payment solutions
Payment service provider
Privacy Policy

Privacy Policy

1. INTRODUCTION

1.1 This Privacy Policy establishes basic principles on Personal data processing of OKPAY FINANCE LTD.

1.2 The respective Policy is applicable if a Customer uses, has used or has intention to use financial services provided by OKPAY FINANCE LTD, including the relationship with the Customer established before this Policy enters into force.

2. FOR THE PURPOSE OF THIS POLICY THE FOLLOWING DEFINITIONS ARE USED

2.1 App - a mobile software linked with Customer’s account installed and used in mobile devices which belongs solely to the Customer.

2.2 Customer – any private individual who uses, has used or has expressed a wish to use or is in other way related to any of the services provided by OKPAY FINANCE LTD. For the purposes of this Policy this Customer definition also includes any private individual such as the representative, ultimate beneficial owner, manager, board member or member of the management body of the company, which Personal data is collected by OKPAY FINANCE LTD.

2.3 Personal data - means any information relating to an identified or identifiable Customer.

2.4 Processing - any operations carried out with Personal data (incl. collection, recording, storing, alteration, grant of access to, making enquiries, transfer, etc.).

2.5 OKPAY FINANCE LTD, company's registration code: 12578874, operating under the brand name “SLYSE” with registered office at 13353 COMMERCE PARKWAY, UNIT 2353 OFFICE# 317
RICHMOND, BC, CANADA V6V3A1, the money services business license No.: M23344850, email: [email protected] and who is acting as a Personal data controller.

3. GENERAL PROVISIONS

3.1 This Policy describes general principles how SLYSE processes Personal data. Specific details on the processing of Personal data might be also included in agreements entered or to be entered between the Customer and SLYSE.

3.2 SLYSE ensures, within the framework of applicable law, the confidentiality of Personal data and has implemented appropriate technical and organisational measures to safeguard Personal data from unauthorized access, unlawful Processing or disclosure, accidental loss, modification or destruction.

3.3 SLYSE securely stores and process a Customer data in a secure manner in the EU unless other SLYSE conditions provide for a different location.

3.4 SLYSE uses authorised processors for Personal data Processing. In such cases SLYSE takes needed steps to ensure that such data processors process Personal data under the written instructions of SLYSE and in compliance with applicable law and requires adequate security measures.

3.5 If Customer fails to provide SLYSE with Personal data that is necessary for the conclusion and/or performance of an agreement or provision of SLYSE services whereof is required by law or under the agreement, SLYSE may be unable to provide services to Customer.

3.6 SLYSE may use various technologies to collect and store information when Customer visits SLYSE web page, and this may include using cookies or similar technologies to identify Customer’s browser or device. SLYSE cookies policy is available on SLYSE website.

4. CATEGORIES OF PERSONAL DATA

4.1 Personal data categories which SLYSE processes are the following:

4.1.1 Identification data such as name, surname, personal identification code, place and date of birth, citizenship, data regarding the identification document (such as copy of the passport, ID card, date and country of issue, expire date, document number, issuance authority), photo, signature.

4.1.2 Contact data such as phone number, email address, the residence address, language of communication;

4.1.3 Financial data such as account number, cash flow, i.e. incoming and outgoing payments and information included thereof, transaction history, loan obligations and other obligations, accounts held at other financial institutions;

4.1.4 Information relating to Customer tax residence such as country of residence, country of tax residence, taxpayer identification number (TIN), citizenship;

4.1.5 Family data such as information about Customer’s family, heirs and another related person’s;

4.1.6 Professional activity data such as Customer place of work, profession, position, occupation, length of service and education;

4.1.7 Communication data collected when the Customer communicates with SLYSE via telephone, visual and/or audio recordings, e-mail, messages and other communication channels such as social media; data related to the Customer’s visit at SLYSE web page or communicating through other SLYSE channels (such as chat).

