Privacy Policy
AEON PAYMENT TECHNOLOGIES LTD (“AEON” or “the Company”) is committed to protecting and respecting your privacy. This Privacy Policy explains when and why we collect personal information, how we use it, the conditions under which we may disclose it to others, and how we keep it secure. This policy applies to the personal data we collect through our website, services and interactions with our customers, potential customers.
We may amend/update this Policy from time to time and it is important that you check this Policy for any updates. Any personal information we hold will be governed by the current privacy policy at the given time. If we make changes we consider to be important, we will communicated them to you.
Any reference to “us”, “our”, “we” in this Policy is a reference to AEON. Similarly, any reference to “you”, “your”, “yours” or “yourself” in this Policy is a reference to any of our customers and potential customers as the context requires unless otherwise specified.
By accessing our websites, including using any of the communication channels to contact us, we consider that you have read and understood the terms of this notice and how we process any information you disclose to us including personal data prior to becoming a client. Once you open an account with us you agree that this notice, including any amendments, will govern how we collect, store, use, share and in any other form process your personal data and your rights during our business relationship and after its termination.
THE DATA WE COLLECT
Personal data, or personal information means any information that relates to an identified or identifiable living individual. It does not include data where the identity has been removed (anonymous data). We may collect and process the following types of personal information:
-
Contact details, including name, surname, address, email address and phone number
-
Identification documents and any other information you provide to prove you are eligible to use our services
-
Date of birth
-
Financial information including but not limited to bank account numbers, transaction history, income, bank statements, trading statements, tax and financial statements
-
Details of your AEON payment cards, such as card number, expiry date and CVC
-
Employment details
-
Country of residency
-
Records of communication
-
IP address and device specification
-
Details regarding the use of our Website including but not limited to traffic data, location data and weblogs.
HOW WE COLLECT DATA
We collect information about you when:
-
Fill in any forms, either online or hard copy
-
Correspond with us via any form
We collect information about you when:
-
Fill in any forms, either online or hard copy
-
Correspond with us via any form
-
Respond to any of our surveys
-
Register your information in our website
-
Open an account or use any of our services
-
Give us access to your financial accounts (e.g. through Open Banking)
COOKIES
Our website uses cookies – small text files that are placed on your device to enhance your browsing experience. Third-party cookies may also be employed, or we may permit third-party cookies.
You have the option to configure your web browser not to accept cookies, though this may impact your ability to view and use the website or AEON online services effectively.
We may utilize the following types of cookies:
-
Essential Cookies: These cookies enable core functionality such as security, verification of identity and network management. These cookies can’t be disabled.
-
Marketing Cookies: These cookies are used to track advertising effectiveness to provide a more relevant service and deliver better ads to suit your interests.
-
Functional Cookies: These cookies collect data to remember choices users make to improve and give a more personalized experience.
-
Analytics Cookies: These cookies help us to understand how visitors interact with our website, discover errors and provide a better experience.
The information collected may be used to optimize performance, enhance usability, offer additional or customized services, monitor status indicators, ensure proper functionality, and improve the overall user experience on the website. Additionally, aggregated data may be utilized for commercial purposes such as marketing and promotions.
Internally, we may share information with trusted suppliers, business partners, advertisers, and search engines. Unless otherwise specified, such information is shared without associating it with personally identifying information, ensuring anonymity.
We may also share and/or transfer information, including personally identifying information, internally, with government bodies, law enforcement agencies (where legally instructed or required), successors in title in the event of a merger or acquisition, and with suppliers engaged to process data on our behalf.
WHAT IS THE LEGAL BASIS FOR COLLECTING AND PROCESSING YOUR DATA
We collect and process your data only where there is a legal basis. Our legal basis will be one of the following:
Complying with our contractual obligations to you
We need certain personal data to provide our services and cannot provide them without those data.
Legal obligations
As a regulated company, offering regulated financial services, we have a legal responsibility to collect and store your personal data (e.g. anti-money laundering laws, PSD2 etc).
Legitimate interests
We sometimes collect and use your personal data because we have a legitimate reason to use it and this is reasonable when balanced against your human rights and freedoms.
Substantial public interest
Where we process your personal data to adhere to government regulations or guidance, such as our obligation to prevent fraud, money laundering, terrorist financing etc.
Consent
Where you have agreed to us collecting your personal data.
