1. Terms and their definitions
1.1 "Politics" - this Personal Data Processing Policy.
1.2 “We”, “Us”, “Our”, etc., and “Operator” means a Company registered under the laws of England and Wales PLAYPAY LTD., Registration No: 13752318, address: 91 Battersea Park Road, London, England, SW8 4DU.
1.3 “You”, “Your”, “Your”, etc., as well as “Personal Data Subject” – our counterparty under the Public Offer, which can be either (1) an individual who uses the online interfaces of the Platform to interact with the Payment Partner in order to receive Services from Us for accepting electronic means of payment in Your favor for transactions using electronic means of payment, or (2) a person making a cashless transfer of funds who has performed an Authorization action on the Authorization Page.
1.4 “GDPR” or “Regulation” – General Data Protection Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of their Personal Data and on the free movement of such data, repealing Directive 95/46 /EU as amended, amended and supplemented from time to time and incorporated into the national legislation of the Member States.
1.5 “Personal Data” – any information that relates to an identified or identifiable natural person. An identifiable person is a person who can be identified directly or indirectly, in particular by reference to such identifiers as name, identification number, location data, online identifier, or to one or more factors specific to physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
1.6 “Processing of personal data” – any action (operation) or a set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data. The processing of personal data is carried out by the method of mixed (including automated) processing.
1.7 “Automated processing of personal data” means the processing of personal data using computer technology.
1.8 “Confidentiality of personal data” is a mandatory requirement for Us or another person who has access to Personal data to prevent their distribution without the consent of the Personal Data Subject or other legal grounds.
1.9 “Depersonalization of personal data” - actions, as a result of which it becomes impossible, without the use of additional information, to determine whether personal data belongs to a specific subject of personal data.
1.10 “Payment Partner” means Our counterparty(ies) authorized to make money transfers and related other payment transactions with whom You enter into a relationship through the use of the online interfaces of the Platform.
1.11 “Client” or “Payer” – a person who is a consumer of the Goods of the Recipient and who uses the Authorization Page of the Platform to make a Transfer in favor of the Recipient.
1.12 “Recipient” – a person who is the recipient of the Transfer from the Client.
1.13 “Transfer” is a payment transaction made by the Client as payment for the Goods using the Authorization Page.
1.14 “Site” – Our website https://palych.io .
1.15 “Platform” means Our software called Palych, which is made available on the Site through an Account.
1.16 “Account” means a personalized part of the Platform through which We provide Contractual Services.
1.17 “Authorization page” - a part of the Platform that ensures execution of Clients' orders using a payment instrument for the purpose of making a Funds Transfer.
1.18 “Cookies” are small text files placed by the Site on your computer or device when you, for example, visit certain areas of the Site and/or when you use certain features of the Site.
1.19 “California Online Privacy Protection Act” or “CalOPPA” is the California Online Privacy Protection Act.
1.20 The “California Consumer Privacy Act” or “CCPA” is the first comprehensive privacy law in the United States, enacted at the end of June 2018, which provides various privacy rights to California consumers.
1.21 “US Privacy Act 1974” or “UPA” – The Privacy Protection Act that governs the handling of personal information of US citizens or US residents.
1.22 “PECR” - Privacy and Electronic Communications Regulations (EU Directive) 2003.
1.23 “FZ No. 152-FZ” - Federal Law of the Russian Federation of July 27, 2006 No. 152-FZ “On Personal Data”.
1.24 “Public Offer for the provision of information technology services” or “Public Offer” - Our Public Offer located at the link: https://palych.io/rules_eng
2. Subject and grounds for the processing of personal data
2.1 Subject of the Policy. The provisions of this Policy apply to the relationship between Us and You related to the Processing of personal data in the framework of the relationship arising between Us on the use of the Site and the provision of services by the Company, emerging as a result of Your acceptance of the terms of the Public Offer.
2.2 Grounds for processing. The basis for the processing of your personal data is always your consent. Without agreeing to the terms of this Policy, we will not be able to fully ensure the fulfillment of obligations under the agreements concluded with you - therefore, we have made it impossible to conclude them without the obligatory condition of consent to this Policy.
3. Acceptance of the terms of the Policy
3.1 Acceptance of conditions. Accession to the Policy is considered to be completed (1) either after you have registered on the Site and agreed to its provisions by checking the appropriate form under Consent to the processing of personal data, Consent to the transfer of personal data and Consent to the dissemination of personal data, or (2) after confirming your consent to the Transfer by pressing the "Pay" button. At the same time, you express your full Consent to the automated, as well as without the use of automation tools, the Processing of your Personal Data. Please note that We may store data about your actions (through a logging system) to make a mark throughout the existence of the Account, as well as for 5 (Five) years after its deletion, unless otherwise provided by applicable law.
