Porterpays understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of everyone who visits our websites, (“Our Sites”) or uses our Services. We will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law.

This Privacy Statement informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Services and the choices you have associated with that data.

We use your data to provide and improve our Services. Your acceptance of this Privacy Statement is deemed to occur upon your first use of our website and service and you will be required to read and accept this Privacy Statement when signing up for an Account. If you do not accept and agree with this Privacy Statement, you must stop using our service immediately.

PERSONAL DATA

Means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data or an online identifier;

ACCOUNT

Means a Porterpays user account;

PROCESS

Means any method or way that we handle Personal Data such as collection, organisation, storage, adaption, alteration, transmission, dissemination, restriction, erasure or destruction;

SERVICES

Means any Porterpays service, content, features, function, website and applications;

LEGITIMATE INTEREST

Means the business requirements to manage and offer the Porterpays services or to comply with legal obligations;

The organisation size is between 3 to 10 employees. The business is solely located in Malta

DATA CONTROLLER DETAILS

Email Address: [email protected]

Postal Address: 7, Robert Mifsud Bonnici Street, Lija LJA1401, MALTA

DATA PROTECTION OFFICER DETAILS

Email Address: [email protected]

We may process your personal data for various reasons that are justified under the data protection legislation. These include:

To operate the website and provide payment and associated services, authenticate your access to an account or to correspond with you and offer support

To perform compliance checks, such as verification of your identity, and helping to detect fraudulent or malicious activity on our site or services

To maintain our accounts and records

To manage our business needs, such as monitoring, analysing, and improving the Services and the Sites’ performance functionality

To comply with all applicable laws and regulations

With your permission and/or where permitted by law, we may also use your personal data:

For marketing purposes, which may include contacting you by email with information, news, and offers on our products or services. You will not be sent any unlawful marketing or spam. Every email will contain an option to unsubscribe easily from such marketing email. This can also be done from your administration console. We may also process your personal data to tailor certain services or site experiences to better match our understanding of your interests.

To provide personalised services on third-party websites and online services. We may use your personal data and other information collected in accordance with this Privacy Statement to provide a targeted display, feature or offer to you on third-party websites. We may use cookies and other tracking technologies to provide these online services and/or work with other third parties such as advertising or analytics companies to provide these online services.

Please also see our Cookies Statement for more information about our use of Cookies and similar technologies. We will always work to fully protect your rights and comply with our obligations under the Data Protection Legislation and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and you will always have the option to opt-out.

We will only use your personal data for the purpose(s) for which it was originally collected unless we reasonably believe that another purpose is compatible with that or those original purpose(s) and need to use your personal data for that purpose. If we need to use your personal data for a purpose that is unrelated to, or incompatible with, the purpose(s) for which it was originally collected, we will inform you and explain the legal basis which allows us to do so.*In some circumstances, where permitted or required by law, we may process your personal data without your knowledge or consent. This will only be done within the bounds of the Data Protection Legislation and your legal rights.

We collect different types of information for various purposes to provide and improve our Service to you. Depending upon your use of our service or website we may collect and hold some or all the personal (and non-personal) data set out in the table below, using the methods also set out in the table. Please also see our Cookies Policy for more information about our use of Cookies and similar technologies. We do not collect any ‘special category’ or ‘sensitive’ personal data or personal data relating to children or data relating to criminal convictions and/or offences as instructed during your onboarding process.

CUSTOMER SUPPORT INFORMATION FROM THE WEBSITE CONTACT FORM, CONTACT EMAIL ADDRESS OR SUPPORT EMAIL, [email protected]

We collect support information and other communications received through the website contact form or support emails, including:

Name, surname

Job title

Email address

Phone number

Your company/organisation details

IP address

REGISTRATION INFORMATION

For business users who make use of our services and business consoles we may collect:

Business address / city / state / country / postal code

Title, department, name, surname

Business Email

Business phone number, mobile number

Authentication details / security question and answer

Language preference

Personal information about the compliance contact for the Business (name, surname, and business email and phone number)

Business bank details (bank name, bank identification number, bank address, currency, bank holder name)

Business ultimate beneficial owner information, including, but not limited to source of wealth, personal information* and personal identification document (Passport or National ID).

Business director personal information*, including, but not limited to personal information, personal identification document (Passport or National ID), and curriculum vitae.

*Personal information for Business ultimate beneficial owner and/or Directors shall include full name, date of birth, personal contact email or phone number.

