Definitions
These definitions should help you understand this Privacy Policy and add clarity to any terms we use:
- ‘company group’ – means “Sliq” and each of its subsidiaries or holding companies which have a relationship corresponding to a direct or indirect ownership above 50%;
- ‘contract performance’ – means processing your Personal Data in order to fulfil the contract signed between you and us (e.g. to provide you with services) or to take steps at your request before entering into such a contract;
- ‘legal obligation’ – means processing your Personal Data where it is necessary for compliance with alegal or regulatory obligation that we are subject to (e.g. to respond to a court order or a regulator);
- ’legitimate Interest’ – means the legal ground for using your Personal Data, e.g. in order to provide and improve services, to administer our relationship with you and our business and/or for marketing;
- ‘services’ – means our products and services provided by us as an Electronic Money Institutionlicensed by the Bank of Cyprus;
- ‘we’, ‘us’, ‘our’ or ‘the Company’ – means “Sliq Payments Ltd”, company code HE383419 with theregistered address at Strovolos 20, Nicosia, Cyprus;
- ‘you’ – means you as a potential, existing and/or former client, our client’s employee or other parties,e.g. beneficial owners, authorised representatives, business partners, other associated parties and/or person contacting us using e–mail or other communication measures.
Updates to this Privacy Policy
We regularly review this Privacy Policy and reserve the right to modify it at any time in accordance with applicable laws and regulations. Any changes and clarifications will take effect immediately on the date on which we post the modified terms on our website: www.sliq.eu.
Please check this Privacy Policy occasionally to ensure that you are happy with any changes.
Contacting us/DPO
You can contact us by writing to us at contact@sliq.eu or post us at ”Sliq Payments Ltd” – Strovolos 20, 2011, Nicosia, Cyprus.
YYou can also contact our Data Protection Officer by sending an e-mail to the address: dpo@sliq.eu
Principles of processing Personal Data
The principles we follow in order to comply with the need to protect your Personal Data are the following:
- ‘principle of lawfulness, fairness and transparency’ –your Personal Data is processed lawfully, fairly, honestly and in a transparent manner in relation to the data subject ;
- ‘purpose limitation principle’ – your Personal Data is collected for specified, clearly defined, explicitand legitimate purposes and not further processed in a manner that is incompatible with those purposes;
- ‘data minimization principle’ – your Personal Data must be adequate, relevant and limited only towhat is necessary in relation to the purposes for which they are processed;
- ‘accuracy principle’ – your Personal Data must be accurate and, if necessary, kept up to date; every reasonable step must be taken to ensure that your Personal Data that are inaccurate, having regard to the purposes for which they are processed, are erased or corrected immediately/without delay;
- ‘storage limitation principle’ – your Personal Data shall be kept in a form which permits identificationof data subjects for no longer than is necessary for the purposes for which the Personal Data are processed;
- ‘integrity and confidentiality principle’ – your Personal Data shall be processed in a manner thatensures appropriate security of the Personal Data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Your Personal Data is considered as confidential information and may only be disclosed to third parties in accordance with the rules and procedure provided in this Privacy Policy and the applicable legal acts.
Please note that in case you provide us with the information about any person other than yourself, your employees, counterparties, advisers or suppliers, you must ensure that they understand how their information will be used.
Types of information we collect about you
The categories of Personal Data that we may collect about you are as follows:
- Basic Personal Data – name, surname, job title etc.;
- Identification information and other background verification Data (your or your representative’s, ultimate beneficiary owner’s of legal entities) – name, surname, ID code, birth date, address, nationality, gender, copy of ID card/passport copy, evidence of beneficial ownership or the source of funds, number of shares held, voting rights or share capital part, title, visually scanned or photographed image of your face or image that you provide through a mobile application or camera, video and audio recordings for identification, telephone conversations to comply with client due diligence/”know your client”/anti-money laundering laws and collected as part of our client acceptance and ongoing monitoring procedures;
- Transaction Data – transactional data (e.g. beneficiary details, date, time, amount and currency whichwas used, name/IP address of sender and receiver), accounts, amount of transactions, income, location, etc.
- Information which is related to legal obligations – data resulting from enquiries made by theauthorities, data that enables us to perform anti-money laundering requirements and ensure the compliance with international sanctions, including the purpose of the business relationship and whether you are a politically exposed person and other data that is required to be processed by us in order to comply with the legal obligation to “know your client”.
- Contact Information – name, postal address, e-mail address and telephone number etc.
Please be informed that other data not listed above that relate to the provision of our services or which you have provided to us may also be collected.
