1. Data Controller
The controller of your personal data is EMP Systems Limited, based in Malta. It has a registration number C 64728 with registered address at Parthenon Building, Hughes Hallet Street, SLM 3141, Malta.
As the Data Controller, EMPS takes technical, physical and administrative measures to ensure that your personal data is adequately protected against loss, misuse, and also unauthorized access, disclosure and alteration.
If you need more information or help with your Personal Data – contact our Data Protection Officer here – firstname.lastname@example.org.
2. What we collect from You
In order to ensure our services are provided, we may collect some of the data listed below:
3. Why we are doing this
3.1 EMPS is obliged to process data on the basis of applicable legal provisions. These include, among other things, tax regulations, anti-money laundering and financing of terrorism regulations, regulations regarding licensed operators issued by supervisory authorities.
3.2 Pursuant to the decision of the Personal Data Inspector, EMP Systems Limited, as an institution obliged under the provisions on counteracting money laundering and financing of terrorism, collects and processes your data in order to ensure proper verification required by the provisions on AML and to identify and assess the risk related to money laundering and financing of terrorism. For this purpose, EMP Systems Limited collects and has the right to process a copy/scan of an identity document (ID card, passport, driving license, residence card, etc.) and official documents confirming your address of residence and source of income and assets.
3.3 With the consent of the Data Protection Officer, EMPS also processes data in the form of an email address and phone number, which are necessary to ensure payment transaction authorization and user verification in the event of a change of data (2FA two-step verification).
3.4 EMPS may processes your data in order to:
3.5 EMPS may profile your personal data, which means that we can use the information we have collected, to tailor the communication directly addressed to your needs.
3.6 In this case, however, EMPS does not use your profiling data to make automated decisions that could affect your legal situation. EMPS does not use algorithms to make decisions that may affect your individual rights or affect your rights and the rights arising from the contract between us. Furthermore EMPS does not place automatic offers based on your behaviour in terms of using mobile services.
4. Data processing period
4.1 Personal data may be processed and stored as long as EMPS has a legally legitimate interest and this interest overrides your interests and fundamental rights or it is required by law. In such cases, the data may be stored only for the purpose and in order to meet the requirements of legal provisions.
4.2 The period that EMPS will process the information it collected about you, depends on the type of information. Assuming that, in accordance with the provisions of the Act on Counteracting Money Laundering and Terrorist Financing (AML), this period must be at least 5 years, counting from the date of termination of business relations with the client or from the date of the last transaction.
Where we have the appropriate consent or lawful basis and subject to your preferences, some of your personal data can be processed by our 3rd party marketing partners in order to allow us to communicate with all our customers (e.g. phone, email, push notifications).This may include Email & SMS sending platform providers, prize or gift suppliers, etc. This is always done on the basis of contracts in accordance with legal requirements for the processing of personal data, which effectively protect your rights and interests in accessing the data.
Consent for this processing can be removed, in whole or in part, at any time. If you need more information about this – let us know here.
Our marketing communications will include instructions on how to opt out of receiving this specific type of marketing communication. It can take up to 48 hours following on from your request for this to be fully carried out.
We will not share your personal data with unrelated third parties to market their products to you without your prior consent.
EMPS and our third party partners, such as our advertising and analytics partners, use various technologies to collect information, such as cookies and web beacons.
Examples of Cookies:
EMPS and its third party partners also collect information using web beacons (also known as “tracking pixels”).
Many browsers include their own management tools for removing HTML5 local storage objects.
7. Sharing and Processing your Personal Data
71 EMPS shares information with third parties that help us operate, provide, improve, integrate, customize, support and market its services. These include our business partners, marketing, analytical and IT service and payment method providers. EMPS ensures that all relationships that involve the processing of personal data are subject to a documented contract of entrustment containing the specific information and conditions required by the GDPR.
7.2 EMPS has the right to transfer personal data, e.g. its partners, card organizations (in the field of issuing payment cards), law enforcement and public administration authorities, regulators, auditors to the extent necessary for the provision of services, verification of customer data and compliance with legal obligations, including counteracting fraud, financial crimes, money laundering and terrorism financing. This processing will take place to the extent necessary for the performance of the contract with the client as well as security and AML requirements. EMPS allows access to data only to authorized and properly trained persons / employees.
7.3 EMPS works with its partners: related parties within the EMPS Group, third-party service providers to provide website and application development, software, hosting, maintenance, backup, storage, virtual infrastructure, payment processing, analysis and other services for us, which may require them to access or use information about you. These also include software suppliers, payment systems providers, entities dealing with EMPS’s service marketing on its behalf, entities segmenting users, or dealing with direct contact with users.
7.4 If a service provider needs to access information about you to perform services on our behalf, they do so under close instruction from EMPS, including policies and procedures designed to protect your information. EMPS makes available to its partners only such information as is necessary to achieve the objectives pursued by the parties.
7.5 If required by law, EMPS may disclose your information and payment data to the Police or other public entitled authority (this includes, but is not limited to: name, surname, PESEL number, identity document number, address of residence, phone number, email address, IP address and details of activity and transactions suspected of unlawfulness or dishonesty, such as unlawful use of a given form of payment / security breach or AML risk score). We may share your Personal Data with these other organisations:
8. Transfer outside the EEA
8.1 By agreeing to the transfer of your data to third parties, you also agree that third parties may be located outside the EEA. The privacy laws in these countries may not provide the same level of protection as in your country or EEA. Transfers of personal data outside the European Union will be carefully reviewed prior to the transfer taking place to ensure that they fall within the limits imposed by the GDPR. This depends partly on the European Commission’s judgement as to the adequacy of the safeguards for personal data applicable in the receiving country and this may change over time.
8.2 Intra-group international data transfers will be subject to legally binding agreements referred to as Binding Corporate Rules (BCR) which ensure that data subjects’ rights are fully respected and enforced. If EMPS shares data outside of the EEA, EMPS will rely on standard EU contractual clauses or other legal provisions that will allow for lawful data transfer and ensure an adequate level of protection.
9. Your Rights
9.1 As an entity, whose data are the subject of processing, you have certain rights under the provisions of the GDPR Regulations. These consist of:
9.2 As referred to above, you also have the general right to withdraw the consent you have given us to process your personal data (in respect of our marketing activities) and where this processing is based on what we deem to be our legitimate interest and not as a result of the applicable legal requirements.
9.3 EMPS may refuse you to implement certain rights from those indicated above in a situation where the implementation of a given right would be in contradiction with the legitimate purpose of data processing or with obligations imposed on EMPS by law. EMPS may refuse you to remove your personal data for the period in which EMPS is required to keep this data based on legal regulations on anti- money laundering. It’s very important that you understand that the rights that GDPR gives you, are not absolute.
If you want to use one of your above indicated rights – please contact us here.