C2D DATA PRIVACY POLICY

C2D DATA PRIVACY POLICY (2021-01-26EN)

Effective January 26, 2021

  1. GENERAL
  2. WHAT INFORMATION DOES C2D COLLECT?
  3. HOW DOES C2D USE YOUR INFORMATION?
  4. WITH WHOM DOES C2D SHARE YOUR INFORMATION?
  5. HOW DOES C2D PROTECT YOUR INFORMATION?
  6. WHAT ARE YOUR DATA PROTECTION RIGHTS?
  7. FURTHER INFORMATION AND CONTACT
  1. GENERAL

  1. C2D Payment Solutions Ltd (hereinafter, "C2D", "us", "our", "we") is committed to user privacy. This Privacy Policy provides details on how your personal information is collected, processed, shared, transferred and retained by C2D when opening and using a C2D Account through one of our Acceptance Partners.
  2. This Privacy Policy must be read together with and is considered to form an integral part of our C2D Terms of Use. All terms defined in the Terms of Use shall have the same meaning in this Privacy Policy. By continuing to use the services offered via C2D after being provided with access to this Privacy Policy, you acknowledge to have read and understood the terms of this Privacy Policy and to the use of your personal information in accordance with these terms.
  3. C2D's data processing activities comply with all applicable data protection legislation, including the provisions of the General Data Protection Regulation 2016/679 (hereinafter "GDPR"), and any other European or national legislation we may be subject to.
  4. C2D will act as data controller in relation to the data processing activities envisaged in this Privacy Policy. The Acceptance Partner will act as data controller in its own right in relation to the processing activities it is obliged to undertake under national anti-money laundering legislation.
  5. This Privacy Policy may be subject to modification from time to time, notably in the event of changes to legislation, the introduction of new laws or revision or expansion of our offering. Any changes to this Privacy Policy will be published on the C2D website www.c2dpayment.com as well as displayed in all distribution partners' shops.
  1. WHAT INFORMATION DOES C2D COLLECT?

  1. During our business relationship with you, we collect following personal information from you:
  1. Registration information: Upon registration our Acceptance Partner shall ask you to provide the following information: your first name(s) and surname, your place and date of birth, your nationality, your residential address and the type, number and issuing authority of your identification document. Upon registration, the Acceptance Partner shall also make a copy of your identification document. If your identification document does not show your residential address, our Acceptance Partner also asks for your proof of address (e.g. a utility bill). C2D and the Acceptance Partner are required by law to collect this information, particularly to comply with legal obligations to prevent money laundering (e.g. KYC) and to combat fraud. You will also be required to provide us with either your mobile phone number or your email address. This information is used to provide you with contractual information and may further be used to safely set up your C2D Account and to allow you to make use of our services.
  2. Authentication information: Following the opening of your C2D Account, we will provide you with or request you to set up your Account Access Identifiers (e.g. credentials and password), which will help us and/or our Acceptance Partners to verify your identity every time you wish to use your C2D Account.
  3. Transactional information: In order to provide you with our C2D services, as well as for compliance with our legal obligations, we keep a record of all (e-money) transactions carried out via your C2D Account. This includes, without being limited to, the amounts loaded or withdrawn, the transfer orders issued, the merchants you interacted with, the history of transactions and the funding instruments used.
  4. Identification verification information: For the entire duration of our business relationship C2D and the Acceptance Partner are bound by law to carry out certain due diligence checks and verification processes, amongst others to prevent money laundering. These checks may include, without being limited to, identity checks and checks on the source of wealth and source of funds. We may, at our own discretion, decide which additional information we require from you in this respect. This may include, without being limited to, following information: the information and documentation referenced in Section II.1.a) above, as well as information and/or documentation relating to your source of wealth and source of funds. We may also use third party databases to confirm such information and/or outsource the verification process to a third party Verification Provider. The results of such checks, as well as any documentation you provide to us in the respect, will be stored in our systems during the term of our business relationship and for up to ten (10) years thereafter.
  5. Additional verification information: It may be in our legitimate interest to carry out certain checks, both internally or through third parties, for the purpose of assessing potential breaches of our Terms of Use and/or the Applicable Rules. We may, at our own discretion, decide which additional information we require from you in this respect, provided that your rights to the protection of your personal data are not disproportionately harmed.
  6. Contact information: Where you use our C2D Website contact form or contact our Customer Service, we will process your contact details (e.g. mail address and/or mobile phone number), as well as any personal data relevant to your query, in order to respond to your query. Provided you have given us your consent thereto or we would otherwise be entitled to do so, we may use your contact details to send you electronic marketing messages and/or newsletters.
  1. The abovementioned information may be collected by us directly or on our behalf by one of our Acceptance Partners (e.g. upon registration), who will immediately transfer such information to C2D.
  2. Failure to provide any of the abovementioned information may result in C2D and/or the Acceptance Partner not being able to perform the requested services, in particular where there is a legal obligation to collect such information before being able to provide you with the C2D services. In addition, where the verification information received from you or from one of our Verification Providers does not prove to be satisfying, we may at our own discretion decide to not establish or terminate our contractual relationship with you.
  1. HOW DOES C2D USE YOUR INFORMATION?