Other Personal Data Processed and sources of Data
We process personal data only to the extent necessary and appropriate for the specific processing purpose. We may collect User Data from our Users and Customer Organizations in a variety of ways, including, after conclusion of a service agreement with the Customer Organization or when Users register to Sliq, subscribe to a newsletter or fill out a form. Further, please note that we also collect details of any transactions and payments you carry out through Sliq.
The following personal data collected and processed by us is necessary in order for a proper performance of the contract between you and us as well as for our legitimate interest whilst fulfilling our contractual obligations towards our Customer Organizations and for the compliance with our legal obligations.
After conclusion of the service agreement between us and the Customer Organization, the Customer Organization provides us with your full name and email address.
When you register to Sliq and create an account, you need to provide us with the following information:
- full name
- telephone number
- email address
Your user or customer experience may be enhanced by providing us with the following information:
Additional Account Information:
- a picture,
- delivery address,
- location data (if you consent to the processing of your location data),
- partner-specific bonus card or participation in other loyalty programme if applicable in your country,
- when ordering age-restricted goods: age, and
- other information you provide either when creating a user account or later when modifying your account profile.
Other Information. We may also process other information provided by you voluntarily such as:
- information related to your orders from Sliq or through Sliq’s ecosystem (for example, items purchased, special instructions, date and time of order, total amount of order and other order history),
- information you provide when submitting ratings, comments or responding to surveys,
- favorite merchants and other preferences,
- marketing opt-ins and opt-outs, and
- information you provide by phone or in email or chat correspondence with us, including call recordings of your calls with our customer service.
In addition to User Data collected from you and the Customer Organization, we process certain personal data third party service providers provide about you. For example, for corporate customers, we may process company contact person information to enable communication and marketing with the company as well as managing the customer relationship. Such data is primarily obtained from public sources such as local trade registers, companies providing this type of information services, or the companies themselves.
If your order contains products or services which may imply a health condition or other sensitive (special category) personal data, Sliq needs to process this data in order to provide the Sliq services to you. In addition to the contents of the order, this may also include, for example, medical prescription data in the case of prescription medicine. Sliq adheres to any additional safeguards that may apply to processing such personal data under applicable laws and regulations. If required under applicable laws, Sliq will ask for separate consent for processing such personal data and you may withdraw such consent anytime through your profile settings or by contacting Sliq support at support@sliq.eu.
We may additionally, automatically collect the following Usage Data when you visit or interact with the Sliq’s Services:
- Information that describes your device or browser and/or Sliq’s application, their versions, features, capabilities, and settings
- Information about your operator, Internet service provider and network connection type, including your IP address
- Identifiers provided by your device or third parties for application vendors or advertisers, or identifiers we create ourselves
- Country, locale, time zone and geo-IP level location information
- Where you followed a link to Sliq’s Services, and links you followed from Sliq
- Details of your interactions with, and usage of, Sliq. This includes, for example, usage patterns, which features you use, advertisement, participating into a specific campaign and offer impressions and interactions, and information on orders
- Data for tracking and reporting transactions initiated by our advertising partners, including timestamps, and identifiers mentioned above
Purposes and legal basis for Personal Data processing
We use information held about you in the following ways:
1. Conclusion of the contract or for performance of measures at your request prior to the conclusion of the contract (to get to know, identify and verify our clients):
For this purpose we may process your Basic Personal Data, Identification and other background verification Data, Contact Information and other Personal Data (in order to identify the possibility of providing services).
The legal basis for the processing of the above-mentioned data is: concluding a contract with you, fulfilling our legitimate interests and/or fulfilling the legal obligations applicable to us.
2. For the fulfilment of a contract concluded with you, including but not limited to provision of services of issuance, distribution and redemption of electronic money and provision of payment services:
For this purpose we may process your Basic Personal Data, Identification and other background verification Data, Transaction Data, Information which is related to legal requirements, Contact Information and other Personal Data provided to us by or on behalf of you or generated by us in the course of providing services.
The legal basis for the processing of the above-mentioned data is: performance of a contract signed with you, fulfilling our or third parties’ legitimate interests and/or compliance with legal obligations applicable to us.
3. To comply with legal obligations (e.g. implementation of the obligations under the Law on Money Laundering and Terrorist Financing Prevention of the Republic of Cyprus and other fraud and crime prevention purposes) and risk management obligations):
For this purpose we may process your Basic Personal Data, Identification and other background verification Data, Transaction Data, Information which is related to legal requirements, Contact Information and other Personal Data provided to us by or on behalf of you or generated by us in the course of providing services.
