PrimeiroPay Group (“the Group”) is committed to the protection of your privacy and to process your data openly and in a transparent way. The personal data that we process depends on the product or service requested and agreed in each case. The information we provide in this notice refers to current and potential clients of the Group as well as to other individuals who use our website.

This privacy notice provides an overview of how personal data are processed by the Group [referred to as ‘we’, ‘us’, or ‘our’] with head offices at Luxembourg.

This statement is directed to ‘natural persons’ as well as to authorised representatives or agents/signatories or beneficial owners of legal entities.     

In this privacy statement, your data may be referred to as “personal data” or “personal information”. In addition, the handling, collecting, using, saving, protecting and storing your personal data is referred to as “processing” of such personal data.

For the purposes of this statement, personal data shall mean data which identify or may identify you and which may include, for example, your name, address, identification number. 

When do we process your personal data?

We process your personal data so that we can offer you the best possible service and solutions, to enter into agreements with you and, also, to fulfil our statutory obligations. We process your personal data in accordance with the EU General Data protection Regulation [GDPR] and the local data protection law.

The above implies that we process your personal data when:

• You have signed or are considering signing an agreement on a financial product or a service we are offering and to perform a transaction. In addition, we process personal data to be able to complete our client acceptance procedure.
• To provide you with our payment services.
• To identify and authenticate you. It is important to mention that there are a number of legal obligations emanating from the relevant laws to which we must comply to, such as the Money Laundering Law, Tax laws, electronic communications Law. The said laws impose on us necessary personal data processing activities for credit checks, identity verification, tax law reporting obligations [FATCA/CRS] and anti-money laundering controls.
• To protect the legitimate interests of Central Banks, as well as any law and authority with jurisdiction over the Group and its services.

Furthermore, we process personal data to safeguard our legitimate interests such as:

• To ensure the Group’s security, preventing any unlawful use and losses, safeguarding information security and safe payments,  
• To analyse feedback for product demand, advertising and market research, provided that you have given us your explicit consent by a statement or by a clear affirmative action.
• To further develop and promote payment products and services.  

You have given your consent for processing your personal data. Note that you have the right to withdraw consent at any time. However, any processing of personal data prior to the receipt of your revocation will not be affected.

What personal data do we process and their sources?

We process various types of personal data, which we collect from you via applications that you complete to order products and services. You may send us documents, call us [during which we advise you if you are recorded], use our website and our mobile app services, as well as take part in our online surveys. 

We may also collect and process personal data which we lawfully obtain not only from you but from other entities or other third parties. We may also process personal data from publicly available sources, which we lawfully obtain and are permitted to process.

We may process personal data of existing or prospective clients, or a non-client counterparty in a transaction of a client [e.g. account or payment authorization, e.g. by SWIFT, e-transfer etc.] or an authorised representative/agent of a legal entity. Such personal data may be:

• Name, contact details [telephone, email], address, identification data [identification card, passport or official certificate], date of birth, nationality, marital status, employed/self-employed, information on income.

When we agree and provide products and services to you, then additional personal data may be collected and processed which may include:

• Current income and expenses, employment history, securities and property ownership, personal debts, information about family and household, other banking relationship details, tax residence and tax ID, employment position [e.g. as per corporate certificates of directors/shareholders].

In addition, we may process information about the products and services delivered to you, your use of the products and services, as well as your preferences.

We understand the importance of protecting children’s privacy. We may collect personal data in relation to children only if we have first obtained their parents’ or legal guardian’s consent. For the purposes of this privacy statement, “children” are individuals who are under the age of fourteen as per applicable law.  

We only process special category personal data, such as sensitive data, if it is absolutely necessary in order to give advice or to offer a financial product or service to you. In such cases we shall seek to obtain your explicit consent unless we are legally authorized to process such data.

Do you have to provide us with your personal data?

In order to allow us to proceed with a business relationship with you, you must provide your personal data to us. Our ability to offer to you our best possible advice and product largely depends on how well we know you. We are also obligated by the provisions of the anti-money laundering laws, which require that we at least verify your identity before we enter into a contract or a business relationship with you. It is important therefore that the information you provide is correct, up to date and accurate. Furthermore, you will undertake to keep us informed of any changes in your personal data. 

Please note that if you do not provide us with the required data we will not be in a position to commence or continue our business relationship with you either as an individual or as the authorized representative/agent or beneficial owner of a legal entity.

Who receives your personal data?  

Your personal data may be provided to various offices and departments within the Group, but also to other associates and third-party vendors, service providers and suppliers so that we may perform our contractual and statutory obligations.

Third parties who process Group’s personal data enter into contractual agreements with us, which include relevant clauses on secrecy, confidentiality and data protection according to applicable data protection laws.  

In addition, we may disclose personal data about you if we are legally required to do so, if we are authorized under our contractual and statutory obligations, or if you have given your consent. 

