1. Data Controller

The controller of your personal data is EMP Systems Limited, based in Malta. It has a registration number C 64728 with registered address at Parthenon Building, Hughes Hallet Street, SLM 3141, Malta.

EMPS provides procedures for the protection of customers’ personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of data, repealing Directive 95/46 / EC (‘CODE’/’GDPR’) and according to the implemented Privacy Policy.

As the Data Controller, EMPS takes technical, physical and administrative measures to ensure that your personal data is adequately protected against loss, misuse, and also unauthorized access, disclosure and alteration.

If you need more information or help with your Personal Data – contact our Data Protection Officer here – dpo@empsgroup.com.

2. What we collect from You

2.1 When using our services, you need to remember that all data provided by you, will be collected and processed in accordance with this Privacy Policy. This process applies to both Individual Customers and natural persons who are representatives, partners, beneficial owners of Business Customers and/or Business Account Administrators, as well as representatives of the contractor / business partner, persons designated for working contacts and responsible for coordinating and implementing the contract with EMPS.

In order to ensure our services are provided, we may collect some of the data listed below:

• Your first and last name;
• Your residential address and nationality;
• Date of birth;
• PESEL number and identity document number;
• Your email address;
• Your phone number;
• User name;
• IP address;
• Bank account number;
• Certificate serial number, if you use a qualified signature;
• Technical information about any devices you use to access our services or other technical information;
• Information about your use of our services, including information about when, how and where you use the services;
• Operation history – when you register for an account, create or modify your profile, set preferences, sign-up for or make purchases through our services;
• Information on your use of social networks (only when you have linked our services to your social media accounts). The above may potentially include certain information including, among others, access to your friends’ list, as well as aggregate non-personal analytical data about our users (strictly in accordance with the applicable social media terms and conditions – to the extent necessary to provide you with all the functionality of our services;
• Information about your deposits and withdrawals;
• Any other data that you provide to us through our services;
• Any other data that you provide to us when you contact our support.

3. Why we are doing this

3.1  EMPS is obliged to process data on the basis of applicable legal provisions. These include, among other things, tax regulations, anti-money laundering and financing of terrorism regulations, regulations regarding licensed operators issued by supervisory authorities.

3.2   ​​Pursuant to the decision of the Personal Data Inspector, EMP Systems Limited, as an institution obliged under the provisions on counteracting money laundering and financing of terrorism, collects and processes your data in order to ensure proper verification required by the provisions on AML and to identify and assess the risk related to money laundering and financing of terrorism. For this purpose, EMP Systems Limited collects and has the right to process a copy/scan of an identity document (ID card, passport, driving license, residence card, etc.) and official documents confirming your address of residence and source of income and assets.

3.3   With the consent of the Data Protection Officer, EMPS also processes data in the form of an email address and phone number, which are necessary to ensure payment transaction authorization and user verification in the event of a change of data (2FA two-step verification).

3.4 EMPS may processes your data in order to:

• provide you with the services that are offered on www.plixpay.com; as well as in the PLIX mobile application;
• meet the legal obligations imposed on us, including anti-money laundering laws and financing of terrorism;
• two-step authorization of ordered transactions and double verification of your data in the event of their change / update (2FA);
• implement a so-called legitimate interest, understood as a perfectly legitimate purpose of data processing, consistent with your rights (e.g. protection of data processing security, prevention of fraud and money laundering, marketing services).
• provide you with any services covered by the operation of our website and stationary premises;
• provide you marketing information (including personalized) about the services that you order from us or which may interest you  as well as communication with other users of our services;
• enable participation in elements of interactive services;
• notify you about changes regarding our services;
• about improvement or modification of our services;
• issuance of virtual debit cards;
• organize competitions, promotions and bonuses (including contact with participants, evaluation of entries, distribution of prizes, payment of tax);
• for tax, legal and billing purposes as defined in EU law (GDPR);
• profile and personalize our marketing communications, offers and advertisements that we display on our and our marketing partners’ websites (according to point 5 below), based on the combined data we have collected about you;
• process/carry out online payments;
• verify your age and identity;
• configure and manage the user’s account and access for persons authorized to manage the account;
• complete compliance procedures in force for us;
• monitor transactions to prevent fraud and money laundering  and financing of terrorism.

3.5 EMPS may profile your personal data, which means that we can use the information we have collected, to tailor the communication directly addressed to your needs. 

3.6 In this case, however, EMPS does not use your profiling data to make automated decisions that could affect your legal situation. EMPS does not use algorithms to make decisions that may affect your individual rights or affect your rights and the rights arising from the contract between us. Furthermore EMPS does not place automatic offers based on your behaviour in terms of using mobile services.

