Privacy Policy of The Kassa Inc. OU
The Kassa Inc. OU (hereinafter The Kassa Inc.) always monitors legal updates and complies with all the laws governing the activities of financial institutions, anti-money laundering laws and laws against financing of terrorism, as well as European laws and directives related to data privacy. In accordance with the enactment of the General Data Protection Directive (GDPR), The Kassa has undertaken appropriate measures as described herein.
From the day of launch, The Kassa Inc. adheres to a set of core privacy principles. These principles apply to all persons and organizations whose personal data we hold. We focus, in particular, on the following core principles:
principles and practices of The Kassa Inc. should be transparent. Our Clients should understand what personal data The Kassa Inc. collect, for what purposes personal data are collected, how personal data are stored and what our privacy principles mean.
The Kassa Inc. guarantees safety and control of Clientsâ personal information and grants our Clients the choice to decide about their personal data.
main principle of The Kassa Inc. is to protect and keep personal and financial data secure. The Kassa Inc. ensures that appropriate security standards are maintained and Clientsâ personal data are protected.
Being a licensed electronic money issuer of small scale, The Kassa Inc. collects personal data to issue electronic money. Personal data are primarily used to prevent frauds and suspicious transactions and to respect local and international laws on preventing money laundering and financing of terrorism.
Our
Privacy Policy consists of the following articles:
1 The Kassa Inc. business and legal information 1
2 Definition of personal data. Which data The Kassa Inc. collects about its Clients 2
3 How personal data are collected in The Kassa Inc. 4
4 How personal data are used by responsible employees of The Kassa Inc. 6
5 Disclosure and sharing of Clientsâ personal data with other institutions 9
5.1 Marketing 9
5.2 International data transfers 10
5.3 Data retention 10
6 Clientsâ rights related to personal data 11
7 Security and storage of personal data 12
7.1 Minors 12
8 The right to raise a complaint 13
9 Cookies and other access techniques policy 14
The Kassa Inc. is a payment system operated by The Kassa Inc. , a company based in the Estonia (EU member state). The Kassa Inc. operates under a Electronic money issuer of small scale license issued by the MTR.
The full legal information about The Kassa Inc. is the following:
The Kassa Inc.,
Registered as the Ministry of Economic Affairs and communications
Company identification number: 1401191897 ,
Legal address: Randla tn 13-201, Pбhja-Tallinna linnaosa, Tallinn, Harju maakond, 10315
Email: company@kassa.cc
Telephone number: +372 712 0301
The purpose of this Privacy Policy is to give clients of The Kassa Inc. information on how The Kassa Inc. collects and processes any personal data when our Clients use the website or register in the payment system The Kassa Inc.. This includes all spheres of interaction with our clients, including our website, business relations and issuing of electronic money.
Under Directive 95/46/EC (General Data Protection
Regulation), The Kassa Inc. is a data controller and therefore
is responsible for the use of personal data in a secure manner
in
compliance with the applicable law and in accordance to the agreement
between The Kassa Inc. and its Clients.
Please read this Privacy Policy and the additional information related to the services offered by The Kassa Inc.. In case of any questions, please contact us at the e-mail address indicated below.
Personal data is any information of personal nature which identifies an individual. Personal data do not include data where an individual cannot be identified from the data (anonymised). The Kassa Inc. collects, uses, processes, stores, or transfers personal data such as:
Identity Data.
These data include full name(s), date of birth, government-issued
identity number, date of birth, number and series of any identity
documents. The Kassa Inc.
uses these data particularly for identifying its Clients, in order
to provide them with electronic money issuing and to prevent
money laundering (ML)
or financing of terrorism (FT).
Contact Data. These are data used to contact Clients, such as telephone number, address, email, and billing details. These data are also used for two-step identification of the Client to prevent any risks related to ML or FT.
Financial Data.
These data include bank account number, payment card details and
other related financial data. They are also used for the control and
identification
of the Client to prevent any risks related to
ML or FT.
Payments Details.
While onboarding Clients owning a business (which means
a
business using one or more of our services) or a Customer, this
includes information relating to a payment when using our products
or services.
Technical and Access Data.
These are data such as Internet usage information, Internet Protocol
address (âIP Addressâ), login data, unique user ID, version
of
software installed, screen resolutions, colour capabilities,
plug-ins, language settings, cookie preferences, search engine
keywords, JavaScript enablement,
the content and pages that
the Client accesses on the Website or Platform, and
the dates
and times that the Client visits the Website or Platform, paths
taken, and time spent on sites and pages on the Website or Platform.
Marketing and Communications Data.
These data include both the record
of the Clientâs decision
to subscribe for or unsubscribe from marketing materials from The Kassa Inc. or
its third parties.