4. Term of the Policy and the Processing of Personal Data
4.1 Validity period of the Policy. After accepting the terms of the Policy, it is valid indefinitely. However, this does not affect the term for the processing of your personal data - it is established by this Policy.
4.2 Term of personal data processing. As a general rule, We process Your Personal Data throughout the entire period of existence of the Personal Account, as well as for 5 (Five) years after its deletion (or from the date We receive a duly executed written withdrawal of Your consent to the processing of personal data), if the storage period personal data is not established by applicable law, the Public Offer, or any other agreement, one way or another related to the use of the Site, to which you are a party. In other cases, we will stop processing your Personal Data if you object to such processing or if you withdraw your previously given consent to processing, in accordance with the terms of this Policy. However, We may not be able to perform our obligations under contracts with You.
4.3 Change. The Policy may be changed by Us at any time. In particular, this may be due to a change in Our business processes, the influence of external factors and other reasons. After making changes, we immediately publish the amended Policy on the Site so that you have the opportunity to study it in the new edition. We will definitely notify you about the change in the Policy by sending a notice to the Personal Account and (or) by publishing it on the Site. In the event that you continue to use the Site after the changes to the Policy are made, we unconditionally consider that you agree with the terms of the Policy in the new edition.
5. Grounds for development, goals, principles of the Policy
5.1 Foundations of development. The policy has been developed in accordance with the requirements of: a) GDPR; b) CalOPPA; c) CCPA; d) PECR; e) Federal Law No. 152-FZ; f) GDPR; g) as well as other laws and regulations that determine the cases and features of the processing of personal data of the Subject of personal data.
5.2 Goals. The policy pursues the following goals: (1) ensuring the requirements for the protection of the rights and freedoms of a person and citizen in the processing of personal data, including the protection of the rights to privacy, personal and family secrets, (2) exclusion of unauthorized actions (illegal or accidental access) of any third parties to your Personal Data, as well as the destruction, modification, blocking, copying and distribution of personal data, (3) ensuring the legal and regulatory regime of confidentiality and control of your Personal Data, (4) protecting the constitutional rights of citizens to personal secrecy, confidentiality of information, constituting Personal Data, and preventing the occurrence of a possible threat to your security. Thus, the main purpose of the Policy is to provide you with a full and transparent understanding regarding: the legal basis for the collection and processing of your Personal Data; the categories of Personal Data we may collect about you; what happens to the Personal Data we collect; where we process your Personal Data; how long we keep your Personal Data; to whom we may share your Personal Data; and explain your rights as a subject of Personal Data.
5.3 Principles. We pursue the following principles of Personal Data Processing: (1) the processing of Personal Data must be carried out on a lawful and fair basis, (2) the processing of Personal Data must be limited to the achievement of specific, predetermined and legitimate purposes; processing of Personal Data that is incompatible with the purposes of collecting personal data is not allowed, (3) the content and scope of the processed personal data must correspond to the stated purposes of processing; the processed Personal Data should not be excessive in relation to the stated purposes of their processing, (4) during the Processing of Personal Data, the accuracy of the Personal Data, their sufficiency and relevance in relation to the purposes of the Processing of Personal Data, (5) the storage of Personal Data should not be carried out longer than required by the purposes of processing personal data, unless a different period of storage of personal data (or the procedure for determining it) is provided for by the Policy.
6. Composition of Personal Data Collected
6.1 Registration on the Platform. In accordance with the Public Offer, when you register on the Site, We collect the following Personal Data: (1) Phone, (2) Email, (3) Password.
6.2 Recipient Data. After registration, You will be able to receive the Services to the Recipient (in the meaning of the Public Offer), for which You will need to provide Us with Your Personal Data, which We will subsequently transfer to the Payment Partner.
6.3 Client data. If You are a Client, We will require the following data from You: (1) bank card number, (2) bank card expiration date (Month/Year); (3) bank card code (PPK2/CVC2/CVV2). Please note that such entered data is stored by our payment partners - we DO NOT collect and DO NOT store payment data as part of the relationship that develops between us under the Public Offer.
6.4 Technical Data. While using the Site, We automatically collect some of your Personal Data. Such data includes, for example, technical information, including the Internet Protocol (IP) address used to connect your computer to the Internet, login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, information about your visits to websites, etc.
