Effective date: 13.07.2021.
This www.sebestech.com website (“Website”) is owned and operated by Everyfin Ltd., a company incorporated in the Republic of Cyprus with the registered office at Office 301, Agias Fylaxeos 131, 3083, Limassol, Cyprus, registration No. HE 414826 (“Sebes”, “we”, “our”, “us”).
- to the Website features and services provided to you when you visit our Website, portals or our payment gateway our customers may use on their websites;
- when you apply to use and/or use Sebes products and services, as well as when you request changes to the services you are using;
- to your use of software including terminals, mobile and desktop applications provided by Sebes; and to email, other electronic messages including SMS, telephone, web chat, website/portal and other communications between you and Sebes.
We respect your privacy, protect and process your Personal data in accordance with the rules of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 of April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation or “GDPR”), Law providing for the Protection of Natural Persons with regard to the Processing of Personal Data and for the Free Movement of such Data of 2018 (Law 125(I)/2018) of the Republic of Cyprus and other applicable regulatory enactments (“Data protection regulation”).
- Information we may collect and hold about you.
We collect and process personal and non-personal data relating to you. We may collect and process your Personal data and we also collect non-personal data or may anonymise personal data in order to make it non-personal. Non-personal data is data that does not enable a specific individual to be identified, either directly or indirectly. We may collect, create, store, use, and disclose such non-personal data for any reasonable business purpose. For example, we may use aggregated transactional information for business purposes, such as trend analysis and the use of data analytics to obtain learnings and insight around transaction patterns and usage.
- Collecting and holding your information.
We collect and store the following information through the following means:
Information you provide us when you or your business contact us for or apply for Our Services; register and/or use any of Our Services; upload and/or store information with us using Our Services; and when you communicate with us through email, SMS, our Website or payment gateway, or the telephone or other electronic means, e.g., in the context of contacting us about your account or transactions. Such information may reference or relate to you or your customers and may include:
- an individual’s identification data, such as name, surname, personal identity number, date and place of birth, identification document data (such as passport copy, ID card, photo, short video of individual and selfie) or another document containing personal data;
- an individual’s contact details (postal address, phone, email, Skype name, IP address, communication language with the customer, etc.);
- data on tax residency (for example, nationality, country of residence, tax residence, taxpayer number, social insurance number);
- data of related persons (for example, representatives and authorised persons of customer, employees, heirs, guarantors and other related persons of customers);
- financial and wealth origin data such as accounts, income, ownership, transactions, commitments, data on the customer’s counterparties and personal activities (information on accounts, payments made, agreement and invoice copies, information on business activities, origin of funds, certificates of income, loans and other liabilities, information on accounts with other credit institutions);
- professional data such as education or professional career (for example, information on salary, previous places of employment, education etc.);
- audio / visual data (for example, records of phone conversations of Sebes and customers, records of surveillance cameras placed in objects belonging to Sebes and areas adjacent to them), communication data collected when the customer visits Sebes, or communicates with Sebes, email and other communications data obtained from visiting our Website.
Information we collect about you automatically when you interact with Sebes, whether or not you open an account or undertake a transaction with us; for example by way of “cookies” or similar technology. We also obtain certain information when your web browser accesses Our Services or advertisements and other content provided by or on behalf of Sebes. Collecting this information enables us to better understand the visitors and clients who use and interact with us, where they come from, and how they use Our Services. We use this information for our analytics purposes and to improve the quality and relevance of Our Services for our visitors and clients. This information includes:
- Technical information, including the Internet protocol (IP) address used to connect your computer or device to the Internet, your login information, browser type and version, equipment type, time zone setting, browser plug-in types and versions, operating system platform, frequency and length of visits, and what links you click on;
Information we obtain from external sources when you apply for and use Our Services, we:
- search your and your customers records at fraud prevention agencies and KYC (Know Your Customer) and AML (Anti Money Laundering) service providers to fulfil our legal and contractual obligations.
- may also collect information about you from public sources for AML reasons or market research. This includes official public records, like commercial registers and information published by the press or on social media.