  1. Your information shall be processed by C2D and/or the Acceptance Partner for the following purposes:
  1. When needed to be able to perform the C2D services or any additional services you have requested, including to:
    • Set-up your C2D Account;
    • Authenticate the access to your C2D Account;
    • Process e-money transactions via your C2D Account;
    • Communicate to you in relation to your C2D Account and/or any query you address to us.
  2. To comply with legal obligations (e.g. identification and verification obligation to prevent money laundering or to combat fraud);
  3. When you have consented thereto (e.g. for sending electronic marketing messages); or
  4. If we have determined a legitimate interest to do so that is not detrimental to your right to data protection, including to:
    • Manage our business needs, analyse and manage risks, improve our services and enhance the functionality of our C2D Website;
    • Evaluate breaches of our Terms of Use and/or the Applicable Rules;
    • Send marketing messages which do not require consent.
  1. C2D and/or the Acceptance Partner shall retain your data for the length of time necessary for the intended purpose of data processing or for as long as legally required (e.g. identification verification information must be retained for at least 5 years following the end of the business relationship). We may retain data for longer if this would be in our legitimate business interest and not prohibited by law.
  1. WITH WHOM DOES C2D SHARE YOUR INFORMATION?

  1. Your personal information will not be forwarded to or shared with a third party unless expressly stipulated in the terms of this Privacy Policy or unless you have consented thereto.
  2. C2D is a subsidiary of Tipico Group Limited, and forms part of the Tipico group of companies ("Tipico Group"). Your personal information may at all times be shared with other companies of the Tipico Group.
  3. C2D will share your personal information with its Acceptance Partners and with merchants accepting e-money issued by C2D as payment method, as well as with its advisors, agents, or contractors working on behalf of C2D, provided they would have a need to know such information (e.g. to allow the Acceptance Partners to perform Authentication). C2D may also share personal information with third party service providers, including Verification Providers, with whom C2D has a contractual relationship and who provide certain services or verification processes on behalf of C2D and/or help C2D comply with any of its legal obligations or securing its legitimate interests. In addition, C2D and/or the Acceptance Partner may be required to share your personal data with authorities or other competent bodies as a result of a legal obligation to which we are subject, to detect or prevent fraud, to defend the public interest or to safeguard the interests of C2D’s personnel.
  4. C2D currently works with the following Verification Providers and/or third-party service providers:
    • GB Group Plc, The Foundation, Herons Way, Chester Business Park, Chester CH4 9GB, United Kingdom
    • C2D transfers personal data collected within the scope of the instant contract related to the application for, performance or termination of this business relationship to SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden. The legal bases for such transmission comprise Art. 6 (1) (b) and Art. 6 (1) (f) GDPR. Data may only be transmitted on the basis of Art. 6 (1) (f) GDPR to the extent necessary for the purposes safeguarding the legitimate interests pursued of C2D or third parties and such interests are not overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Data transmitted to SCHUFA is also used for identity verification. SCHUFA processes data and also uses such data for purposes of profile creation (Scoring) in order to provide its contractual partners domiciled in the European Economic Area and Switzerland as well third countries as applicable (to the extent an adequacy decision from the European Commission is available for such countries) information to be used to evaluate the creditworthiness of natural persons amongst other things. Additional information regarding SCHUFA’s business may be found in the SCHUFA Information Sheet pursuant to Art. 14 GDPR or online at www.schufa.de/datenschutz.

