Политика конфиденциальности

Date of issue: 25/03/2019

We carefully safeguard the information we hold about you, including your personal data (the “Personal Information”) and, in particular, we are responsible for the security of sensitive cardholder data we process and transmit on your behalf, such as PAN, expiration date, and CVV. DiPocket UK is the data controller of your Personal Information that you provide to us. If you wish to contact your data controller in all matters related to the processing of your Personal Information, please contact our Data Protection Officer at [email protected]

Your Personal Information will be processed for the purposes described in the Agreement (including to provide you with the Services) and for the purposes determined by law (including tax and accounting purposes). You have right of access to your Personal Information and you can correct (rectify) that Personal Information at any time.

We mainly process the Personal Information which you provided to us during the registration process. The provision of this Personal Information is both a statutory requirement and necessary for us to enter into the Agreement. Providing your Personal Information to us is voluntary. If you do not provide us with the necessary information and documents, we will not be allowed to perform the Services. You have a right to ask us or anyone who processes your Personal Information on our behalf to restrict processing or to erase your Personal Information, and we will consider your request in the light of our legitimate interests. Where a request to erase Personal Information is received on behalf of a minor, we will take extra care to consider the impact on them of any decision we make.

You also have a right to object to the processing of your Personal Information, provided it is processed based on public interest or our legitimate interests. Furthermore, you may also ask us to provide your Personal Information in machine-readable form back to you, for onward sharing with another data controller or to provide this data to a third party for their use, at your direction.

Where you have given us your explicit consent for the processing of Personal Information, you also have the right to withdraw this consent at any time. However, such withdrawal will not affect the lawfulness of the processing carried out before the withdrawal was submitted.

If you feel your rights and freedoms in relation to processing your Personal Information have been infringed in any way, please let us know so that we can attempt to resolve the issue. The Personal Information also comes from your usage of the Card, including information about payments you make or receive, and from your other interactions with us, for example through social media, and, if it is compliant with the applicable law, from third parties such as credit reference agencies (who may check the Personal Information against other databases – public or private – to which they have access) or fraud prevention agencies.

Subject to your consent, we may also monitor or record telephone calls between you and us or capture images or video recordings during our interactions. We will use these recordings for risk management and fraud prevention purposes, to check your instructions to us, and for training and quality purposes.

If you give us Personal Information about other people which we use to provide the Services, then you confirm that (i) you know they agree to our holding and use of that data or that you are otherwise allowed to give us this Information and consent on their behalf to our holding and use of it, as well as (ii) you provided such other people with all the Information regarding the processing of personal data as required under the applicable law.

If you cancel or we decline your registration or you decide not to go ahead with it, we will keep the Personal Information for as long as we are allowed to under applicable law and for legitimate business purposes, to help prevent fraud and other financial crime, and for other legal and regulatory reasons.

If the Personal Information is no longer required for the abovementioned reasons, they are regularly deleted, unless their further processing (for a limited time) is necessary for the following purposes:

• Compliance with retention periods under commercial, banking and tax law;
• Preservation of evidence within the scope of statutes of limitations.

If you wish to obtain a confirmation as to whether or not Personal Information concerning you are being processed by us, you can request a free copy of such personal data undergoing processing in electronic form.

How we use the Personal Information

We use the Personal Information for security, identity verification, to communicate with you and to comply with the law.

Specifically, if it is compliant under the applicable law, we and other DiPocket Group companies may use the Personal Information to pursue our legitimate interests, e.g.:

• carry out regulatory checks and meet our obligations to our regulators,
• prevent and detect fraud, money laundering and other crime (such as identity theft),
• tell you about products and services which may be of interest to you (direct marketing),
• develop and improve our Services through assessment and analysis of the Personal Information including credit and/or behavioural scoring, market and product analysis, and market research.

We will never pass the Personal Information to a third party for them to use in their own direct marketing without your consent.

Who we can share the Personal Information with

We will keep the Personal Information confidential but we may share it with other entities (who are also bound to keep it secure and confidential) if we have a duty to disclose it, if it is required for the provision of our Services to you, or for legitimate purposes including business purposes and where your rights or freedoms are not infringed. Where we rely upon ‘legitimate purposes’ as a justification for our processing of the Personal Information, we will carry out an assessment, called a ‘Legitimate Interests Assessment’ and keep a record of it.

In particular, if this is compliant with applicable law, we may share the Personal Information with:

• other DiPocket Group companies,
• our service providers and agents (including their sub-contractors),
• payment-processing service providers and others that help us process your payments and/or provide our Services to you,
• anyone to whom we transfer or may transfer our rights and duties in the Agreement,
• UK and overseas regulators and authorities in connection with their duties (such as crime prevention),
• fraud prevention agencies. In particular, we will always tell fraud prevention agencies if you give us false or fraudulent information. They will also allow other organisations (in the UK, Poland or other countries), including law enforcement agencies, to access this information to prevent and detect fraud, money laundering or other crimes. You can write to us at [email protected] for the details of the fraud prevention agencies with which we share the Information,
• credit reference agencies. Credit reference agencies may use the Information to undertake statistical analysis, testing and development to enhance their existing and future products and services. Credit reference agencies will keep a record of our enquiries, which may also be used by other organisations to make decisions about you. In order not to affect your ability to obtain credit, we will only make unrecorded enquiries, unless you confirm to us explicitly that you would like to apply for a credit through or from us. An unrecorded enquiry is a search that was not made for lending purposes. It cannot affect your credit rating or score when you apply for credit. It is not seen by lenders other than the one that carried out the search. It is included on your credit report so you know the search was made but does not affect your credit rating, or score, when you apply for credit;
• any third party after a restructure, sale or acquisition of any DiPocket Group company, provided that they use the Personal Information for the same purposes as it was originally given to us and/or processed by us.

Transfer of Personal Information

We may process the Personal Information abroad, within or outside the European Union, provided we comply with the applicable laws and regulations and under the supervision of the FCA. Where we are sharing the Personal Information with organisations in another country (including outside of the EEA), we will ensure they agree to apply equivalent levels of protection as we do (for this purpose, we will take the necessary legal steps to ensure that such transfer is compliant with the law). If this is not possible – for example because we are required by law to disclose the Personal Information – we will ensure the sharing of the Personal Information is lawful.

Requirement to update your Personal Information

To comply with the law and for your own security, it is essential that you keep us informed of changes to your contact, personal details or any other important changes that are relevant to us (for example residential address, mobile phone number, email address) as applicable to your Account.