General definitions
1. Personal data means any information relating to an identified or identifiable natural person (data subject), as specified in Article 4(1) of the GDPR.
2. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
3. Data processing means any operation or set of operations which is performed on personal data or on sets of personal data, as specified in Article 4(2) of the GDPR.
4. Data processor means a natural person or legal entity which processes personal data on behalf of the controller, as specified in Article 4(8) of the GDPR.
5. According to the Joint Controller Agreement No. 2018019 of 19/09/2018, your personal data controller is the Paysera network (hereinafter referred to as Paysera, Operator, Data Controller, or Company). Contact details of Paysera are published on the Paysera website. The contact details of the Data Protection Officer appointed by Paysera are: dpo@paysera.al.
6. Data subject or client means a natural person who intends to or has started a business relationship with the Data Controller, or the business relationship has ended but the Data Controller processes the data of the data subject in accordance with legal provisions.
7. Platform means a software solution on the Company's websites, developed by the Company and used to provide the Company's services.
General Provisions
8. Personal data collected by Paysera is processed in accordance with the Law on Legal Protection of Personal Data of the Republic of Albania, the GDPR, and other legal acts. All persons, representatives, and employees of representatives acting on behalf of Paysera who have the ability to access systems with client data, access them exclusively for the performance of their work functions, having a legitimate basis for such access, and must keep personal data known during work confidential even after the termination of employment or contractual relationships.
9. The Company, in accordance with the applicable legal requirements, shall ensure the confidentiality of personal data and the implementation of appropriate technical and organisational measures to protect personal data from unauthorised access, disclosure, accidental loss, alteration, destruction, or other unlawful processing.
10. This Privacy Policy sets out the basic rules for the collection, storage, processing, and retention of your personal data, other information relating to you, the scope, purpose, sources, recipients, and other important aspects of your personal data processing when you use Paysera as a payment service provider. In this Privacy Policy, terms used in the singular form also include the plural form, and terms used in the plural form also include the singular form, unless the context clearly indicates otherwise.
11. By accessing the Paysera website and/or using the app, and/or the information contained therein, and/or services, you acknowledge and confirm that you have read, understood, and agree to this Privacy Policy. Also, after you register with the system and start using our services, this Privacy Policy becomes a Supplement to the General Payment Services Agreement.
12. Paysera reserves the right, at its sole discretion, to modify this Privacy Policy at any time by publishing an updated version of the Privacy Policy on the website and, if the changes are substantial, notifying registered users by email or in-app notification. An amended or updated version of this Privacy Policy shall take effect upon its publishing on the website.
13. If the user of the services is a business client, this Privacy Policy applies to individual clients whose data is transmitted to us by the business client. The user shall inform the data subjects (managers, recipients, agents, etc.) of the transfer of their data to Paysera in accordance with Article 14 of the GDPR.
Data processing purposes, providers, deadlines, recipients
14. The main purpose for which Paysera collects your personal data is to provide the payment services of Paysera to clients who send and receive payments. As a provider of payment services between individuals, Paysera is bound by law to identify and verify your identity prior to entering into financial services transactions with you, also, at the time of the provision of the services, to request further information, as well as assess and store this information for the retention period set out by legislation. Taking this into account, you must provide correct and complete information.
PURPOSE:
Client identification and verification, provision of payment services (account opening, transfers of funds, payment processing, and other), prevention of money laundering and terrorist financing, or implementation of other legal obligations of the payment service provider.
15. Personal data is processed for this purpose in compliance with legal requirements related to: identification and verification of the client's identity; conclusion and execution of agreements with the client or in order to take steps at the request of the client; execution of transfers of funds and transmission of the necessary information together with a transfer in accordance with legislation; implementation of the "Know Your Client" requirements; continuous and periodic monitoring of the client’s activity; risk assessment; updating client data in order to ensure its accuracy; prevention of possible money laundering and terrorist financing, prevention of fraud, detection, investigation and informing of such activity, determination of politically exposed persons or financial sanctions imposed on the client; ensuring proper risk and organisation management.