4. Data processing period

4.1 Personal data may be processed and stored as long as EMPS has a legally legitimate interest and this interest overrides your interests and fundamental rights or it is required by law. In such cases, the data may be stored only for the purpose and in order to meet the requirements of legal provisions.

4.2 The period that EMPS will process the information it collected about you, depends on the type of information. Assuming that, in accordance with the provisions of the Act on Counteracting Money Laundering and Terrorist Financing (AML), this period must be at least 5 years, counting from the date of termination of business relations with the client or from the date of the last transaction.

4.3 EMPS will process your personal data only as it is necessary to meet the objectives set out in this Privacy Policy. After such time, EMPS will either delete or anonymize your information, depending on the type of this data and legal requirements. In the case of anonymized data, we will securely store your information  and isolate it from any further processing, until deletion is possible regarding legal and technical possibilities. 

5. Marketing

Where we have the appropriate consent or lawful basis and subject to your preferences, some of your personal data can be processed by our 3rd party marketing partners in order to allow us to communicate with all our customers (e.g. phone, email, push notifications).This may include Email & SMS sending platform providers, prize or gift suppliers, etc. This is always done on the basis of contracts in accordance with legal requirements for the processing of personal data, which effectively protect your rights and interests in accessing the data.

Consent for this processing can be removed, in whole or in part, at any time. If you need more information about this – let us know here.

Our marketing communications will include instructions on how to opt out of receiving this specific type of marketing communication. It can take up to 48 hours following on from your request for this to be fully carried out. 

We will not share your personal data with unrelated third parties to market their products to you without your prior consent.

6. Cookies

EMPS and our third party partners, such as our advertising and analytics partners, use various technologies to collect information, such as cookies and web beacons.

EMPS uses cookies, web beacons and other technologies in order to:

• improve and customize services and websites and your experience;
• improve your experience of our services;
• allow you to access and use the services without re-entering your username or password;
• understand usage of services and the interests of our customers;
• determine whether an email has been opened and acted upon;
• present you with advertising relevant to your interests.

Examples of Cookies:

• Where strictly necessary. These cookies and other technologies are essential in order to enable the services to provide the feature you have requested, such as remembering you have logged in.
• For functionality. These cookies and similar technologies remember choices you make such as language or search parameters. EMPS uses these cookies to provide you with an experience more appropriate with your selections and to adapt them to the services used.
• For performance and analytics. These cookies and similar technologies collect information on how users interact with the services and enable EMPS to improve how the services operate. For example, EMPS uses Google Analytics cookies to help understand how visitors find out about and browse our products and website to identify areas for improvement such as navigation, user experience, and marketing campaigns.
• Targeting Cookies or Advertising Cookies. These cookies collect information about your browsing habits in order to make advertising relevant to you and your interests. They remember the websites you have visited and that information is shared with other parties such as advertising technology service providers and advertisers.
• Social media cookies. These cookies are used when you share information using a social media sharing button or “like” button on our websites or you link your account or engage with our content on or through a social media site. The social network will record that you have done this. This information may be linked to targeting/advertising activities.

To opt-out of our use of cookies, you can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from websites you visit. If you do not accept cookies, however, this may make it more difficult or impossible to use all aspects of services.

EMPS and its third party partners also collect information using web beacons (also known as “tracking pixels”).

Many browsers include their own management tools for removing HTML5 local storage objects.

7. Sharing and Processing your Personal Data

71 EMPS shares information with third parties that help us operate, provide, improve, integrate, customize, support and market its services. These include our business partners, marketing, analytical and IT service and payment method providers. EMPS ensures that all relationships that involve the processing of personal data are subject to a documented contract of entrustment containing the specific information and conditions required by the GDPR. 

7.2 EMPS has the right to transfer personal data, e.g. its partners, card organizations (in the field of issuing payment cards), law enforcement and public administration authorities, regulators, auditors to the extent necessary for the provision of services, verification of customer data and compliance with legal obligations, including counteracting fraud, financial crimes, money laundering and terrorism financing. This processing will take place to the extent necessary for the performance of the contract with the client as well as security and AML requirements. EMPS allows access to data only to authorized and properly trained persons / employees.

7.3 EMPS works with its partners: related parties within the EMPS Group, third-party service providers to provide website and application development, software, hosting, maintenance, backup, storage, virtual infrastructure, payment processing, analysis and other services for us, which may require them to access or use information about you. These also include software suppliers, payment systems providers, entities dealing with EMPS’s service marketing on its behalf, entities segmenting users, or dealing with direct contact with users.

