such claim.
Your Personal Data may be shared if it is made anonymous and aggregated, as in such circumstances the information will cease to be Personal Data.
Your information will not be sold, exchanged or shared with any third parties without your consent, except to provide Paynote Services or as required by law.
Paynote’s third-party Service providers are contractually bound to protect and use such information only for the purposes for which it was disclosed, except as otherwise required or permitted by law. We ensure that such third parties will be bound by terms complying with DP Law.
- Disclosures to Legal Authorities
We may share your Personal Data with law enforcement, data protection authorities, government officials and other authorities when:
- Compelled by court order or other legal procedure;
- Disclosure is necessary to report suspected illegal activity; or
- International Transfers of Personal Data
We store and process your Personal Data in data centers around the world, where Paynote facilities or Service providers are located. Such transfers are undertaken in accordance with our legal and regulatory obligations, and appropriate safeguards under DP Law will be implemented, such as standard data protection clauses, with data recipients or processors approved by competent authorities. A description of appropriate safeguards may be requested at the address set out in the Contact Us section.
YOUR STATUTORY RIGHTS
You have certain rights concerning your Personal Data under DP Law, as mentioned below, and can exercise them by contacting us at firstname.lastname@example.org
Access: you are entitled to ask us if we are processing your information and, if we are, you can request access to your Personal Data. This enables you to receive a copy of the Personal Data we hold on you and certain other information about it to check that we are processing it lawfully. We process a large quantity of information and can thus request, in accordance with DP Law, that before the information is delivered, you specify the information or processing activities to which your request relates.
Correction: you are entitled to request that any incomplete or inaccurate Personal Data we hold about you is corrected.
Erasure: you are entitled to ask us to dеlete or remove Personal Data in certain circumstances. There are also certain exceptions where we may refuse a request for erasure; for example, where the Personal Data is required for compliance with law or in connection with claims.
Restriction: you are entitled to ask us to suspend the processing of certain parts of your Personal Data; for example, if you want us to establish its accuracy or disclose the reason for processing it.
Transfer: you may request the transfer of a certain part of your Personal Data to another party.
Objection: where we are processing your Personal Data based on a legitimate interest (or that of a third-party) you may challenge this. However, we may be entitled to continue processing your information based on our legitimate interests or where this is relevant to legal claims. You also have the right to object where we are processing your Personal Data for direct marketing purposes.
Automated decisions: you may contest any automated decision made about you where this has a legally or similarly significant effect and ask for it to be reconsidered.
Where you have given consent to a particular processing, you have the right to withdraw such consent by email at email@example.com. Note that such withdrawal will only be effective for the future and that, according to DP Law, it does not affect the lawfulness of processing based on consent given before such withdrawal.
SECURITY OF PERSONAL DATA
We use a variety of security measures to ensure the confidentiality of your Personal Data, and to protect your Personal Data from loss, theft, unauthorised access, misuse, alteration or destruction. These security measures inсlude, but are not limited to:
- Password protected directories and databases;
- Secure Sockets Layered (SSL) technology to ensure that your information is fully encrypted and sent across the Internet securely; and
- PCI Scanning to actively protect our servers from hackers and other vulnerabilities.
All financially sensitive and/or credit information is transmitted via SSL technology and encrypted in our database. Only authorised Paynote personnel are permitted access to your Personal Data, and these personnel are required to treat the information as highly confidential. The security measures will be reviewed regularly in light of new and relevant legal and technical developments.
You are responsible for keeping your Account passcode, membership numbers and pin numbers safe and secure. Do not share those with anyone. If there is an unauthorised use or any other breach of security involving your information, you must notify us as soon as possible (see Contact Us).
RETENTION OF PERSONAL DATA
- How long you have been a Paynote member;
- Whether there are contractual or legal obligations that exist that require us to retain the data for a certain period of time;
- Whether there is any ongoing legal or financial claim that relates to your relationship with us;
- Whether any applicable law, statute or regulation allows for a specific retention period; and
- What the expectation for retention was at the time the data was provided to us.
In accordance with our record-keeping obligations, we will retain Account and other Personal Data for at least five years (in some cases up to ten years, as required by applicable law) after an Account is closed.
DP Law. Stands for Data Protection Law applicable to Paynote, including the EU General Data Protection Regulation 2016/679, its successors or implementing texts as well as equivalent legislation, which is applies to the processing of Personal Data by Paynote;
Personal Data. Information that identifies an individual, such as name, address, e-mail address, trading information and banking details. Personal Data does not inсlude anonymised and/or aggregated data that does not identify a specific user;
Service(s). The technological platform, functional rules and market managed by Paynote to permit Sellers and Buyers to perform purchase and sale transactions of Bitcoins.
Transaction. Includes the following:
- The agreement between Buyers and the Sellers to exchange Bitcoins through the Service for currencies at a mutually agreed rate;
- Exchange bitcoin for fiat money;
- Exchanging fiat money for bitcoin.
You may also contact us at:
- Estonia: +372 55650980
- Spain: +34 689346191