TRANSACTION AND ASSOCIATED INFORMATION

For the purpose of carrying out transactions we may process the following information:

Service provider(s) or licensed financial institution involved in the transaction

Bank account details and payment scheme

Merchant(s) where spending or payment is done using a virtual card or using normal bank transfers method

Payment references added with the transaction

Reason for payment

Session information: login attempts, login IP address(es), session information, login browser user agent(s), geolocation information

CONNECTED ACCOUNTS VIA OPEN BANKING INFORMATION

For the purpose of carrying out transactions via open banking from third-party individuals or businesses that are paying to a customer Account, we may process the following information as provided by the counter-bank of the third-party individual or business:

Bank holder name (first name and last name, or company name)

Bank account currency

Bank name

Bank address

Bank identification number (IBAN or account number)

Bank code

Bank country

AUTOMATED PAYABLES OR RECEIVABLES

For the purpose of carrying out automated reconciliations for accounts payables or receivables via direct connection with the business accounting system, we may process the following information:Supplier/Customer name (first name and last name, or company name)

Supplier/Customer contact email or phone number

Supplier bank details (Bank holder name, Bank account currency, Bank name, Bank address, Bank identification number, Bank code, Bank country)

Supplier/Customer open invoices (unpaid)

We will not keep your personal data for any longer than is necessary considering the reason(s) for which it was first collected. For example, we keep your personal account information for a period of ten years from the closure of account or termination of business relationship.

This enables us to comply with legal and regulatory requirements or use it where we need to for our legitimate interests such as managing your account and dealing with any disputes or concerns that may arise. We may need to retain your information for a longer period where we need the information to comply with regulatory or legal requirements or where we may need it for our legitimate business purposes, such as to respond to queries or complaints, fighting fraud and financial crime and responding to requests from regulators. Information that exceeds the retention periods is deleted or removed using industry best practices.

We will store and process your data following industry best practice and security. All our processing takes place within G Suite services provided by Google Cloud. Our servers within Google Cloud are located within the EEA and covered by GDPR.

We may share your personal data with other companies. When your personal data is shared with a third-party, we will take the necessary steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third-party’s obligations under the law. We ensure that our contracts with those third parties contain the appropriate GDPR model clauses and that all our third parties are also compliant with the GDPR, this affords your data the same protection away from our organisation, as it does within it.

In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.

The data we collect through our services may be processed by one or more of the following:

We process data within the EEA and countries deemed by the European Union as having adequate safeguards for protecting personal data. These countries are recognised by the EU as having suitable safeguards for the rights and freedoms of individuals and recourse processes by which data subjects can exercise their rights.

We may share your personal data with the following third parties:

Trusted service providers such as technology, support, marketing, and sales service providers

Auditors

Financial Institutions

Money Laundering prevention companies

HR Partners

Other companies within the group

Some of the processing may take place outside of the EEA. Where we transfer your data to a third-party outside the EEA, we will make sure we rely on an appropriate transfer mechanism. This requires that third-party to provide data protection to standards similar to those in Europe. More information is available from the European Commission.

Please contact us for further information about the particular data protection mechanisms used by us when transferring your personal data to a third country.

The security of your personal data is essential to us, and to protect your data, we take several important measures, including the following:

Limiting access to your personal data to those employees, agents, contractors, and other third parties with a legitimate need to know and ensuring that they are subject to duties of confidentiality;

Implementing strong technical security measures, such as encryption and infrastructure security;

Procedures for dealing with data breaches (the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, your personal data) including notifying you and/or the Supervisory Authority where we are legally required to do so.

Under the Data Protection Legislation, you have the following rights, which we will always work to uphold:

The right to be informed about our collection and use of your personal data. This Privacy Statement should tell you everything you need to know, but you can always contact us to find out more or to ask any questions.

The right to access the personal data we hold about you. Upon request and verification of your identity, we will send you a copy of the personal data we hold about you.

The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete. It is important that your personal data is kept accurate and up-to-date. If any of the personal data we hold about you changes, please keep us informed if we have that data.

The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we hold. We may not always be able to comply with your request of erasure for specific legal reasons, for which you will be notified. Please note that retention requirements supersede any right to erasure requests under the data protection laws.

The right to restrict (i.e. prevent) the processing of your personal data. Please note that any requests in relation to the processing of your data mean that we may not be able to provide you with the service, in which case you will be notified.

The right to object to us using your personal data for a particular purpose or purposes.

The right to withdraw consent. That means that, if we are relying on your consent as the legal basis for using your personal data, you are free to withdraw that consent at any time.

The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.

Rights relating to automated decision-making and profiling. We do not use your personal data in this way.

To exercise your rights above please contact our Data Protection Officer, Data Controller or Company representative via any of the channels provided.

You also have the right to lodge a complaint with our supervisory authority. Porterpays’ establishment is in Malta, thus its supervisory authority is the IDPC in Malta. Their contact details are as follows:

Floor 2, Airways House,

Triq Il-Kbira,

Tas-Sliema SLM 1549, Malta

https://idpc.org.mt/en/Pages/contact/complaints.aspx.

We would welcome the opportunity to resolve your concerns ourselves however, so please contact us first, using the details provided.

Quick Links for exercising your rights:

DPO email address: [email protected]

Controller email address: [email protected]

CHANGES TO THIS PRIVACY STATEMENT

We may change this Privacy Statement from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection.

Any changes will be posted on Our Site and you will be deemed to have accepted the terms of the Privacy Statement on your first use of Our Site following the alterations. We recommend that you check this page regularly to keep up to date.