Date of issue: 22/06/2022
We carefully safeguard the information we hold about you, including your personal data (the “Personal Information”) and name, surname, personal identification number, date of birth, address, e-mail address, telephone number, facial image, live video recording, identity document data and a copy of the document, transaction data, PAN, expiry date, CVV, payment account number, IP address, citizenship, employment, public office, other applicable data required by money laundering and terrorist financing prevention legislation. DiPocket is the data controller of your Personal Information that you provide to us. If you wish to contact us about the processing of your Personal Information, please contact our Data Protection Officer at [email protected]
Your Personal Information will be processed for the purposes described in the Agreement (including for contractual reasons, in order to provide you with the Services) eg to produce cards for use with the Account and to provide you with Account-related communications, for purposes where we have a legal right or a legal obligation (including for tax and accounting) reasons, or for fraud and money laundering detection and for marketing where you consent to this.
You have a right of access to your Personal Information and you can correct (rectify) that Personal Information at any time.
We will process the Personal Information which you provided to us during the registration process. The Personal Information you provide at registration is both a statutory requirement and necessary for us to enter into the Agreement. Providing your Personal Information to us is voluntary, if you do not provide us with the necessary information and documents, we will not be able to perform the Services.
You have a right to ask us to restrict processing or to erase your Personal Information, and where you make this request we will apply your instructions to any third parties who are processing your Personal Information on our behalf, and we will consider your request in the light of our legitimate interests. Where a request to erase Personal Information is received on behalf of a minor, we will take extra care to consider the impact on them of any decision we make.
You also have a right to object to the processing of your Personal Information, provided it is processed based on public interest or our legitimate interests. Furthermore, you may also ask us to provide your Personal Information in machine-readable form back to you, for onward sharing with another data controller or to provide this data to a third party for their use, at your direction.
Where you have given us your explicit consent for the processing of Personal Information, you also have the right to withdraw this consent at any time by contacting us at [email protected] However, such withdrawal will not affect the lawfulness of the processing carried out before the withdrawal was submitted.
If you feel your rights and freedoms in relation to processing your Personal Information have been infringed in any way, please let us know so that we can attempt to resolve the issue. The Personal Information also comes from your usage of the Card, including information about payments you make or receive, and from your other interactions with us, for example through social media, and, if it is compliant with the applicable law, from third parties such as credit reference agencies (who may check the Personal Information against other databases – public or private – to which they have access) or fraud prevention agencies.
Subject to your consent, we may also monitor or record telephone calls between you and us or capture images or video recordings during our interactions. We will use these recordings for risk management and fraud prevention purposes, to check your instructions to us, and for training and quality purposes.
If you give us Personal Information about other people including minors which we use to provide the Services, then you confirm that (i) you have ensured that they agree to our holding and use of that data or that you are otherwise allowed to give us this Information and consent on their behalf to our holding and use of it, (ii) you have provided them with all the Information regarding the processing of personal data as required under the applicable law.
If you cancel or we decline your registration or you decide not to go ahead with it, we will keep the Personal Information for as long as we are allowed to under applicable law and for legitimate business purposes, to help prevent fraud and other financial crime, and for other legal and regulatory reasons:
If the Personal Information is no longer required for the abovementioned reasons, we will delete it.
If you wish to obtain a confirmation as to whether or not Personal Information concerning you is being processed by us, you can request a free copy of it by requesting this at [email protected]
According to art. 13.2 (d) of General Data Protection Regulation (2016/679) you also have a right to lodge a complaint with your national Data Protection Authority.
We use the Personal Information for security, identity verification, to communicate with you and to comply with the law.
Specifically, if it is compliant under the applicable law, we and other DiPocket Group companies may use the Personal Information to pursue our legitimate interests:
We will never pass the Personal Information to a third party for them to use in their own direct marketing without your consent.
We will keep the Personal Information confidential but we may share it with other entities (who are also bound to keep it secure and confidential) if we have a duty to disclose it, if it is required for the provision of our Services to you, or for legitimate purposes including business purposes and where your rights or freedoms are not infringed. Where we rely upon ‘legitimate purposes’ as a justification for our processing of the Personal Information, we will carry out an assessment, called a ‘Legitimate Interests Assessment’ and keep a record of it.
In particular, if this is compliant with applicable law, we may share the Personal Information with:
We may process the Personal Information abroad, within or outside the European Union, provided we comply with the applicable laws and regulations. Where we are sharing the Personal Information with organisations outside of the EEA, we will ensure they agree to apply equivalent levels of protection as we do. We use legal mechanism, such as standard contractual clauses as indicated in General Data Protection Regulation (2016/679) art. 46 to implement the cross-border transfer of your personal data; or implement security measures like anonymization on the data before the cross border data transfer. For any inquiries on means that safeguards data transfer outside EU please contact us at [email protected]
We will transfer data to any entity who you authorise us to share information about the Account with, provided they are listed as a suitably authorised entity at the time of your request. We will rely upon your instructions to the third party to access account information from us, as evidence of your consent to share your data.
You must notify us immediately of any and all data and circumstances that have changed with regard to the data set out in the Agreement, or the documents submitted to us (e.g. changes in personal or contact details, residency or tax residency, loss or theft or other reason for change of an identity document) as well as of any and all circumstances that may affect the fulfilment of your obligations towards us (e.g. commencement of bankruptcy procedures of a natural person). We may request documentary evidence of the changes, which you must provide it. This notification obligation applies even if the above changes have been made public (e.g. registered in a public register or published through the mass media). If you fail to fulfil the notification obligation, DiPocket is entitled to assume the correctness of the data at DiPocket’s disposal, unless otherwise prescribed in the jurisdiction of your residency.
We may provide you with all information electronically via the Website, App, e-mail or mobile phone, unless otherwise established in the applicable laws. We are entitled to use third party services for processing or delivering electronic notices and information to you.
If, in accordance with the applicable laws and/or this Agreement, you have the right to terminate the Agreement, you shall send the termination notification to [email protected]
otherwise stipulated by the applicable laws, any notice given by DiPocket must be considered to have been received if sent by e-mail or via the App or other electronic means of communication, on the day of technical dispatch.
Your Unique User Identifier is your mobile number. It is important you keep it updated with us at all times as we may use it to verify it is you when you make a transactions or access your Personal Information.
Your mobile number is also used by other Users within DiPocket’s systems to transfer or request funds to/from you.