Privacy Policy

Last updated 31/10/2024

1.    Introduction and Context

a.    Privacy Commitment

b.    Who we are

c.     Cookies

d.    Other Links

2.    Personal Data Collection

a.    Clients

b.    Visitors

c.     Consumers

3.    Personal Data Use

4.    Sharing of Personal Data

5.    How long do we retain your Personal Data?

6.    How do we protect your Personal Data?

7.    International Data Transfers

8.    Personal Data of Minors

9.    Your Rights as a Data Subject

a.    Opting Out of Electronic Communications

b.    Data Protection Rights

c.     Exercising your Rights

10. Updates and Notifications

11. Regional Addendums

12. Contact Us

 

 

1.   Introduction and Context

 

 

a.    Privacy Commitment

 

PayMidas Solutions respects your privacy and takes it seriously. This Privacy Policy contains crucial details regarding your Personal Data, and we urge you to review it attentively. If you find yourself in disagreement with the conditions outlined herein, we kindly advise against using our services.

b.    Who we are

 

PayMidas Solutions is a payment solution provider. Individuals use our services to facilitate their purchases, while businesses of all scales utilize our technology and services to process payments, conduct payouts, and manage their online operations. PayMidas Solutions aims to provide transparent insight into the utilization of entrusted Personal Data.

 

This document, referred to as the "Policy," outlines the types of "Personal Data" we gather about you, the purposes for which we use it, how we share it, your rights and preferences, and the methods through which you can communicate with us regarding our privacy protocols. The Policy also explains your rights as a data subject, including your right to express objections to specific uses of your Personal Data by us. For more comprehensive details about our privacy practices, please contact PayMidas Solutions as specified in section 12.

 

In this document, terms like "PayMidas Solutions," "we," "our," or "us" pertain to the specific PayMidas Solutions entity responsible for the collection and utilization of Personal Data in accordance with this Privacy Policy.

 

The term "Personal Data" refers to any information connected to a recognized or recognizable individual, encompassing data both provided by you and gathered by us as you interact with our Services (for example, device details, IP address).

 

The term "Transaction Data" refers to Personal Data and might contain:

•           Your name, email address, billing address, shipping address

•           Payment method details (such as credit/debit card number, bank account info, or selected payment card image)

•           Details about merchants and locations

•           Purchase amounts, purchase dates

•           Some particulars about your purchases

•           Phone number and past purchase data

 

The term "Services" refers to the products and offerings identified by PayMidas Solutions as covered by this Policy, which might encompass PayMidas Solutions -supplied devices, applications, and sites. "Sites" refers to paymidas.eu along with other websites, applications, and online services designated by PayMidas Solutions to be governed by this Policy.

 

Based on the context:

 

•           If you are utilizing PayMidas Solutions’  Services e.g. Point-Of-Sale (POS) device and/or Payment Gateways in your professional capacity, we identify you as a "Client."

 

•           If you are engaging with our Client (for instance, making a purchase from a merchant that utilizes PayMidas Solutions for payment processing) i.e., your interaction is not directly with PayMidas Solutions, you are considered a "Consumer."

 

•           If you visit a Site without being logged into an PayMidas Solutions account or engage in communication with PayMidas Solutions, you are labeled a "Visitor" (for instance, sending a message to PayMidas Solutions for product information as you contemplate becoming a user).

 

PayMidas Solutions takes on the roles of a "data controller" and/or "data processor (or service provider)" based on the activity. For example, to a Consumer, PayMidas Solutions would operate as a data processor, while PayMidas Solutions’ Client would take the role of a data controller.

 

c.    Cookies

 

PayMidas Solutions currently does not utilize any cookies.

 

d.    Other Links

 

Our website and Services may contain links to other third-party sites. When you click on one of those links, you are visiting a website operated by someone other than us, and the operator of that website has a different privacy policy. We are not responsible for the privacy practices of those sites. We encourage you to read the privacy policies of these third-party operators.

 

 

2.   Personal Data Collection

 

a.    Clients

  

Identification Data: If you register for an account with us, we obtain and verify your personal and corporate Identification data, to fulfill obligations imposed by financial partners and regulations.

 

Contact Details: If you register an PayMidas Solutions account for a legal entity, we collect your contact and account login details. Moreover, we might associate a general location with you to determine relevant Services or information.

 

 

Transaction Data: If you hold an account with PayMidas Solutions, we collect all your transactional activity between you and the Consumer.

 

  b.    Consumers

 

 Transaction Details: If you are a Consumer, when you engage in activities such as making payments, receiving refunds, initiating purchases, donating, or conducting transactions with a Client who utilizes our services for payment processing, we gather transaction-related information known as Transaction Data.

