ASSOCIATION OF CYPRUS ELECTRONIC MONEY AND PAYMENT INSTITUTIONS LTD (ACEMPI) (“ACEMPI” or “we”), is established to promote and develop the electronic money and payments sector in Cyprus and to support the development of the sector by examining and analysing all industry related matters and their impact on the said institutions.
We take Your privacy rights seriously and remain committed to protecting Your privacy and handling of Your personal data in a transparent manner, in compliance with the requirements of the General Data Protection Regulation (EU) 2016/679 , the Law providing for the Protection of Natural Persons with regard to the Processing of Personal Data and for the Free Movement of such Data of 2018 (Law 125(I)/2018) as amended and/or replaced from time to time, and any other applicable legislation. This Privacy Statement describes the policies and practices regarding our collection and use of Your personal data and sets forth Your privacy rights.
For the purposes of the General Data Protection Regulation (‘GDPR’), as well as this Privacy Statement, we are the ‘controller’ of the personal data you provide to us.
WHO WE ARE
ASSOCIATION OF CYPRUS ELECTRONIC MONEY AND PAYMENT INSTITUTIONS (ACEMPI) LTD is an association established in the Republic of Cyprus with membership of Electronic Money Institutions and/or Payment Institutions licensed by Central Bank of Cyprus and/or passported in Cyprus under their license rights from any other EU country with same and/or acceptable license obligations and/or supervisory authorities and/or adequate presence, management, and control in Cyprus.
Our registered office is located at: 38 Griva Digeni Street & 3 Deligiorgi Stret, 1066, Nicosia, Cyprus.
DATA PRIVACY PRINCIPLES
When we process your personal data, such data is:
PERSONAL DATA WE MAY COLLECT AND PROCESS
We collect and process different types of personal data that are received directly from You or from Your representatives as part of your application to become an ACEMPI member. We may also collect and process personal data, which we lawfully obtain from public authorities, or publicly available sources.
When you apply to become an ACEMPI member, we’ll ask you for some personal information to verify your identity and evaluate your application. This will vary depending on the type of Institution you are, but will generally include:
We may additionally collect non-personal information about You, which do not identify You are a specific individual. Such non-personal information include:
HOW WILL WE USE THE INFORMATION WE HOLD ON YOU
We always try to limit the amount of information we hold about you and only use that information where necessary. Therefore, we use your personal data where necessary for the following purposes:
All information provided by You to us is stored on secure servers and we use appropriate organisational, technical and administrative measures to protect Your personal data. Once Your information is received, we use strict procedures and security features to prevent any unauthorised access. However, please note that no transmission of information via the internet is completely secure and no storage system is guaranteed to be entirely secure. If You have any reason to believe that Your interaction with us is no longer secure, please contact us immediately.
WHO WE DISCLOSE YOUR PERSONAL DATA TO
Your data are kept under our control unless it is required to transfer it as part of a particular action you take or as part of our regulatory, compliance or legal obligations. Any data transfers happen between us and public authorities or third parties that we have a contractual agreement to keep your data protected and confidential.
Specifically, recipients of your data may be:
DATA TRANSFER TO THIRD COUNTRIES
Your data may be transferred to countries outside the European Economic Area to a recipient (i) who is in a country which provides an adequate level of protection for personal data or (ii) under appropriate safeguards pursuant to the provisions of applicable data protection laws (e.g. under an agreement in the form of standard data protection clauses adopted by the European Commission_.
In some (occasional) circumstances we may carry out such transfers where (a) we have obtained Your explicit consent in respect of the proposed transfer, provided that You are informed of the possible risks of such transfer (due to the absence of an adequacy decision and appropriate safeguards); (b) the transfer is necessary for the performance of a contract, or (c) the transfer is necessary for the performance of a contract concluded in the interest of the data subject between us and another person or (d) the transfer is necessary for the establishment exercise or defense of legal claims.
HOW LONG WE KEEP YOUR PERSONAL DATA
We will retain Your personal data for a period necessary to fulfil the purposes listed in this Privacy Statement, unless a longer retention period is required or permitted by the applicable law.
Any personal data we use for marketing purposes will be retained until You notify us that You no longer wish to receive this information.
Once you have registered your details with us, you have certain rights which apply, depending on the stage of your application, the information you’ve shared with us and our regulatory obligations relating to it.
(a)You have the right to request a copy of the information that we hold about you. If you would like a copy of some or all your personal information, please email us at firstname.lastname@example.org. We will provide this information to you within 30 days, free of charge.
(b) You have the right to request that the information we hold about you is erased, where one of the following grounds applies:
The above shall not apply where processing is necessary (i) for exercising the right of freedom of expression and information; (ii) for compliance with a legal obligation which requires processing by a law to which we are subject; and (iii) for reasons of public interest; or for the establishment, exercise or defence of legal claims.
(c) You have the right to request that any information we hold about you be provided to another company in a commonly used and machine-readable format, otherwise known as ‘data portability’.
(d) You have the right to ensure that your personal information is accurate and up to date, or where necessary rectified. Where you feel that your personal data is incorrect or inaccurate and should be updated, please contact email@example.com.
(e) You have the right to object to the processing of Your personal data, at any time and for reasons related to Your particular situation where the legal basis on which the processing activity is based is our legitimate interests. Should You exercise this right, we will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override Your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. Where You have objected to processing for direct marketing purposes we shall no longer process Your personal data for such purposes.
(f) You have the right to obtain restriction of processing where one of the following applies:
The accuracy of the personal data is contested for a period enabling us to verify the accuracy of the personal data.
Where processing has been restricted on the basis of the above, we will continue to store Your personal data. However, we will only otherwise process it (i) with Your consent; (ii) for the establishment, exercise or defense of legal claims; (iii) for the protection of the rights of another natural or legal person; or (iv) for reasons of important public interest.
(g) Where the processing is based on Your written consent You have the right to withdraw consent at any time.
To the extent that the legal basis for our processing of Your personal data is consent (as and where applicable), You have the right to withdraw that consent at any time such withdrawal will not affect the lawfulness of processing before the withdrawal.
(h) You can contact us for any personal data related matters. In case You are not satisfied or still have concerns You may file a complaint with the Office of the Commissioner for Personal Data Protection. You can find out on their website how to submit a complaint. ( http://www.dataprotection.gov.cy/ )
CHANGES TO THIS PRIVACY STATEMENT
We may update this Privacy Statement from time to time by publishing a new version on our website. You should check this page occasionally to ensure you are happy with any changes. If the changes are substantial, we may notify you of changes by email.
Further information and/or queries and/or requests regarding the processing of Your personal data and any of Your rights in respect to Your personal data, can be requested by contacting us in writing as follows:
By email: firstname.lastname@example.org
By post: ASSOCIATION OF CYPRUS ELECTRONIC MONEY AND PAYMENT INSTITUTIONS (ACEMPI) LTD 38 Griva Digeni Street & 3 Deligiorgi Street, 1066, Nicosia, Cyprus