    C2D shall regularly update this list but cannot guarantee that this list is exhaustive at all times.

    Unless specifically provided otherwise in the respective privacy policies of the Verification Providers, the Verification Providers shall act as (separate) data controllers with respect to the personal information transferred to them by C2D. We advise you to consult the respective privacy policies for more information on the way in which these Verification Providers process your personal data.

    The information we receive from the Verification Providers may serve as a basis for our decision on whether to establish, conduct or terminate the contractual relationship with you. No automated decision-making shall take place.

  5. Where we share your personal information with third parties, we shall take all reasonable precautions to ensure that these third parties respect the same privacy standards as C2D does under this Privacy Policy.
  6. We have put the necessary measures in place to ensure that any transfer of your personal information to countries outside the European Economic Area are accompanied by the required additional safeguards. In this respect, we may, for example rely on contractual clauses.
  1. HOW DOES C2D PROTECT YOUR INFORMATION?

  1. Appropriate technical and organisational measures are used to protect your personal information from unauthorized access by third parties, disclosure, alteration, misuse, destruction or loss during its collection, processing and retention. These measures include, amongst others, data encryption, firewalls, physical and electronic access controls, etc. We also implement all necessary measures to ensure confidentiality of your personal information. This includes imposing appropriate confidentiality obligations on our employees, Acceptance Partners, advisors, agents or contractors. This level of protection can, however, not be extended to communication by email and we recommend that you send all confidential information by registered post.
  2. You are responsible for the security and confidentiality of your Account Access Identifiers, your email account and your mobile phone number. In this respect, you shall only use strong passwords and update them regularly. You are also responsible for communicating any changes to your personal information to C2D immediately.
  1. WHAT ARE YOUR DATA PROTECTION RIGHTS?

  1. Subject to the limitations set out in the applicable data protection legislation, as a data subject, you are granted a number of rights in relation to your personal information. These rights include the right to:
  1. Request access to, information on or a copy of your personal data;
  2. Rectify your personal data;
  3. Request erasure of your personal data;
  4. Request the restriction of processing of your personal data;
  5. Object to the processing of your personal data;
  6. Withdraw your consent at all times;
  7. Receive your personal data in a structured, commonly used and machine-readable format and/or have it transmitted to another data controller.
  1. All requests, complaints or queries may be addressed to C2D to the email address mentioned in section VII. We will consider any requests, complaints or queries and provide you with a reply in a timely manner. If we are unable to provide you with a reply within the required timeframe, we will provide you with a date by when the information will be provided to you. If a request cannot be carried out for any reasons, we will inform you accordingly. You can also file a complaint with the Maltese Information and Data Protection Commissioner (idpc.info@idpc.org.mt) should you not be satisfied with the way in which we handle your personal information.
  1. FURTHER INFORMATION AND CONTACT

For any privacy issues you may have, to exercise any of your rights under the GDPR, or to obtain further information on our data processing activities, please contact our Data Protection Officer at:

C2D Payment Solutions Ltd
Level 8, Portomaso Business Tower
STJ 4011 St. Julian's, Malta

Email: dpo@c2dpayment.com

Version 2021-01-26EN, © C2D Payment Solutions Ltd

C2D-Payment-Solutions--Privacy-Policy--2021-01-26EN.pdf

C2D DATA PRIVACY POLICY (2023-04-01ENAPP)

Effective April 01, 2023

  1. GENERAL
  2. WHAT INFORMATION DOES C2D COLLECT?
  3. WHAT DOES C2D USE YOUR INFORMATION FOR?
  4. WITH WHOM DOES C2D SHARE YOUR INFORMATION?
  5. HOW DOES C2D PROTECT YOUR INFORMATION?
  6. WHAT ARE YOUR DATA PROTECTION RIGHTS?
  7. FURTHER INFORMATION AND CONTACT DETAILS OF OUR DATA PROTECTION OFFICER
  1. GENERAL