The legal basis for the processing of the above-mentioned data is: fulfilling our or third parties’ legitimate interests and/or compliance with legal obligations applicable to us.
4. To provide an answer when you contact us through our website or other communication measures:
For this purpose we may process your Basic Personal Data, Contact Information and other Personal Dataprovided to us by or on behalf of you.
The legal basis for the processing of the above-mentioned data is: your consent, fulfilling our or third parties’ legitimate interests.
Facial recognition
In order to make your identity verification, we are using the facial recognition solution provided by Shufti Pro. Please read more about Shufti Pro solution here: https://shuftipro.com/
You will not be asked to complete the Shufti Pro procedure unless we are required to confirm your identity pursuant to the applicable laws and regulations - for example before a new Sliq account is created for you.
Shufti Pro solution is used for comparing live photographic data or video record of yourself and your ID card/passport, to comply with legal obligations (e.g. implementation of the obligations under the Law on Money Laundering and Terrorist Financing Prevention of the Republic of Cyprus and other fraud and crime prevention purposes) and risk management obligations.
The result of the face recognition (match or mismatch) will be retained for as long as it is necessary to carry out identity verification and for the period required by anti-money laundering laws.
We conduct your face recognition using Shufti Pro solution on a consent basis. If you do not feel comfortable with this method, you may contact us by email for alternative way to identify yourself.
Direct marketing
We want to make it clear how we use your Personal Data for marketing purposes.
We may use our existing clients’ e–mail for the marketing of our similar goods or services, unless you object to the use of your e-mail for the marketing of our similar goods and services. You are granted witha clear, free of charge and easily realisable possibility to object or withdraw from such use of your contact details on the occasion of each message.
We may also provide the information to you as our client about our products or services by sending messages through the application. Such messages may be viewed in the notification/message center, in case you do not choose the “opt-out” function in our application.
In other cases, we may use your Personal Data for the purpose of direct marketing, if you give us your prior consent regarding such use of data during the onboarding process.
We are entitled to offer the services provided by our business partners or other third parties to you or make assessments about your opinion on different issues in relation to our business partners or other third parties on the legal basis for this, i.e. on the basis of a prior consent during the onboarding process.
In case you do not agree to receive these marketing messages and/or calls offered by us, our business partners or third parties, this will not have any impact on the provision of services to you as the client.
We provide a clear, free-of-charge and easily realisable possibility for you at any time not to give your consent or to withdraw your given consent for sending proposals put forward by us. We shall state in each notification sent by e-mail that you are entitled to object to the processing of the Personal Data or refuse to receive notifications from us. You shall be entitled to refuse to receive notifications from us by clicking on the respective unsubscribe link in each e-mail notification.
Ways of obtaining your Personal Data
We obtain personal information from you when you provide it directly to us. For example, when becoming a new client or when you provide us information through direct communication (e.g. completing a form on our website or mobile application, registration for our services), by access and use of our website or mobile application, by setting up an account with us, when you subscribe to our electronic publications (e.g. newsletters).
We also collect personal information about you from third parties, mainly:
- when it is provided to us by a third party which is connected to you and/or is dealing with us, for example, business partners, sub–contractors, service providers, merchants and etc.;
- third party sources, for example, register held by governmental agencies or where we collect information about you to assist with “know your client” check-ups as part of our client acceptance procedures such as sanctions list, politically exposed persons list and etc.;
- from banks and/or other finance institutions in case the Personal Data is received while executingpayment operations;
- from publicly available sources – we may, for example, use sources (such as public websites, open government databases or other data in the public domain) to help us maintain data accuracy, provide and enhance our services;
- from other entities in the Company Group or other entities which we collaborate with.
How we may use your data internally
For our legitimate business interests:
- To conduct market research and analysis which helps improve and customise our products and services.
- For our marketing purposes, unless your consent is required for such marketing.
- To prevent or detect unlawful behaviour, to protect or enforce our legal rights or as otherwise permitted by law.
- To create a profile to understand how our clients are using our services so we can improve our offerings and inform our marketing
Disclosure to and use by third parties
We may disclose and/or transfer your Personal Data only in accordance with legal regulations and the principles of confidentiality to the following categories of recipients:
- our business partners, agents or intermediaries who are a necessary part of the provision of our products and services;
- external service providers that helps us to provide service for you;
- third parties where we have a duty to or are permitted to disclose your personal information by law, mainly: governmental bodies and/or supervisory authorities (in accordance with the requirements and obligations under the provisions of legal acts concerning anti-money laundering, fraud prevention, counter terrorist financing), credit, financial, payment and/or other electronic money institutions, pre-trial investigation institutions, the Cyprus Tax Department;
- third parties where reasonably required to protect our rights, systems and services, mainly: lawyers, bailiffs, auditors etc.;
- service providers such as: cloud storage/servers providers, card issuing institutions (such as Visa or MasterCard), acquiring institutions, identification and verification service providers, other service providers with which we have concluded service provision agreements (e.g. companies providing services for money laundering, politically exposed persons and terrorist financing check-up, other fraud and crime preventions) or when mentioned sharing is mandatory according to applicable laws.