 

Location: Information about your purchase location might also be collected and shared with us through our Client (i.e. Merchant you chose to engage)

 

For more details about how your Personal Data might be used, please refer to the Client’s Privacy Policy.

 

The following section includes information about how we use your Personal Data. For any further queries please contact us as specified in section 12.

 

 

3.   Personal Data Use

 

When we handle your Personal Data, we will adhere to one of the following lawful bases for processing, depending on the particular activity for which we are utilizing your data:

i.      Contract

This pertains to situations where processing Personal Data becomes necessary to finalize a service agreement with you or to carry out our responsibilities under a contract, such as providing services, which has been established with customers. This also includes processing during the application process to assess potential customers for contract eligibility.

ii.             Consent

In specific situations, we may seek your explicit consent to process Personal Data for particular purposes. Your data will be processed in this manner only if you agree to it. If the legal basis is the consent you provided, you can withdraw your consent at any time. The withdrawal of your consent will not affect the legality of data processing carried out before the withdrawal.

iii.            Legitimate Interest

 

When necessary, we may process Personal Data when there is a legitimate interest for us or a third party in pursuing commercial and business objectives, unless such interests are outweighed by your interests, fundamental rights, and freedoms.

iv.            Legal Obligations

This applies when we are obligated to process your Personal Data to meet legal requirements. PayMidas Solutions is subject to a variety of legal obligations and regulatory mandates, including Anti-Money Laundering (AML) laws and laws governing the provision of payment services, among others. We are also obliged to adhere to regulations and directives issued by competent supervisory authorities related to our operations. The purposes of this processing encompass identity verification checks, prevention of money laundering and fraud, compliance with our reporting obligations, tax obligations, risk management measures, and sharing information with competent authorities, public entities, or law enforcement agencies.

We have provided below, in a tabular format for your convenience, an illustrative description of how we may utilize your Personal Data, and the legal bases upon which we may depend to do so. In addition, we have indicated our legitimate interests when relevant.

Purpose and Activities

Lawful Basis

Description

Onboarding of Clients

·       Providing information regarding requested or offered products and services.

·       On-boarding Application Review and Assessment

Processing is necessary for the performance of a contract.

We use this information in pursuit of an agreement with you, for regulatory compliance, application examinations, assessments of eligibility, and record keeping.

Anti-Money Laundering/Counter the Financing of Terrorism:

·       Crime Prevention

·       Verify Identity & Assess Eligibility

·       Managing risk

·       Legal Compliance

·       Cooperation with relevant authorities

·       Complaints handling

·       Enforcing internal procedures and protective measures against fraud, risk, and financial crime.

Processing is necessary for compliance with a legal obligation.

We use this information for our internal compliance procedures, for complying with regulations governing the delivery of products and services, and cooperation with the relevant authorities.

Product and Service Delivery

·       Delivery of products and services, including assessing their efficiency and their improvement, testing new products. 

·       Management and execution of payment instructions

·       Application of Fees

·       Cooperation with other service providers

·       Contract Fulfillment

·       Term’s and Conditions Update Notification

·       Providing requested services, such as customer acceptance procedures, account opening etc.

·       Maintaining communication with our clients and providing service updates.

·       Offering ongoing support, handling inquiries, complaints, and related matters.

 

Processing is necessary for the performance of a contract.

We use this information to fulfil our contract with you, for record keeping, and for regulatory compliance in delivery of our products and services.

Company Internal Operations

·       Reporting

·       Product Development

·       Internal operations and administration

·       General administrative functions

·       Market expansion

·       Security, disaster recovery, and business continuity management

·       Service quality management

Processing is necessary for the purposes of the legitimate interests pursued by the controller.

We may use some of your Personal Data in the operations of our business and to pursue our legitimate interests. Wherever possible, we do not use personally identifiable information for these purposes, and where we do, we will conduct balancing tests to ensure the rights of the individual are protected in terms of Personal Data.

Legal rights and obligations

·       Exercising your Rights

·       Enforcing or defending group/affiliate’s rights

 

Processing is necessary for compliance with a legal obligation.

We use this information for complying with regulations and laws protecting individuals and affiliate rights.

 

4.   Sharing of Personal Data

 

Sharing of Personal Data, refers to the disclosure of Personal Data to third parties outside our Company. The Company shares your data with various types of entities, for the following reasons:

 

·      Service Providers or Processors. We rely on third parties to provide essential services, such as hosting, analytics, identity verification, customer service, and email communication, enhancing the delivery of our Services. These service providers are authorized via contract and confidentiality obligations, to access and use Personal Data for service provision, compliance with legal requirements, and maintaining data security.