  1. C2D Payment Solutions Ltd., Level 6, Portomaso Business Tower, STJ 4011 St. Julian's, Malta (hereinafter "C2D", "us", "our", "we") is committed to user privacy. This Privacy Policy provides details on how your personal information is collected, processed, shared, transferred and retained by C2D when opening and using a C2D Account through one of our Acceptance Partners.
  2. This Privacy Policy must be read together with and is considered to form an integral part of our C2D Terms of Use. All terms defined in the Terms of Use shall have the same meaning in this Privacy Policy. By continuing to use the services offered via C2D after being provided with access to this Privacy Policy, you acknowledge to have read and understood the terms of this Privacy Policy and to the use of your personal information in accordance with these terms.
  3. C2D's data processing activities comply with all applicable data protection legislation, including the provisions of the General Data Protection Regulation 2016/679 (hereinafter "GDPR"), and any other European or national legislation we may be subject to.
  4. C2D will act as data controller in relation to the data processing activities envisaged in this Privacy Policy. The Acceptance Partner will act as data controller in its own right in relation to the processing activities it is obliged to undertake under national anti-money laundering legislation.
  5. This Privacy Policy may be subject to modification from time to time, notably in the event of changes to legislation, the introduction of new laws or revision or expansion of our offering. Any changes to this Privacy Policy will be published on the C2D website www.c2dpayment.com as well as displayed in all distribution partners' shops.
  1. WHAT INFORMATION DOES C2D COLLECT?

  1. During our business relationship with you, we collect following personal information from you:
  1. Registration information: Upon registration you are asked to provide the following information: your first name(s) and surname, your place and date of birth, your nationality, your residential address and the type, number and issuing authority of your identification document. Upon registration, the Acceptance Partner shall also make a copy of your identification document. If your identification document does not show your residential address, our Acceptance Partner also asks for your proof of address (e.g. a utility bill). C2D and the Acceptance Partner are required by law to collect this information, particularly to comply with legal obligations to prevent money laundering (e.g. KYC) and to combat fraud. You will also be required to provide us with either your mobile phone number or your email address (or both the mobile phone number and email address, in case you use the QR-code within our app). This information is used to provide you with contractual information and may further be used to safely set up your C2D Account and to allow you to make use of our services.
  2. Authentication information: During the opening of your C2D Account, we will provide you with or request you to set up your Account Access Identifiers (e.g. credentials and password), which will help us and/or our Acceptance Partners to verify your identity every time you wish to use your C2D Account.
  3. Transactional information: In order to provide you with our C2D services, as well as for compliance with our legal obligations, we keep a record of all (e-money) transactions carried out via your C2D Account. This includes, without being limited to, the amounts loaded or withdrawn, the transfer orders issued, the merchants you interacted with, the history of transactions and the funding instruments used.
  4. Identification verification information: For the entire duration of our business relationship C2D and the Acceptance Partner are bound by law to carry out certain due diligence checks and verification processes, amongst others to prevent money laundering. These checks may include, without being limited to, identity checks and checks on the source of wealth and source of funds. We may, at our own discretion, decide which additional information we require from you in this respect. This may include, without being limited to, following information: the information and documentation referenced in Section II.1.a) above, as well as information and/or documentation relating to your source of wealth and source of funds. We may also use third party databases to confirm such information and/or outsource the verification process to a third party Verification Provider. The results of such checks, as well as any documentation you provide to us in the respect, will be stored in our systems during the term of our business relationship and for up to ten (10) years thereafter.
  5. Additional verification information: It may be in our legitimate interest to carry out certain checks, both internally or through third parties, for the purpose of assessing potential breaches of our Terms of Use and/or the Applicable Rules. We may, at our own discretion, decide which additional information we require from you in this respect, provided that your rights to the protection of your personal data are not disproportionately harmed.
  6. Contact information: Where you use our C2D Website contact form or contact our Customer Service, we will process your contact details (e.g. mail address and/or mobile phone number), as well as any personal data relevant to your query, in order to respond to your query. Provided you have given us your consent thereto or we would otherwise be entitled to do so, we may use your contact details to send you electronic marketing messages and/or newsletters.
  1. The abovementioned information may be collected by us directly or on our behalf by one of our Acceptance Partners (e.g. upon registration), who will immediately transfer such information to C2D.
  2. Failure to provide any of the abovementioned information may result in C2D and/or the Acceptance Partner not being able to perform the requested services, in particular where there is a legal obligation to collect such information before being able to provide you with the C2D services. In addition, where the verification information received from you or from one of our Verification Providers does not prove to be satisfying, we may at our own discretion decide to not establish or terminate our contractual relationship with you.
  1. WHAT DOES C2D USE YOUR INFORMATION FOR?

