Principles of personal data protection in the company PAYmeUP s.r.o., reg. No.: 04752601, registered address: Revoluční 762/13, Staré Město, 110 00, Prague, Czech Republic (hereinafter referred to as the “Company”, “PAYmeUP”, “we”, “our”, “ours”, “us”), client personal data protection policy of the Company and Cookies Policy.
AML – anti-money laundering
TF – terrorist financing
KYC – know your client
The Company always monitors the latest legislation and complies with the laws relating to and regulating the activities of small payment institutions, anti-money laundering and terrorist financing laws, as well as European laws and Directives on the protection of personal data. In accordance with the General Data Protection Regulation (GDPR), the Company has taken the measures described below.
Since the launch of the payment system, the Company adheres to a set of principles for the protection of personal data. These principles apply to all individuals and organizations whose personal information we hold. We focus primarily on the following basic principles:
Transparency of procedures and principles for processing, collecting, and storing personal data. Our customers are entitled to information about what personal data PAYmeUP collects, for what purpose it is collected, how personal data is stored, and what our personal data protection policy is.
The Company guarantees the security and control of client personal data and provides clients with the opportunity to make a decision on how to process their personal data.
The main principle of the Company is the protection and reliable storage of personal and financial data. The Company ensures the maintenance of appropriate security standards and the protection of client personal data.
As a small payment institution authorized by the Czech National Bank, the Company collects personal data for the provision of payment services and services related to the current license. Personal data is used primarily to prevent fraud and suspicious transactions, as well as to comply with local and international laws in order to prevent money laundering and terrorist financing.
PAYmeUP is a payment system operated by the Company with a registered office in the Czech Republic (an EU member state). The company operates on the basis of a small payment institution authorization issued by the Czech National Bank.
Company legal information:
Company Name: PAYmeUP s.r.o.
Registration number: 04752601
Legal address: Revoluční 762/13, Staré Město, 110 00, Prague, Czech Republic
The purpose of these personal data protection principles is to provide our clients with information about how we collect and process all personal data when our clients use the Company’s website https://paymeup.cz/ (hereinafter referred to as the “Website”) or register in PAYmeUP system. All areas of client interaction are used, including the Website, business relationship and payment services.
In accordance with Directive 95/46/EU (General Provisions on the protection of personal data), the Company is the data administrator and is therefore responsible for the safe use of personal data in accordance with applicable law and in accordance with the agreement between the Company and its clients.
Please read these personal data protection guidelines and other information related to the services offered by the Company. If you have any questions, please contact us at the email address above.
Personal data is any personal information that identifies a person. Personal data does not include data that cannot be used to identify a person (they are anonymous). The Company collects, uses, processes, stores or transfers personal data such as:
The detailed scope of personal data required to use certain services provided by the Company can be found in the terms and conditions of service available on the Website.
The Company does not collect, store or process any special categories of personal data about its clients (race, ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political views, trade union membership, health information, genetic and biometric data).
The Website contains links to third-party websites, plugins, and applications (including cookies and widgets from third-party advertisers). While agreeing to the principles of personal data protection, the client must also understand that by clicking on these links or allowing these connections, the client may provide third parties with the opportunity to collect or share their personal data. The Company does not have any control over third-party websites and does not influence their principles of personal data protection.
Since the Company is a small payment institution and has obligations related to the prevention of ML and TF, PAYmeUP collects data, including personal data, to provide its services and products to clients. The Company collects only personal data necessary for the operation of the payment system and the provision of payment services:
In accordance with the legislation, terms and conditions (agreements), the Company does not have the right to register, authorize and approve the Client’s registration in the PAYmeUP system until the client provides the necessary data.
The Company collects information on its Website in various ways, especially when the client provides his/her personal data directly to the Company. This includes:
In addition, the Company receives personal data through third parties or, if they are publicly available. Such sources are:
The main and priority purpose for which PAYmeUP uses personal data is to provide payment services, including ensuring the proper quality of services that the Client has ordered from the Company (depending on the type of client). In addition, the Company uses the personal data of clients in the following cases:
To improve its goods or services, PAYmeUP may use automated tools, including profiling, automatic analysis of the client personal data for the following purposes:
The company collects and uses the personal data for the provision of payment services:
While working with clients’ personal data, the Company shares this data with:
In any case of enforcement of a right, a court decision, an investigation by the Czech National Bank, a Financial arbitrator or in the case of any other similar court procedure, the Company will take appropriate organizational and technical measures to ensure that any third party involved in the processing of the client personal data applies the standards and principles of protection in accordance with the current legislation and in accordance with these Principles of Personal Data Protection.
Since the Company provides a wide range of payment solutions and services, it sends out marketing notifications and messages to clients. The Company sends marketing notifications and messages only if the сlient has subscribed to receive this information about PAYmeUP services and products. The сlient will also receive marketing messages from the Company if they participate in a promotion or survey where PAYmeUP asks its clients to provide their personal data to access or participate in the survey.
In any case, PAYmeUP maintains a register of data for marketing communications that is used by the Company, and each сlient has the right to opt out of receiving such marketing notifications at any time by clicking on the unsubscribe link specified in PAYmeUP marketing messages. The Company may also use marketing and communication data to improve and customize the content of advertising messages and promotions that may be of interest to the client.
The Company does not transfer the personal data of its clients to third parties, except for the parties that are part of the legally stipulated obligations of the Company and third parties in the framework of contractual relations for the transfer of personal data for the purpose of providing payment services. The transfer is necessary to fulfill and comply with the terms of the services provided by PAYmeUP, or to meet other operational needs of the Company or to achieve certain goals set out in these Principles of Personal Data Protection.
