effective from 17.4.2023
The purpose of this document is to specify in more detail the purpose and means of processing of personal data in the provision of services by us, i.e. BESTPAY s.r.o., with its registered seat at Purkyňova 74/2, Nové Město, 110 00 Prague 1, ID No.: 041 11 648, registered in the Commercial Register of the Municipal Court in Prague, file No. C 242665, ("BESTPAY"). We may update this policy to reflect changes in our practices or based on the change of the legislation. If there are any material changes, we will notify you by email to your registered email address or by notification to www.bpay.cz
In particular, we process the following personal data:
- identification data (name, surname, date and place of birth, permanent or other residence address,gender, citizenship);
- contact details (phone number, email address);
- login details (ID and password);
- data about your behaviour (transaction history, information about your profession);
- data about your use of the BESTPAY mobile phone or web application ("Application") (IP address, browser type and version, preferred language, geographic location of the IP address, operating system and computer platform, full URL information, click-through information to/from our website including date and time, the area of our website you visited, length of your visit and number of visits);
- data required by Act No. 253/2008 Sb., on certain measures against the legalization of the proceeds of crime and the financing of terrorism, as amended ("AML Act") (e.g., copies of identity cards, photographs, information on the source of income, purpose of the transaction, status of politically exposed person);
- and, where applicable, other data required by the relevant legislation.
We process personal data mainly for the following purposes:
- for activities in the course of providing the services (e.g., processing transactions, contacting you if necessary to provide the services or to resolve any problems). We carry out these activities on the basis of our contract.
- for activities in the context of your identification and control and other possible measures under the AML Act. We carry out these activities based on our legal obligation.
- for detecting and preventing fraud and other unauthorised use of our services. We carry out these activities on the basis of our legitimate interest.
- for improving the user experience of our Application. We carry out these activities on the basis of our legitimate interest.
- for marketing purposes, service update notifications and promotional offers. We do this either on the basis of legitimate interest in the case of direct marketing or on the basis of your consent.
- for fulfilling our legal obligations arising from other legal regulations, such as 370/2017 Sb., on payments, as amended, Act No. 21/1992 Sb., on banks, as amended, Act No. 164/2013 Sb., on international cooperation in tax administration, as amended, etc.
- for any potential dispute between us, we may also use your personal data to protect our interests, e.g., in the context of litigation, based on our legitimate interest.
We, as the controller of your personal data, primarily process your personal data. We also use business partners for various services in which they may process your personal data. In particular, we may share your personal data with the following processors:
- business partners providing transaction services (e.g., authorised representatives, card processing companies, payment processing companies, companies carrying out processes under the AML Act, etc.);
- business partners providing IT services (e.g., cloud storage providers);
- business partners providing services to protect our rights (e.g., debt collection companies or legal services).
We always process personal data for the period of time related to the specific purpose of processing, i.e., for the time necessary to fulfil the purpose of processing or for the time required by law, in particular:
- for the provision of services for the duration of our contract and 3 years after its termination;
- for sending newsletters, or other marketing communications and materials as long as our legitimate interest continues or you do not refuse such processing (unsubscribe), or in the case of consent, for the period of its granting or until its withdrawal;
- to protect our legitimate interests for 10 years from the termination of the contract, or longer in justified cases, in particular in the event of a complaint, claim or litigation or proceedings before a public authority;
- for the purposes of complying with the AML Act for 10 years, for as long as the legal obligation we are bound to comply with continues, including the legally required archiving periods.
If you have given us your consent to the processing of your personal data, you are entitled to withdraw it at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent given before its withdrawal. You can withdraw your consent via the Application or by contacting us at our email address email@example.com.
We protect your personal data with administrative, organizational, physical and technical safeguards, including firewalls and data encryption, to reduce the risk of loss, misuse, unauthorized access, disclosure and alteration. Our security features are designed to maintain appropriate levels of data confidentiality, integrity and availability. We regularly test the Application, data centres, systems, and other devices for security vulnerabilities to protect your personal data at all times.
To the extent that the data protection regulations, in particular the GDPR, guarantees, you have the following rights:
- the right to access your personal data;
- the right to restrict the processing of your personal data;
- the right to rectification and erasure of your personal data;
- the right to object to processing based on our legitimate interest;
- the right to have your personal data transferred to another controller where the data has been processed by automated means and on the basis of consent or the performance of a contract.
If you believe that we are violating the law by processing your personal data, you can file a complaint with the supervisory authority, which is the Office for Personal Data Protection, located at Pplk. Sochora 27, 170 00 Prague 7, website: www.uoou.cz.
You can exercise your rights through the Application or by contacting us at our email address
BESTPAY s.r.o., ID: 04111648, with its registered office at Purkyňova 74/2, 110 00 Prague 1 - Nové Město, registered at the Municipal Court in Prague, file number C 242665.
Document version No.: 2023.01