6.5 Other data. In exceptional cases, We may ask You to provide additional Personal Data. We will certainly notify you in advance about this and ask you to provide additional consent to the Processing of additional Personal Data.
6.6 Personal data of third parties. Please note that if you provide us with Personal Data of third parties, you guarantee that you have received from such persons all the necessary consents (including consent to the transfer of personal data), other documents necessary for the implementation of the provisions of this Policy in full, executed by them in the form and in accordance with their personal applicable law (Consent of third parties), and if you act as the operator of the personal data of such persons, you also guarantee that you ensure the procedure for the transfer and protection of their personal data to the extent not less than provided for in this Policy. At the same time, the Consent of third parties must be executed by them in writing, the original of which must be provided by you no later than 7 (seven) calendar days from the date of sending the corresponding request from the Operator. Providing Personal Data to third parties without complying with this warranty is unacceptable, and you fully accept all responsibility for breach of this warranty.
7. Rights of the Personal Data Subject
7.1 Getting information. You have the right to receive information about Us, Our location, whether We have Your Personal Data, as well as to get acquainted with such Personal Data.
7.2 Clarification. You have the right to demand from Us to clarify your Personal Data, block it or destroy it if the Personal Data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, as well as take legal measures to protect your rights.
7.3 Submission form. Information about whether We have Personal Data will be provided to You in an accessible form, and it will not contain Personal Data relating to other Personal Data Subjects.
7.4 Access order. You (or your legal representative) may access your Personal Data in person or by sending a written request. In this case, the request must contain the number of the main document proving your identity or your legal representative, information about the date of issue of the specified document and the authority that issued it, and a handwritten signature. The request may be sent electronically. We are required to respond to your request within 30 (Thirty) days from the date it was received, which may be extended up to 60 (Sixty) days depending on the complexity and number of requests.
7.5 The content of the response. In a request for access to Personal Data, You have the right to require Us to obtain information from Us regarding the Processing of Your Personal Data, including: (1) confirmation of the fact of Personal Data processing, as well as the purpose of such processing, (2) how Personal Data is processed, (3) the name and location of the Operator, information about the persons who have access to Personal Data or who may be granted such access, (4) the list of processed Personal Data and the source of their receipt, (5) the terms for processing Personal Data, including the terms their storage, (6) information about what legal consequences for the Personal Data Subject the Processing of his Personal Data may entail.
7.6 Withdrawal of consent. You have the right to withdraw consent to the processing of Personal Data, restrict the methods and forms of processing Personal Data, and prohibit the dissemination of Personal Data without your consent.
7.7 Right to appeal. You have the right to appeal Our actions or omissions to the authorized body for the protection of the rights of Personal Data Subjects or in court.
7.8 The right to protection. You have the right to protect your rights and legitimate interests, including compensation for damages and compensation for moral damage in court.
8. Rights of the Data Subject (GDPR)
8.1 If you are a citizen of a member state of the European Economic Area or the United Kingdom (or legally provide us with such person's Personal Data), you also have the following rights. You can use them by sending an appropriate e-mail to Our Contact Information.
8.2 The right to be informed (Articles 12-14 of the Rules). You have the right to be informed about the collection and use of your Personal Data, in particular the purposes for which that Personal Data is processed, the retention periods and to whom it will be shared. This information must be provided at the time we collect your Personal Data. If we receive Personal Data from other sources, we will notify you within a reasonable time after we receive the data and no later than one month, unless you already have such information and if it does not require a disproportionate effort to provide it. Information should be concise, transparent, understandable, easily accessible, and expressed in clear and understandable language, which is why we try to explain our data processing policy in detail. We will bring to your attention any new use of your Personal Data prior to processing it.
8.3 Right of access (Art. 15 of the Regulation). You have the right to receive confirmation from the Operator as to whether Personal Data concerning You are being processed and, if necessary, access to Personal Data and the following information: the purposes of processing; categories of relevant Personal Data; recipients or categories of recipients to whom Personal Data has been or will be disclosed, in particular recipients from third countries or international organizations; if possible, the envisaged period for which the Personal Data will be stored or, if this is not possible, the criteria used to determine such period; the existence of the right to demand from the Operator the correction or deletion of Personal Data or restriction of the processing of Personal Data in relation to the data subject or to object to such processing; the right to file a complaint with a supervisory authority; the existence of an automated decision-making process, including profiling, referred to in Articles 22(1) and (4) of the Regulation and, at least in these cases, meaningful information about the underlying algorithm and the meaning and intended consequences of such processing for the data subject. If Personal Data is transferred to a third country or international organization, you have the right to be informed about the safeguards in place associated with such transfer. Upon request, the Operator also provides a copy of the processed Personal Data. For all additional copies requested by the Personal Data subject, the Operator may charge a reasonable fee based on administrative costs. If you make a request by electronic means, and unless otherwise required, the information must be provided in a commonly used electronic form.