Whenever PAYmeUP transfers personal data to third parties, the Client can be sure that the third party has the same level of personal data protection as the Company.
The Company may store the сlient personal data for as long as it is necessary for us to achieve the purpose for which it was collected. The data storage by PAYmeUP is subject to the assessment of compliance with legal (contractual or legislative) and accounting requirements, as well as the requirements for declaring compliance. The Company also takes into account the time limits established in the laws on the protection of personal data of the various countries in which PAYmeUP provides its services.
Each client can exercise his/her rights specified in the current legislation of the Czech Republic. The Company guarantees the following rights related to the protection of personal data:
The Company takes the legal, technical and organizational measures that it considers necessary to ensure the security of the client personal data, with due regard to the valid obligations and exceptions in accordance with the current legislation. The company complies with the standards in the sphere of payment systems. To protect all personal data, the technology of permanent encryption (Always Encrypted) is used. The AEAD_AES_256_CBC_HMAC_SHA_256 algorithm is used to encrypt personal data of clients. The master encryption key is stored in a secure key store. Encryption keys are encrypted using an RSA key using optimal asymmetric encryption with an add-on (RSA-OAEP). Key administration uses a company employee role allocation process that ensures that database administrators do not have access to key stores, and security administrators do not have access to a database containing sensitive data. Access to the information infrastructure is protected in accordance with the PCI DSS standard.
The Company is reviewing its policies regarding the collection, storage, and processing of customer personal data, including physical security measures, to prevent falsification, loss, misuse, fraudulent use, or fraudulent or unauthorized access to client personal data.
The Company has established procedures to eliminate any suspicion of a violation of personal data and will notify its clients and any competent authorities of the violation, if required by law.
The Company does not voluntarily or actively collect, use or disclose personal data of minors without the prior consent of the parents or guardians of the minor, due to the different ages of the respective jurisdictions.
PAYmeUP services are not aimed at attracting minors and are not intended for this purpose.
If an employee of PAYmeUP is notified or discovers that for any reason the Company collects personal information about a minor from a particular jurisdiction without first obtaining verifiable parental consent, PAYmeUP will take steps to delete this information as soon as possible.
Each client has the right to file a complaint about the processing and storage of his/her personal data.
Each client has the right to withdraw his/her consent to the processing of personal data provided by the client to the Company and to prevent further processing, if there is no other legitimate reason for PAYmeUP to continue processing the client personal data.
If you have any complaints or claims about your personal data or need to download it, please contact us at the email address below. To file a complaint, withdraw consent, or make other changes to your personal data, fill out the application form below and send it to firstname.lastname@example.org
The Company uses on its Website, mobile app and PAYmeUP System cookie files, web beacons and other access methods (hereinafter referred to as cookies). The term cookie refers to all IT data, text files stored in user terminals for the purpose of using the website. Through such files, the Company recognizes the user terminal and displays a web page adapted to the user’s preferences. Cookies usually contain the name of the site from which they originate (redirection), the time of storage on the terminal, and a unique number.
Cookies are used to adapt the Website content to the user’s preferences and optimize the use of the site. They are then used to generate anonymous aggregate statistics that helps the Company understand what benefits the user receives from the website, which allows it to improve the structure and content of the site without the need for personal identification of the user.
The Company uses two types of Cookie files: session cookie and persistent cookie. Session files are temporary files that remain on the user’s terminal until the user exits the site or closes the application (web browser). Persistent files remain on the user’s terminal for the time specified in the cookie settings, or until the user manually deletes them. Personal data collected through cookies may only be collected to perform certain functions for users. Such data is encrypted so that it cannot be accessed by unauthorized persons.
The cookies used by the partners of the website provider, including, but not limited to, the users of the website, are subject to their own personal data protection principles.
Name and surname:
Date of birth:
Please specify the type of personal data to which this complaint relates:
Please provide what applies to your complaint associated with personal data:
We will process your complaint within 42 hours. If you have any questions, please contact us at: Revoluční 762/13, Staré Město, 110 00, Prague, Czech Republic.
By posting your data on the website, you agree to the principles of personal data and information protection (hereinafter referred to only as the “Principles”).
https://paymeup.cz/ website administration (hereinafter referred to as the Website) may not transfer or disclose the information provided by the user (hereinafter referred to as user) to third parties when he/she registers and uses the functions of the site, except in cases described in the legislation of the country in which the user operates.
Get personal information
For communication on the Website (message sending or issues for PAYmeUP payment system employees – hereinafter referred to as PS) a user must specify some personal data (name, surname, telephone number, email etc.). To verify the data provided, the site reserves the right to request proof of identity online or offline.
Use of personal data
This Website uses the user personal information to maintain and improve the quality of the services provided. PS employees may be provided with pieces of personal information if the provision of this information is necessary to answer questions or messages from the user. The website makes every effort to ensure the security of the user personal data. Access to personal data may be granted in cases provided for by law, or if the administration considers that similar measures are necessary to ensure compliance with the legal process, court decision or judicial process of the user necessary to work with the website. In other cases, the information that the user transmits to the website will not be transferred to third parties under any circumstances.
After the user enters his/her personal data (sends a message to PS), he/she will receive an email confirming their successful registration. The user has the right to change or delete their personal data at any time by sending a corresponding message from the website page and specifying the phrase “CHANGE DATA” or “DELETE DATA” in it. After changing the data or immediately before deleting it, the user will be informed by e-mail about the change/deletion of his/her personal data.
The Website may contain links to other sites. This website is not responsible for the principles of service, quality, and security of such sites. This privacy statement applies only to information published directly on the Website.
The Website protects the user account from unauthorized access.
The Website reserves the right to make changes to the principles without prior notice. Innovations take effect from the moment they are published. The user can independently track changes in the principles.