OVERVIEW
In order to operate the TODA Pay Services and to prevent fraud and reduce its risk, SMART PAYMENTS TECHNOLOGIES LTD (MSB registration number: M20438511), a company incorporated and registered in the Province of British Columbia, Canada under company registration number BC1266435, the registered office of which is at 170-6660 GRAYBAR ROAD, 2ND FLOOR, OFFICE # 8T RICHMOND, BC, CANADA V6W1H9, acting as the data controller, is obliged to ask you to provide us with information about yourself, including your business bank account details or eWallet addresses, and corporate details and sensitive data. By consenting to, and agreeing the terms of, this Privacy Policy, you agree to us processing your data in the manner set below. This Privacy Policy describes the collection and usage of information about you. TODA Pay (SMART PAYMENTS TECHNOLOGIES LTD) takes the processing of your information very seriously and will use your information only according to the terms described in this Policy. For the purposes of this Privacy Policy, the term “information” and Personal Data means any confidential and/or personally identifiable information or other information related to users of TODA Pay and/or related Services provided by SMART PAYMENTS TECHNOLOGIES LTD and through its subsidiaries, including but not limited to customers and merchants (legal entities). Your information will not be sold or rented to any third parties for their marketing purposes without your explicit consent. However, in order for us to offer TODA Pay and/or related Services provided by SMART PAYMENTS TECHNOLOGIES LTD and through its subsidiaries, to our users; enhance the quality of Services from time to time; and protect the interests of our users, we will in limited circumstances share some of your information with third parties under strict restrictions. It is important for you to review this Privacy Policy as it applies to all the SMART PAYMENTS TECHNOLOGIES LTD Services. This Privacy Policy is intended to govern the use of TODA Pay and/or related Services provided by SMART PAYMENTS TECHNOLOGIES LTD and through its subsidiaries, by our users (including, without limitation those who use the TODA Pay Services in the course of their trade or business) unless otherwise agreed through contract.
SMART PAYMENTS TECHNOLOGIES LTD appointed Data Protection Officer, for any questions regarding this Privacy Policy please contact: [email protected]
Changes to this Privacy Policy:
All future changes to this Privacy Policy set out in the Policy Update already published on the TODA Pay or SMART PAYMENTS TECHNOLOGIES LTD website at the time you register for the TODA Pay Services. All the changes will take effect as specified in the Policy Update. “Policy Update” means a prior notice of
changes to any of your agreements with TODA Pay which SMART PAYMENTS TECHNOLOGIES LTD may make available to you in writing. If you disagree with the terms of this Privacy Policy, please do not register for or use the TODA Pay Services.
Notification of Changes:
This Policy may be revised and updated as new features are added to the TODA Pay Services or as we incorporate suggestions from our customers. We may change this Privacy Policy at any time by posting a revised version of it on our website. Unless we have legal grounds to do otherwise, we will provide you with at least 30 days’ prior notice of the effective date of the revised privacy policy. We may notify you about the changes in the Policy by posting the notice on the ‘Policy page’ of our website(s) and/or notify you by e-mail. In case you disagree with the terms of this Privacy Policy, you may close your account or request closing your account at any time. Please check the TODA Pay or any SMART PAYMENTS TECHNOLOGIES LTD websites on a regular basis for the most current version of our Privacy Policy. Third Party Websites: Some pages on the TODA Pay website include links to third-party websites or our other products. These sites are governed by their own privacy statements (unless the product or link to the web site belongs to SMART PAYMENTS TECHNOLOGIES LTD), and SMART PAYMENTS TECHNOLOGIES LTD is not responsible for their operations, including but not limited to their information practices. Customers who submit information to or through these third-party websites should review the privacy statements of these sites before providing them with personally identifiable information. Not a Framework Contract: For the avoidance of doubt, this Privacy Policy does not constitute a ‘framework contract’ for the purpose of the EU Payment Services Directive (2015/2366 EC) or any implementation of that directive in the European Union or EEA (including, without limitation, the UK Payment Services Regulations 2017).
A Special Note about Children: Children are not eligible to use TODA Pay or other related SMART PAYMENTS TECHNOLOGIES LTD Services and we ask that minors (persons under the age of 18) do not submit any personal information to us or use the TODA Pay or SMART PAYMENTS TECHNOLOGIES LTD Services.
GENERAL PRINCIPLES
In accordance with this Privacy Policy, we comply with the following principles:
- Processing activities must be lawful, fair and transparent.
- Personal Data must be collected for specified, explicit, and legitimate purposes.
