The Company is fully committed to protecting your individual rights and keeping your personal data safe. This Privacy Policy explains how we collect personal data about you when you use our Services, how we use that information, the conditions in which we may disclose it to others, and how we keep it secure. The data controller will be the Company that is processing your Personal Data.

This Privacy Policy describes our obligations and your rights under the DPA, GDPR and PIPEDA. By using our services and consenting to the Company processing your data, you are agreeing to this Privacy Policy.

  1. What personal data we collect

    Personal Data is in most cases collected directly from you or generated as part of the use of our Services. Sometimes additional information is required to keep information up to date or to verify information we collect.

    The Personal Data we collect can be grouped into the following categories:

    • Identification information including your full name and date of birth.
    • Contact information including your home address, e-mail address and phone numbers.
    • Financial information including your bank's name, account number and account type.
    • Payment transaction information including the name of the online merchant you are using our services to pay, your login details, transaction history, transaction limits and account balance.
    • Information about you from third parties including credit bureaus and identity verification services.
    • Information about your use of our systems.
    • Information related to legal requirements, customer due diligence and/or anti-money laundering requirements.

    Personal data we may collect from you:

    We collect information you provide directly to us when you visit our websites or use any of the Company's services. For example, when you select our Services from a merchant's payment page, we may collect your Personal Data to be able to provide you with the Services.

    Personal data that we may collect from third parties:

    We may collect Personal Data from other sources, including but not limited to the following:

    • Publicly available information from external sources;
    • Registers held by governmental agencies (such as company registration offices, enforcement authorities, etc.);
    • Sanction lists (held by international organizations such as the EU and UN as well as national organizations such as OFAC;
    • Registers held by credit-rating agencies and other commercial information providers providing information e.g., beneficial owners and politically exposed persons;
    • In connection with payments, we collect information from remitters, banks, payment service providers and others;
    • From any of the Company's related-companies, affiliates and/or subsidiaries; and/or
    • Other third parties with which we contract with to provide the services.
  2. How we may use your Personal Data and the lawful basis for doing so

    We use your Personal Data to comply with legal and contractual obligations as well as to provide you with Services.

    Performance of a contract

    As a processor of payment transactions, we have entered into agreements with online merchants to process online payment transactions on behalf of their customers. The main purpose for using your Personal Data is to process payments between you and these online merchants.

    Examples of the performance of a contract:

    • Verify your identity and provide our Services and process your transactions.
    • Provide customer service, including troubleshooting service issues you are having.
    • Reconcile payments, settle transaction disputes or address  errors.

    Legal obligation

    In addition to the performance of the contract, we process your Personal Data to fulfil our obligations under law, other regulations or as required by regulatory authorities.

    Examples of processing due to legal obligations:

    • Preventing, detecting, and investigating money laundering, terrorist financing, fraud or other potentially prohibited or illegal activities.
    • Reporting to police authorities, enforcement authorities, supervisory authorities.
    • Payment service requirements and obligations.

    Legitimate interest

    Personal Data is processed in the context of marketing, product and customer analysis. This processing forms the basis for marketing, process, business and system development, including testing.

    We have a legitimate interest to prevent or remediate violations of policies or applicable agreements, to manage and protect our information technology infrastructure and to use profiling for example when conducting customer analysis for monitoring transactions in order to detect fraud.

    Consent

    There are situations when we will ask for your consent to process your Personal Data. Examples of such situations are processing of payment transaction data for marketing purposes, or for some processing of special categories of data. The consent will contain information on that specific processing activity. If you have given consent to a processing of your Personal Data, you can always withdraw your consent.

  3. Who we may disclose your personal data to

    We may share your Personal Data with others such as authorities, any of the Company's related-companies, affiliates and/or subsidiaries, suppliers, payment service providers and business partners. Before sharing we will always ensure that we respect relevant financial industry secrecy obligations.

    Third parties and companies

    We may pass your information to our third-party service providers, agents, subcontractors and any of the Company's related-companies, affiliates and/or subsidiaries for the purpose of completing tasks and providing Services to you on our behalf. However, when we use third party service providers, we disclose only the personal data that is necessary to deliver the service that you need, and we have contracts in place that require each third-party provider to keep your information secure and not to use it for their own direct marketing purposes or any other purpose. We will not release your information to third parties beyond those that we have such a contractual relationship with - unless you have specifically requested us to do so, or we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime. In such circumstances, we will take steps with the aim of ensuring that your privacy rights continue to be protected.

    Transferring your information outside of European Economic Area

    As part of our Services to you, the information which you provide to us may be transferred to countries outside the EEA. By way of example, this may happen if any of our servers are from time to time located in a country outside of the EU. These countries may not have equivalent data protection laws. By submitting your personal data, you're agreeing to this transfer, storing and/or processing. If we transfer your information outside of the EEA in this way, we will take steps to ensure that appropriate security measures are taken and we remain compliant with the GDPR, with the aim of ensuring that your privacy rights continue to be protected as outlined in this Privacy Policy. If you use our Services while you are outside the EU, your information may be transferred outside the EEA in order to provide you with those Services.

  4. How we protect your Personal Data

    Keeping your Personal Data safe and secure is at the centre of how we do business. We use appropriate technical, organizational and administrative security measures to protect any information we hold from loss, misuse, and unauthorized access, disclosure, alteration and destruction.

