Porterpays understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of everyone who visits our websites, (“Our Sites”) or uses our Services. We will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law.
This Privacy Statement informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Services and the choices you have associated with that data.
We use your data to provide and improve our Services. Your acceptance of this Privacy Statement is deemed to occur upon your first use of our website and service and you will be required to read and accept this Privacy Statement when signing up for an Account. If you do not accept and agree with this Privacy Statement, you must stop using our service immediately.
PERSONAL DATA
Means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data or an online identifier;
ACCOUNT
Means a Porterpays user account;
PROCESS
Means any method or way that we handle Personal Data such as collection, organisation, storage, adaption, alteration, transmission, dissemination, restriction, erasure or destruction;
SERVICES
Means any Porterpays service, content, features, function, website and applications;
LEGITIMATE INTEREST
Means the business requirements to manage and offer the Porterpays services or to comply with legal obligations;
The organisation size is between 3 to 10 employees. The business is solely located in Malta
DATA CONTROLLER DETAILS
Email Address: [email protected]
Postal Address: 7, Robert Mifsud Bonnici Street, Lija LJA1401, MALTA
DATA PROTECTION OFFICER DETAILS
Email Address: [email protected]
We may process your personal data for various reasons that are justified under the data protection legislation. These include:
With your permission and/or where permitted by law, we may also use your personal data:
Please also see our Cookies Statement for more information about our use of Cookies and similar technologies. We will always work to fully protect your rights and comply with our obligations under the Data Protection Legislation and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and you will always have the option to opt-out.
We will only use your personal data for the purpose(s) for which it was originally collected unless we reasonably believe that another purpose is compatible with that or those original purpose(s) and need to use your personal data for that purpose. If we need to use your personal data for a purpose that is unrelated to, or incompatible with, the purpose(s) for which it was originally collected, we will inform you and explain the legal basis which allows us to do so.*In some circumstances, where permitted or required by law, we may process your personal data without your knowledge or consent. This will only be done within the bounds of the Data Protection Legislation and your legal rights.
We collect different types of information for various purposes to provide and improve our Service to you. Depending upon your use of our service or website we may collect and hold some or all the personal (and non-personal) data set out in the table below, using the methods also set out in the table. Please also see our Cookies Policy for more information about our use of Cookies and similar technologies. We do not collect any ‘special category’ or ‘sensitive’ personal data or personal data relating to children or data relating to criminal convictions and/or offences as instructed during your onboarding process.
CUSTOMER SUPPORT INFORMATION FROM THE WEBSITE CONTACT FORM, CONTACT EMAIL ADDRESS OR SUPPORT EMAIL, [email protected]
We collect support information and other communications received through the website contact form or support emails, including:
REGISTRATION INFORMATION
For business users who make use of our services and business consoles we may collect:
*Personal information for Business ultimate beneficial owner and/or Directors shall include full name, date of birth, personal contact email or phone number.
TRANSACTION AND ASSOCIATED INFORMATION
For the purpose of carrying out transactions we may process the following information:
CONNECTED ACCOUNTS VIA OPEN BANKING INFORMATION
For the purpose of carrying out transactions via open banking from third-party individuals or businesses that are paying to a customer Account, we may process the following information as provided by the counter-bank of the third-party individual or business:
AUTOMATED PAYABLES OR RECEIVABLES
We will not keep your personal data for any longer than is necessary considering the reason(s) for which it was first collected. For example, we keep your personal account information for a period of ten years from the closure of account or termination of business relationship.
This enables us to comply with legal and regulatory requirements or use it where we need to for our legitimate interests such as managing your account and dealing with any disputes or concerns that may arise. We may need to retain your information for a longer period where we need the information to comply with regulatory or legal requirements or where we may need it for our legitimate business purposes, such as to respond to queries or complaints, fighting fraud and financial crime and responding to requests from regulators. Information that exceeds the retention periods is deleted or removed using industry best practices.
We will store and process your data following industry best practice and security. All our processing takes place within G Suite services provided by Google Cloud. Our servers within Google Cloud are located within the EEA and covered by GDPR.
We may share your personal data with other companies. When your personal data is shared with a third-party, we will take the necessary steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third-party’s obligations under the law. We ensure that our contracts with those third parties contain the appropriate GDPR model clauses and that all our third parties are also compliant with the GDPR, this affords your data the same protection away from our organisation, as it does within it.
In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.
The data we collect through our services may be processed by one or more of the following:
We process data within the EEA and countries deemed by the European Union as having adequate safeguards for protecting personal data. These countries are recognised by the EU as having suitable safeguards for the rights and freedoms of individuals and recourse processes by which data subjects can exercise their rights.
We may share your personal data with the following third parties:
Some of the processing may take place outside of the EEA. Where we transfer your data to a third-party outside the EEA, we will make sure we rely on an appropriate transfer mechanism. This requires that third-party to provide data protection to standards similar to those in Europe. More information is available from the European Commission.
Please contact us for further information about the particular data protection mechanisms used by us when transferring your personal data to a third country.
The security of your personal data is essential to us, and to protect your data, we take several important measures, including the following:
Under the Data Protection Legislation, you have the following rights, which we will always work to uphold:
To exercise your rights above please contact our Data Protection Officer, Data Controller or Company representative via any of the channels provided.
You also have the right to lodge a complaint with our supervisory authority. Porterpays’ establishment is in Malta, thus its supervisory authority is the IDPC in Malta. Their contact details are as follows:
Floor 2, Airways House,
Triq Il-Kbira,
Tas-Sliema SLM 1549, Malta
https://idpc.org.mt/en/Pages/contact/complaints.aspx.
We would welcome the opportunity to resolve your concerns ourselves however, so please contact us first, using the details provided.
Quick Links for exercising your rights:
DPO email address: [email protected]
Controller email address: [email protected]
CHANGES TO THIS PRIVACY STATEMENT
We may change this Privacy Statement from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection.
Any changes will be posted on Our Site and you will be deemed to have accepted the terms of the Privacy Statement on your first use of Our Site following the alterations. We recommend that you check this page regularly to keep up to date.