8.4 Right to correction (art. 16 of the Regulations). You have the right to have incorrect or inaccurate information regarding Personal Data corrected upon request for correction, either orally or in writing. The Operator has one calendar month to respond to the request of the Personal Data subject.
8.5 Right to erasure (“right to be forgotten”) (Article 17 of the Regulation). The Regulation grants natural persons the right to erasure of personal data. You may request deletion by contacting our Data Protection Officer, who has one month to respond to your request. Please note that this right is not absolute and only applies under certain circumstances, provided for in Article 17 of the Regulations.
8.6 Right to restriction of processing (Art. 18 GDPR). You have the right to request the restriction or termination of the processing of your Personal Data. If the processing has been restricted, such Personal Data, other than storage, are processed only with the consent of the data subject or for the establishment, exercise or defense of legal claims, or for the protection of the rights of another natural or legal person, or for the protection of the public interest of the union or state -member. Please note that this right is not absolute and only applies in certain circumstances, provided for in Article 18 of the Regulations.
8.7 Right to data portability (Art. 20 of the Regulation). The right to data portability allows you to obtain and reuse your Personal Data for your own purposes across various services. It allows you to easily move, copy or transfer Personal Data from one IT environment to another in a safe and secure manner without affecting the usability of Personal Data. Please note that you have the right to transfer Personal Data directly from one Operator to another, where this is technically possible.
8.8 Right to object (Article 21 of the Regulations). You have the right to object to the processing of your personal data at any time on grounds relating to your particular situation. We will not further process your Personal Data unless we have compelling legitimate grounds for processing that are more significant than the interests, rights and freedoms of the data subject or to establish, exercise or defend legal claims. If your Personal Data is processed for direct marketing purposes, you have the right to object to the processing of Personal Data relating to you for such marketing purposes, including profiling insofar as it is related to direct marketing.
8.9 Rights related to automated decision making, including profiling (Article 22 of the Regulations). You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects on him or her or significantly affects him or her. Please note that this right is not absolute and only applies under certain circumstances provided for in Article 22 of the Regulations. You may withdraw your consent to the processing of Personal Data at any time. Please remember that withdrawal of consent only applies to the future. Any actions related to processing carried out prior to such revocation shall not be affected by it.
9. Transfer of Personal Data
9.1 Transfer of Personal Data. In order to achieve the purposes of the Processing of personal data, we may need to provide your Personal Data to (1) the Payment Partner, (2) to the credit organizations involved in the execution of Transfers in order to maintain an adequate level of security for online payments made using electronic means of payment through the authorization page, the list of which is established by the security protocols of payment systems, acquiring banks, issuers of electronic means of payment (in accordance with the Public Offer), (3) fraud prevention institutions (including fraud in relation to actions, financial fraud and financial fraud bureaus), ( 4) state bodies, in particular, executive authorities.
9.2 Mandatory and optional transmission. The transfer of information may be mandatory, for example, in terms of information about the user equipment: IP address, OS, geographical data, ID / type of equipment, channel used: browser / application, payment authorization, identification / verification, or optional, for example, in terms of information about indicators of address matching, account information, etc.
10. Storage of Personal Data
10.1 Localization of Personal Data. If you are a citizen of one of the member states of the European Economic Area or the United Kingdom, then your Personal Data is collected and Processed in the European Economic Area. If You are a citizen of the Russian Federation, then We store Your data on servers located on the territory of the Russian Federation. If you are a citizen of one of the states whose legislation in the field of personal data processing establishes mandatory requirements for the place of collection of personal data on the territory of such a state, then your personal data will be stored and processed on the territory of such a state.
11. Principles and measures for the protection of Personal Data
11.1 Protection principles. We apply legal, organizational, administrative, technical and physical measures to protect Personal Data - to ensure the protection of Your Personal Data.