The detailed scope of personal data required for
using particular service rendered
by The Kassa Inc. can be
found in the terms and conditions of The Kassa Inc. service that
are available on the website www.kassa.cc
The Kassa Inc. does not collect, store or process any special categories of personal data about its Clients (race, ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about health, genetic and biometric data).
To the extent that website of The Kassa Inc. includes links to third-party websites, plug-ins and applications (including cookies and widgets by third-party advertisers), by submitting the Privacy Policy, the Client should understand that by clicking on such links or enabling such connections the Client may allow third parties to collect or share his personal data. The Kassa Inc. has no control over third-party websites and has no impact on their privacy policy.
Being a Electronic money issuer of small scale and having obligations regarding the prevention of ML and FT, The Kassa Inc. collects data, including personal data, so as to be able to provide its services and products to the Clients. The Kassa Inc. only collects personal data necessary to operate the Payment System and provide its services related to electronic money:
The Kassa Inc. is
legally required to authenticate and validate payments to mitigate
and protect against identity theft or fraud, money laundering and
financing
of terrorism. To do this, some of the Clientâs
personal and non-personal data may
be collected by The Kassa Inc.
directly or delivered to The Kassa Inc.
by Merchants or Customers, and
The Kassa Inc.
will use these personal data
to enter into the fraud systems
available for such validation and will remain there
for future
reference and cross-reference of information required to validate
the payments.
To verify the Clientâs identity and compare the Clientâs information to verify accuracy.
To save the Clientâs data, if the Client exerts
his right of refusal of purchases made
or that the same are
the subject of dispute or chargeback, in order to share the
information on the transaction and, if required, the Clientâs
personal information with financial institutions for resolving
disputes.
Being obliged by the law and by the terms and conditions (contracts) with the Clients, The Kassa Inc. will not be able to register, authorize and approve the Clientâs registration in the payment system until we have received the data we requested.
The Kassa Inc. collects information in
different ways on its websites, namely when
the Client provides
his personal data directly to The Kassa Inc.. This includes:
submitting the Clientâs details to website of The Kassa Inc. so that The Kassa Inc. employees can contact the Client about services and products;
applying for The Kassa Inc. products or services directly on the
webpages
or via e-mail or through The Kassa Inc. appointed suppliers (such as
marketplaces);
entering a competition, promotion or survey;
requesting marketing materials for further use;
sending support requests to The Kassa Inc. support desk.
The Kassa Inc. collects data using various technologies when the Client accesses and browses The Kassa Inc. websites. These are Usage and Technical Data. The Kassa Inc. has its Cookies Privacy Policy, which is a part of The Kassa Inc. General Privacy Policy.
Moreover, The Kassa Inc. obtains personal data through third parties or if publicly available, namely as follows:
merchants and operators of marketplaces who provide The Kassa Inc. with personal data for the purposes of rendering services related to electronic money that the Client has chosen on a website operated by the Merchants or marketplaces;
Profile Data from social platforms and networks when the Client gives The Kassa Inc. the permission to do so and only if applicable;
Technical Data for the purposes of fraud and risk prevention;
Identity Data and Contact Data from publicly available sources in compliance with the applicable laws.
The main and primary purpose for which The Kassa Inc. uses personal data is to provide services related to electronic money, including ensuring proper quality of the service the Client has ordered from The Kassa Inc. (depending on the type of Client). In addition to this, The Kassa Inc. uses Clientsâ personal data in the following cases:
where it is necessary for The Kassa Inc. legitimate interests or the legitimate interests of a third party and where such interests override the Clientâs interests;
where The Kassa Inc. uses personal data to comply with its legal obligations â for example, for preventing of ML and FT and also other legal requirements resulting from the services related to Payment services act and other laws applicable to electronic money issuers of small scale;
Personal data are used with the Clientâs active
and informed consent. The Client
is entitled to withdraw his
consent, if it is not required to comply with legal obligations;
to enable The Kassa Inc. to effectively
communicate with its Clients, namely
to send emails to inform
Clients about payment products or services, update applicable
security and fraud monitoring alerts, or notices, if there is any
breach of services
or other important notices related to
services and products of The Kassa Inc..
To improve products or services, The Kassa Inc. may use automatic tools, including profiling, automated analysis of Clientsâ personal data for the following purposes:
to conduct the KYC procedure required by the applicable law, which includes thorough risk assessment procedures in order to authenticate and authorize the Client;
to authenticate and validate payments to mitigate and protect against identity theft
or fraud as required by the applicable law.