  5. Your privacy rights

    You as a data subject have rights in respect of the Personal Data, we hold of yours. You have the following rights:

    • The right of access to your personal data. You have a right to access the Personal Data we are keeping about you. Your right to access may, however, be restricted by legislation, protection of other persons' privacy and consideration for the Company's business concept and business practices. If there are exceptional circumstances that mean we can refuse to provide the information, we will explain them. If requests are frivolous or vexatious, we reserve the right to refuse them. If answering requests is likely to require additional time or occasions unreasonable expense (which you may have to meet), we will inform you.
    • The right of rectification to request correction of incorrect or incomplete data. When you believe we hold inaccurate or incomplete personal data about you, you may exercise your right to correct or complete this data. This may be used with the right to restrict processing to make sure that incorrect/incomplete information is not processed until it is corrected.
    • The right to erasure (the ‘right to be forgotten'). Where no overriding legal basis or legitimate reason continues to exist for processing Personal Data, you may request that we delete the Personal Data. This includes Personal Data that may have been unlawfully processed. We will take all reasonable steps to ensure erasure.
    • The right to withdraw your consent. You have the right to withdraw any consent you have previously given us to handle your information. Examples include where:
      • you object to the processing and there is no justified reason for continuing the processing;
      • you object to processing for direct marketing; and/or
      • processing is unlawful;

    If you withdraw your consent, this will not affect the lawfulness of our use of your information prior to the withdrawal of your consent.

    • Right to restrict processing of your Personal Data. You may ask us to stop processing your Personal Data. We will still hold the data but will not process it any further. This right is an alternative to the right to erasure. If one of the following conditions applies you may exercise the right to restrict processing:
      • The accuracy of the Personal Data is contested;
      • Processing of the Personal Data is unlawful;
      • We no longer need the Personal Data for processing, but the Personal Data is required for part of a legal process; or
      • The right to object has been exercised and processing is restricted pending a decision on the status of the processing;
    • Right to object to processing of your Personal Data where we are relying on a legitimate interest to process your data. You can always object to the processing of Personal Data about you for direct marketing and profiling in connection to such marketing.
    • The right to data portability. You have a right to ask for information you have made available to us to be transferred to you or a third party in machine-readable formats. This right is only available if the original processing was on the basis of consent, the processing is by automated means and if the processing is based on the fulfilment of a contractual obligation.

    These rights are not absolute: they do not always apply, and exemptions may be engaged. We may, in response to a request, ask you to verify your identity and to provide information that helps us to understand your request better. If we do not comply with your request, we will explain why.

  6. How long we process your personal data

    We will hold your Personal Data on our systems for the longest of the following periods:

    • a minimum of six (6) years;
    • as long as is necessary for the relevant activity or as long as is set out in any relevant agreement;
    • the length of time it is reasonable to keep records to demonstrate compliance with professional or legal obligations;
    • any retention period that is required by law; or
    • the end of the period in which litigation or investigations might arise in respect of the services that we provide to you;
  7. How changes to this Privacy Policy will be made

    We are constantly working on improving and developing our services, products and websites, so we may change this Privacy Policy from time to time. We will not diminish your rights under this Privacy Policy or under the DPA, GDPR or PIPEDA. Please review this Privacy Policy from time to time to stay updated on any changes.

  8. Cookies

    How do we use cookies?

    Our Company uses cookies to improve your experience by learning and understanding how you use our website.

    What types of cookies do we use?

    There are a number of different types of cookies, however, our website uses:

    • Functionality - Our Company uses cookies to recognize you on our website and remember your previously selected preferences and your location.
    • Advertising - Our Company uses these cookies to collect information about your visit to our website, the content you viewed, the links you followed and information about your browser, device, and your IP address. Our Company sometimes shares some limited aspects of this data with third parties for advertising purposes. We may also share online data collected through cookies with our advertising partners. This means that when you visit another website, you may be shown advertising based on your browsing patterns on our website.

    How to manage cookies

    You can set your browser not to accept cookies, and also to remove cookies for this website.

  9. Contacting us or the data protection authority

    If you have any questions or concerns regarding our Privacy Policy, you can always contact the Company's customer service at support@paramountcommerce.com.

    United Kingdom - https://ico.org.uk/global/contact-us/
    European Union - Complaints | European Data Protection Supervisor (europa.eu)
    Canada - File a formal privacy complaint - Office of the Privacy Commissioner of Canada

  10. Contact Us

    If you have any questions, please email support@paramountcommerce.com or write to Legal and Compliance Team, Level 3, Central North Business Centre, Fawwara Lane, Sliema SLM1670, Malta.

  11. Definitions

    Company means Instadebit International Solutions Ltd.

    DPA means the Data Protection Act 2018 (c.12). The DPA is a United Kingdom Act of Parliament which updates data protection laws in the United Kingdom. It is a national law which complements the EU GDPR and replaces the Data Protection Act 1998.

    GDPR means the European Union Regulation No. 2016/679 of 27 April 2016, known as the General Data Protection regulation (the EU GDPR) and the EU GDPR as retained in the laws of the United Kingdom further to the European Union (Withdrawal) Act 2018 (the UK GDPR).

    EEA means the European Economic Area.

    EU means European Union.

    OFAC means the Office of Foreign Assets Control.

    Personal Data means any information associated with a naturally identified or identifiable person and any information that could directly or indirectly reveal a person's identity.

    PIPEDA means the Personal Information Protection and Electronic Documents Act (S.C. 2000, c. 5)

    Privacy Policy means this policy.

    Services means any products, services, content, features, technologies, or functions, and all related websites, applications and services offered by the Company.