Privacy Policy

This Privacy Policy is valid as from 18.11.2024

  1. About us
  2. Definitions
  3. Data we collect
  4. Our purposes for processing your personal data
  5. Legal basis
  6. Data storage
  7. Your rights and how you can exercise them
  8. Disclosure of information to third parties
  9. Privacy Policy
  10. Supervisory body

1. ABOUT US

CRIOPAY AD is a joint stock company registered in the territory of the Republic of Bulgaria with UIC 207839409 and an address atPlovdiv (4003), 14 "Neofit Rilski" St, which operates as the administrator of the platform „SelfiPay“, hereinafter referred to as: “We”,“SelfiPay”, “Controller”).We will process your personal data as controller in order to be able to provide our services. Therefore, in this Privacy Policy (hereinafterreferred to as “the Policy”) we have provided the information you need to be aware of as users of SelfiPay.This Policy is fully compliant with the General Data Protection Regulation (EU) 2016/679 and any other applicable legislation, related topersonal data protection. Any change of the Policy will be duly updated on SelfiPay, whereas the date of validity at the beginning of thedocument will be changes and the users will be notified to the e-mail addresses, provided by them. If You disagree with any part of ourPolicy, please do not generate any registration in SelfiPay and do not use our services. If you continue to use our services after theamendments, we will consider these actions as your acknowledgement of and agreement to our Privacy Policy.

2. DEFINITIONS

  • „Personal Data Controller“ means a natural person or a legal entity who will determine the personal data processing purposeand tools independently or together with other persons;
  • „Company“ is the Administrator of SelfiPay “CRIOPAY AD”;
  • „Personal Data“ means any information, related to an identified natural person or a natural person, that could be identified („You“,„You“, „Data Subject“ or „User/s“);
  • „Processing“ means any operation or set of operations which is performed on Personal Data or on sets of Personal Data;
  • „Personal Data Processor” means any natural person or legal entity, public authority, agency or any other structure that isprocessing Personal Data on behalf of the Controller;
  • „Recipient“ means any natural person or legal entity , public authority, agency or any other structure, to which the personal dataare disclosed, whether a third party or not;
  • „Personal data breach“ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorizeddisclosure of, or access to, Personal Data transmitted, stored or otherwise processed.
  • “Account Information” means information relating to your account.

3. DATA WE COLLECT

We may collect and process the following information:

  • Full name;
  • Address
  • E-mail;
  • Password;
  • Contact phone number
  • User name;
  • Facial scan data extracted from your photo or video (known as ‘biometric data’);
  • Other data, collected when you use a contact form;
  • Other information, voluntarily shared by you.

Your debit/credit card details are collected directly from the payment service provider we operate with- Stripe Payments Europe. For moreinformation on how they process your personal data, please visit their website and review their privacy policy which can be found at thefollowing link https://stripe.com/en-bg/privacy

4. OUR PURPOSES FOR PROCESSING YOUR PERSONAL DATA

The Personal Data you provide to us will only be processed for the purposes for which it is collected. These purposes are related to theactivities we carry out, namely establishment of payment systems for servicing and processing payment transactions.

These purposes may be, for instance:

  • the provision of our services, as well as to improve our products and services;
  • marketing purposes;
  • ensuring security;
  • to contact you with a question you may have;
  • to detect and prevent fraud- during onboarding, your identity will be verified to authenticate you as an authorised user of ourservices.

5. LEGAL BASIS

In order to process your personal data, we must have legal basis, which may differ depending on the purpose for which they are collected. Our legal basis could be based on the execution and performance of a contract, in order to comply with the legal requirements or to protectour legitimate interest. Additionally, for some of the services, you provide the information yourself and give your consent to its processing.

  • Processing of the data, necessary for the conclusion and the performance of contracts in order to execute obligations fromconcluded contracts for providing the Services; Providing comprehensive services and administration;
  • Processing of the data that we need in order to comply with legal obligation;
  • Processing of data based on Your consent - direct marketing, collecting biometric data;
  • Processing of data in order to protect our legitimate interest to ensure that we can provide our Services to you.

Where your Personal Data is processed on the basis of your consent, you have the right to withdraw your consent at any time and suchwithdrawal will not affect the lawfulness of the processing carried out prior to such withdrawal.

In order to support some of our contractual activities or where it is necessary to comply with some legal obligation, SelfiPay engages thirdparties. Your Personal Data is not disclosed to third parties until we are assured that all technical and organisational measures have beentaken to protect that Personal Data.