- Personal Data may not be further processed in any way incompatible with those purposes. Processing operations for archiving, public interest, scientific and historical research, and statistical purposes shall be consistent with the original purpose.
- Personal Data must be adequate and relevant and limited to the minimum necessary for the purposes for which they are processed.
- Personal data must be accurate and, where necessary, up to date.
- Personal Data should be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data were processed. Personal Data may be kept longer for archiving purposes in the public interest and for historical, statistical or scientific purposes.
- Personal Data may only be processed in a way that ensures the security of Personal Data.
PERSONAL INFORMATION WE COLLECT
Providing information to us is voluntary, but any refusal to provide such information may disable us to comply with legal obligations, enter into contract with you, respond to your requests, provide you with our Services, receive and process your request.
We collect information about you when you visit our Sites or use our Services, including the following:
- Registration and use information – When you register to use our Services by creating an Account, we will collect Personal Data as vital to offer and fulfill the Services you request. The information we require may vary, depending on the service you use: your name, postal address, telephone number, IBAN, personal identification number, email address and identification information to establish an Account. Due to the legal obligations prescribed by relevant laws, we may require you to provide us with additional data: Corporate details and incorporation documents, information about shareholders and Ultimate Beneficial Owners, transaction history, detailed description of your business, nature of funds etc.
- Transaction and usage information – When using our Services or Services available through SMART PAYMENTS TECHNOLOGIES LTD web site or its subsidiaries, for example, to make purchases from merchants, to receive money, to process payments, we collect information about the transaction, as well as other information associated with the transaction such as amount sent or requested, amount paid for products or services, merchant information, including information about any funding instruments used to complete the transaction, Device Information, Technical Usage Data, and Geolocation Information. We strictly follow AML and CFT Policies and the information about transactions is necessary for providing our
Services. - Participant information – When using our Services or Services available through SMART PAYMENTS TECHNOLOGIES LTD website or its subsidiaries, we collect Personal Data you provide us about the other participants associated with the transaction.
- Send or request funds: When you send or request funds (crypto currencies or fiat) through the Services, we collect Personal Data: name, postal address, telephone number, and financial account information about the participant who is receiving money from you or sending money to you. The extent of Personal Data required about a participant may vary depending on the Services you are using.
- Pay or request someone else to pay a bill: If you use Services provided by SMART PAYMENTS TECHNOLOGIES LTD or through its subsidiaries to pay a bill for the benefit of someone else, or if you request a User to pay a bill for you, we collect Personal Data from you about the account holder such as name, postal address, telephone number, email address, and account number of the bill that you intend to pay or request to be paid
- Information about your friends and contacts – This is subject for future implementation. In case TODA Pay or any product of SMART PAYMENTS TECHNOLOGIES LTD or its subsidiaries implement a Contact feature in its products, it may be easier for us to help you transact with your friends and contacts if you provide Personal Data such as name, email address and telephone number about your friends and contacts while using a Service or if you connect your contact list or friend list to your Account. If you choose to connect your contact list information on your device with your Account and/or establish an account connection between a social media platform and your Account, we will collect and use your contact list or friend list information to improve your experience when you use the Services.
- Information that you choose to provide us to obtain additional Services or specific online Services – When you request enhanced Services or other elective functionality, we may collect additional information from you. We will provide you with a separate notice at the time of collection, if the use of that information differs from the uses disclosed in this Privacy Policy.
- Information about you from third-party sources – We obtain information from third-party sources such as merchants, data providers, and credit bureaus, where permitted by law.
- Other information we collect related to your use of our Sites or Services – Based on our legitimate interests to enhance our Services, we may collect additional information from or about you when you communicate with us, contact our customer support teams or respond to a survey. If you choose not to provide such information, you will prevent SMART PAYMENTS TECHNOLOGIES LTD from carrying out analytics or communicating with you in certain situations. We can still contact you for administrative purposes with respect to providing our Services.
In case we process Personal Data outside of the listed scope we will ask for your consent. You may, in any case, withdraw your consent and in that case SMART PAYMENTS TECHNOLOGIES LTD will no longer process your Personal Data for this purpose, without any negative consequences.
WHY DO WE KEEP PERSONAL DATA
We retain Personal Data to fulfill our legal or regulatory obligations and for our legitimate business purposes. We may retain Personal Data for longer periods than required by law if it is in our legitimate business interests and not prohibited by law. If your Account is closed, we may take steps to mask Personal Data and other information, but we reserve our ability to retain and access the data for so long as required to comply with applicable laws. We will continue to use and disclose such Personal Data in accordance with this Privacy Policy.
