ASSOCIATION OF CYPRUS ELECTRONIC MONEY AND PAYMENT INSTITUTIONS LTD (ACEMPI) (“ACEMPI” or “we”), is established to promote and develop the electronic money and payments sector in Cyprus and to support the development of the sector by examining and analysing all industry related matters and their impact on the said institutions.
We take Your privacy rights seriously and remain committed to protecting Your privacy and handling of Your personal data in a transparent manner, in compliance with the requirements of the General Data Protection Regulation (EU) 2016/679 , the Law providing for the Protection of Natural Persons with regard to the Processing of Personal Data and for the Free Movement of such Data of 2018 (Law 125(I)/2018) as amended and/or replaced from time to time, and any other applicable legislation. This Privacy Statement describes the policies and practices regarding our collection and use of Your personal data and sets forth Your privacy rights.
For the purposes of the General Data Protection Regulation (‘GDPR’), as well as this Privacy Statement, we are the ‘controller’ of the personal data you provide to us.
WHO WE ARE
ASSOCIATION OF CYPRUS ELECTRONIC MONEY AND PAYMENT INSTITUTIONS (ACEMPI) LTD is an association established in the Republic of Cyprus with membership of Electronic Money Institutions and/or Payment Institutions licensed by Central Bank of Cyprus and/or passported in Cyprus under their license rights from any other EU country with same and/or acceptable license obligations and/or supervisory authorities and/or adequate presence, management, and control in Cyprus.
Our registered office is located at: 38 Griva Digeni Street & 3 Deligiorgi Stret, 1066, Nicosia, Cyprus.
DATA PRIVACY PRINCIPLES
When we process your personal data, such data is:
- processed lawfully, fairly and in a transparent manner.
- collected for the specified, explicit and legitimate purposes and not further process in a manner that is incompatible with those purposes, (“purpose limitation”).
- adequate, relevant, and limited to what is necessary in relation to the purposes for which those data are processed.
- accurate and, where necessary, kept up to date.
- kept in a form that permits identification for no longer than is necessary for the purposes for which the personal data has been collected for processing(“storage limitation”).
- processed in a manner that ensures appropriate security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures (“integrity and confidentiality”).
PERSONAL DATA WE MAY COLLECT AND PROCESS
We collect and process different types of personal data that are received directly from You or from Your representatives as part of your application to become an ACEMPI member. We may also collect and process personal data, which we lawfully obtain from public authorities, or publicly available sources.
When you apply to become an ACEMPI member, we’ll ask you for some personal information to verify your identity and evaluate your application. This will vary depending on the type of Institution you are, but will generally include:
- Personal information such as your corporate details, names, surnames, identity details and residential details of all related parties, to verify your
- Contact information including name, surname, address, telephone number and email addresses.
- If any of the related parties hold/held a prominent public function. Persons who hold/held such positions are referred to as politically exposed persons.
- Information relating to your tax responsibilities.
- Corporate structure and/or ownership and/or banking relationship details and/or organizational structures and/or statistical data
- Government issued identifiers and other identification data, such as passport, identification card, social insurance number, tax identification number;
- Personal characteristics, such as date of birth and country/place of birth, nationality;
We may additionally collect non-personal information about You, which do not identify You are a specific individual. Such non-personal information include:
- Browser and device data, for instance, IP address, operating system and browser type. This is statistical data about the Website users’ browsing actions and patterns and does not identify any individual;
- Cookie data, such as time spent on the website, pages visited, language preferences, and other anonymous traffic data;
- Company data, such as a company’s name, product and service offerings, jurisdiction.
HOW WILL WE USE THE INFORMATION WE HOLD ON YOU
We always try to limit the amount of information we hold about you and only use that information where necessary. Therefore, we use your personal data where necessary for the following purposes:
- Performance of our contract: The data we collect will be used to set up your member record and operate your voting and membership rights. We will use your personal data to verify your identity. To do this, we may need to share some or all of your data with third parties, which may include fraud prevention, anti-money laundering and marketing agencies (whose details we can share with you on request), law enforcement departments, regulators, government departments and the providers of our sales or servicing platforms and/or event coordinators and/or member of the Board of the ACEMPI.
- Compliance with our legal obligations: The data will enable us to comply with our legal and regulatory requirements. We will also use your personal data to prevent fraud and money laundering.
- For the purposes of safeguarding legitimate interests: We process personal data to safeguard our legitimate interests where these interests do not unfairly go against your rights and freedoms. Examples of these interests include, enhancing the services we offer to you as a member, protecting your and our data, initiating or preparing for audited financial statements
- We will use your personal data to communicate with you about your membership and provide service-related updates and notifications. Where possible we will communicate with you via email, however there may be times where regulation requires us to contact you in a specific way.
- We may use your information for marketing purposes.
- We will use your data to complete troubleshooting, data analysis, testing, research, and for statistical and survey purposes.
- Based on Your consent: Insofar as You have granted us specific consent for processing, the lawfulness of processing is based on Your Consent.
All information provided by You to us is stored on secure servers and we use appropriate organisational, technical and administrative measures to protect Your personal data. Once Your information is received, we use strict procedures and security features to prevent any unauthorised access. However, please note that no transmission of information via the internet is completely secure and no storage system is guaranteed to be entirely secure. If You have any reason to believe that Your interaction with us is no longer secure, please contact us immediately.
