On 25th of May 2018, all companies became subject to the General Data Protection Regulation (GDPR), which puts safeguards into the Company’s process in the way Personal Data is protected. The General Data Protection Regulation (hereinafter – “GDPR”) (EU) 2016/679 is the EU regulation on data protection and privacy for all individuals within the European Union and the European Economic Area. This was an essential step to strengthen Your fundamental rights and to enhance legal certainty.
This Policy describes the purpose of your data collection and processing by the Company. Please pay Your proper attention to the follows:
- this Policy to better understand our viewpoints and the implemented practices. The data provided by you are confidential and are subject to disclosure on conditions stated in this Policy and/or stipulated by the relevant law.
- carrying out conclusive activities including but not limited by downloading the Company website on your computer, mobile device, or using an mobile application, filling out web-forms, communicating in written, mail and/or verbally with the Company or relevant representators, as well as by transferring your personal data and/or providing in any other way the information which contain your personal data to Company, You without any doubt agree to the conditions described in the Policy.
“Controller” – means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
“Personal Data” – means any information relating to an identified or identifiable natural person (name, ID, location and any other factors specific to the physical, genetic, mental, economic, cultural or social identity of that natural person); The information for the legal entities such as businesses, partnerships, trusts or other organizations provided by its authorized person, signatory, partner, trustee, executor or a like shall be considered as appropriate.
“Processor” – means a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the controller;
“Processing” – means obtaining, recording, storing, holding, using or carrying out any operation or set of operations on the information or data including organization, adaptation or consultation on the information or data, as well as disclosure by transmission, dissemination or otherwise making available, or alimenting, combining, blocking, removing or destructing of the information or data;
“Sub-Processor“ - any processor engaged by the data importer or by any other sub-processor of the data importer and who agrees to receive from the data importer or from any other sub-processor of the data importer personal data exclusively intended for the processing activities to be carried out on behalf of the data exporter after the transfer in accordance with the data exporter’s instructions.
2. GENERAL PROVISIONS
The Policy determines the procedure and conditions for lawful basis of Personal Data processing by the Company, the list of personal data which may be processed, categories of recipients of your personal data, your right and obligations as well as another important information which is relevant to the processing of Your personal data. This Policy shall be construed and interpreted in accordance with the GDPR and Law 125(I) of 2018 and other laws of the Republic of Cyprus. You and the Company hereto irrevocably submit to the exclusive jurisdiction of the courts of the Republic of Cyprus in connection to any dispute arising from the terms of this Policy.
3. LAWFUL BASIS OF PROCESSING
According to the GDPR, the Company acts as a Controller of Your Personal Data and determines solely or jointly with others, the main purpose and legal grounds for the collection and processing of Your Personal Data.
The Company has outlined the following purposes and legal grounds:
- Consent. Starting interaction and/or preliminary contract relationships with the Company as well as providing Your personal data to obtain the possibility of concluding an agreement, as well as conducting an on-boarding procedure, KYC, KYT, employment procedure, You provide a consent to the Company to processing your Personal Data according to hereof.
- Performance of the contract. The collection and processing of Your Personal Data is necessary for entering into business relationship with You for the provision of:
- according to the Company’s licence; and
- another relevant services which are agreed by the Company and You.
- Compliance with legal framework within which the Company operates. The regulation of the Company’s duties and set up the legal obligation of processing personal data is the follows:
- the Directive of the European Union on Payment Services in the Internal Market of 2015, which was further implemented into national law of the Republic of Cyprus through the Provision and Use of Payment Services and Access to Payment Systems Law of 2018, and the Prevention and Suppression of Money Laundering Activities Laws of 2007 to 2018 of the Republic of Cyprus implementing the relevant Anti-Money Laundering Directive of the European Union, as well as Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC,
- and other laws, regulations and circulars of the European Union and the Republic of Cyprus applicable to the Company.
Legitimate interests pursued by the Company in order to protect its business environment, provided that such interests do not infringe the rights, interests and Your fundamental freedoms.
“Legitimate interests” is a heading that covers several different reasons why The Company may need to collect and process Your Personal Data which may not be covered by other headings, such as: to prevent fraud or financial crime, to provide a better service, to transfer Personal Data between group entities for internal administrative purposes, or for the purposes of network or information security.
4. WHAT INFORMATION WE COLLECT FROM YOU
The Company is required to collect the following Personal Data:
- Personal information (name, address, email, telephone number, mobile number, temporary residential address, employment address, name of employer, personal status, i.e. identity card number, passport number, marital status, occupation, country of taxation and other);
- Financial information (income, source and size of wealth and other);
- Recording of the call conversations between You and the Company;
- Your photos, pictures and/or images which were provided by You directly and/or indirectly in written and/or digital and/or during visit the Company’s office via a CCTV.
The Company is also required to collect and keep all the documents which confirm the accuracy of provided personal and financial information (passport, ID, Utility Bills, Bank Statements, Internal passports, Bank References, CVs or any other information which may be requested by the Company in order to comply with the applicable law).
The Company always makes sure that all Personal Data we collect is adequate, relevant and limited to what is necessary in relation to the purposes for which they are collected and processed.
In cases where we receive data which was not requested or where information was unintentionally revealed, and the Company does not intend to use it for the purposes of processing or where data was received by mistake, The Company shall notify You that such data was received and destroy it, unless You wish otherwise.
