WHY DO WE COLLECT PERSONAL DATA?
We collect, process and retain personal data from you and any devices you may use when you use our Services, or provide to us on a web form, or when you update your data or otherwise correspond with us regarding our Services. Additionally, we may collect personal data from third parties or publicly accessible sources (Internet). We collect personal data for the following purposes:
- To process your transactions and contact you, as necessary
- To verify your identity
- To collect payment for your use of the Service
- To troubleshoot problems with the Service
- To detect and prevent fraud and other illegal uses of the Service
- To enhance and simplify the user experience
- To send you marketing notices, service updates, and promotional offers
- To send transaction alerts to you and/or the recipient of your remittance
- To be in compliance with binding legal obligations like:
- Act No. 253/2008 Coll., on Selected Measures against Legitimization of Proceeds of Crime and Financing of Terrorism
- Act No. 370/2017 Coll., on Payment System
- Act No. 21/1992 Coll., on Banks
- Decree No. 67/2018 Coll., of 11 April 2018 on selected requirements for the system of internal rules, procedures and control measures against legitimization of proceeds of crime and financing of terrorism
- Act No. 164/2013 Coll., on international cooperation in tax administration and on the amendment of certain related Acts
- Bookkeeping and archiving according to legal requirements.
- To protect our rights and legitimate interests.
HOW DO WE COLLECT INFORMATION?
In the sections below, we list the reasons why we share customers’ and consumers’ personal data; the reasons BESTPAY s.r.o. chooses to share; and whether you can limit this sharing.
We collect personal data:
- Directly provided by you when you use our Services;
- Automatically through your use of our Services;
- From using cookies, web beacons, and similar technologies; and
- From other third party sources (interbank communication, official records and lists)
- From publicly accessible sources (Internet).
WHAT KINDS OF PERSONAL DATA DO WE COLLECT?
INFORMATION THAT YOU GIVE US
The information that we collect directly from you includes:
- Information that you provide us in the course of using the Service, such as your name, surname, address, email address, telephone number, date of birth, personal identification number, sex, citizenship, nationality, ID number and copy of ID Card. We may also collect information from you including your bank account number, credit card number, and social security number, and other identification documents we may request to validate your identity for the safety and security of establishing your Account with the Service.
- To facilitate our Service, we request certain third party personal data from you such as your recipient's full name, physical address, email address, and phone number. We may also collect from you the recipient's financial information including their name, bank account and routing number. If you give us personal data about someone else, you must do so only on their explicit and prior consent. You have to inform them how we collect, use, disclose and retain their personal data according to our EU General Data Protection Regulation (GDPR).
- Information about your usage of the Service, including your transaction history, and how you choose to pay/fund your remittance, and to whom you use the Service to send or receive money, along with the recipient’s collection method.
You decide how much information you want to share with us in some cases, but not sharing required information may limit your ability to engage in certain activities, such as payment information required to complete a transaction.
INFORMATION COLLECTED AUTOMATICALLY THROUGH YOUR USE OF THE SERVICE
When you use or interact with our Site and Services, we receive and store information generated by your activity, like usage data and other information automatically collected from your browser or mobile device. The Information that we automatically obtain from you is used to prevent theft in the system. This information is also needed to determine the correct operation of our clients and also for security reasons - prevention of fraudulent activities. The collected information includes:
- Information about the hardware and software you use when accessing the Service,
- Your IP address and geolocation data.
INFORMATION COLLECTED USING COOKIES, AND SIMILAR TECHNOLOGIES
COOKIES, tags and scripts are used by BESTPAY. These technologies are used:
- To enhance and simplify the user experience on our home page and throughout our site, to remember users’ settings (e.g. language preference, preferred country of remittance, and for authentication);
The information collected may include your IP address; browser type and version; preferred language; geographic location using IP address; operating system and computer platform; the full Uniform Resource Locator (URL) clickstream to, though, and from our Site, including date and time; and areas of our Site that you visited. We also may log the length of time of your visit and the number of times you visit and use the Services.
We may assign you one or more unique identifiers to help keep track of your future visits, however you still stay anonymous for us according to identification by GDPR in this case.
WHEN MAY WE SHARE OR DISCLOSE YOUR PERSONAL DATA?
We do not sell, share or rent the information we collect to third parties for their promotional purposes unless we receive your permission to do so. Without your consent we may share information about you (including non-public, non-personally identifiable information):
- Fulfillment of obligations in connection with the execution of payment transactions, in particular in compliance with Act No. 21/1992 Coll., on Banks and Act No. 253/2008 Coll., on Selected Measures against Legitimization of Proceeds of Crime and Financing of Terrorism and in compliance with Act No. 370/2017 Coll., on Payment System
- Third-party service providers under contract with BESTPAY that help us with our business operations, such as transaction processing and collections. These service providers are authorized to use your personal data only as necessary to provide these services to us.
- In the event of the sale, acquisition or merger of some or all of our assets, your personal data might be a part of the transferred assets, however such information will be passed only when the sale is complete. The seller cannot pass personal data of the client until the buyer becomes a legal owner of the company. We shall notify you in the event of such an occurrence by placing a notice on our website.