WHY DO WE PROCESS PERSONAL DATA
We may Process your information for the following reasons:
- To operate the Sites and provide the Services in accordance with our terms of use, including to:
- Initiate a payment, send or request money, add value to an account, or pay a bill;
- Authenticate your access to an Account;
- Communicate with you about your Account, the Sites, the Services, or TODA Pay;
- Create an account connection between your Account and a third-party account or platform;
- Perform, evaluate applications, and compare information for accuracy and verification purposes.
- To manage our business needs and pursue our legitimate interest, such as monitoring, analysing, and improving the Services and the Sites’ performance and functionality. For example, we analyse User behaviour and perform research about the way you use our Services. For more information, please read our Cookie Policy.
- To manage risk and protect the Sites, the Services and you from fraud by verifying your identity and helping to detect and prevent fraud and abuse of the Sites or Services.
- To deliver marketing materials about TODA Pay products and online Services and the products and services of affiliated businesses. We may also Process your Personal Data to tailor certain Services or Site experiences to better match our understanding of your interests. In each case you have the right to object to our legitimate interest to perform marketing activities.
- To provide personalized Services offered by TODA Pay on third-party websites and online services. We may use your Personal Data and other information collected in accordance with this Privacy Policy to provide a targeted display, feature or offer to you on third-party websites. We may use cookies and other tracking technologies to provide these online services and/or work with other third-parties such as advertising or analytics companies to provide these online services. For more information, please read our Cookie Policy.
- To provide you with location-specific options, functionality or offers if you elect to share your Geolocation Information through the Services. We will use this information to enhance the security of the Sites and Services and provide you with location-based Services, such as advertising, search results, and other personalized content.
- To comply with our obligations and to enforce the terms of our Sites and Services, including to comply with all applicable laws and regulations.
- To make it easier for you to find and connect with others, we may use your information you have shared with the Service to suggest connections between you and people you may know. For example, we may associate information that we learn about you through your and your contacts’ use of the Services, and information you and others provide to suggest people you may know or may want to transact with through our Services. Social functionality and features designed to simplify your use of the Services with others vary by Service.
- To respond to your requests for example to contact you about a question you submitted to our customer service team.
SHARE OF PERSONAL DATA
We may share your Personal Data or other information about you with others in a variety of ways as described in this section of the Privacy Policy.
We may share your Personal Data or other information for the following reasons:
- With other members of the SMART PAYMENTS TECHNOLOGIES LTD corporate family: We may share your Personal Data with members of the SMART PAYMENTS TECHNOLOGIES LTD family of entities to, among other things, provide the Services you have requested or authorized; to manage risk; to help detect and prevent potentially illegal and fraudulent acts and other violations of our policies and agreements; and to help us manage the availability and connectivity of SMART PAYMENTS TECHNOLOGIES LTD products, Services, and communications.
- With other companies that provide services to us (as data processors): We may share Personal Data with third-party service providers that perform services and functions at our direction and on our behalf. These third-party service providers may, for example, provide you
with Services, verify your identity, assist in processing transactions, send you advertisements for our products and Services, or provide customer support - With other financial institutions that we have partnered with to jointly create and offer a product or service (as joint data controllers): We may share Personal Data with other financial institutions that we have partnered with to jointly create and offer a product, such as with Acquiring bank partners in connection with the SMART PAYMENTS TECHNOLOGIES LTD or its subsidiaries. These financial institutions may only use this information to market and offer SMART PAYMENTS TECHNOLOGIES LTD-related products, unless you have given consent for other purposes.
- With the other parties to transactions when you use the Services, such as other Users, merchants, and their service providers: We may share information with the other participants to your transactions, including other Users you are sending or receiving funds from, and merchants or their service providers when you use the Services to pay for goods or services. The information includes:
- Personal Data necessary to facilitate the transaction;
- Information to help other participant(s) resolve disputes and detect and prevent fraud;
- Aggregated data and performance analytics to help merchants better understand Users and to help merchants enhance Users’ experiences.