For the Company services and communication with You, we do not require the sharing of special category data or sensitive personal data (such as health data, political beliefs, etc.).
5. CATEGORIES OF RECIPIENTS OF YOUR PERSONAL DATA
Your Personal Data in the course of performing our contractual and statutory obligations may be disclosed to the following Processors, Sub-Processors and Controllers:
- Supervisory and other regulatory and public authorities, including government bodies; Some examples are the Central Bank of Cyprus (CBC) and the Unit for Combating Money Laundering (MOKAS);
- External auditors, lawyers, agents, consultants and other professional advisors subject to confidentiality agreements;
- Banks and other financial organizations subject to the confidentiality agreements;
- Employees of the Company;
- Subsidiaries and Affiliated companies within the Wise Wolves Group Ltd.
The Company may be required to transfer the information provided by You outside of the European Economic Area (for example, to the banks of the Russian Federation) for the purposes of executing the services provided in a manner as described under the Company’s Internal Policies. Such transfer is subject to Article 49(1)(b) and Article 49(1)(c) of the GDPR
The Company ensures an adequate level of protection for any Personal Data processed by others on behalf of the Company that it is transferred within or outside the European Economic Area. Unless expressly declared by You, the Personal Data collected and keeping by the Company will not be disclosed to any third party other than the above-mentioned recipients.
6. PERSONAL DATA RETENTION TIME
In accordance with the laws and regulations of the Republic of Cyprus, The Company is obliged to keep and update Your Personal Data for as long as the Company provides its services to You. Upon the termination of the business relationship, Your Personal Data shall be kept for a minimum of five  years. After the legally required period lapses, Your Personal Data shall be destroyed.
However, the Company will be required to keep Your Personal Data for the longer period of time if it is prescribed by laws, competent authorities or other regulations (such as pending legal proceedings or investigations).
7. RIGHTS AND OBLIGATIONS
You have the following rights in relation to the Personal Data provided by You to the Company:
- The right of access to or have a copy of Personal Data as well as some supplementary information on that data;
- The right to request rectification of incorrect data concerning You;
- The right for data portability if it should become relevant;
- The right to request, on legitimate grounds the erasure of Your Personal Data;
- The right to object the processing of Personal Data based on the Company legitimate interests and/or processing of Personal Data for direct marketing purposes;
- The right to restrict processing of Your Personal Data;
- The right to withdraw consent, by written notice, if the process of Your data is based on consent. Please note that this will not affect the lawfulness of processing based on consent before it was withdrawn by You;
The above rights can be exercised by sending the relevant email to: GDPR@wise-wolves.com.
Furthermore, You have a right to lodge a complaint regarding the processing of Your Personal Data by the Company by sending a complaint to GDPR@wise-wolves.com and the Company’s responsible officer will investigate the matter. In case You are not satisfied with the Company’s response or if You feel that Your concerns have not adequately addressed by the Company, You have the right to file a complaint with the Office of the Commissioner for Personal Data Protection of the Republic of Cyprus.
The Company, the processors on its behalf and its affiliates / fulfilment assistants undertake to apply appropriate technical and organizational measures to, as far as possible, better protect your personal data against accidental or unlawful deletion or loss, alteration, illegal disclosure or access to them and generally their illegal processing (including remote access) as well as to ensure the possibility of restoring availability and access to them.
These measures aim to ensure a level of security that corresponds to the risk that your specific data may undergo, always taking into account the type and criticality of this data, the technical capabilities of our company, the development of technology, the cost of implementation and the nature, scope, context and purposes of any particular processing, while implementing procedures to regularly test, assess and evaluate the effectiveness of these technical and organizational measures.
9. PERSONAL DATA BREACH NOTIFICATION
In case the Company becomes aware of a Personal Data breach which may result in high risk to Your rights and freedoms, the Company shall without undue delay notify You of such breach and provide the following information:
- Type of Personal Data affected;
- The nature of breach;
- Steps the Company shall take in order to minimize any damage.
You should inform the Company immediately by sending an email to GDPR@wise-wolves.com of any possible damage, loss or misuse such breach may cause to You in order to assist the Company assess all possible solutions promptly.
This Policy is valid for an indefinite period. The Company reserves the right to make changes to this Policy by posting a new version of the Policy on the website of the Company. In this case, such changes come into force from the date of posting the relevant information on the site. Before entering into a business relationship with the Company, You undertake to contact the site for information about changes and additions to this Policy, as well as other relevant Terms and Conditions.
If one or more of the provisions of the Policy are or become invalid due to amendments to the current legislation, then this is not a basis for suspending the validity of the remaining provisions of the Policy. Invalid provisions must be replaced by legally permissible provisions that are close in meaning to the replaced ones.
11. CONTACT DETAILS
Wise Wolves Payment Institution Limited
WWPI: HE 375477
Spyrou Kyprianou 61, Mesa Geitonia, 4003, Limassol, Cyprus
|Data Protection Officer:|
Office of the Commissioner for Personal Data Protection
Iasonos 1, 1082 Nicosia, Cyprus
P.O.Box 23378, 1682 Nicosia, Cyprus
This document is only available in English. Any translated copies are not valid.