16. For this purpose, the following personal data may be processed: name, surname, identity document number, address, date of birth, a face photo, citizenship, other data from the identity document (including but not limited to a copy of the document), direct video transmission (direct video broadcast) recording, email address, phone number, current payment account number, IP address, current professional or work activity, current public function, data on the client's participation in political activities, inclusion in sanctions lists, other data required by applicable anti-money laundering and counter-terrorist financing laws, as well as client location data, planned service, account usage purpose (personal/business), planned investment amount, income received, main source of funds, beneficial owner, business relationship correspondence with the client, documents and data confirming the monetary operation or transaction, or other legally valid documents and data related to the execution of monetary operations or transactions, tax residence country, connection with the EEA/EU, tax identification number, devices used, SIM card issuing country, history of monetary transactions.
17. This personal data is collected and processed on the basis of a legal obligation imposed on the payment service provider, i.e. the Law on Payment Services, the Law on Anti-Money Laundering and Terrorist Financing, and other applicable legal acts, and is required in order to open an account and/or provide a payment service.
18. Data retention period: 10 (ten) years after the termination of the business relationship with the client. This personal data must be retained for 5 (five) years according to the Law on Prevention of Money Laundering and Terrorist Financing (no more than 40 years). This data is retained for another 2 (two) years on the basis of the legal interests of Paysera.
19. Data providers and sources: the data subject directly, credit and other financial institutions and their branches, state and non-state registers, databases for checking the data of identity documents (databases of expired documents and other international databases), authority check registers (registers of notarised authority and other databases), the Register of Incapacitated and Disabled Persons, other databases, companies processing consolidated debtor files, institutions maintaining registers of international sanctions, law enforcement agencies, bailiffs, legal entities (provided you are a representative, employee, founder, shareholder, participant, contractor, or the real beneficiary of these legal entities), partners or other legal entities that engage us or are engaged by us in the provision of services, social networks where you have a profile linked to our system, and other persons. Data can be processed using artificial intelligence tools.
20. Groups of data recipients: supervisory authorities, credit, financial, payment and/or electronic money institutions, pre-trial investigation institutions, state tax agencies, payment service representatives or partners of Paysera (if the transaction is carried out using their services), recipients of transaction funds receiving the information in payment statements together with the funds of the transaction, the recipient’s payment service providers and correspondents, participants, and/or parties related to national, European, and international payment systems, debt collection and recovery agencies, companies processing consolidated debtor files, lawyers, bailiffs, auditors, other entities having a legitimate interest, other persons under an agreement with Paysera or on other lawful bases.
PURPOSE: Dispute and debt management.
21. Personal data under this purpose is processed in order to resolve disputes, manage and collect debts, submit claims, demands, complaints, lawsuits, etc.
22. For this purpose, the following personal data may be processed: name, surname, national identification number, address, date of birth, data from an identity document, email address, phone number, current account number, IP address, current account details, and all other data related to the circumstances in which the dispute or debt arose.
23. Data retention period: the due date for the debt is 10 (ten years) from the day the debt became known (if the debt consists of several elements – from the date the last element became known), and after the opening of legal proceedings – until the complete fulfilment of the parties' obligations to each other. The data retention period is based on the limitation periods for proceedings set out by the Civil Code of the Republic of Albania.
24. Data providers: the data subject directly, credit, financial, payment and/or electronic money institutions, state and non-state registers, companies/institutions processing consolidated debtor files or others, providers of electronic communications services, other persons.
25. Groups of data recipients: companies processing consolidated debtor files, credit, financial, payment and/or electronic money institutions, lawyers, bailiffs, courts, pre-trial investigation institutions, state tax agencies, debt collection and recovery agencies, and other entities having a legitimate interest.