- With other third parties for our business purposes or as permitted or required by law: We may share information about you with other parties for SMART PAYMENTS TECHNOLOGIES LTD business purposes or as permitted or required by law, including:
- If we need to do so to comply with a law, legal process or regulations;
- Law enforcement, regulators, government officials, or other third parties (in Singapore or elsewhere) in relation to a subpoena, court order, or other legal process or requirement under laws and regulations of different jurisdictions that are applicable to SMART PAYMENTS TECHNOLOGIES LTD, or one of its subsidiaries; when we need to do so to comply with such law or credit card rules; or when we believe, in our sole discretion, that the disclosure of Personal Data is necessary or appropriate to prevent physical harm or financial loss; or to report suspected illegal activity or to investigate violations of a user agreement;
- To protect the vital interests of a person;
- To protect our property, Services and legal rights;
- To facilitate a purchase or sale of all or part of SMART PAYMENTS TECHNOLOGIES LTD business;
- In connection with shipping and related services for purchases made using a Service;
- To help assess and manage risk and prevent fraud against us, our Users and fraud involving our Sites or use of our Services, including fraud that occurs at or involves our business partners, strategic ventures, or other individuals and merchants;
- To banking partners as required by card association rules for inclusion on their list of terminated merchants;
- To credit reporting and collection agencies;
- To companies that we plan to merge with or be acquired by;
- To support our audit, compliance, and corporate governance functions.
- With your consent: We also will share your Personal Data and other information with your consent or direction, including if you authorize an account connection with a third-party account or platform.
In addition, SMART PAYMENTS TECHNOLOGIES LTD, may provide aggregated statistical data to third-parties, including other businesses and members of the public, about how, when, and why Users visit our Sites and use our Services. This data will not personally identify you or provide information about your use of the Sites or Services. We do not share your Personal Data with third parties for their marketing purposes without your consent.
HOW DO WE WORK WITH THIRD-PARTY PLATFORMS AND OTHER SERVICES
A significant benefit and innovation of SMART PAYMENTS TECHNOLOGIES LTD Services is that you can connect your Account with a third-party account or platform. For the purposes of this Privacy Policy, an “account connection” with such a third-party is a connection you authorize or enable between your Account and a non-TODA Pay account, payment instrument, or platform that you lawfully control or own. When you authorize such a connection, SMART PAYMENTS TECHNOLOGIES LTD and the third-party will exchange your Personal Data and other information directly. Examples of account connections include:
- Linking your Account to a social media account or social messaging service;
- Connecting your Account to a third-party data aggregation or financial services company, if you provide such company with your Account log-in credentials; or
- Using your Account to make payments to a merchant or allowing a merchant to charge your Account.
If you choose to create an account connection, we may receive information from the third-party about you and your use of the third-party’s service. For example, if you connect your Account to a social media account, we will receive Personal Data from the social media provider via the account connection. If you connect your Account to other financial accounts, directly or through a third-party service provider, we may have access to your account balance and transactional information, such as purchases and funds transfers. We will use all such information that we receive from a third-party via an account connection in a manner consistent with this Privacy Policy.
Information that we share with a third-party based on an account connection will be used and disclosed in accordance with the third-party’s privacy practices. Before authorizing an account connection, you should review the privacy notice of any third-party that will gain access to your
Personal Data as part of the account connection. For example, Personal Data that TODA Pay shares with a third-party account or platform such as a social media account may in turn be shared with certain other parties, including the general public, depending on the account’s or platform’s privacy practices.
USE OF COOKIES
When you visit our Sites, use our Services, or visit a third-party website for which we provide online Services, we and our business partners and vendors may use cookies and other tracking technologies (collectively, “Cookies”) to recognize you as a User and to customize your online experiences, the Services you use, and other online content and advertising; measure the effectiveness of promotions and perform analytics; and to mitigate risk, prevent potential fraud, and promote trust and safety across our Sites and Services. Certain aspects and features of our Services and Sites are only available through the use of Cookies, so if you choose to disable or decline Cookies, your use of the Sites and Services may be limited or not possible.
Do Not Track (DNT) is an optional browser setting that allows you to express your preferences regarding tracking by advertisers and other third-parties. We do not respond to DNT signals.
You may check our Cookies Policy for more details.
PRIVACY CHOICES AVAILABLE TO YOU
In accordance with the extent permitted by applicable laws, you have the right to request from SMART PAYMENTS TECHNOLOGIES LTD access, transfer, correction or erasure of your Personal Data, right to set limitations to processing of your Personal Data, as well as to object some processing activities and to lodge a complaint with the competent data protection authority. You also have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effect.
You also have choices when it comes to the privacy practices and communications described in this Privacy Policy. Many of your choices may be explained at the time you sign up for or use a Service or in the context of your use of a Site. You may be provided with instructions and prompts within the experiences as you navigate the Services.
Choices Relating to the Personal Data We Collect
- Personal Data. You may decline to provide Personal Data when it is requested by TODA Pay or related products, but certain Services or all of the Services may be unavailable to you.
