GB - Privacy Policy
PRIVACY POLICY
effective from 17.4.2023
The purpose of this document is to specify in more detail the purpose and means of processing of personal data in the provision of services by us, i.e. BESTPAY s.r.o., with its registered seat at Purkyňova 74/2, Nové Město, 110 00 Prague 1, ID No.: 041 11 648, registered in the Commercial Register of the Municipal Court in Prague, file No. C 242665, ("BESTPAY"). We may update this policy to reflect changes in our practices or based on the change of the legislation. If there are any material changes, we will notify you by email to your registered email address or by notification to www.bpay.cz
In particular, we process the following personal data:
- identification data (name, surname, date and place of birth, permanent or other residence address,gender, citizenship);
- contact details (phone number, email address);
- login details (ID and password);
- data about your behaviour (transaction history, information about your profession);
- data about your use of the BESTPAY mobile phone or web application ("Application") (IP address, browser type and version, preferred language, geographic location of the IP address, operating system and computer platform, full URL information, click-through information to/from our website including date and time, the area of our website you visited, length of your visit and number of visits);
- data required by Act No. 253/2008 Sb., on certain measures against the legalization of the proceeds of crime and the financing of terrorism, as amended ("AML Act") (e.g., copies of identity cards, photographs, information on the source of income, purpose of the transaction, status of politically exposed person);
- and, where applicable, other data required by the relevant legislation.
We obtain personal data either directly from you, in the course of providing services, through the use of cookies, web beacons and similar technologies, from other third-party sources (interbank communications, official records and lists) or from publicly available sources. We may also collect personal data from you regarding the recipient, including name, bank account and routing number. If you provide us with personal data about someone else, you must only do so with their prior express consent. You must inform them of how we collect, use, disclose and store their personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) ("GDPR"). You can always choose whether and to what extent you provide us with your personal data. However, failure to share the requested data may limit your ability to use our services.
We process personal data mainly for the following purposes:
- for activities in the course of providing the services (e.g., processing transactions, contacting you if necessary to provide the services or to resolve any problems). We carry out these activities on the basis of our contract.
- for activities in the context of your identification and control and other possible measures under the AML Act. We carry out these activities based on our legal obligation.
- for detecting and preventing fraud and other unauthorised use of our services. We carry out these activities on the basis of our legitimate interest.
- for improving the user experience of our Application. We carry out these activities on the basis of our legitimate interest.
- for marketing purposes, service update notifications and promotional offers. We do this either on the basis of legitimate interest in the case of direct marketing or on the basis of your consent.
- for fulfilling our legal obligations arising from other legal regulations, such as 370/2017 Sb., on payments, as amended, Act No. 21/1992 Sb., on banks, as amended, Act No. 164/2013 Sb., on international cooperation in tax administration, as amended, etc.
- for any potential dispute between us, we may also use your personal data to protect our interests, e.g., in the context of litigation, based on our legitimate interest.
We, as the controller of your personal data, primarily process your personal data. We also use business partners for various services in which they may process your personal data. In particular, we may share your personal data with the following processors:
- business partners providing transaction services (e.g., authorised representatives, card processing companies, payment processing companies, companies carrying out processes under the AML Act, etc.);
- business partners providing IT services (e.g., cloud storage providers);
- business partners providing services to protect our rights (e.g., debt collection companies or legal services).
As part of the provision of our services, we also disclose your personal data to certain recipients, in particular financial institutions. Recipients of personal data may also be public authorities, based on their request or our legal obligation. These may include, in particular, the CNB, the Financial Analysis Authority or law enforcement authorities and similar foreign authorities. The Application may contain links to other websites. We are not responsible for the privacy policies or the content of these other websites. We encourage you to review the privacy policy of these other websites before submitting your personal data to them. We may also choose to work with third parties to show ads on the Application or to manage our ads on other sites. These business partners may use cookies and web beacons to collect data about your activities on these and other websites in order to provide you with targeted advertising based on your interests. We can disclose anonymous information on customer experience of our customers and other recommendations on the Application. With your consent, we may publish this information along with your name. If you wish to update or delete your consent to such disclosure, you may do so through the Application or by contacting us at our email address info@bpay.cz. If we transfer your personal data outside the EU to third countries or international organisations, it will be protected in accordance with the standard contractual clauses adopted in accordance with the GDPR or, where applicable, on the basis of a Commission decision on an adequate level of data protection.
We always process personal data for the period of time related to the specific purpose of processing, i.e., for the time necessary to fulfil the purpose of processing or for the time required by law, in particular:
- for the provision of services for the duration of our contract and 3 years after its termination;
- for sending newsletters, or other marketing communications and materials as long as our legitimate interest continues or you do not refuse such processing (unsubscribe), or in the case of consent, for the period of its granting or until its withdrawal;
- to protect our legitimate interests for 10 years from the termination of the contract, or longer in justified cases, in particular in the event of a complaint, claim or litigation or proceedings before a public authority;
- for the purposes of complying with the AML Act for 10 years, for as long as the legal obligation we are bound to comply with continues, including the legally required archiving periods.
If you have given us your consent to the processing of your personal data, you are entitled to withdraw it at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent given before its withdrawal. You can withdraw your consent via the Application or by contacting us at our email address info@bpay.cz.
We protect your personal data with administrative, organizational, physical and technical safeguards, including firewalls and data encryption, to reduce the risk of loss, misuse, unauthorized access, disclosure and alteration. Our security features are designed to maintain appropriate levels of data confidentiality, integrity and availability. We regularly test the Application, data centres, systems, and other devices for security vulnerabilities to protect your personal data at all times.
To the extent that the data protection regulations, in particular the GDPR, guarantees, you have the following rights:
- the right to access your personal data;
- the right to restrict the processing of your personal data;
- the right to rectification and erasure of your personal data;
- the right to object to processing based on our legitimate interest;
- the right to have your personal data transferred to another controller where the data has been processed by automated means and on the basis of consent or the performance of a contract.
If you believe that we are violating the law by processing your personal data, you can file a complaint with the supervisory authority, which is the Office for Personal Data Protection, located at Pplk. Sochora 27, 170 00 Prague 7, website: www.uoou.cz.
You can exercise your rights through the Application or by contacting us at our email address
BESTPAY s.r.o., ID: 04111648, with its registered office at Purkyňova 74/2, 110 00 Prague 1 - Nové Město, registered at the Municipal Court in Prague, file number C 242665.
Document version No.: 2023.01