 

·      Financial Partners. Personal Data may be shared with Financial Partners (e.g., banks, payment method acquirers, and vendors) to provide Services to Clients and offer certain services in partnership.

 

·      Others with Consent. Personal Data may be shared when you are referred to or connected with third parties for services. Consent is sought before sharing information.

 

·      Compliance and Harm Prevention. Personal Data may be shared to adhere to legal obligations, enforce contractual rights, safeguard Services and users against unauthorized activity, and respond to legal process requests from authorities.

 

Data is also shared with parties explicitly authorized by you (i.e. Consumers) to access Personal Data (e.g., a Merchant utilizing our products and services or their operations). In the described above, the utilization of Personal Data adheres to those third parties' respective privacy policies, and we urge you to review it attentively.

 

5.   How long do we retain your Personal Data?

 

The retention of data is primarily determined by legal obligations. Data cannot be destroyed before the required retention period expires. The company is obligated to retain customer data, including Personal Data, throughout the duration of the business relationship and for a minimum of 5 years after the termination of the business relationship, or after the rejection or withdrawal of a customer application, or longer if required by law. This adherence to Anti-Money Laundering (AML) legislation and other relevant business requirements is essential.

 

Data that falls outside the scope of our purposes as defined in this Privacy Policy, legal obligations, or regulatory requirements, will be removed once there is no valid reason to retain it any longer.

 

The retention period may be extended for lawful reasons that justify a longer retention period. This extension could be necessary for handling complaints, legal proceedings and disputes, investigations, regulatory compliance, tax purposes, and efforts related to preventing money laundering, crime, and fraud.

 

6.   How do we protect your Personal Data?

 

We strive to implement reasonable security measures based on the risk associated with processing Personal Data. Our organizational, technical, and administrative safeguards are designed to protect covered Personal Data against unauthorized access, loss, alteration, misuse, and destruction. However, it's important to note that no data transmission or storage system can be completely secure.

 

All data captured based on your financial activity through our services (sensitive data) is controlled by a third-party vendor, which is PCI DSS Certified and we process this data according to the minimization principle, which dictates that "data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed" and pseudonymization (i.e. a value which does not allow the individual to be directly identified.

 

For enhanced security, we recommend:

•           Utilize a strong password and safeguard it from unauthorized use.

•           Refrain from using the same login credentials for different services.

•           Report any security concerns immediately if you suspect unauthorized access to your account.

 

7.   International Data Transfers

 

We do not transfer any Personal Data to third countries (i.e. outside of the EU/EEA).

 

8.   Personal Data of Minors

 

Our Products and Services are not intended for minors (under 18 years old), and we do not knowingly or intentionally collect Personal Data from minors.

 

If you become aware of a minor using our Products and/or Services, please contact us as specified in section 12 so that we can delete the information promptly.

 

9.   Your Rights as a Data Subject

 

a. Opting out of Electronic Communications. Currently, we do not communicate with data subjects for marketing and advertising. Essential service communications and messages may still be sent.

 

b. Data Protection Rights.

Based on the General Data Protection Regulation (GDPR), you have these rights regarding your Personal Data under our control:

 

•           Confirm if PayMidas Solutions processes your Personal Data and request a copy.

•           Rectify or update inaccurate, incomplete, or outdated Personal Data.

•           Request erasure of Personal Data under certain legal circumstances.

•           Request restrictions on Personal Data use during pending requests.

•           Request export of your Personal Data to another company if feasible.

•           Withdraw consent to data processing based on consent.

•           Object to processing based on legitimate interests.

•           Avoid discrimination for exercising these rights.

•           Appeal decisions related to these rights.

 

c. Exercising your Rights. Contact us, as specified in section 12, for details on exercising data protection rights. We should respond to your request within 30 days. If your request is complex or numerous, we might extend the deadline to three months. However, we will respond to your initial request within a month and explain why the extension is necessary.

 

10. Updates and Notifications

This Policy might be amended periodically to reflect new services, changes in privacy practices, or applicable laws. The "Last updated" date at the top indicates the latest revision. Changes become effective upon posting the revised Policy on the Services or notifying you as required by law.

 

Disclosures and alerts regarding the Policy or Personal Data are provided by posting on our website and contacting you through the PayMidas Solutions registered email, or physical address associated with your PayMidas Solutions account.

 

11. Regional Addendums

 

All Personal Data are controlled and processed within the EU/EEA.

  

12. Contact Us

If you have questions or concerns about this Policy, feel free to contact us at: info@paymidas.eu or via mail to our registered address:

PayMidas Solutions

20 Charalampou Mouskou,

ABC Centre 501&502,

8010, Paphos, Cyprus

For Consumers, please refer to our client’s (i.e. the Merchant) privacy policy for their practices and contact details.