  1. Your information shall be processed by C2D and/or the Acceptance Partner for the following purposes:
  1. When needed to be able to perform the C2D services or any additional services you have requested (Art 6 para 1 (b) GDPR), including to:
    • Set-up your C2D Account;
    • Authenticate the access to your C2D Account;
    • Process e-money transactions via your C2D Account;
    • Communicate to you in relation to your C2D Account and/or any query you address to us.
  2. To comply with legal obligations (Art 6 para 1 (c) GDPR, e.g. identification and verification obligation to prevent money laundering or to combat fraud);
  3. When you have consented thereto (Art 6 para 1 (a) GDPR), e.g. for sending electronic marketing messages); or
  4. If we have determined a legitimate interest (Art 6 para 1 (f) GDPR) to do so that is not detrimental to your right to data protection, including to:
    • Manage our business needs, analyse and manage risks, improve our services and enhance the functionality of our C2D Website;
    • Evaluate breaches of our Terms of Use and/or the Applicable Rules;
    • Send marketing messages which do not require consent.
  1. C2D and/or the Acceptance Partner shall retain your data for the length of time necessary for the intended purpose of data processing or for as long as legally required (e.g. identification verification information must be retained for at least 5 years following the end of the business relationship). We may retain data for longer if this would be in our legitimate business interest or necessary for the establishment, exercise or defence of legal claims and not prohibited by law.
  1. WITH WHOM DOES C2D SHARE YOUR INFORMATION?

  1. Your personal information will not be forwarded to or shared with a third party unless expressly stipulated in the terms of this Privacy Policy or unless you have consented thereto.
  2. C2D is a subsidiary of Tipico Group Limited, and forms part of the Tipico group of companies ("Tipico Group"). Your personal information may at all times be shared with other companies of the Tipico Group.
  3. C2D will share your personal information with its Acceptance Partners and with merchants accepting e-money issued by C2D as payment method, as well as with its advisors, agents, or contractors working on behalf of C2D, provided they would have a need to know such information (e.g. to allow the Acceptance Partners to perform Authentication). C2D may also share personal information with third party service providers, including Verification Providers, with whom C2D has a contractual relationship and who provide certain services or verification processes on behalf of C2D and/or help C2D comply with any of its legal obligations or securing its legitimate interests. In addition, C2D and/or the Acceptance Partner may be required to share your personal data with authorities or other competent bodies as a result of a legal obligation to which we are subject, to detect or prevent fraud, to defend the public interest or to safeguard the interests of C2D’s personnel.
  4. C2D currently works with the following Verification Providers and/or third-party service providers:
    • GB Group Plc, The Foundation, Herons Way, Chester Business Park, Chester CH4 9GB, United Kingdom
    • C2D transfers personal data collected within the scope of the instant contract related to the application for, performance or termination of this business relationship to SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden. The legal bases for such transmission comprise Art. 6 (1) (b) and Art. 6 (1) (f) GDPR. Data may only be transmitted on the basis of Art. 6 (1) (f) GDPR to the extent necessary for the purposes safeguarding the legitimate interests pursued of C2D or third parties and such interests are not overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Data transmitted to SCHUFA is also used for identity verification. SCHUFA processes data and also uses such data for purposes of profile creation (Scoring) in order to provide its contractual partners domiciled in the European Economic Area and Switzerland as well third countries as applicable (to the extent an adequacy decision from the European Commission is available for such countries) information to be used to evaluate the creditworthiness of natural persons amongst other things. Additional information regarding SCHUFA’s business may be found in the SCHUFA Information Sheet pursuant to Art. 14 GDPR or online at www.schufa.de/datenschutz.