6. DATA STORAGE

Since your data and its security are of the utmost importance to us, we implement all appropriate technical and organizational means at ourdisposal to prevent unauthorized access, unauthorized or malicious use, loss or premature deletion of information. In addition, weimplement measures to protect your personal information from accidental loss, unauthorized access, use or alteration. To protectinformation from loss, misuse and unauthorized disclosure, we have policies and procedures that are implemented. We also take additional 5information security measures, including access controls, strong physical security and robust information collection, storage and processingpractices.

Upon expiration of the retention period, all Personal Data and available copies will be deleted by us unless European Union or Bulgariandata protection legislation requires that the data be retained due to legal obligations, legal requirements, public investigations, investigationsof possible breaches of our Terms and Conditions or to prevent damage to the Controller.

Where the processing of Personal Data is based on your consent, the Personal Data will be deleted once you have withdrawn your consentor unsubscribed from receiving the relevant information. You may withdraw your consent at any time by clicking on the "unsubscribe"button where available or by sending an email to: support@criopay.com.

7. YOUR RIGHTS AND HOW YOU CAN EXCERSICE THEM

You have the legal right to:

  • To unsubscribe from receiving commercial messages;
  • To have access to the personal information that we store for you, in a convenient digital form;
  • To edit, add, delete and manage the information in Your profile at any time;
  • To require correction of the collected Personal Data, if they are incorrect;
  • To receive a copy of your Personal Data in a digital form;
  • You are entitled to require deletion of your Personal Data – i.e.. „the right to be forgotten“, however, this right is not absolute(exceptions – the available Personal Data is necessary for exercising the right of free speech; there is a legal obligation to store thisdata; from reasons of public interest);
  • To receive from us information about our actions with regard to Your Personal Data, inclusive the purpose of collection and storage,storage period, collection method, etc.;
  • To receive Your data and to transfer them to another Personal Data Controller;
  • To contact us in case of questions, complaints or other problems, occurred with the processing of Your Personal Data;
  • You may submit a complaint to a supervisory body, in particular in the member country of your permanent residence, employment orthe location of the presumable violation, if you consider that there is Personal Data breach.

Can an individual make a request on behalf of someone?

A third party may exercise these rights on your behalf (eg a relative, friend or solicitor), however a proof is required to be provided that thethird party making the request is entitled to act on your behalf. For example, by providing a written authority, signed by You, stating thatthe third party is given permission to make such request on your behalf.

In case of questions or claiming right with regard to the Personal Data Protection you can contact us as follows:

Email: support@criopay.com

Phone: +359887661202

Every effort will be made to respond to all of your requests relating to privacy in a timely manner and within the statutory terms. If aprivacy issue remains unresolved, you may contact your local data protection authority, for which you may find contact details below insection SUPERVISORY BODY.

8. DISCLOSURE OF INFORMATION TO THIRD PARTIES

Please be advised that in certain cases, SelfiPay may disclose your information, such as if we have reasonable grounds to believe that thelaw requires us to do so, where it is necessary to prevent and resolve fraud, unauthorized use of our services, violations of our Terms andConditions, or other harmful illegal activities, and to protect our users.

Accordingly, your Personal Data may be shared with third party recipients in the following circumstances:

  • In order to comply with a legal requirement, legal process, court order or legal process in respect of the Controller or its branches,subsidiaries, associates;
  • for the purpose of investigating a possible crime such as identity theft;
  • with public authorities in fulfilment of their legal obligation to carry out their official mission, such as tax and customs authorities, financial investigation units, independent administrative authorities, etc;
  • in connection with a reorganisation (merger, amalgamation, separation and division), sale, purchase, business transformation, dissolution, liquidation, bankruptcy of the Administrator;
  • where we believe it is necessary to protect the rights, property, or safety of the Administrator or others associated with the Administrator; or
  • where otherwise required or permitted by law, including any contractual obligations of the Administrator.

9. PRIVACY POLICY

We reserve the right to make changes to this Privacy Policy from time to time. Such changes shall be effective immediately uponpublication. We encourage you to review this page regularly, to ensure that you are always aware of what information we collect, how andfor what purposes SelfiPay uses it, and under what circumstances (if any) we will disclose it to other parties.

10. SUPERVISORY BODY

The local Supervisory body on the territory of the Republic of Bulgaria in matters, regarding Personal Data, is:Commission for Personal Data Protection, Address: Sofia, 1592, No 2, Tsvetan Lazarov Blvd., Phone: +359 2 915 3580, Fax: +359 2 9153525,
e-mail: kzld@cpdp.bg, website: http://www.cpdp.bg/.