7.4 If a service provider needs to access information about you to perform services on our behalf, they do so under close instruction from EMPS, including policies and procedures designed to protect your information. EMPS makes available to its partners only such information as is necessary to achieve the objectives pursued by the parties.

7.5 If required by law, EMPS may disclose your information and payment data to the Police or other public entitled authority (this includes, but is not limited to: name, surname, PESEL number, identity document number, address of residence, phone number, email address, IP address and details of activity and transactions suspected of unlawfulness or dishonesty, such as unlawful use of a given form of payment / security breach or AML risk score). We may share your Personal Data with these other organisations:

• police, law enforcement, regulatory authorities, including tax and other authorities;
• credit reference agencies;
• fraud prevention agencies;
• identity verification agencies;
• third parties you ask us (or permit us) to share your data with;
• third parties with whom we have legal and binding agreements to entrust the processing of personal data, to the extent necessary to provide and develop our services, including those resulting from the provisions on payment services and the banking law

8. Transfer outside the EEA

8.1 By agreeing to the transfer of your data to third parties, you also agree that third parties may be located outside the EEA. The privacy laws in these countries may not provide the same level of protection as in your country or EEA. Transfers of personal data outside the European Union will be carefully reviewed prior to the transfer taking place to ensure that they fall within the limits imposed by the GDPR. This depends partly on the European Commission’s judgement as to the adequacy of the safeguards for personal data applicable in the receiving country and this may change over time.

8.2 Intra-group international data transfers will be subject to legally binding agreements referred to as Binding Corporate Rules (BCR) which ensure that data subjects’ rights are fully respected and enforced. If EMPS shares data outside of the EEA, EMPS will rely on standard EU contractual clauses or other legal provisions that will allow for lawful data transfer and ensure an adequate level of protection. 

9. Your Rights

9.1 As an entity, whose data are the subject of processing, you have certain rights under the provisions of the GDPR Regulations. These consist of:

• The right to withdraw the consent – You have the right to withdraw you consent to the processing of your data, in accordance with EMPS rules;
• The right to be informed – You have the right to be informed how your personal data are processed and why;
• The right of access – You have a right to request a copy of the personal information that we hold about you;
• The right to rectification – Where personal data is inaccurate, you have the right to request that it be corrected and incomplete personal data completed;
• The right to erasure – You can request us to delete your personal data at any time; as long as there are no legal requirements and an overriding obligation to continue processing this data for a certain period. Legal obligations arising from specific regulations include predetermined storage periods;
• The right to restrict processing/object – in certain circumstances you have the right to object or to apply to restrict the processing of your personal data, where this processing is based on consent or our legitimate interest, but not based on legal requirements. However, despite your objections/request to restrict processing of your data, we will have to continue processing your data for a certain period.
• The right to data portability – You have the right to request that your personal data be provided to you in a “structured, commonly-used and machine-readable format” (GDPR Article 20) and to transfer that data to another party. This applies to personal data for which processing is based on your consent and the processing carried out by automated means.
• Rights in relation to automated decision making and profiling – You have the right to not be the subject of automated decision-making where the decision has a significant effect on You, and You can insist on human intervention where appropriate. You also have the right to express your point of view and contest decisions.

9.2 As referred to above, you also have the general right to withdraw the consent you have given us to process your personal data (in respect of our marketing activities) and where this processing is based on what we deem to be our legitimate interest and not as a result of the applicable legal requirements.

9.3 EMPS may refuse you to implement certain rights from those indicated above in a situation where the implementation of a given right would be in contradiction with the legitimate purpose of data processing or with obligations imposed on EMPS by law. EMPS may refuse you to remove your personal data for the period in which EMPS is required to keep this data based on legal regulations on anti- money laundering. It’s very important that you understand that the rights that GDPR gives you, are not absolute.

If you want to use one of your above indicated rights – please contact us here.

10. Changes

10.1 EMPS may change this Privacy Policy from time to time. EMPS will post any Privacy Policy changes on this page and, if the changes are significant, EMPS will provide a more prominent notice by adding a notice on the homepage, login screens, or by sending you an email notification. EMPS will also keep prior versions of this Privacy Policy in an archive for your review. EMPS encourages you to review the Privacy Policy whenever you use services to stay informed about our information practices and the ways you can help protect your privacy.

If you disagree with any changes to this Privacy Policy, you will need to stop using  our services and deactivate your account(s), as outlined above.