Such third parties are:

• Supervisory and other regulatory and public authorities,
• Shops, banking institutions, other payment service providers when you use our payment services. We save and use your personal data so that we can carry out payment requests or prepare account statements.
• Financial institutions such as Acquiring banks, so that you can use payment services abroad. Also, if you have asked us to make a payment transfer, we will disclose necessary personal data to third parties to complete the payment transaction,
• For our anti-money laundering process, such as credit reference agencies, or to the tax authorities, if we are legally obliged to do so.
• External legal consultants.
• Financial and business advisors, auditors and accountants.
• Companies who assist us with the effective provision of our services to you by offering technological expertise, internet platforms, solutions and support and facilitating payments.
• Purchasing, procurement and website agencies. 

The transfer of your personal data to processors located outside of the EU

Personal data of clients may be transferred to countries outside of the European Union to, e.g., execute your payment or investment orders; for our IT development, maintenance and support; or when you have given us your consent to do so. We ensure that your rights are protected, and your data privacy is upheld in data transfers by following standard agreements approved by the European Commission. 

How do we treat your personal data for marketing activities? 

We may process your personal data from information you provide to us or data we collect when you use our services, such as information on your transactions to offer to you products or services that we believe are of interest to you. 

We may only use your personal data to promote our products and services, as in our so-called Newsletter, if we have your explicit consent or, in certain cases, if it is in our legitimate interest to do so. 

You have the right to ask us, at any time, to stop sending you marketing messages by withdrawing your consent. 

Profiling and automatic decisions using your personal data

Profiling implies that your personal data are processed automatically. We inform you that we only proceed with automated processing in order that we may offer targeted products and services, prevent money laundering and develop our pricing policy efficiently.

Automatic decisions are only used to, for example, prevent misuse. 

Our personal data retention policy  

We store your personal data for as long as it is necessary, considering the purpose of processing for which your data was originally collected, and for as long as we have a business relationship with you [as an individual or in terms of our dealings with the legal entity you represent] so as to perform our contractual and statutory obligations.  

When your business connection with us has terminated, then we will keep your personal data as per our data retention policy as follows:

1. Client personal data [natural persons or authorized representative/agent or beneficial owner of a legal entity] for 10 years in accordance with European applicable law, or
2. From the end of the period in which litigation or investigations might arise in respect of the services, after which the relevant retention period [as per paragraph (a) above] will commence.

Your data protection rights

You have the following rights about your personal data that we hold: 

• Right to receive access to and a copy of the personal data concerning you in a format that is structured and commonly used and to check that we are lawfully processing it.
• Right for correction [rectification]. If your personal data is incorrect, incomplete or irrelevant, you have the right to request that the data is corrected or removed.
• Right for erasure of your personal information. You have the right to ask us to erase your personal data [known as the ‘right to be forgotten’] when there is no good reason for us continuing to process it. You also have the right to ask us to erase your data when you have exercised your right to object to processing, as below.
• Object to processing of your personal data where we are relying on a legitimate interest and you want to object to processing on this ground. You also have the right to object for direct marketing purposes. This also includes profiling inasmuch as it is related to direct marketing.
• Request the restriction of processing. Your right enables you to request us to suspend the processing of your personal data if: (i) it is not accurate; (ii) it has been used unlawfully but you do not wish for us to delete it; (iii) it is not relevant any more, but it may be used in possible legal claims; or (iv) you have already requested the restriction of processing and you are waiting us to confirm if we have any legitimate grounds to continue processing.
• Data portability of your personal data to other organisations. You also have the right to have your personal data transmitted directly by ourselves to other organisations of your choice.

• Rights in relation to automated decision making and profiling. You also have the right not to be subject to a decision when it is based on automated processing.
• Withdraw the consent at any time. The withdrawal or revocation of your consent shall not affect the lawfulness of processing based on consent before it was withdrawn or revoked by you. 

Please note that we shall continue processing your personal data in order that we may fulfil a contract or if this is necessary on the basis of the legislation.

In addition, the data protection legislation and any limitations and restrictions set by our business activities and practices may impose restrictions on your rights.

If you wish to exercise any of your rights, or even have any other questions regarding the processing of your personal data, you can send us a contact request in online services by completing the online form at www.v2.primeiropay.com or email us at privacy@v2.primeiropay.com.

You can also contact our Data Protection Officer at email dsb@freshcompliance.de.

Right to lodge a complaint 

If you believe that your queries have not been adequately addressed by us, you also have the right to complain to the Office of the Commissioner for Personal Data Protection. Find out on their website how to submit a complaint.  

Changes to this privacy statement 

Please note that we may modify or amend this privacy statement from time to time. 

By amending the revision date at the top of this page, it is the method used to advise you of the modification. Therefore, we encourage you to review this statement periodically to be informed about how we protect your personal data.

We additionally recommend that you review our Cookie Policy, which elaborates on the use of cookies on our website and which cookies are considered necessary for the proper operation of the site.