The Kassa Inc. collects and uses personal data to provide its services related to electronic money:
to conclude and execute the contract between The Kassa Inc.
and its Clients,
to guarantee services related to electronic
money and open a payment account in The Kassa Inc. payment system;
to process the electronic money transaction that the Client has ordered using The Kassa Inc. services and to notify the Client of the status of this payment. The types of personal data and the legal basis depend on the specific payment methods available in The Kassa Inc. payment system;
to conduct KYC and risk assessment procedures in
order to authenticate and authorise the Client and his access to The Kassa Inc.
services. The type of Data required is Identity Data, Contact
Data and Financial Data. This is necessary in order
for The Kassa Inc.
to assess the Clientâs application to receive services and
products from The Kassa Inc. under the contract and necessary for legal obligations of The Kassa Inc.;
to protect The Kassa Inc. payment system and business
processes and to ensure compliance with the law and the regulations
for financial institutions. The types
of personal data may
include Identity Data and Transactional Data;
to manage relationships of The Kassa Inc. with the Client. This includes
notifying the Client of changes in the Contract, Terms of Service or
this Privacy Policy,
or to ask the Client to provide
information on how The Kassa Inc.
can improve
or develop new services or products;
to provide the Client with service assistance and
problem solutions or to contact
the Client, or to send the
Client a notification related specifically to the services The Kassa Inc.
offers, such as failures and system updates;
to inform the Client of the status and history of transactions that is required from The Kassa Inc. as a electronic money issuer of small scale under the Payment services act;
to issue and store invoices and accounting documents;
to use the Clientâs personal data in
transactional or monitoring reports as a part
of The Kassa Inc. performance of the contract;
to use the Clientâs personal information for internal purposes, such as audits, reporting, data analysis or data mining, research for improving products or developing new ones, services and communications;
to use data analytics to improve websites,
products or services, marketing
and experiences. This can be
Technical and Access Data which will be used
for the analysis
of The Kassa Inc.
and the development or improvement of products and/or services, or
for the provision of promotions or benefits, which can improve
Clientsâ interaction and use of The Kassa Inc. and/or future development.
While operating with personal data of the Clients, The Kassa Inc. shares such data with:
Internal Third Parties â responsible employees of The Kassa Inc. staff and specific third parties, such as groups of companies providing marketing support, IT support and development, finance and compliance support, and ML/FT services.
External Third Parties:
merchants, in accordance with Service Agreements and terms and conditions;
Service providers under contracts who assist The Kassa Inc. with its business operations, i.e. providers of IT infrastructure, payment risk analysis software, marketing services, compliance officials;
Authorized third-party financial institutions and
banking partners that The Kassa Inc.
partners with to jointly create and offer products and services.
Depending on the type of payment, The Kassa Inc. will share the data with the
financial institutions that validate and process each means of
payment, for an appropriate approval, validation, and settlement.
This means that the Clientâs personal data may be collected for
these purposes by financial issuing institutions for the means of
payment, acquiring financial institutions, payment schemes,
franchises such
as Visa, MasterCard, loan institutions, etc.
In any case of law enforcement, court order,
National Bank inquiry, Financial Arbitrator inquiry or any other
similar legal procedure, The Kassa Inc. shall take all
reasonable organizational and technical measures to ensure that every
third party involved
in the processing of the Clientâs
personal data uses protection standards in accordance with the
applicable laws and in accordance with the principles set out in this
Privacy Policy.
Providing numerous payment solutions and services,
The Kassa Inc. sends marketing notifications and messages. The Kassa Inc. sends marketing
notifications and messages only if the Client has
subscribed for services or products from The Kassa Inc.. The
Client will also receive marketing communications from The Kassa Inc., if he has entered into
a promotional competition,
promotional offer or survey, where The Kassa Inc. requests
its
Clients to provide Contact Details in order to enter or partake in
the survey.
In each case, The Kassa Inc. keeps a register of marketing communications data used by The Kassa Inc., and each Client is entitled at any time to unsubscribe from receiving such marketing notifications by clicking on the unsubscribe link provided in such The Kassa Inc. marketing communications. The Kassa Inc. may also use Marketing and Communications Data in order to improve and customize the content of ads and promotions that may be of interest to the Client.
The Kassa Inc. does not share personal data of its Clients with third parties, excluding parties which are parts of The Kassa Inc. legal obligations and third parties under contractual relations when transferring of personal data is made to provide services related to electronic money. The transfer is necessary to perform and comply with the provision of our Services or to meet other operational needs of the business or in development of some of the purposes set forth in this Privacy Policy. Whenever The Kassa Inc. transfers personal data to third parties, the Client can be assured that there is a similar level of protection of his data as by The Kassa Inc..
The Kassa Inc. may store Clientsâ personal data for as long as required for the fulfilment of the purposes The Kassa Inc. collected them for. The retention of data by The Kassa Inc. is determined by considering compliance with legal (contractual or statutory requirements), accounting and compliance reporting requirements. The Kassa Inc. also takes into consideration the temporary limits established in the commercial or data privacy laws in the different countries in which The Kassa Inc. provides its services.