WHO WE DISCLOSE YOUR PERSONAL DATA TO
Your data are kept under our control unless it is required to transfer it as part of a particular action you take or as part of our regulatory, compliance or legal obligations. Any data transfers happen between us and public authorities or third parties that we have a contractual agreement to keep your data protected and confidential.
Specifically, recipients of your data may be:
- Supervisory and other regulatory and public authorities, such as the Central Bank of Cyprus, the European Central Bank, Tax authorities, MOKAS, criminal prosecution authorities.
- External legal consultants or auditors.
- Credit or financial institutions that may be used to execute any payment orders or transfers we need to perform as an Association.
- File storage companies, archiving and/or records management companies, cloud storage companies
- Potential and/or any marketing services companies and/or event organizers which will cooperate with our Association to promote awareness and/or specific projects the Board will decide from time to time.
DATA TRANSFER TO THIRD COUNTRIES
Your data may be transferred to countries outside the European Economic Area to a recipient (i) who is in a country which provides an adequate level of protection for personal data or (ii) under appropriate safeguards pursuant to the provisions of applicable data protection laws (e.g. under an agreement in the form of standard data protection clauses adopted by the European Commission_.
In some (occasional) circumstances we may carry out such transfers where (a) we have obtained Your explicit consent in respect of the proposed transfer, provided that You are informed of the possible risks of such transfer (due to the absence of an adequacy decision and appropriate safeguards); (b) the transfer is necessary for the performance of a contract, or (c) the transfer is necessary for the performance of a contract concluded in the interest of the data subject between us and another person or (d) the transfer is necessary for the establishment exercise or defense of legal claims.
HOW LONG WE KEEP YOUR PERSONAL DATA
We will retain Your personal data for a period necessary to fulfil the purposes listed in this Privacy Statement, unless a longer retention period is required or permitted by the applicable law.
Any personal data we use for marketing purposes will be retained until You notify us that You no longer wish to receive this information.
Once you have registered your details with us, you have certain rights which apply, depending on the stage of your application, the information you’ve shared with us and our regulatory obligations relating to it.
(a)You have the right to request a copy of the information that we hold about you. If you would like a copy of some or all your personal information, please email us at [email protected]. We will provide this information to you within 30 days, free of charge.
(b) You have the right to request that the information we hold about you is erased, where one of the following grounds applies:
- Personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- You withdraw Your consent on which the processing is based and where there is no other legal ground for the processing;
- You object to the processing and there are no overriding legitimate grounds for the processing, or You object to processing for direct marketing purposes;
- Personal data has been unlawfully processed;
- Personal data must be erased for compliance with a legal obligation.
The above shall not apply where processing is necessary (i) for exercising the right of freedom of expression and information; (ii) for compliance with a legal obligation which requires processing by a law to which we are subject; and (iii) for reasons of public interest; or for the establishment, exercise or defence of legal claims.
(c) You have the right to request that any information we hold about you be provided to another company in a commonly used and machine-readable format, otherwise known as ‘data portability’.
(d) You have the right to ensure that your personal information is accurate and up to date, or where necessary rectified. Where you feel that your personal data is incorrect or inaccurate and should be updated, please contact [email protected].
(e) You have the right to object to the processing of Your personal data, at any time and for reasons related to Your particular situation where the legal basis on which the processing activity is based is our legitimate interests. Should You exercise this right, we will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override Your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. Where You have objected to processing for direct marketing purposes we shall no longer process Your personal data for such purposes.
(f) You have the right to obtain restriction of processing where one of the following applies:
The accuracy of the personal data is contested for a period enabling us to verify the accuracy of the personal data.
- The processing is unlawful, and You oppose the erasure of such data and You request the restriction of their use instead.
- We no longer need the personal data for the purposes of processing, but You require their retention for the establishment, exercise or defence of legal claims.
- You have objected to processing on the grounds of our legitimate interests, until we verify whether the grounds on which we process Your information override Your rights and freedoms.
Where processing has been restricted on the basis of the above, we will continue to store Your personal data. However, we will only otherwise process it (i) with Your consent; (ii) for the establishment, exercise or defense of legal claims; (iii) for the protection of the rights of another natural or legal person; or (iv) for reasons of important public interest.
(g) Where the processing is based on Your written consent You have the right to withdraw consent at any time.
To the extent that the legal basis for our processing of Your personal data is consent (as and where applicable), You have the right to withdraw that consent at any time such withdrawal will not affect the lawfulness of processing before the withdrawal.
(h) You can contact us for any personal data related matters. In case You are not satisfied or still have concerns You may file a complaint with the Office of the Commissioner for Personal Data Protection. You can find out on their website how to submit a complaint. ( http://www.dataprotection.gov.cy/ )
CHANGES TO THIS PRIVACY STATEMENT
We may update this Privacy Statement from time to time by publishing a new version on our website. You should check this page occasionally to ensure you are happy with any changes. If the changes are substantial, we may notify you of changes by email.
Further information and/or queries and/or requests regarding the processing of Your personal data and any of Your rights in respect to Your personal data, can be requested by contacting us in writing as follows:
By email: [email protected]
By post: ASSOCIATION OF CYPRUS ELECTRONIC MONEY AND PAYMENT INSTITUTIONS (ACEMPI) LTD 38 Griva Digeni Street & 3 Deligiorgi Street, 1066, Nicosia, Cyprus