- collect and hold data on research that makes it possible to conduct customer research activities in relation to the prevention of money laundering and terrorist financing and to ensure compliance with international sanctions and whether the individual is a politically exposed person;
- collect and hold data obtained when following regulatory requirements, such as data protection, AML, arising from requests for information from public authorities, the tax administration, investigative authorities, including the police, courts, sworn notaries and bailiffs;
- collect and hold data from, third parties like business partners, banks and other financial institutions, merchants, subcontractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, government lists and databases, social media sites (including posting made by or about you or us), credit reference and fraud prevention agencies.
- The purposes and legal basis for personal data processing.
We collect and process your Personal data only for legitimate purposes in accordance with the rules of Data protection regulation. While processing your Personal data we will comply with Data protection regulation, which means that your Personal data will be:
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
- Used lawfully, fairly and in a transparent way;
- Relevant to the purposes we have informed you about and limited only to those purposes;
- Accurate and kept up to date;
- Maintained only for as long as necessary for the purposes we have informed you about;
- Kept securely and protected against unauthorized or unlawful processing and against loss or destruction using appropriate technical and organizational measures.
We perform processing of data for the following purposes:
- compliance with legal acts;
- identification, due diligence and monitoring of individuals;
- performance of a contract;
- provision of services;
- management of relationship with clients, partners and other related persons;
- ensuring physical and information security;
- protection of Sebes’ and clients’ interests;
- risk management;
- personnel management;
- commercial communications, promoted marketing campaigns and similar activities;
- satisfaction of clients’ claims.
The main legal basis of Personal data processing for these purposes are:
- your consent to the Personal data processing;
- conclusion and performance of the contract with you or your customer;
- fulfilment of legal obligations under applicable legislation;
- our legitimate interests.
We will ask for your consent to share your personal data with companies we work with when we need your permission (please review “Disclosure of your Personal data” section below).
You don’t have to share your Personal data if you don’t want. But if you don’t share your Personal data, you may not be able to use some or all Our Services.
- Disclosure of your Personal data.
- members of management bodies, employees, representatives, authorised persons of Sebes;
- internet/computer software services providers, companies specializing in IT and marketing services;
- IT infrastructure services providers;
- customer support services providers and helpdesk services providers;
- public institutions, public officials, investigatory authorities, courts, prosecutor’s office, subjects of operational activities, orphans’ courts, notaries, law enforcement officials, judicial and investigatory authorities of other member states and foreign countries, tax authorities, arbitration courts, out-of-court dispute resolution bodies;
- financial and payments market participants (global financial messaging infrastructures, correspondent banks, insurance companies, payment systems, payment service providers and technical and non-technical processors, agency companies, business partners of Sebes or clients, financial service intermediaries etc.);
- companies that carry out KYC/AML database checks and fraud database checks;
- Sebes’ cooperation partners, agents, suppliers and service providers, auditors, financial management and legal advisors;
- Video surveillance/security services provider/s;
- Other persons connected with the provision of our services.
We may monitor or record telephone calls, emails, web chat or other communications with you for regulatory, security, quality assurance or training purposes. When visiting our offices, video surveillance, access control systems and/or other monitoring systems may be in operation for security reasons and for health and safety and office management purposes.
We may also share your details with people or companies if there’s a corporate restructure, merger, acquisition or takeover.
- Where we store your Personal data.
Usually, we do not transfer your Personal data to countries outside the European Union or the European Economic Area (“EU” “EEA”). However, We, our service providers, and other parties with whom we may share your Personal data (as described above) may process your Personal data in territories that are outside the EU or the EEA, or otherwise outside of the territory in which you reside. These countries may have data protection standards that are different to (and, in some cases, lower than) those of the territory in which you reside.
- the European Commission says the country or organisation has adequate data protection, or
- we’ve agreed to standard data protection clauses approved by the European Commission with the organisation.
- How we protect your Personal data.