WHO MAY WE DISCLOSE PERSONAL INFORMATION TO
For the purposes set out above, we may disclose your personal information to third parties including:
-
Providers of third-party apps, communication systems, and trading platforms used by us.
-
Service providers and specialized advisors handling administrative, IT, analytics, online marketing, financial, regulatory, compliance, insurance, research, or related services.
-
Affiliates with whom we have a mutual association.
-
Payment service providers and banks managing your transactions.
-
Auditors, contractors, or advisors assisting with our business operations.
-
Courts, regulatory bodies, and law enforcement agencies as required by law or as authorized by you or our agreements.
-
Government entities in compliance with legal obligations and regulatory requests.
-
Third parties necessary to enforce our Terms and Conditions of Service or other relevant agreements, authorized by you.
We aim to disclose only the minimal personal data necessary for these third parties to fulfill their contractual obligations. They are restricted from using the data for any other purpose beyond providing services to us.
It's important to note that our websites or apps may contain links to external third-party websites. Please be aware that these sites operate under their own privacy standards and procedures, not covered by our privacy notice. For their practices, refer to the privacy policies of each respective third party.
HOW DO WE SECURE YOUR DATA
We store personal information using secure computer storage systems, paper-based files, and other records to safeguard it against misuse, unauthorized access, loss, modification, or disclosure.
When we determine that certain personal information is no longer required, we will either remove any identifying details or securely destroy the records.
However, certain records may need to be retained for an extended duration due to regulatory requirements. For instance, financial services and anti-money laundering laws mandate the preservation of specific records, including identity verification details, sources of income and wealth, transaction monitoring, communication logs (telephone, chat, email), complaint handling, and evidence of adherence to regulatory codes. These records must typically be maintained for a minimum of five years after the termination of our business relationship with you, or for a longer period if mandated by our regulators.
If you've provided personal data during an account registration process that was incomplete or rejected, we will retain this information for six months, unless regulatory obligations dictate otherwise.
Should you opt out of receiving marketing communications, we'll maintain your details in a suppression list to respect your communication preferences.
Your data may be transferred and stored outside the European Economic Area (EEA) and processed by staff working for us, our suppliers, or affiliate companies. We'll take appropriate measures to ensure your data is treated securely and in compliance with this Privacy Policy.
When transferring data to third parties outside the EEA, we may rely on standard contractual clauses, binding corporate rules, the EU-US Privacy Shield, or other equivalent arrangements to safeguard your information.
For details on these arrangements, please contact us using the provided contact information.
YOUR RIGHTS
Please note that you have certain rights under data protection laws in relation to your personal data:
(a) Request access to your personal data, known as a "data subject access request";
(b) Ask for correction of the personal data we hold about you;
(c) Request deletion of your personal data. Please note, there may be specific legal reasons preventing us from fulfilling your deletion request, and if applicable, we will inform you accordingly;
(d) Object to the processing of your personal data if we rely on legitimate interests (or those of a third party). This objection can be made if there's something about your particular situation that impacts your fundamental rights and freedoms. You also have the right to object when we process your data for direct marketing. However, we may demonstrate compelling legitimate grounds for processing your information that override your rights and freedoms;
(e) Ask for limitation of processing your personal data. This allows you to request the suspension of data processing in various scenarios, such as verifying data accuracy, when its use is unlawful but erasure is undesired, when data is needed for legal claims, or when we need to assess overriding legitimate grounds for use despite your objection;
(f) Request the transfer of your personal data to you or a chosen third party. We'll provide your data in a structured, machine-readable format, applicable to automated information you initially consented to or used for a contract;
(g) Withdraw consent at any time if we rely on your consent for processing your personal data.
To initiate a personal data request, please use the registered email address provided to us and send an email to: dpo@aeonpaymenttechnologies.com. Erasure requests can also be submitted via your online portal.
We aim to respond to all requests within one month. However, if your request is complex or numerous, it may take longer. In such cases, we'll inform you within one month of receiving your request and keep you updated.
In specific circumstances where a request is unfounded, excessive, or repetitive, or if we receive multiple requests for the same data, we may charge a reasonable fee. We'll notify you of this fee and require your acceptance before processing the request. Alternatively, we may refuse to comply under these circumstances.
If you are not satisfied with our response to your complaint, you have the right to lodge a complaint with the Cyprus Data Protection Commissioner (http://www.dataprotection.gov.cy). Alternatively, you also have the right to lodge a complaint with the data protection authority of your country of residence.