Papaya Ltd. (“Papaya” or “we”) is committed to protecting the privacy of individuals who visit its website (www.papaya.eu) and customers who make use of Papaya’s products and services, through the website or otherwise.
Papaya Ltd. is licensed as an electronic money institution by the Malta Financial Services Authority (MFSA) in Malta. Papaya Ltd. is a company registered with the Registrar of Companies in Malta, with registered office: 114/3 The Strand, Gzira GZR1024, Malta, and registration no. C 55146. VAT No.: MT 2075 1731. Papaya’s head office is located at 31 Sliema Road, Gzira GZR 1637, Malta.
Papaya has appointed a personal data representative: Mr. Marko Dronjaks, Head of Compliance (firstname.lastname@example.org).
This privacy and data protection policy is intended to provide you with information in terms of articles 19 and 20 of the Maltese Data Protection Act (Chapter 440 of the Laws of Malta).
1. Data Controller
Papaya is the data controller of this website, and Papaya’s products and services, offered through the website or at Papaya’s premises or the premises of its distributors and other commercial partners.
Personal data may be processed by other persons on behalf of Papaya (“processors”), in accordance with Papaya’s instructions. Papaya’s processors may include distributors of Papaya’s products and other business partners and service providers. Papaya uses service providers for the hosting the website, and for the provision of its products and services (including, without limitation, the card issuer, the card processor, and providers of know-your-customer (“KYC”) and due diligence services).
In addition to acting as Papaya’s processor, distributors or other business partners and service providers may process personal data in relation to Papaya’s customers as a controller in their own right. Also, the issuer of electronic money stored on cards issued through Papaya, will act as controller in respect of the issuing of electronic money and the provision of payment services in connection with such cards. Papaya is not responsible for the processing of personal data by any person acting as a data controller, and such processing is not covered by this policy.
When we refer to “processing”, this includes collecting, recording, organising, storing, altering, using, disclosing and deleting personal data.
2. Type of information collected and purposes
2.1. IP Address
We use services and tools to collect and analyse data on visitors and customers using our website.The Internet Protocol Address (hereinafter referred to as ‘IP Address’) comprises information with regards to the location of your computer or device on the internet and your internet service provider. This information is automatically recorded and will also include the date and time you visited our website, the web pages and services that you may have accessed on our website and may also include the website that you visited prior to visiting our website and other information. When your IP Address is recorded, the data collected is grouped with other logged IP addresses in order for us to determine the geographic location of visitors to our site, the period of time such visitors visit the site, the pages viewed the most and other matters. This enables us to administer our website, diagnose potential server problems, analyse visitor trends and customer behaviour and statistics and overall, to provide you with a better internet experience.
“Cookies” are small text files sent by a website so that the website can recall who you are; they serve as a memory, therefore, enabling a website to remember users who have already visited the site. Such cookies are stored on the user’s computer. There are two types of cookies, session cookies and persistent cookies, the former being temporary and remain in the cookie folder on your hard disk until you close your browser, whilst persistent cookies last longer and remain on your hard disk until their pre-set lifetime expires or until they are removed. We may use both session cookies and persistent cookies. You can choose whether to accept cookies or not. You can also set your browser to notify you when you receive a cookie or reject a cookie. If users reject the cookies, they may still be able to use our website; however, they may be limited to certain areas of our website.
2.3. Web beacons
If you contact us, we will receive certain personal information such as your name and surname, address, telephone number, mobile number, and, or e-mail address. We keep this personal information provided to us in order to be able to deal with your request and to provide you with the information you require. We may also use this information to provide you with other information from time to time, that we may feel may be of interest to you and generally for direct marketing and statistical purposes.
We may record telephone conversations and use such recordings as evidence and to improve our services.
We will record communications via electronic mail (including via e-mail, text message or through the online facilities available on our website) for the purpose of providing evidence of transactions, the performance of our obligations under the agreement entered into with the customer (including the applicable Terms and Conditions), to improve our services and to ensure compliance with applicable laws and regulation to which we are subject.
2.5. Papaya’s products and services
We will process personal information related to you when you apply for any of our products or services and in the provision of our products and services to you. Such personal information will include, for example, name and surname, address, telephone number, mobile number, e-mail address, and information on your transactions and accounts.
We may also process information related to you or persons connected to you, obtained from third parties, in order to handle your application and for the provision of our products or services, in particular to verify your identity and any references provided to usand generally, to perform KYC and due diligence checks. We use providers of KYC and due diligence services and we may carry our searches on, for example, World-Check and Google.