4.1.8 KYC data such as data about the Customer’ due diligence, incl. the relationships with legal entities for the execution of transactions on behalf of the legal entity, legal representatives (acting with relevant authorisation or on any other basis), contracting parties and contract participants, funds and wealth sources, ultimate beneficial owners (UBO), general manager of a company; shareholder, amount of shares owned; member of the management board or any other management body; self-declaration of politically exposed person (PEP); information publicly available in public registers, social networks and other media, information obtained in screenings against sanction lists, PEP status; data on origin of assets and wealth such as data regarding the Customer's transaction partners and business activities;

4.1.9 Data related to the services the Customer received from SLYSE such as the performance of the agreements or the failure thereof, executed transactions, usage of ATMs, concluded and expired agreements, submitted applications, requests and complaints, interests and service fees;

4.1.10 Data obtained from public registers and/or created while performing an obligation arising from law or resulting from enquiries made by investigative bodies, notaries, central tax administrator, courts and bailiffs, details of income, credit commitments, property holdings, and debt balances;

4.1.11 Location data such as Internet Protocol (IP) address, Handset ID or data processed on an electronic communications network or processed by means of electronic communications services, indicating the location of the electronic communications terminal equipment, including the location of the terminal equipment (address), connection point address.

5. PURPOSES AND BASIS OF PROCESSING PERSONAL DATA

5.1 SLYSE processes Personal data only for specific and necessary purposes:

5.1.1 To enter into and perform an agreement in order to provide the respective service to the Customer;

5.1.2 For SLYSE to perform the legal obligation;

5.1.3 Based on Customer consent to process Personal data for a specific purpose;

5.1.4 To implement the legitimate interests of SLYSE or third party in order to provide the service specified in the agreement, ensuring the legitime interest arising from the legal enactments assessing whether the SLYSE or third party interests to process Personal data are proportionate to Customer rights to privacy.

5.2 SLYSE process Personal data primarily to:

5.2.1 Provide the Customer with our services, for example:

5.2.1.1 To take steps at the request of the Customer prior to entering into an agreement, as well as to conclude, execute and terminate an agreement with SLYSE;

5.2.1.2 To execute national and international transactions via credit institutions, settlement and payment systems;

5.2.1.3 For managing Customer relations, providing and administrating access to the services.

5.2.2 For SLYSE to perform the legal obligations, for example:

5.2.2.1 To inform the Customer about changes in the Processing of Personal data;

5.2.2.2 To process the requests and complaints received from Customer;

5.2.2.3 To check and verify the Customer’s identity and to keep Personal data updated and correct by verifying and enriching data through external and internal registers (KYC);

5.2.2.4 To prevent, discover, investigate and report potential terrorist financing, money laundering and/or other financial crimes;

5.2.2.5 To comply with rules and regulations relating to accounting, responsible lending, tax and lending information exchange and risk management;

5.2.2.6 To carry out credit- and other risk assessments when providing credits and other services, risk hedging and capital requirements for SLYSE;

5.2.2.7 To execute the requests of the investigation and other law enforcement agencies, courts, sworn bailiffs and other state institutions and officials specified in laws.

5.2.3 SLYSE will in some cases ask for the Customer’s consent to process Personal data. The consent will contain information on that specific processing activity. SLYSE, for example, processes Customer’s Personal data for direct marketing purpose based on Customer’s consent. Consent can always be withdrawn and the Customer will be informed of any consequences of such withdrawal.

5.2.4 For the implementation of the SLYSE or third party’s legitimate interests, for example:

5.2.4.1 To offer and provide the Customer additional services or services of carefully chosen partners, create personalized offers;

5.2.4.2 To develop, examine and improve SLYSE business, the services and the Customer’s user experience by performing surveys, analyses, statistics;

5.2.4.3 To organize campaigns for the Customers;

5.2.4.4 To protect the interests of the Customer and/or SLYSE employees, including security measures;

5.2.4.5 To manage the relationships with the Customer;

5.2.4.6 To prevent, limit and investigate any misuse or unlawful use or disturbance of the services;

5.2.4.7 To ensure adequate provisions of the services, the safety of information within the services, as well as to improve, develop and maintain applications, technical systems and IT-infrastructure, including testing SLYSE’s digital environment;