- beneficiaries of transaction funds receiving the information in payment statements together with the funds of the transaction;
- other entities that have a legitimate interest or the Personal Data may be shared with them under the contract which is concluded between you and the Company;
We may also disclose your Personal Data, if we are under a duty to disclose or share your personal information in order to comply with any legal or regulatory obligation or request.
International transfers of your Personal Data
As we provide international services, your Personal Data may be transferred and processed outside the European Union (hereinafter – the EU) and the European Economic Area (hereinafter – the EEA).
The transfer of Personal Data may be considered as needed in such situations as, e.g.:
- in order to conclude the agreement between you and the Company and/or in order to fulfill the obligations which are set under such agreement;
- in cases indicated in legal acts and regulations for protection of our lawful interests, e.g. in orderto file a lawsuit in court/other governmental bodies;
- in order to fulfill legal requirements or in order to realize public interest.
When we transfer your Personal Data internationally, we put in place safeguards in accordance with applicable laws and in accordance with this Privacy Policy and we will ensure that it is protected and transferred in a consistent way with the legal requirements applicable to the Personal Data.
There are different ways to ensure that your Personal Data is treated securely, mainly:
- the country to which we send the Personal Data, a territory or one or more specified sectors within that third country, or the international organization is approved by the European Commission as having a satisfactory level of protection;
- the recipient has signed standard data protection clauses which are approved by the European Commission;
- if the recipient is located in the US and is a certified member of the EU–US Privacy Shield scheme;
- in case a special permission has been obtained from a supervisory authority.
We may transfer Personal Data to a third country by taking other measures if it ensures appropriate safeguards as indicated in the GDPR.
Automated decision-making
In some cases, we may use automated decision-making which refers to a decision which is taken solely on the basis of automated processing of your Personal Data.
Automated decision-making refers to the processing using, for example, a software code or an algorithm, which does not require human intervention.
We may use forms of automated decision-making on processing your Personal Data for some services and products. When using automated decision-making we will provide you with further information about the logic involved, as well as the significance and the envisaged consequences to you.
Please be informed that you can request a manual review of the accuracy of an automated decision in case you are not satisfied with it and you have the right not to be subject to a decision based solely on such automated processing.
How do we protect your Personal Data?
We have taken a number of security measures to guarantee the safety of your Personal Data. We adopt appropriate data collection, storage and processing practices, and security measures for protection against unauthorized access, loss, misuse, accidental or unlawful destruction, modification, disclosure, unauthorized access or any other unlawful handling. We take all appropriate measures to ensure you’re your Personal Data is handled securely. The Company and any third-party service providers that may engage in the processing of Personal Data on our behalf (for the purposes indicated above) are also contractually obligated to respect the confidentiality of the Personal Data. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Retention of your Personal Data
The length of time we retain your Personal Data is determined by a number of factors including the purpose for which we use that information and our obligations under other laws. It means that we will keep your Personal Data for as long as it is needed for the purposes for which your data was collected and processed but no longer than it is required by the applicable laws and regulations.
The Company will store your Personal Data for as long as it is necessary for providing services and as required by retention requirements in laws and regulations. If the legislation of the Republic of Cyprus does not provide any period of retention of Personal Data, this period shall be determined by us, taking into account the legitimate purpose of the data retention, the legal basis and the principles of lawful processing of Personal Data.
The terms of data retention of the Personal Data for the purposes of the processing of the Personal Data as defined in this Privacy Policy are following:
- we retain your Personal Data as long as your consent remains in force, if there are no other legalrequirements which shall be fulfilled concerning Personal Data’s processing;
- in case of the conclusion and execution of contracts – we retain your Personal data until the contract concluded between you and us remains in force and up to 10 years after the contractual relationship between you and us has ended;
- your Personal Data which has been collected in order to fulfill the obligations under th Prevention and Combating of Money Laundering Law of 2007 (188(I)/2007) states in article 68 of the Republic of Cyprus – up to 5 (five) years after the end of the business relationship with the customer or after the date of an occasional transaction.