Personal data may be used for the following purposes:
(i) the performance of our obligations under the agreement entered into between you and us (including the applicable Terms and Conditions)
(ii) promotion and marketing of our products and services
(iii) internal assessment and analysis, research, statistics and the development and improvement of our products and services
(iv) to protect our services and products from illegal or unauthorised use or by unauthorised persons, and to detect and intervene in any such illegal or unauthorised use or access to our products and services
(v) to ensure compliance with applicable laws and regulation to which we are subject, including laws and regulation related to tax, prevention of money laundering and funding of terrorism, reporting to competent authorities, and compliance with orders from any court or competent authority
We are required by law to collect and process certain personal information related to you and persons connected to you, in particular in order to satisfy our obligations under the applicable laws and regulation on the prevention of money laundering and funding of terrorism. If you fail to provide the documents and information we require by law, we may not be able to provide you the products or services requested or may have to stop providing them to you.
3. Recipients of personal data
Personal data will be processed by our employees, officers and processors. Personal data may also be available, provided or disclosed to the following third parties:
(i) our services providers, including (without limitation) auditors, professional advisors, KYC and due diligence services and providers of ICT services;
(ii) persons you authorise to use your e-wallet or card and other persons acting for you or on your behalf;
(iii) the issuer of electronic money stored on cards issued through Papaya and other persons involved in the execution of transactions or the provision of our products and services;
(iv) Courts, governmental bodies, regulatory and other competent authorities.
4. Transfer of personal data to countries outside the European Union
Personal data may be transferred to countries outside the European Union (“Third Countries”), even if the Third Country to which data is transferred does not ensure an adequate level of protection. This may be the case where such transfer is necessary for the provision of our products or services, for the performance of our contractual obligations, if we are required to do so by law or for the establishment, exercise or defence of legal claims.
5. Links to other websites
Our website may contain links to websites operated by third parties. When connecting to such other websites you will no longer be subject to this policy but to the privacy and data protection policy of the other website. We are not responsible for the privacy and data protection practices of these other websites and we encourage you to read the privacy and data protection statements of each website you visit, which may collect personal information.
6. Security measures
Our website uses a Transport Layer Security (TLS) to ensure communication security over the internet. You should be able to see the padlock symbol in the status bar on the browser window, and the URL will also start with https:// depicting a secure webpage. TLS applies encryption between two points such as your computer or device and the connecting server. Any data transmitted during the session will be encrypted and then decrypted at the receiving end. This should ensure confidentiality and the secure transmission of data.
7. Your rights as a data subject
7.1. Right of access
We will provide you, upon request and without charge, written information on the processing of your personal data, unless we are prevented from doing so by law. You may only make such requests at reasonable intervals, and the request must be made to us in writing using the contact details given below, and must be signed by you.
7.2. Right to request rectification
Although all reasonable efforts will be made to keep your information updated, you are kindly requested to inform us of any material change in personal information provided to us.
We will rectify, block or erase personal data that have not been processed in accordance with the applicable law on data protection, upon your request.
7.3. Direct marketing
You have the right to oppose, free of charge, the processing of your personal data for the purpose of direct marketing.
If you are a customer of Papaya, we may use your contact details to send electronic mail (including by e-mail, text message and through the online facilities accessible through our website) to market similar Papaya products and services, unless you have objected there to. You have the right to object, free of charge, against the use of your contact details for such purpose, when you apply for one of our products or services, or on occasion of each message if you have not objected initially.
We will not send any unsolicited communications by means of an automatic calling machine, fax or electronic mail (including by e-mail, text message and through the online facilities accessible through our website) for any direct marketing purposes other than as mentioned in the preceding paragraph, unless you have given us your prior consent in writing. You have the right to object, free of charge, to receive communications for marketing purposes sent by mail or any other form of communication, namely other than automatic calling machine, fax of electronic mail.
Should you not wish to have your personal data processed for direct marketing purposes, you are required to inform us accordingly in writing, by email or mail, using the contact details given below.
7.4. Contact details
If you wish to exercise any of your rights as a data subject or if you have any questions, please contact us by sending an e-mail to email@example.com, by writing to us at Papaya Ltd., 31, Sliema Road, Gzira, GZR 1637, Malta.
8. Changes to this policy
If there are any changes to this privacy and data protection policy, we will replace this page with an updated version. It is therefore in your own interest to check the “Privacy and Data Protection” page any time you visit our website or use the online facilities available through the website, in order to be informed of any changes which may occur from time to time.