Confidentiality And Data Protection Policy

dated December 01, 2021

GENERAL PROVISIONS

This Confidentiality Policy And Data Protection Policy (hereinafter – the “Policy”) explains how PayAdmit (hereinafter – the “Company”) processes, collects, uses and transfers personal data of users who use the software products corresponding to the Company located on the Internet at: https://PayAdmit.net/ (hereinafter – the “Website”/”Platform”), or any other software products owned by the Company in applications or on the websites of other service providers.

The Company has great respect for the confidential (personal) information of all persons, without exception, who have visited the Website, as well as those who use the services provided by the Website. In this connection, the Company seeks to protect confidentiality of personal data (information or a set of information about the individual who is identified or can be specifically identified), thereby creating and providing the most comfortable conditions for using the Website’s services for each user.

This Policy establishes the Company’s guideline for processing personal data, the types of collected personal data, the purposes of using such personal data, the Company’s interaction with third parties, security measures to protect personal data, conditions of access to personal data, as well as the contact information for the user about accessing, making changes, blocking or deleting their personal data and addressing any questions, which you may have regarding the practice of protecting personal data.

1. COLLECTION AND PROCESSING OF PERSONAL DATA

Purposes of Processing Personal Data

The Company processes and collects information about Users in various forms, including their personal data. As used in this Policy, “personal data” is as defined in the GDPR and any applicable law, including any information, which, alone or in combination with other information, identifies or can identify a user.

The company will process the personal data of Users only in accordance with the current legislation on data protection and confidentiality. The Company needs certain personal data in order to provide users with access to the Platform and provide services.

Collection of Personal Data

The Company collects information about Users when the latter use the Company’s services on the Platform. When Users use the services of a third-party service provider, the services of the Company can be embedded in their systems, and the Company automatically receives the information that Users have provided them to provide certain services that the Company offers.

Use of Personal Data

The company can use the personal data of users in order to:

– operate, maintain and improve the Platform, products and services;

– provide the Users with the Company’s services;

– process payments or payment transactions made by users through the Platform;

– comply with applicable law and make legal requests, including responding to the requests from government agencies;

– ensure compliance with the Policy;

– protect the rights, privacy, safety or property of individuals;

– and also as described in the section “Exchange of Personal Data” below.

2. EXCHANGE OF PERSONAL DATA

The Company can transfer personal data of Users as follows:

– Third Parties designated by Users. The company can transfer personal data to third parties if the User has given his consent to it.

– Service providers for the Company. The Company may transfer the personal data of Users to the service providers that provide the necessary services to the Company, such as banks or other financial institutions, to process Users’ transactions and perform other financial transactions.

– Other cases. The Company may transfer personal data of users if the company deems it necessary or appropriate: (A) to comply with laws; (B) to comply with lawful requests and legal procedures, including the requests from government agencies to comply with national security requirements or decisions; (C) to ensure compliance with the Policy; (D) to protect the rights, privacy, safety or property of individuals.

3. PLATFORMS OF OTHER SERVICES

The platform may contain links to third party sites and functions. This Policy does not apply to the privacy policy of such services. These services have their own confidentiality policies and the Company is not responsible for their websites, functions or policies. Please read the confidentiality policies of such services before sending any data to them.

4. INTERNATIONAL DATA TRANSFERS

The information, including personal data, which the Company receives from Users, may be transferred, stored and processed by the Company outside the country in which the User lives, where the data protection and privacy laws may provide a level of data protection lower than in other parts of the world. By using our Platform and providing consent, you consent to this transfer, storage and processing. The Company will take all reasonable and necessary steps to ensure the safe handling of personal data in accordance with this Policy.

5. SAFETY

In order to ensure the security of transmission and storage of data of payment cardholders when providing the relevant services, the PayAdmit software product has been certified for compliance with the Payment Card Industry Data Security Standard (hereinafter – “PCI DSS”) and ensures compliance with the specified standard on an ongoing basis.