5.2.4.8 To carry out credit- and other risk assessments when providing credit and other services to natural person or legal entity; to manage the relationships;

5.2.4.9 To establish, exercising and defend legal claims.

6. PROVIDERS AND RECIPIENTS OF PERSONAL DATA

6.1 Personal data is obtained:

6.1.1 when the Customer provides it to SLYSE:

6.1.1.1 While applying for and using products and services;

6.1.1.2 While addressing SLYSE by mail, email, over the phone, using chats and other communication channels;

6.1.1.3 While providing information relating to payments;

6.1.1.4 While visiting SLYSE homepage and using mobile application, i.e. Customer profile and use data, how Customer uses these services, obtaining information from Customer’s devices – computer, mobile telephone, with the help of cookies or Internet monitoring software (more detailed information is available in the Cookie Policy).

6.1.2 When third parties provide it to SLYSE:

6.1.2.1 Third parties that provide to SLYSE information relating to the Customer, conduct market research;

6.1.2.2 SLYSE group companies;

6.1.2.3 Database maintenance companies, registers;

6.1.2.4 State institutions and law enforcement agencies and officials thereof;

6.1.2.5 Persons in relation to contracts and transactions which these persons intend to conclude or have concluded with SLYSE.

6.1.3 When SLYSE collects this information from:

6.1.3.1 Other financial institutions;

6.1.3.2 Official and public registers, social media;

6.1.3.3 Legal entities, in respect to its representatives, employees, contractors, founders, shareholders, participants, owners, etc. of such legal entities.

6.2 Personal data is shared with other recipients (data processors or controllers or joint controllers), such as:

6.2.1 SLYSE group companies;

6.2.2 Counterparties (processors or separate controllers) related to the provision of the services and which SLYSE has thoroughly assessed prior to cooperation;

6.2.3 Other credit and financial institutions, payment service providers, participants of the European and international payment systems and their related parties, insurance service providers and financial service agents, third parties involved in the execution of transactions;

6.2.4 Other SLYSE customers that details are stored in Customer’s phone contact list in case if the Customer accepted SLYSE access to Customer’s contact list in Customer’s mobile phone settings. By accepting contact list sharing with SLYSE, the Customer: 1) became visible to other SLYSE customers who saved him/her as a contact in their phone book; 2) allows SLYSE to disclose to other customers that the Customer has an account with SLYSE and, in case of payment order, - Customer’s account number; 3) allows SLYSE to provide such service as receive and send payments directly to Customer phone contacts without entering their account numbers;

6.2.5 State institutions, authorities and other statutory persons based on written requests or the duties binding upon SLYSE stipulated by the legal acts;

6.2.6 Providers of databases and registers, e.g. to credit registers, population registers, commercial registers, securities registers, pension register, controllers who process consolidated debtor files, or other register holding or intermediating Personal data, debt collectors, bailiffs, notaries or insolvency administrators;

6.2.7 SLYSE audit firms, financial and legal service providers, translators or any other service providers of SLYSE.

7. ADVERTISING AND DIRECT MARKETING

7.1 SLYSE’s advertising and direct marketing communications (e.g. about SLYSE’s services and related campaigns) are sent to Customers who have consented to receiving direct marketing and commercial communications from SLYSE. Such Customers receive SLYSE commercial communications and direct marketing communications via their preferred means of communication.

7.2 The Customer may give his/her consent to the receipt of commercial communications of SLYSE by visiting https://slyse.me/ or by signing service application forms.

7.3 Customer’s consent to receive commercial communications is valid until its withdrawal. Customers have the right to object to the processing of their Personal data for direct marketing purposes at any time and free of charge. To exercise this right, the Customer should contact the SLYSE or opt out of receiving the advertising and commercial communications using the link provided in the e-mail message or following other instructions as provided in such direct marketing communication.