We comply with our obligations under the applicable Data protection regulation by:
- keeping Personal data up to date;
- storing and destroying it securely;
- not collecting or retaining excessive amounts of data;
- protecting Personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical and organizational measures are in place to protect personal data.
The transmission of information via the internet is not completely secure. Although we will do our best to protect your Personal data, we cannot guarantee the security of your Personal data transmitted to our Website, unless you are communicating with us through a secure channel that we have provided. Once we have received your Personal data, we will use strict procedures and security features to try to prevent unauthorised access.
- How long we keep your Personal data.
Your Personal data is stored for as long as its storage is required for appropriate purposes for the processing of Personal data, as well as in accordance with the applicable Data protection regulation. Personal data storage periods shall be determined based on applicable legal acts or our legitimate interests.
Personal data may be stored in an electronic form and/or in paper format, provided always that your Personal data will be stored securely and protected against unauthorized or unlawful processing and against loss or destruction, using appropriate technical and organizational measures.
When assessing the length of the storage of Personal data, we consider existing regulatory requirements, aspects of contractual performance, your instructions, e.g., in case of consent, and our legitimate interests. If your Personal data is no longer needed for the purposes specified, we will delete it or destroy it.
- Automated decision making and profiling.
Profiling carried out by us involves processing of Personal data by automated means for the purposes of legislation relating to risk management and continuous and periodic monitoring of transactions in order to prevent fraud, money-laundering and terrorist financing events. However, we do not make automatic decisions based on profiling.
For direct marketing and statistical analysis, profiling may be carried out by using Google, LinkedIn, Facebook and other analytics tools.
The main legal basis of Personal data processing for these purposes is conclusion and performance of the contract with you, fulfilment of our legal obligations and/or our legitimate interests, such as managing risks related with the client and its transactions.
- Your rights.
You have the following rights as a data subject:
- your Personal data may be processed on the basis of your consent or some other legitimate basis;
- to receive information on the processing of Personal data performed by Sebes and exercise your rights;
- to receive a confirmation if your Personal data are not processed;
- to access your Personal data and receive information on the purpose and legal basis of data processing, category of data, recipient of data, storage period, information on other sources of data if Personal data are obtained from third parties, and guarantees, if the data have been sent to a third party or international organisation;
- to receive information on whether the provision of Personal data is related to the law or an a contract, whether the provision of data is a precondition for the conclusion of a contract, as well as information that the subject is required to provide Personal data, and consequences in case such data are not provided;
- to be informed about a new purpose of data processing in advance;
- to object to data processing and withdraw your consent to data processing;
- to request rectification of data if data are incorrect;
- to data portability;
- to request erasure of data if this does not contradict laws of the Republic of Cyprus and EU laws.
To exercise any of these rights, please contact us by emailing firstname.lastname@example.org. We will aim to fulfil all requests within one calendar month.
- Third party services and websites.
Our Services may, from time to time, contain links to and from the websites of our partner networks, advertisers, affiliates, and other third parties. The inclusion of a link on our Services does not imply endorsement of the linked website or service by us. If you follow a link to any of these websites, please note that we are not responsible for the privacy, these websites have their own privacy policies and that we do not accept any responsibility for them. Please check these policies before you submit any personal data to these websites.
- Use of services by minors.
Services are not directed to individuals under the age of 18 (eighteen), and we request that they not provide their Personal data through the Services.
Consistent with this Policy, we will not knowingly collect Personal data from anyone under the age of 18 (eighteen), and no part of our Website or our Service is designed to attract anyone under the age of 18 (eighteen). Because we do not intentionally collect any information about individuals under the age of 18 (eighteen), we also do not knowingly distribute such information to third parties. If you have reason to believe that a person under the age of 18 (eighteen) has provided us with Personal data or is otherwise using or seeking to use our Website and/or Service, please contact us and we will immediately delete such information or terminate such service, subject to our compliance with applicable law and regulation.
- Contact us.
You may submit your questions, requests and complaints to use by email to email@example.com or by post to Everyfin Ltd., Office 301, Agias Fylaxeos 131, 3083, Limassol, Cyprus.