- Location and other device-level information. The device you use to access the Sites or Services may collect information about you, including Geolocation Information and User usage data that TODA Pay may then collect and use. For information about your ability to restrict the collection and use of such information, please use the settings available in the device.
Choices Relating to Our Use of Your Personal Data
- Personalized Services offered by SMART PAYMENTS TECHNOLOGIES LTD through TODA Pay or related products on third-party websites and services. You may manage your preferences for other SMART PAYMENTS TECHNOLOGIES LTD Services that are personalized and offered to you on third-party websites from your Account. We may also provide you with instructions and prompts on how to manage your preferences within the Service experience.
- Finding and connecting with others. If available, you may manage your preferences for finding and connecting with others from your account of the Service you use.
Choices Relating to Account Connections
- If you authorize an account connection to a third-party account or platform, such as a social media account, you may be able to manage your connection preferences from your Account or the third-party account or platform. Please refer to the privacy notice that governs the third-party platform for more information on the choices you may have.
Choices Relating to Cookies
- You may have options available to manage your cookies preferences. For example, your browser or internet device may allow you to delete, disable, or block certain cookies and other tracking technologies. You can learn more by visiting AboutCookies.org. You may choose to enable these options but doing so may prevent you from using many of the core features and functions available on a Service or Site.
- You may have an option regarding the use of cookies and other choices when it comes to the privacy practices and communications described in this Privacy Policy. Many of your choices may be explained at the time you sign up for or use a Service or in the context of your use of a Site. You may be provided with instructions and prompts within the experiences as you navigate the Services.
Choices Relating to Your Registration and Account Information
If you have an Account, you generally may review and edit Personal Data by logging in and updating the information directly or by contacting us. Contact us if you do not have an Account or if you have questions about your Account information or other Personal Data.
Choices Relating to Communication:
- Notices, Alerts and Updates from Us:
- Marketing: We may send you marketing content about our Sites, Services, products, products we jointly offer with financial institutions, as well as the products and services of affiliated parties and members of the SMART PAYMENTS TECHNOLOGIES LTD, or its subsidiaries through various communication channels, for example, email, text, pop-ups, push notifications, and messaging applications. You may opt out of these marketing communications by following the instructions in the communications you receive. If you wish to receive marketing content from unaffiliated third parties you may give your consent (opt-in) for such communication purpose. If you have an Account with us, you may also adjust your communication preferences in your Account settings. For messages sent via push notifications, you may manage your preferences in your device.
- Informational and Other: We will send communications to you that are required or necessary to send to Users of our Services, notifications that contain important information and other communications that you request from us. You may not opt out of receiving these communications. However, you may be able to adjust the media and format through which you receive these notices.
PROTECTION OF YOUR DATA
We maintain technical, physical, and administrative security measures designed to provide reasonable protection for your Personal Data against loss, misuse, unauthorized access, disclosure, and alteration. The security measures include firewalls, data encryption, physical access controls to our data centers, and information access authorization controls. The visitor’s connection to our Site is encrypted, obscuring URLs, cookies, and other relevant metadata.
While we are dedicated to securing our systems and Services, you are responsible for securing and maintaining the privacy of your password(s) and Account/profile registration information and verifying that the Personal Data we maintain about you is accurate and current. We are not responsible
for protecting any Personal Data that we share with a third-party based on an account connection that you have authorized.
TRANSFER OF PERSONAL DATA
Our operations are supported by a network of computers, cloud-based servers, and other infrastructure and information technology, including, but not limited to, third-party service providers. We and our third-party service providers store and Process your Personal Data in the European Union and elsewhere in the world. We will protect your information as described in this Privacy Policy if your Personal Data is transferred to other countries. The transfer of Personal Data outside of the European Union will be appropriately protected: by means of the adequacy decision or approved mechanism for transfer (for example: Privacy Shield) or standard data protection clauses according to United Kingdom General Data Protection Regulation (UK GDPR) and adopted by the European Commission in accordance with General Data Protection Regulation (GDPR), by means of the standard data protection clauses adopted by a supervisory authority and approved by the European Commission, by the approved code of conduct pursuant to Article 40 of the GDPR or the approved certification mechanism pursuant to Article 42 of the GDPR. We do not represent that our Sites and Services are appropriate or available in any particular jurisdiction. You have the right to know the recipients or categories of recipients to which your Personal Data was or will be disclosed, especially to recipients in third countries. For more information please contact: [email protected]