Compliance with PCI DSS means:

– fulfillment of all requirements of VISA and Mastercard international payment systems in accordance with the rules for making payments and data protection means;

– definition and development of the company’s security policy;

– ensuring the reliable encryption of data and their transmission over the network only in encrypted form;

– differentiation of access to data based on the job responsibilities and authorities with real-time access control;

– determination of stringent requirements for the development, testing and implementation of software with the provision of multi-stage security control of data processing;

– implementation of a regular system scanning process in order to detect vulnerabilities and their subsequent elimination;

– implementation of constant monitoring of the user data security both at the time the user carries out transaction and for the stored user data;

– continuous updating to the current and protected versions of the software used.

6. STORAGE OF PERSONAL DATA

The Company will store the personal data of Users for a reasonable period of time necessary for the Users to use the Platform unless a longer storage period is required or permitted by law (for example, for regulatory purposes).

7. RIGHTS OF THE PERSONAL DATA SUBJECT

The Company informs you about your rights as a personal data subject, namely:

 

– the right to be informed about the collection and use of your  personal data both if they are provided directly to a Company and if the Company has acquired it from another source;

– the right to access your personal data collected, stored, or used by the Company;

–  the right to rectification. It means that you are entitled to have inaccurate personal data about you rectified as soon as possible, along with the right to complete any incomplete personal data, including by means of providing a supplementary statement;

– the right to erasure. It means that you have the right to request the deletion of your personal data under certain conditions, such as when the data is no longer necessary for the purpose it was collected or the consent is withdrawn by you or when you objects to the processing, and there are no prevailing legitimate reasons that override the processing or the personal data have been processed unlawfully, or the personal data have been gathered for the offer of information society services or the personal data has to be erased to fulfill a legal obligation within EU or Member State law to which the Company is obligated;

– the right to restrict the processing of your personal data;

– the right to data portability. It means that you are entitled to receive your personal data, which you have provided to the Company, in a structured, commonly used, and machine-readable format;

– the right to object to processing your personal data, particularly in cases where the processing is based on legitimate interests or public tasks;

– the right to withdraw your consent at any time;

– the right to lodge complaints. If you believe that the Company’s processing of your personal information violates your rights, you may file a complaint with a competent supervisory authority.

For updating, accessing, amending, blocking or deleting your personal data, revoking consent to the processing of personal data that you provided to the Company in accordance with this Policy, or if there are any comments, wishes or claims regarding your personal data, processed by the Company, please contact the Company via email at [email protected].

POLICY CHANGE

The amendments and additions may be made to this Policy from time to time and without prior notice to the user about it, including when the legislative requirements are amended.

In the event of significant amendments to this Policy, the Company will post a message on its Website and indicate the date of entry into force of these amendments. If you do not deny accepting them in writing within the specified period, this will mean that you agree with the corresponding amendments to the policy.

We ask you to review the Policy from time to time in order to be aware of any amendments or additions.

Website Requirements

  1. Website performance
    The website must be fully functional.
    The content must be relevant and complete, the internal links must be functional;
  2. For a legal entity
    The online store of a legal entity must be multi-page.
    From two pages, the number of goods / services from two or more
  3. For individuals and individual entrepreneurs
    One-page websites (landing page) can be used
  4. Public access
    The website must be publicly available and not ask for a username / password for entry.
  5. Test access
    When connecting to the service of the Personal Account of the online store, you must provide test access. The personal account must be located on the same domain as the main website;
  6. Legislation
    The goods / services offered in the online store must not contradict the current legislation of the countries where the service is provided or goods are for sale;
  7. On the website of the online store, you must specify:
    – full company name,
    – legal and actual address,
    – phone and email address,
    – public offer agreement;
  8. Description and characteristics
    The goods and services sold by the online store must have a detailed description, characteristics, consumer properties, price;
  9. Single domain name
    All pages related to the sale of goods, works, services on the website of the online store must be under a single domain name.

Please note that these are basic requirements for Connected Online Stores, but each application will be reviewed on a case-by-case basis.