- your Personal Data which has been submitted by you through our website is kept for a period which is necessary for the fulfilment of your request and to maintain further cooperation, but no longer than 6 months after the last day of the communication, in case there are no legal requirements to keep them longer.
In the situations when the terms of data keeping are stated in the legislative regulations, the legislative regulations shall be applied.
Please also be informed that under some circumstances, your Personal Data might be stored longer, mainly:
- in case it is necessary in order for us to defend ourselves against claims, demands or action and in order to exercise our rights in a proper way;
- in case there is a reasonable suspicion of an unlawful act that is being investigated;
- in case your Personal Data is necessary for the proper resolution of a dispute/ complaint;
- under other statutory grounds.
What rights do you have in relation to your Personal Data?
You as a data subject have a number of rights in relation to your Personal Data. Under certain circumstances and in accordance with EU or other applicable data protection laws, you may have the right to:
1. Right to be informed about the processing of your Personal Data
You have the right to get information about which Personal Data concerning we process. However, this right may be restricted by legislation, protection of other persons’ privacy and consideration for the Company’s business concept and business practices. The Company’s know-how, business secrets as well as internal assessments and material may restrict your right of access.
2. Right to rectification of incorrect or incomplete data
If it turns out that we process Personal Data about you that is inaccurate, you have the right to request a rectification of the Personal Data. You can also request to have incomplete Personal Data about you completed.
3. Right to erasure
You have the right to have any or all of your Personal Data erased. Provided we do not have any continuing lawful reason to continue processing or holding your Personal Data, we will make reasonable efforts to comply with your request. In certain cases, we cannot erase all of your Personal Data. In such case this would be due to the fact that we need to store your Personal Data due to a contractual relationship or law.
4. Right to restriction of processing of your Personal Data
You may also ask us to restrict processing your Personal Data for a period of time. This can pertain, for example, to a situation where you believe it is unlawful for us to do so and/or data about you is inaccurate and we need to verify it. It can also pertain to a situation where you object to processing that we base on a legitimate interest. In such case we must verify if our grounds override yours;
5. Right to object to any use of your Personal Data which is based on the legitimate interests
Where we rely on our legitimate interests as the legal basis for processing your Personal Data, you have the right to object to us using your Personal Data, unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights.
6. Right to Personal Data portability
In certain situations you can ask us to transfer your Personal Data to another data controller or provide directly to you in a convenient format (NOTE: applicable to Personal Data which is provided by you and which is processed by automated means on the basis of consent or on the basis of conclusion and performance of the contract).
7. Right to withdraw your consent
In certain situations, where we rely on your consent as the legal basis for processing your Personal Data, you may withdraw your consent at any time. In case you withdraw your consent, we will stop that particular processing, when the processing is based on such consent. However, if you withdraw your consent, our use of your Personal Data before you withdraw remains lawful;
8. Right to lodge a complaint with a supervisory authority
You have the right to file a complaint concerning our processing of your Personal Data in the same manner as stated below in Section “Implementation of Your right” of this Privacy Policy. All queries and complaints shall be handled in a timely manner by us in accordance with internal procedures.
In case you consider that our processing of your Personal Data is processed in a way that violates your rights and legitimate interests stipulated by applicable legislation, you may also lodge a complaint with a supervisory authority – the Office of the Commissioner for Personal Data Protection. You may apply in accordance with the procedures for handling complaints that are established by the State Data Protection Inspectorate and which may be found by this link: https://www.dataprotection.gov.cy/dataprotection/dataprotection.nsf/home_el/home_el?opendocument
Implementation of your rights
We will exercise the above-mentioned rights only after we receive your written request to exercise a particular right indicated above and only after confirming the validity of your identity. Such written request shall be submitted to us by personally appearing at our registered office address, by ordinary mail or by e-mail: dpo@sliq.eu
Your requests shall be fulfilled or fulfilment of your requests shall be refused by specifying the reasons for such refusal within 30 (thirty) calendar days from the date of submission of the request meeting our internal rules and GDPR. The afore-mentioned time frame may be extended for 30 (thirty) calendar days by giving a prior notice to you if the request is related to a great scope of Personal Data or othersimultaneously examined requests. A response to you will be provided in a form of your choosing as the requester.
Cookies Policy
To ensure our website works correctly, we may at times place a small piece of data known as a cookie on your computer or mobile device.
Any Questions?
If you have any questions or concerns regarding how we processes Personal Data about you, or if you wish to exercise any of your rights, the Company encourages you to contact us via e-mail pd@sliq.eu.
