This Policy was last modified on 25/05/2018

Truevo Payments Ltd (hereinafter ‘Truevo’) is committed to protect data subjects’ privacy in accordance with the General Data Protection Regulation 679/2016 (hereinafter ‘GDPR’). The underlying Privacy Statement provides the data subject with relevant personal data processing information as required in terms of article 13(1) of the GDPR.

1. Information collected

When contacting Truevo for the provision of its services, for the purposes of the GDPR, Truevo collects personal data related to the contact person, authorised signatory, shareholders/ultimate beneficial owner(s), directors, company secretaries etc of the prospective Merchant/Customer and/or Merchant/Customer.

‘Personal data’ means any information relating to an identified or identifiable natural person, the data subject, and includes (i) a name, (ii) an identification number, (iii) location data, (iv) an online identifier (IP addresses and cookie identifiers) or (v) to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2. The information is collected by the Data Controller, with details as follows:

  • Company name: Truevo Payments Ltd (formerly Swish Payments Limited)
  • Company registration number: C 62721
  • Registered and mailing address: MWH Building, 1st Floor, Oratory Street, Naxxar NXR 2504, Malta
  • Email: privacy@truevo.com
  • Telephone: +356 2247 4000
  • Website: truevo.com

3. Intended purposes for the processing of personal data
Truevo is required to process personal data for the purposes of assessing application forms filed by the the prospective Merchant/Customer and the rendering of its services to the Merchant/Customer.

 

Recipients of personal data and transfers to third countries
personal information will not be disclosed to any third parties unless strictly required by law.  Furthermore, for the scope of achieving the processing purposes, the following are the recipients of your personal data, which in some cases may require personal data be transferred to third countries:

DocuSign Inc for the execution of the Merchant agreement through electronic signature
Atlassian Pty Ltd for the processing of personal data in Truevo’s operations
ACI Worldwide (EMEA) Limited and PayOn AG for payment processing purposes
Zendesk, Inc for customer support queries
Amazon.com, Inc for cloud-based storage
Banks and Financial Institutions within the EU for payout purposes
QGen Limited, a Maltese company, for merchant onboarding functions.
SIA Group, which processes personal data for card-processing functions within the EU.
Web Shield Limited, a UK company, for merchant onboarding and monitoring functions
Payreto GmbH, for dispute functions

Personal Data retention periods
Type of personal data

Retention period

Personal data collected through the Merchant Application Form, the Client Agreement and subsequent addenda

10 years from termination of the business relationship

Original documents and documents certified by third parties containing subject persons’ personal data

Powers of attorney

Data Subject rights
The data subjects may exercise the following rights by contacting Truevo:

Right of access

Right of rectification

Right of erasure

Right to restrict processing

Right to data portability

Right to object

Rights in relation to automated decision making and profiling
Truevo shall endeavor to respond to the data subject’s request within thirty (30) days from date of receipt. In circumstances which require a delay of maximum three (3) months from date of receipt of the request, Truevo shall advise accordingly within the initial thirty (30) day period from date of receipt.

Requests in terms of the above listed rights shall be executed by Truevo at no extra cost, subject to the specific conditions as may be listed. Should a request not fulfil the listed conditions then Truevo shall not be in a position to fulfil such request.

Complaints
If the subject person has any complaint about regarding data protection and/or the privacy of personal data, the data subject may contact Truevo.

Truevo shall endeavor to respond to the data subject’s complaint within thirty (30) days from date of receipt. In circumstances which require a delay of maximum three (3) months from date of receipt of complaint, Truevo shall advise accordingly within the initial thirty (30) day period from date of receipt.

If the data subject is not satisfied with Truevo’s reply or no resolution has been reached with Truevo, or if you consider that the processing of your personal data is carried out in an unlawful manner, the data subject may lodge a complaint with a supervisory authority, in particular in the Member State of his/her habitual residence or place of work. For the purposes of Maltese data subjects, this is the Information and Data Protection Commissioner.

Additional website notices
8.1 CONTROL OF PERSONAL INFORMATION
If a data subject’s personal data changes (such as your area code, phone number, email or postal address), you must correct and update such information by logging into your account and clicking on the “My Details” link. If a data subject no longer desires to use our services, he/she deactivate your account in the “My Details” section. However, Truevo cannot completely delete user information because of legal/regulatory and technical back up requirements. Personal data may still be retained for the purposes and retention periods stipulated above.

8.2 LINKS
The website may contain links to other sites. Please be aware that Truevo is not responsible for the privacy practices of such other sites. We encourage users to take care when they leave our site and to read the privacy statements of each and every website that collects personal identification information. This Privacy Statement applies solely to information collected by Truevo’s website.

8.3 SECURITY
Truevo has taken all reasonable measures to secure your account information from unauthorized access, use or disclosure. You must enter your phone number and password each time you want to access your account information or make transactions. Never share your account details with anyone. If you are concerned that your password has been compromised, you can change it any time once you are logged on. Your account login, personal details, and all money transactions are secured using Secure Socket Layer (SSL) technology with high-security 128bit encryption, certified by GoDaddy.