11.2 Protective measures. Measures to ensure the security of Personal Data during their processing are planned and implemented in order to ensure compliance with the requirements of legislation in the field of Personal Data and regulations adopted in accordance with it. We ensure the security of your Personal Data, including in the following ways: (1) limiting and specifying the composition of the Operator’s employees who have access to Personal Data, (2) appointing a person responsible for organizing the processing of Personal Data, (3) developing and implementing local acts on the processing of Personal Data, (4) identification of threats to the security of Personal Data during their processing in information systems of Personal Data, (5) the application of organizational and technical measures to ensure the security of Personal Data, (6) the use of information security tools that have passed the conformity assessment procedure in accordance with the established procedure, (7) taking into account electronic media, (8) establishing rules for access to Personal data, (9) restricting access to the premises where the technical means that process Personal data are located, as well as storage media, (10) detecting facts of unauthorized access to Personal Data and taking measures to prevent such access, (11) adding Personal Data (which is not publicly available, requiring confidentiality) to the Operator’s list of confidential information, (12) obtaining an obligation not to disclose confidential information, including Personal Data, with all employees of the Operator directly involved in the processing of Personal Data, (13) recovery of Personal Data modified or destroyed due to unauthorized access to them, (14) familiarization of the Operator’s employees directly involved in the processing of Personal Data with the provisions of the legislation on personal data, including requirements for the protection of Personal data, local acts on the processing of Personal data, (15) control over the measures taken to ensure the security of Personal data.
12. Cookies
12.1 Use of Cookies. The site uses cookies. When you visit the Site, your Internet browser transmits certain information to Our server: (1) date and time of visit, (2) browser type, (3) language settings, (4) operating system. This information is stored in connection logs for a limited time (from a session to a year) to ensure the security and proper operation of the Site, as well as to collect statistical information.
12.2 Functions Cookies. There are different groups of Cookies that are used on the Site. The first group is functional and technical Cookies. The main function of such files is to allow the Site server to obtain information about your session, language, browser, etc., and to ensure the full operation of the Site. These cookies are needed to recognize you when you visit the Site again. This allows us to personalize the content of the Site to your needs and to remember your preferences. The second group are analytical cookies, they allow us to evaluate and count the number of visitors, as well as to understand how they move around the Site while using it. This helps us make improvements to the operation of the Site, for example, by optimizing the search for the desired sections, making it simple and efficient. You have the right to refuse the use of analytical cookies by making the appropriate settings in your web browser.
12.3 Cookies storage time. By the time they are stored on users' devices, Cookies are divided into Persistent Cookies and Session Cookies: “Session Cookies” are files that are stored on your device until you close your browser. “Persistent Cookies” are stored on your device until they expire or you delete them.
12.4 Disabling Cookies. You have the ability to accept or decline all cookies on all websites you visit by changing the settings in your web browser. For example, when you are using Internet Explorer version 11.0 you should do the following: (1) select "Settings", then "Internet Options", (2) go to the "Privacy" tab, (3) use the mouse to select your preferred settings. Each browser must use its own settings to change and delete cookies. Please note that certain features of the Site may not be available if you disable Cookies. For more information on how to adjust or change your browser settings, please refer to your browser instructions or visit www.aboutcookies.org or www.allaboutcookies.org . If you use different devices to access the Site (e.g. smartphone, tablet, computer, etc.), you should ensure that each browser on each device is set according to your cookie preferences.
13. Contacts and exchange of legally significant messages
13.1 Data of the Parties for sending legally significant messages. In the course of fulfilling our obligations, there may be (and in some cases there must be) an exchange of important legal information between Us. Such an exchange takes place through the official contacts of the Parties (Contact information), both in writing and in electronic form (equivalently). At the same time, the conclusion of a separate agreement on the use of electronic document management is not required. Our Contact Details are specified in the Official Notice, and Your Contact Details are indicated by You in the Personal Account. Please remember that you bear all the risks associated with the fact that your Contact Data has become out of date. Please make sure that we only have your up-to-date contact details.
13.2 Correspondence exchange. The exchange of correspondence is possible only with the use of the Contact details of the Parties.
14. Final provisions
14.1 Divisibility clause. In the event that one or more provisions of the Policy are declared invalid / irreconcilable, etc., then such provisions are considered to be replaced by valid provisions as close as possible in their meaning. At the same time, the Policy cannot be invalidated in full under any circumstances.
15. Legal notice
Company incorporated under the laws of England and Wales
PLAYPAY LTD.
Registration number: 13752318
Address: 91 Battersea Park Road, London, England, SW8 4DU
Email: [email protected]
Email (Questions about Personal Data): [email protected]
THESE CONTACTS ARE THE ONLY OFFICIAL SOURCES OF COMMUNICATION WITH US. PLEASE BE CAREFUL!
Last update: 05/29/2023
The Policy is published in free access in the information and telecommunication network Internet on the Operator's Website
Your application will be processed soon. It usually takes up to 48 hours