8. PROFILING, PERSONALIZED OFFERING AND AUTOMATED DECISION MAKING

8.1 Profiling refers to the automatic Processing of Personal data used to assess certain personal characteristics of a Customer, for example, the economic situation, personal preferences, interests, place of residence of such individual. Profiling is, for example, used to make analysis for Customer advice, marketing purposes, system development, for automated decision-making such as credit assessments, for risk management and for transaction monitoring to counter fraud.

8.2 SLYSE may make automated decisions for identity check, risk management, anti-money laundering and international sanctions checks, politically exposed persons check, for monitoring the Customer’s account and Customer behaviour in using SLYSE products to detect fraud and financial crime, implement international sanctions. In these cases, manual decision making could be also involved.

8.3 Depending on the product, SLYSE may use automated decision in calculating the credit limit or interest rate that SLYSE could offer the Customer. SLYSE automatically analyses information relating to the Customer, such as loan history, habits that SLYSE has identified in connection with the use of its services or information that SLYSE is authorised to obtain from third parties.

8.4 SLYSE may also collect statistical data regarding the Customer, such as typical behaviour and lifestyle patterns based on demographic household data. Statistical data for creating segments profiles can be collected from external sources and may be combined with SLYSE internal data.

8.5 If SLYSE makes an automated decision about the Customer that significantly affects him, the Customer can ask SLYSE to carry out a manual review of this decision.

9. GEOGRAPHICAL AREA OF PROCESSING

9.1 As a general rule the Personal data are processed within the European Union/European Economic Area (EU/EEA).

9.2 Given the global nature of financial services and technological solutions and to process Personal data for the purposes specified in the Policy, for the provision of individual services Personal data may be transferred for Processing to the Personal data receivers located outside the European Union and the European Economic Area, for instance, if their services are provided by a counterparty (processor, separate controller, joint controller). Any such international transfer of Personal data is done in compliance with the requirements of the applicable laws. The transfer and processing of Customer data outside of the EU/EEA can take place provided there is a legal basis and appropriate safeguards are in place. Appropriate safeguards include for example: - The EU Standard Contractual Clauses or other approved clauses, code of conducts, certifications approved in accordance with the GDPR.

10. RETENTION PERIOD

10.1 The period for which SLYSE stores Personal data depends on the purposes for which SLYSE processes it and under which criteria it assesses Personal data storage periods.

10.2 When determining Personal data storage periods, SLYSE assesses:

10.2.1 the need to store Personal data to ensure performance of a valid service agreement;

10.2.2 the need to store Personal data for SLYSE to fulfil its legal obligations, for instance, within the 8-year period stipulated in the AML/CTF Law and within the different storage periods specified in other legal acts;

10.2.3 storage of Personal data to safeguard SLYSE interests in different claims in case of termination of business relationships with Customer, for instance, 10 years in accordance with the general limitation period for liability;

10.2.4 SLYSE legitimate interests or those of a third party that might be offended in the event of erasure of Personal data, for instance, with respect to Customer right to restrict data processing;

10.2.5 the need to store Personal data in order to provide proof of the legitimate Processing of Personal data in the previous period, for instance, Customer Consent to the previous Processing operations;

10.2.6 if Personal data processing is performed based on the Consent, until the Consent for the respective Personal data Processing purpose is in force given that there is no another basis for the Processing of Customer’s Personal data.

10.3 In assessing the Personal data storage periods, SLYSE takes into account the purpose of Persona data processing. If SLYSE identifies different reasonable periods for storing Personal data, for instance, between the statutory storage period and the timeframe for protecting SLYSE interests, this will be a reasonable basis to store Personal data for a longer period.

10.4 If one or more of the specified criteria occur, SLYSE will ensure that Customer Personal data is deleted or anonymized.