- Law enforcement and government officials, but only in connection with a formal request, subpoena, court order, or similar legal procedure, as well as circumstances where we believe in good faith that disclosure is necessary to comply with the law, report suspected illegal activity, or investigate violations of our User Agreement, in particular in compliance with Act No. 21/1992 Coll., on Banks and Act No. 253/2008 Coll., on Selected Measures against Legitimization of Proceeds of Crime and Financing of Terrorism and in compliance with Act No. 370/2017 Coll., on Payment System for the purpose of fraud prevention, investigation and detection.
USES OF PERSONAL DATA (OTHER THAN PROVIDING PAYMENT SERVICES)
PROVIDE, IMPROVE AND PERSONALIZE OUR SERVICES
As is true of most web sites, we gather certain information automatically and store it in log files. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data. We may combine this automatically collected log information with other information we collect about you. We do this to improve services we offer you, verify security, and to improve marketing, analytics, or site functionality.
PERSONALIZE OUR ADVERTISING AND MARKETING COMMUNICATIONS
The Site may contain links to other web sites. BESTPAY is not responsible for the privacy practices or the content of these other web sites. We encourage you to familiarize yourself with the privacy practices of these other sites prior to submitting your personal data to them.
TESTIMONIALS AND REFERRALS
We display personal testimonials of satisfied customers on our Site in addition to other endorsements anonymously. With your consent we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact us via details mentioned in the CONTACT US section.
If you choose to use our referral service to tell a friend about our Site, we will ask you for your friend’s name, email address and phone number. We will automatically send your friend a one-time email inviting him or her to visit the Site. BESTPAY stores this information for the sole purpose of sending this one-time email, and for tracking the success of our referral program.
WITHDRAWAL OF CONSENT
You are authorized to withdraw your consent for any personal data processing at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
- If you decide to withdraw your consent, you may CONTACT US by email or by mail.
ACCESS TO YOUR PERSONAL DATA AND RETENTION
We will honor any statutory right you may have to access, modify or erase your personal data. Where you have a statutory right you to access, modify or erase your personal data, we can still withhold that access or decline to modify or erase your personal data in some cases and in accordance with applicable national laws, but will give you reasons if we do so.
You can access, modify or update or delete your personal data submitted on our Site by logging into your account and changing your preferences. You may also contact us using the CONTACT US details below.
- We will retain your personal data for 10 years after termination of your account or from the moment we provided you our money remittance services; according to §16 of the Act No. 253/2008 Coll., on Selected Measures against Legitimization of Proceeds of Crime and Financing of Terrorism. The time limit shall begin to run on the first day of the calendar year following the year in which the last transaction was effected
- We will retain and use your personal data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
You are authorized to ask us about the range of personal data we collect about you. Such request will be answered by us within 1 month.
You also have several statutory rights that allow you to manage your personal data we collect about you:
- Right to rectification
- Right to erasure (so called “right to be forgotten”) – there are statutory reasons when this right can be applied and when the right is limited. Please, be aware that we have to keep the data that are required by law and that we have to archive it for a specified time.
- Right to restriction of processing - there are statutory reasons when this right can be applied and when the right is limited. Please, be aware that we have to keep the data that are required by law and that we have to archive it for a specified time.
- Right to data portability - there are statutory reasons when this right can be applied and when the right is limited.
- Right to object – you can apply this right at any time. If your objection regards to processing for direct marketing purpose, your personal data shall no longer be processed for such purposes.
- Automated individual decision-making, including profiling – you have right to not to be a subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you.
You have also right to be informed without undue delay in case when we notice any data breach that can result in a high risk to your rights and freedoms.
If you decide to apply any of your rights, please do not hesitate to send us your written request by email or mail using the CONTACT US details below.
In case of an initiative or complaints you can also contact The Office for Personal Data Protection at address: Pplk. Sochora 27, 170 00 Praha 7, Czech Republic, www.uoou.cz.
WHAT SECURITY MEASURES DO WE HAVE?
We protect your personal data using administrative, organizational, physical and technical safeguards, including firewalls and data encryption, to reduce the risk of loss, misuse, unauthorized access, disclosure and alteration. Our security controls are designed to maintain an appropriate level of data confidentiality, integrity, and availability. We regularly test our website, data centers, systems, and other assets for security vulnerabilities for the continued protection of your personal data.
All BESTPAY employees pass financial and criminal background checks as a condition of employment.
OTHER IMPORTANT INFORMATION
DATA TRANSFERS TO OTHER COUNTRIES
BESTPAY is headquartered in the Czech Republic, and we have operations, partners, and service providers in the Czech Republic and throughout the world. As such, we and our service providers may transfer your personal data to, store or access it in, jurisdictions that may not provide equivalent levels of data protection as your home jurisdiction; these transfers of personal data only concern our legal obligations for providing payments. Anyway, we will always take steps to ensure that your personal data receives an adequate level of protection in the jurisdictions in which we process it.
If you are located in the European Economic Area, we provide adequate protection for the transfer of personal data to countries outside of the EEA through a series of inter-company agreements based on the Standard Contractual Clauses authorized under the EU General Data Protection Regulation (GDPR).
BESTPAY does not offer services to minors and does not knowingly collect personal data from children under the age of 18. If you believe we have collected personal data from your child in error or have questions or concerns about our practices relating to personal data of children, please notify us using the CONTACT US details below and we will promptly respond.
In the Czech Republic by calling us at +420 221 501 021 or by writing to us at:
Purkyňova 74/2, Nové Město, Prague 1, 110 00, Czech Republic.