Any Client can claim his rights specified in the applicable law. The Kassa Inc. guarantees the following rights related to personal data protection:
the right of access to the Clientâs personal
data. Every individual in contractual relationships with The Kassa Inc. has the right to ask for information about
his
personal data being processed by The Kassa Inc..
The right to correct or change the Clientâs personal data. Any inaccurate personal data should be corrected by amendments sent from the Client.
The right to erase the Clientâs personal data.
On demand of the Client, The Kassa Inc. will erase personal
data of the Client, excluding those data, which are
to be
stored under legal obligations.
The right to restrict the processing of the Clientâs personal data. On the Clientâs demand, The Kassa Inc. can mark certain personal data as restricted for processing in certain circumstances.
The right to data portability. On the Clientâs demand, The Kassa Inc. can transmit the Clientâs personal data provided to The Kassa Inc. to another data controller.
The right to automated individual decision-making, including profiling.
The right to object to direct marketing.
The Kassa Inc. takes legal, technical and organizational measures that it considers necessary in order to maintain the security of Clientsâ personal data, with due observance of the applicable obligations and exceptions under the legislation in force. The Kassa Inc. follows the payments industryâs standards regarding the protection of personal data, including, among other measures, standard options of transparent encryption (Transparent Data Encryption) of databases. All data related to personal data of the Clients are encrypted by AES 256 algorithm with a cryptoperiod of 1 year. The encryption key is encrypted by the standard X.509, with a key length of 2048 bits and a 1 year-long cryptoperiod. A private key is divided between only a few employees of The Kassa Inc. under the Shamir scheme, so that none of the employees has separate access to the data independently from other employees. The access to the informational infrastructure is safe under the PCI DSS standard.
The Kassa Inc. reviews its policy regarding
the collection, storage and processing
of Clientsâ personal
data, including physical security measures, to prevent adulteration,
loss, query, use or fraudulent or unauthorized access to Clientsâ
personal information.
The Kassa Inc. has installed process procedures to deal with any suspected personal data breach and will notify its Clients and any applicable regulator of a breach where The Kassa Inc. is legally required to do so.
The Kassa Inc. does not voluntarily or
actively collect, use or disclose personal data
of minors,
according to the minimum age equivalent in the relevant jurisdiction,
without
the prior consent of the parents or guardians of the
minor.
The services of The Kassa Inc. are not intended or designed to attract minors.
If in some reason a The Kassa Inc. employee understands or finds out that The Kassa Inc. has collected personal information of a minor according to the jurisdiction, without first receiving any verifiable parental consent, The Kassa Inc. will take steps to delete the information as soon as possible.
Every Client has the right to raise a complaint about The Kassa Inc. processing and storing of personal data with the data protection regulator in the Clientâs jurisdiction.
Every Client has the right to withdraw the consent
to processing of personal data that
the Client has given to The Kassa Inc.
and prevent further processing, if there is no other legitimate
ground upon which The Kassa Inc. can
process the Clientâs personal data.
If any complaint or claim regarding personal data or the need of their withdrawal appears, please contact us at the email address indicated below. To raise a complaint, withdraw the consent or make any other changes to personal data, please fill in the application below and send it to the email address company@kassa.cc
The Kassa Inc. uses cookies, web beacons and
other access
techniques (hereinafter âcookiesâ) on its website, mobile
application and within payment system. By âcookiesâ
are
meant all IT data, text files stored on usersâ terminals with the
purpose of using websites. Through such files, The Kassa Inc.
recognizes the userâs terminal and displays the website in a
relevant way, adapted to the userâs preferences. âCookiesâ
usually contain the name of the website they come from (redirect),
time of being stored on the terminal and a unique number.
âCookiesâ are used for the purpose of adapting the contents of websites to the userâs preferences and optimizing the use of websites. They are also used to prepare anonymous, aggregate statistics which help The Kassa Inc. understand how the user benefits from websites, which allows for improvement of their structure and contents, excluding the userâs personal identification.
The Kassa Inc. uses two types of âcookiesâ â âsessionâ and âfixedâ. The âsessionâ files are temporary files which remain on a userâs terminal until logging out from a website or closing an application (web browser). The âfixedâ files remain on the userâs terminal for the time defined in cookie parameters or until they are deleted manually by the user. Personal data collected with the use of âcookiesâ may be collected only to perform certain functions for the user. Such data are encrypted in a way to make it impossible for unauthorised persons to access them.
In general, an application used to browse through
websites allows saving âcookiesâ
on the terminal by
default. These settings may be changed so that automatic management
of âcookiesâ is blocked in web browser settings or the user
is informed each time âcookiesâ are sent to his terminal.
Detailed information on the possibility and ways of dealing with
âcookiesâ is available in application (web browser) settings. The
limitations of using âcookiesâ may affect some features available
on the website.
âCookiesâ used by partners of the website
operator, including, without limitation, website users, are subject
to their own privacy policies.