11. CUSTOMER’S RIGHTS AS A DATA SUBJECT

11.1 A Customer (data subject) has rights regarding his/her data Processing that is classified as Personal data under applicable law. Such rights are in general the following:

11.1.1 Require his/her Personal data to be corrected if it is inadequate, incomplete or incorrect;

11.1.2 Object to Processing of his/her Personal data, if the use of Personal data is based on a legitimate interest, including profiling for direct marketing purposes (such as receiving marketing offers or participating in surveys);

11.1.3 Require the erasure of his/her Personal data, for example, that is being processed based on the consent, if he/she has withdrawn the consent. Such right does not apply if Personal data requested to be erased is being processed also based on other legal grounds such as agreement or obligations based on applicable law;

11.1.4 Restrict the Processing of his/her Personal data under applicable law, e.g. during the time when SLYSE assesses whether the Customer is entitled to have his/her data erased;

11.1.5 Receive information if his/her Personal data is being processed by SLYSE and if so then to access it;

11.1.6 Receive his/her Personal data that is provided by him/herself and where feasible transmit such data to another service provider (data portability);

11.1.7 Withdraw his/her consent to process his/her Personal data;

11.1.8 Not to be subject to fully automated decision - making, including profiling, if such decision - making has legal effects or similarly significantly affects the Customer. This right does not apply if the decision - making is necessary in order to enter into or to perform an agreement with the Customer, if the decision - making is permitted under applicable law or if the Customer has provided his/her explicit consent;

11.1.9 Lodge complaints pertaining to the use of Personal data with the Information Commissioner’s Office, website address: https://ico.org.uk/, the registered address at Wycliffe House, Water Ln, Wilmslow SK9 5AF, United Kingdom, phone No.: +44 303 123 1113, contact form: https://ico.org.uk/global/contact-us/, if he/she considers that Processing of his/her Personal data infringes his/her rights and interests under applicable law.

11.2 SLYSE takes every effort for the implementation of Customer's rights and for answering any and all questions that arise to the Customer regarding the present Policy and matters envisaged in it. Customer may lodge a request regarding the exercise of the above-indicated rights as well as any complaints, notices or requests (hereinafter the ‘Request’) to Data Protection Officer.

11.3 To prevent money laundering, as a financial institution SLYSE must process Personal data about customers and persons, with whom business relations have not been started or have been terminated in compliance with the procedure specified in the Money Laundering Regulation of the United Kingdom. Processing of Personal data can include information about these persons’ beneficial owners and authorised persons. In these cases, the Personal data Processing is not subject to the Data subjects’ rights specified in the General Data Protection Regulation to claim information about data Processing, including its purposes, recipients, and sources. Under the Law on the Money Laundering Regulation of the United Kingdom, Data subjects are not entitled to access their data and request to rectify, object, require the erasure, stop or restrict data processing. Although, Data subject has the right to request that a supervisory authority confirms the lawfulness of the Processing.

11.4 SLYSE will reply to Customer Request within a period of not more than 30 (thirty) calendar days since the day of receipt of the Request unless a different period is specified in the applicable legislation.

11.5 SLYSE will usually not charge the Customer a fee when he/she exercises his/her rights. However, SLYSE is allowed by law to charge a reasonable fee or refuse to act on the Customer’s request if it is manifestly unfounded or excessive.

12. CONTACT DETAILS

12.1 Customers may contact SLYSE with any enquiries, withdrawal of consents, requests to exercise data subject rights and complaints regarding the use of Personal data.

12.2 Contact details of SLYSE are available on SLYSE website www.slyse.me .

12.3 Contact details of the appointed Data Protection Officer - e-mail: [email protected], at the postal address OKPAY FINANCE LTD, 13353 COMMERCE PARKWAY, UNIT 2353 OFFICE# 317
RICHMOND, BC, CANADA V6V3A1 with a notice "Data Protection Officer".

13. VALIDITY AND AMENDMENTS OF THE PRIVACY POLICY

13.1 SLYSE is entitled to amend the Policy at any time unilaterally, in compliance with the applicable law, by notifying the Customer of any amendments via the website of SLYSE.