Ultimo aggiornamento: 2022-05-18
I. GENERAL PROVISIONS
- Era Finance Ltd. (private limited company, company code C 92740, registered at Suite 1, Sterling Building, Enrico Mizzi Street, XBX 1453, Ta’ Xbiex, Malta) (the “Company“ or “we“) administrates bankera.com (the “Website" or the “Platform”) and offers Bankera account (the “Bankera account”) and other services (all together hereinafter referred to as the “Services“) available through the Platform.
- This Policy explains how your personal data is being processed in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR“) and other applicable laws. The Policy also shows how we process your personal data through any relationship we have, whether it would be use of the Services on the Platform, online support services or any other possible mean. In case you provide information about other natural persons to the Company, you undertake to make this Policy known to them before the disclosure of such information to the Company.
- The Company takes all the necessary measures to protect your personal data against unauthorized or unlawful processing and against accidental loss, destruction, or damage. This includes legal, organizational, technical, and physical security measures.
- By using this Website and the Services you confirm you have read, understood and agree with this Policy and other privacy policies you may find hereinafter in this Policy. The Company reserves the right to make changes to this Policy. An up-to-date version of the Policy is posted on the Website.
II. PERSONAL DATA MANAGEMENT PRINCIPLES
- The Company undertakes to ensure your personal data is:
- processed lawfully, fairly, and in a transparent manner in relation to you;
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- accurate and, where necessary, kept up to date;
- kept in a form which permits your identification for no longer than it is necessary for the purposes for which the personal data are processed;
- processed in a manner that ensures appropriate security of your personal data.
- The Company follows the above indicated principles strictly during the processing of your personal data and request the same from the data processors which it may use to process personal data on behalf of the Company.
III. LAWFULNESS OF PERSONAL DATA PROCESSING
- Your personal data will be processed if:
- you have given a consent to the processing of your personal data for one or more specific purposes;
- processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract;
- processing is necessary for compliance with a legal obligation to which we are subject;
- processing is necessary for the purposes of the legitimate interests pursued by us or the third party.
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
IV. PURPOSES FOR WHICH YOUR PERSONAL DATA IS BEING PROCESSED
- Support services. We process your personal data for this purpose in order to be able to answer the inquiries you have.
- Call recording. We process your personal data for this purpose in order to ensure the quality of our services and customer support.
- Proper and secure operation of the Platform. We process your personal data for this purpose in order to ensure smooth and secure operation of the Platform.
V. METHODS HOW YOUR PERSONAL DATA IS BEING COLLECTED
- The Company collects your personal data when:
- you register to use Bankera account;
- you consent to the call being recorded;
- your personal data has been provided by the authorized third party;
- you request Services support;
- you use or view the Platform.
- In order to ensure smooth delivery of the requested Services or keep you updated with Bankera news, the Company may also collect your personal data from the data controllers and/or the respectable third parties wherein you have already initiated or have an account, partners that process your contact details or public sources.
VI. CATEGORIES OF THE PROCESSED PERSONAL DATA
- The scope of your personal data indicated below which could be requested by the Company and further processed in order to provide the Services for the purposes indicated in article 4 of this Policy may vary depending on the type of Services chosen particularly by you and Company‘s applied procedures to execute it, as well as, legal requirements applied for such provision of Services in order to prevent possible risks and various crimes.
- In order to provide the Services, we may process your personal data categories, such as (including but not limited):
- General data: first name, last name;
- Contact data: e-mail; telephone number;
- Communication data: correspondence, chats, date, time;
- Call recording data: the record of the call, including the representation of the agent and the caller, as well as, all information discussed during the call, data and time of the call, caller’s telephone number, agent number;
- History data: your experience using the Website, the register of all timestamped your actions performed on the Platform (i.e., your separately expressed consents for personal data processing such as consent for direct marketing);
- Information related to electronic devices: IP address(es), time zone, time, data, browser information, electronic device‘s operational system information, location data (country (code), city), internet service provider (ISP), selected language.
VII. PERSONAL DATA RECIPIENTS
- Your personal data indicated in article 6 of this Policy may be provided by the Company itself or upon respective request to the below indicated categories of personal data recipients:
- service providers, i.e. marketing service providers, IT service providers, telecommunication and call recording service providers;
- credit, financial, payment and (or) electronic money institutions;
- payment services providers, as well as intermediary services providers;
- other service providers which services may include, or which are engaged in personal data processing executed by the Company.
- Personal data may also be provided to other recipients if:
- the Company has to comply with a legal obligation to which it is a subject; or
- such requested personal data is necessary for the concrete data recipient to carry out a particular inquiry in the general interest, in accordance with European Union or Member State law; or
- the data requesting party has a legitimate interest to request for such information;
- other grounds indicated in Article 6 of GDPR are applied.
- In general, Company process your personal data within European Union (“EU”) or European Economic Area (“EEA”), however, there might be some cases when the Company cooperates with the recipients outside EU or EEA. In such cases the Company makes all reasonable efforts to ensure that at least one of the following GDPR requirements is complied:
- the recipient is located in the territory which is acknowledged by the European Commission as ensuring the adequate level of personal data protection;
- the Company and the recipient have concluded Standard contractual clauses regarding personal data transferring which were approved by the European Commission;
- the Codes of Conduct or other measures indicated in Chapter V of GDPR have been complied.
VIII. PERSONAL DATA STORAGE
- The Company processes personal data so that it could achieve the purposes indicated in article 4 of this Policy.
