Estia Payments S.M.P.C Privacy Policy
Introduction
Estia Payments S.M.P.C. (“we”, “us”, “our”) is committed to protecting the privacy and personal data of our users. This Privacy Policy explains how we collect, process, store, and protect your personal information in connection with our Payment Services gateway. This policy is designed to comply with the General Data Protection Regulation (GDPR) and all applicable data protection laws.
Data Controller and Contact Information
Estia Payments S.M.P.C. is the data controller responsible for your personal data.
For any questions, inquiries, or concerns regarding this Privacy Policy or your personal data, please contact our Data Protection Officer (DPO) at:
Email: dpo@estiapayments.io
Scope of Services
This Privacy Policy applies to all our services, including but not limited to:
• Our website
• Our application
• Our mobile applications
• Our APIs
• Other digital platforms provided by us
Each of these services is covered by this Privacy Policy.
Data We Collect
Due to compliance requirements—including anti-money laundering (AML) obligations—we collect comprehensive personal information, which may include:
• Full name
• Residential address
• Professional address
• Profession
• Date of birth
• Financial information
• Source of wealth
• Telephone number
• Email address
• Additional sensitive data as required by regulatory obligations
Purposes of Data Processing
We process your personal data for the following purposes:
• Operational Reasons: To provide and manage our Payment Services gateway and associated services.
• Compliance with Regulatory Requirements: To comply with AML legislation, MICA compliance, and other legal obligations.
• Fraud Prevention and Protection: To monitor and prevent fraudulent activities.
• Customer Support: To provide assistance and resolve any issues or inquiries.
• Marketing: To send you information about our products and services, subject to your consent where required.
Legal Bases for Processing
Our processing of personal data is based on the following legal grounds:
• Contract Performance: Processing is necessary for the performance of a contract with you.
• Legal Obligation: We process data to comply with legal requirements and regulatory obligations.
• Consent: Where applicable, we may process data based on your explicit consent (for example, in relation to marketing communications).
• Legitimate Interests: Processing is necessary for our legitimate interests, such as fraud prevention, provided that such interests do not override your rights and freedoms.
• Legal Compliance: In connection with AML and other legal compliance matters.
Data Sharing and Third Parties
We may share your personal data with trusted external providers, including payment processors, analytics providers, cloud storage services, and regulatory bodies. The specific names of these external providers are not listed in this Privacy Policy. No personal data is transferred outside the European Union. Should any future transfers occur outside the EU, we will update this Privacy Policy accordingly and ensure that appropriate safeguards are in place.
Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected or as required by applicable laws and regulations. For example:
• Customer Records (including AML): At least 20 years from the end of the client relationship or from the date of the transaction.
• Financial Records: Retained for 10 years.
• Emails: Retained for 6 years.
• Other Records: Retention periods vary (generally between 5 and 20 years) as detailed in our Record Retention Policy.
After the applicable retention period expires, your data will be securely deleted or anonymized.
Cookies and Tracking Technologies
We use cookies and similar tracking technologies on our website, application, and other digital platforms to:
• Collect analytics data
• Monitor performance
• Support further development of our services
• Deliver marketing communications
• Ensure standard functionalities and user experience
You can manage your cookie preferences through your browser settings or via our consent management tools available on our platforms.
Data Security
We implement robust technical and organizational measures to safeguard your personal data, including:
• Encryption: Data is encrypted during transmission and at rest.
• Access Controls: Strict access controls are in place to limit access to personal data only to authorized personnel.
• Regular Security Audits: We conduct regular security assessments and audits to ensure the continued protection of your data.
• Other Measures: Additional industry-standard practices are employed to maintain data confidentiality and integrity.
Your Rights Under GDPR
Under the GDPR, you have the following rights regarding your personal data:
• Access: The right to request access to your personal data.
• Rectification: The right to have inaccurate data corrected.
• Deletion: The right to request deletion of your personal data (subject to legal obligations).
• Objection: The right to object to the processing of your data where applicable.
• Data Portability: The right to receive your data in a structured, commonly used, and machine-readable format.
You can exercise these rights by contacting our Data Protection Officer at dpo@estiapayments.io.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or regulatory guidelines. Any material changes will be communicated through our website, application, and other digital platforms and/or via email. We encourage you to review this Privacy Policy periodically.
Governing Law
This Privacy Policy is governed by and construed in accordance with the laws of Greece and the European Union. Any disputes arising from or relating to this Policy shall be subject to the jurisdiction of the competent courts in Athens, Greece.
By using our services, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.
If you have any further questions or require additional clarification, please do not hesitate to contact our DPO at dpo@estiapayments.io.