26. Please note that if you have a debt to Paysera and you are postponing the performance of your obligations for more than 30 (thirty) days, Paysera has the right to provide the information on your identity, contact details, and credit history, i.e. financial and property liabilities and information on their execution, and debts and their payment to companies managing debtors' databases.
PURPOSE: To support and administer relations with clients, inform clients about existing and new services, provide services, prevent disputes, and collect evidence (recording phone conversations), correspondence of business relations with the client.
27. Personal data is processed for this purpose in order to: maintain the business relationship and communication with the client; provide services to the client; protect the interests of the client and/or Paysera; prevent disputes, provide evidence of business communication with the client (recordings of conversations, correspondence); perform quality assessment and ensure the quality of services provided by Paysera; where it is necessary for the execution of the agreement, in order to take steps at the request of the client, or in implementing a legal obligation; inform the client about the services provided by Paysera, their prices, specifics, changes in the contracts concluded with the client, etc.; send Paysera systemic and other notifications related to the services provided.
28. For this purpose, the following personal data may be processed: name, surname, address, date of birth, email address, phone number, IP address, client location data, current account statements, phone conversation recordings, correspondence with the client, and any other data necessary for the purpose.
29. Data retention period: 5 (five) years after the termination of the business relationship with the client. The retention period may be extended for a period not exceeding 2 (two) years, provided there is a reasoned request from a competent authority. Such data retention period is required under the laws on the prevention of money laundering and terrorist financing.
30. Data providers: the data subject directly, providers of electronic communications services.
31. Data recipients: supervisory authorities, companies processing consolidated debtor files, lawyers, bailiffs, courts, pre-trial investigation institutions, debt collection and recovery agencies, other entities having a legitimate interest, other entities under an agreement with Paysera.
32. The data subject confirms that they understand that such information notifications are necessary for the performance of the General Payment Services Agreement and/or its annexes concluded with the client, and do not constitute direct marketing messages.
PURPOSE: Provision of services through third parties.
33. Personal data for this purpose is processed in order to ensure the widest possible range of services received by Paysera clients, with certain services being provided by third parties.
34. For this purpose, the following personal data may be processed: name, surname, citizenship, personal identification number, address, contact information.
35. The client is clearly informed about any data processing for the purpose of providing services through third parties, and the data is processed only with the client's expressed consent.
36. Data retention period: 1 (one) year.
37. Data providers: the data subject directly, Paysera, third parties providing services.
38. Data recipients: third parties providing services, Paysera, data subject.
PURPOSE: Protection of interests of Paysera and the client (video - camera surveillance on the premises of Paysera).
39. Personal data for this purpose is processed in order to ensure the security of Paysera and/or the client, to protect the life and health of the client and/or their representative, and other rights of Paysera and the client (video surveillance and recording in the premises of Paysera) in pursuit of the legitimate interest to protect clients, employees, and visitors of Paysera and their property, as well as the property of Paysera.
40. For this purpose, the following personal data may be processed: video recordings on the premises managed by Paysera.
41. Before entering the premises of Paysera where video surveillance is conducted, you are informed about the surveillance by special markings.
42. Data retention period: 1 (one) year.
43. Data providers: the data subject directly who visits the premises of Paysera where video surveillance is conducted and is captured by the surveillance camera.
44. Data recipients: courts, prosecution, police, responsible employees of Paysera.
PURPOSE: Direct marketing.
45. For this purpose, personal data is processed in order to provide clients with offers on the services provided by Paysera and find out the clients' opinions on the above-mentioned services.
46. The following personal data may be processed for this purpose, including: name, surname, email address, and phone number.
47. For this purpose, Paysera sends newsletters and direct marketing messages after obtaining the client's consent. Paysera may use a newsletter service provider while ensuring that said provider complies with the personal data protection requirements set out in the Joint Controller Agreement. The client may revoke their consent upon receiving newsletters or direct marketing messages by clicking on the Revoke your consent link as well as informing Paysera at any time about their refusal to process personal data for direct marketing purposes by e-mail support@paysera.al.