- In order to set the below indicated data retention periods the Company has referred to the legal acts and public recommendations applicable in Europe Union and locally such as compliance with legit limitation periods, as well as current business practice.
- Depending on the category of personal data and the purpose it is being processed your data retention periods applied within the Company as it is required by the law or business practice to ensure smooth delivery of the Services are:
- for the purpose of direct marketing in order to update you about our Services, products and proposals, as well as, ask your opinion about your experience using the Services, we will process your personal data as long as you are registered to use the Services and/or have contractual relationship with us, except in cases when you have objected to such processing, terminated the contractual relationship or requested erasure of your personal data;
- for the purpose of call recording your personal data will be processed for 6 months since the date the record of the call has been made.
- for the purpose of provisions of support services your enquiries together with your provided personal data will be processed for 3 years since the conclusions of the executed correspondence.
- for the purposes of proper and secure operation of the Platform we process your personal data throughout the term we support the Platform.
- Upon the end of the retention periods, indicated above, your personal data is erased. However, the aforementioned time limits may be additionally extended if a competent authority conducts an investigation and the further data processing is necessary to execute it or the data processing is necessary based on other legit reasons.
IX. INFORMATION SECURITY
- The Company takes various security ensuring technologies and procedures in order to protect your personal data against unauthorised or unlawful processing, accidental loss, misuse, unauthorized access, illegal usage, destruction, disclosure, damage and etc. This includes legal, organisational, technical, and physical security measures, such as latest security systems, ability to detect cyber security attacks and other threats to the integrity of the Platform. However, no transmission of information via e-mail or other telecommunication channels or your access to the Platform or the Services through the internet could be fully secured. Therefore, you should take due care when you are accessing the Platform or using the Services via internet or sharing confidential information via e-mail or other telecommunication channels.
XI. YOUR RIGHTS REGARDING THE PROCESSING OF YOUR PERSONAL DATA
- You have certain legal rights in relation to the processing of your personal data, including:
- the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the information regarding its processing;
- the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you and, taking into account the purpose of the processing, the right to have incomplete personal information completed;
- the right to obtain from us the erasure of personal data concerning you without undue delay if one of the grounds set out in article 17 of the GDPR applies;
- the right to obtain from us restriction of processing where one of the grounds set out in article 18 of the GDPR applies;
- the right to data portability in accordance with article 20 of the GDPR;
- the right to object at any time to processing of your personal data in accordance with article 21 of the GDPR;
- the right not to be subject to an automated individual decision-making, including profiling in accordance with article 22 of the GDPR.
- This Policy does not deprive you of any other legal rights you may enforce under the applicable law.
- You may exercise your rights by sending us a request via e-mail: [email protected].
- You may exercise your rights only after the Company has successfully identified you. Therefore, the Company may ask you to provide additional information in order to duly identify the person sending the request, such as a selfie with your ID document, video or voice call, or any other additional document which could let to determine your identity. If the Company is not sure about the identity of the person sending data request, the Company may not provide the requested information to him / her.
- You may be provided with information related to the exercise of your rights free of charge. However, your request for the exercise of rights may be waived or may be subject to an appropriate fee if the request is manifestly unfounded or excessive, in particular, because of their repetitive character.
- The Company shall provide you with information on the actions taken upon receipt of your request for the exercise of your rights or the reasons for the inaction no later than within 1 month from the receipt of the request. The period for submitting the requested information may be extended, if necessary, for a further 2 months, depending on the complexity and number of requests. When you submit the request by electronic means, the information shall also be provided by electronic means.
- If you consider that your personal data is being processed in violation of your rights and legitimate interests in accordance with applicable law, you shall have the right to file a complaint against the processing of Personal Data to the State Data Protection Inspectorate.
XII. YOUR RESPONSIBILITIES
- You confirm that you have provided correct data about yourself in every required form and that afterward when changing or adding any data at the Website, you will enter only correct data. The Company will not tolerate invalid, false or otherwise incorrect data and will pursue actions in accordance with its legal obligations. You shall bear any losses that occur with regard to the submission of invalid, false or otherwise incorrect data.
- You are responsible for maintaining adequate security and control of every data you use on the Website. If you have not complied with this obligation and / or could, but have not prevented it and / or performed it on purpose or due to own negligence, you assume the losses and undertake to reimburse the losses of other persons incurred as a result of your (in)action.
- The Company draws your attention to the fact that e-mail address and any other contact information you have chosen to provide are used for your identification and communication. You undertake the responsibility to protect these instruments and logins to them. You are responsible for password disclosure and for all operations performed after you use the password for a relevant account. We recommend memorizing your passwords and not to write them down or enter anywhere where they may be seen by other persons.
- If you have any questions regarding this Policy or your personal data protection or if you want to withdraw your consent, or execute your rights you may contact us via e-mail [email protected].
XIV. FINAL PROVISIONS
- This Policy shall be viewed and applied in accordance with the laws of the Republic of Malta.
- The Company may change, amend, delete any of the provisions contained in this Policy at any time and in its sole discretion. Any such changes will be effective upon the posting of the revised Policy and you are solely responsible for reviewing it. Your continued use of the Website and Services following any such revisions to the Policy will constitute your acceptance of such changes. If you do not agree to any of such changes, do not continue to use our Services.
- Company’s Website and products may contain links to third-party sites. These third-party websites apply their own privacy policies. If you visit these websites, you will be covered by their respective policies.