    C2D shall regularly update this list but cannot guarantee that this list is exhaustive at all times.

    Unless specifically provided otherwise in the respective privacy policies of the Verification Providers, the Verification Providers shall act as (separate) data controllers with respect to the personal information transferred to them by C2D. We advise you to consult the respective privacy policies for more information on the way in which these Verification Providers process your personal data.

    The information we receive from the Verification Providers may serve as a basis for our decision on whether to establish, conduct or terminate the contractual relationship with you. No automated decision-making shall take place.

  5. Where we share your personal information with third parties, we shall take all reasonable precautions to ensure that these third parties respect the same privacy standards as C2D does under this Privacy Policy.
  6. We have put the necessary measures in place to ensure that any transfer of your personal information to countries outside the European Economic Area are accompanied by the required additional safeguards. In this respect, we may, for example rely on an adequacy decision of the European Commission or, in case such a decision is missing for the relevant jurisdiction, on Standard Contractual Clauses. These are accessible upon request.
  1. HOW DOES C2D PROTECT YOUR INFORMATION?

  1. Appropriate technical and organisational measures are used to protect your personal information from unauthorized access by third parties, disclosure, alteration, misuse, destruction or loss during its collection, processing and retention. These measures include, amongst others, data encryption, firewalls, physical and electronic access controls, etc. We also implement all necessary measures to ensure confidentiality of your personal information. This includes imposing appropriate confidentiality obligations on our employees, Acceptance Partners, advisors, agents or contractors. This level of protection can, however, not be extended to communication by email and we recommend that you send all confidential information by registered post.
  2. You are responsible for the security and confidentiality of your Account Access Identifiers, your email account and your mobile phone number. In this respect, you shall only use strong passwords and update them regularly. You are also responsible for communicating any changes to your personal information to C2D immediately.
  1. WHAT ARE YOUR DATA PROTECTION RIGHTS?

  1. Subject to the limitations set out in the applicable data protection legislation, as a data subject, you are granted a number of rights in relation to your personal information. These rights include the right to:
  1. Request access to, information on or a copy of your personal data;
  2. Rectify your personal data;
  3. Request erasure of your personal data;
  4. Request the restriction of processing of your personal data;
  5. Object to the processing of your personal data;
  6. Withdraw your consent at all times;
  7. Receive your personal data in a structured, commonly used and machine-readable format and/or have it transmitted to another data controller (data portability);
  8. Lodge a complaint with the competent supervisory authority (see below VI.2.).
  1. All requests, complaints or queries may be addressed to C2D to the email address mentioned in section VII. We will consider any requests, complaints or queries and provide you with a reply in a timely manner. If we are unable to provide you with a reply within the required timeframe, we will provide you with a date by when the information will be provided to you. If a request cannot be carried out for any reasons, we will inform you accordingly. You can also file a complaint with the Maltese Information and Data Protection Commissioner (idpc.info@idpc.org.mt) should you not be satisfied with the way in which we handle your personal information.
  1. FURTHER INFORMATION AND CONTACT DETAILS OF OUR DATA PROTECTION OFFICER

For any privacy issues you may have, to exercise any of your rights under the GDPR, or to obtain further information on our data processing activities, please contact our Data Protection Officer at:

C2D Payment Solutions Ltd
Level 8, Portomaso Business Tower
STJ 4011 St. Julian's, Malta

Email: dpo@c2dpayment.com

Version 2023-04-01ENAPP, © C2D Payment Solutions Ltd

C2D-Payment-Solutions--Privacy-Policy--2023-04-01ENAPP.pdf

PRIVACY STATEMENT FOR VENDORS AND OTHER BUSINESS PARTNERS

Effective October 9, 2020

C2D-Payment-Solutions--Privacy-Policy--Vendor-and-AP--2020-10-09EN.pdf