48. Data retention period: until the termination of the business relationship with the client or until the day the client objects to the data processing for this purpose.
49. Data providers: the data subject directly.
50. Data recipients: The data for this purpose may be transmitted to search or social networking systems (the possibility to object data processing is ensured by the websites of these systems), as well as to newsletter service providers.
PURPOSE: Statistical analysis, service improvement.
51. Your personal data collected and anonymised for the aforementioned purposes may be processed according to Article 6.1(f) of the GDPR for the purpose of statistical analysis and for improving technical and organisational measures, information technology infrastructure, ensuring the adaptation of the provided service to the devices used, creating new Paysera services, increasing satisfaction with existing services, testing and improving technical measures and IT infrastructure. For this purpose, personal data shall be processed in such a way that, by including it in the scope of statistical analysis, it is not possible to identify the data subjects concerned. The collection of your personal data for the purpose of statistical analysis is based on the legitimate interest to analyse, improve, and develop the conducted activity.
52. You have the right to disagree and object to your personal data processing for such purpose at any time and in any form by informing Paysera thereof. However, Paysera may continue to process the data for statistical purposes if it proves that the data is processed for compelling legitimate reasons beyond the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defence of legal claims.
PURPOSE: Prevention of service misuse and criminal offences, and ensuring proper delivery of services.
Geographical area of processing
Profiling
Cookie policy
53. Paysera may use cookies on this website. Cookies are small files sent to a person's Internet browser and stored on their device. Cookies are transferred to a personal computer upon first visiting the website.
54. Usually, Paysera uses only the necessary cookies on the person's device for identification, enhancement of the website functionality and use, and facilitating a person's access to the website and the information it contains. Paysera may use other cookies upon receiving the client's consent. You will find a brief description of different types of cookies here:
54.1. Strictly necessary cookies. These cookies are necessary in order for you to be able to use different features on the Paysera website. They are essential for the website to work and cannot be switched off. They are stored on your computer, mobile phone or tablet while you are using the website and are only valid for a limited amount of time. They are usually set in response to actions made by you while browsing such as changing your privacy settings, logging in and filling out various forms.
54.2. Statistics cookies. These cookies are used to collect and report on anonymous information in order to find out how our visitors use the website. A registered IN number is used to gather statistical data on how users navigate the website.
54.3. Analytics cookies. These cookies are used to monitor the number and traffic of website users. Analytics cookies help us find out which websites are visited the most and how visitors use them to improve the quality of our services. If you do not consent to the use of these cookies, we will not include your visit to our statistics.
54.4. Marketing cookies. These cookies are used to provide relevant information about our services based on your browsing habits to improve content selection and offer more options while using our website. In addition, these cookies may be used in our third-party partners' websites for reporting purposes. In that way, we would also receive information about your browsing history from our official partners' websites where we place our ads. If you do not consent to the use of these cookies, you will only see non-personalised advertising.
55. Most web browsers accept cookies, but the person can change the browser settings so that cookies would not be accepted. It should be noted that unlike other types of cookies, rejecting necessary cookies may affect the website functionality, and some features may not work properly. Upon first visiting the Paysera website, you will see a pop-up message with a list of specific types of cookies you may choose to accept or decline. If you decide to accept the necessary and the other types of cookies, you can change your selection and revoke your consent by clicking on Cookies Settings at the bottom of the page.
Third-party websites
The use of logos
Ensuring Information Security
56. Paysera aims to ensure the highest level of security for all information obtained from the client and public data files. In order to protect this information from unauthorised access, use, copying, accidental or unlawful erasure, alteration, or disclosure, as well as from any other unauthorised form of processing, Paysera uses appropriate legal, administrative, technical, and physical security measures.
If you believe that we have breached the applicable legislation on data protection in processing your data, and as a result, your rights have been affected, please contact us at dpo@paysera.al.
You may also file a complaint with the local authority responsible for data privacy, Commissioner for the Right to Information and the Protection of Personal Data.