Paygety OÜ (hereinafter: PG) is a company that provides virtual currency exchange services and operates on the web platform buy.paygety.ee. To give access to the provided services and to protect the interests and rights of customers and PG and fulfil the contractual requirements, PG collects and processes the identification data of the service user (name and other personal data, contact details, documents used for verification), transaction data (platform transactions and card payments), data of the concluded contracts and collected in the communication with the advisory centre (customer support), but also data related to the Customer’s location (country, region, address) and their legal persons (entrepreneurship) and tax residence data (country of residence, tax identification number and country, citizenship), data about the customer’s assets or the origin of transactions (business partners, field of activity, relation with the public authority or politically exposed persons) and data collected from third parties (public registries), which are used to fulfil the statutory diligence requirements, in particular to fulfil Money Laundering and Terrorist Financing Prevention Act and to ensure the compliance of customers and transactions with the restrictions imposed by international sanctions. PG activities are guided by the General Data Protection Regulation (GDPR).
PG uses the collected data also in the analyses and developments necessary for improving the quality of the customer service and the provided services and product developments, which results are communicated to the Customer by a newsletter, post or advertisement. For the purpose of product development and customer service, PG may send additional questionnaires to the Customer or organise competitions, which execution or participation is optional for the Customer and may be waived.
PG processes customer data as little as possible and personal data is not kept longer than is necessary for processing (the legitimate interest of PG) or according to statutory requirements (anti-money laundering laws, accounting or expiry laws, other laws and requirements of the Republic of Estonia and the European Union).
PG ensures the confidentiality of customer data and applies appropriate technical and organisational measures to protect customer data from unauthorized access, unlawful processing or disclosure, accidental loss, malicious alteration or destruction. The PG platform meets the PCI (Peripheral Component Interconnect) security standards, and its transactions and data exchanges take place in encrypted form through SSL (Secure Sockets Layer) connection.
PG may use "cookies" for the better customer service, for which the Customer must give consent, but may also refuse or choose the option to be notified about it at any time during the transmission of "cookies". In case of refusal of the cookies, some of the services provided by PG may be disturbed or not available to the Customer.
PG does not control and is not responsible for the content of the commercials published by the third parties (PG partners, sponsors, advertisers etc.) or the information of the websites directed through links (connections).
For the Data Processor processing PG Customer data, a Contract of the data processor of personal data will be concluded, which determines the responsibility of the processor and the obligation to process customer data according to the PG guidelines and requirements, ensuring the implementation of up-to-date technical and organisational measures for the protection of customer data.
Customer data will be assigned to third parties based on the statutory requirements and procedures (law enforcement authorities, courts, bailiffs, notary bureaus, tax authorities, bankruptcy trustees, Financial Intelligence Unit and other supervisory authorities etc.). Customer data is also transmitted, if necessary, to the parties of the European and international payment systems and to the postal and telecommunications service providers in order to provide the services by PG.
The transmission and processing of customer data outside the EU / EEA can take place, provided that there is a legal basis (the execution of a legal obligation, corresponding agreement or Customer’s consent) and appropriate protection measures are implemented.
- request the rectification of personal data if they are inadequate, incomplete or invalid;
- object to the processing of their personal data and request their erasure or withdraw the consent to data processing;
- obtain information about personal data processed by PG and to request that they are to be issued or transmitted to another service provider (data portability) in writing or in a public electronic format;
- to apply only for the prevention of automated decision-making (including based on a profile analysis), if this results in legal effects or significant effects on them.
- Submit complaints with the Estonian Data Protection Inspectorate regarding the use of personal data (website: www.aki.ee), if there is reason to believe that the processing of personal data violates their rights.